docs(legal): Account Lockout Policy (#5958)

* typo * docs(legal): account lockout policy * sidebar * remove intros * fix broken link --------- Co-authored-by: Fabi <fabienne@zitadel.com>
zitadel · Jun 1, 2023 · 057ac92 · 057ac92 · vercel · Jun 1, 2023
1 parent c7e0d97
commit 057ac92
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 6 deletions.
diff --git a/docs/docs/legal/acceptable-use-policy.md b/docs/docs/legal/acceptable-use-policy.md
@@ -3,8 +3,6 @@ title: Acceptable Use Policy
 custom_edit_url: null
 --- 
 
-## Introduction
-
 This policy is an annex to the [Terms of Service](terms-of-service) and clarifies your obligations while using our Services.
 
 ## Use

diff --git a/docs/docs/legal/policies/account-lockout-policy.md b/docs/docs/legal/policies/account-lockout-policy.md
@@ -0,0 +1,62 @@
+---
+title: Account Lockout Policy
+custom_edit_url: null
+---
+
+This policy is an annex to the [Terms of Service](../terms-of-service) that clarifies your obligations and our procedure handling requests where you can't get access to your ZITADEL Cloud services and data. This policy is applicable to situations where we, ZITADEL, need to restore your access for a otherwise available service and not in cases where the services are unavailable.
+
+## Why to do we have this policy?
+
+Users may not be able to access our services anymore due to loss of credentials or misconfiguration.
+In certain circumstances it might not be possible to recover the credentials through a self-service flow (eg, loss of 2FA credentials) or access the system to undo the configuration that caused the issue.
+These cases might require help from our support, so you can regain access to your data.
+
+We will require some initial information and conditions to be able to assist you, and will require further information to handle the request.
+We also keep the right to refuse any such request without providing a reason, in case you can't provide the requested information.
+
+## Scope
+
+In scope of this policy are requests to recover
+
+- ZITADEL Cloud account (customer portal)
+- Manager accounts to a specific instance
+- Undo configuration changes resulting in lockout (eg, misconfigured Action)
+
+Out of scope are requests to recover access
+
+- Where you have to option to ask another Admin/Manager
+- by end-users who should ask an Admin/Manager instead
+- self-hosted instances
+
+## Process
+
+Before you send a request to restore access to your account, please make sure that can't ask your manager/admin or another manager/admin to recover access.
+
+### ZITADEL Cloud account
+
+If you need to recover your ZITADEL Cloud account for the customer portal, please send an email to [support@zitadel.com](mailto:support@zitadel.com?subject=ZITADEL%20Cloud%20account%20lockout):
+
+- State clearly in the subject line that this is related to an account lockout for a ZITADEL Cloud account
+- The sender's email address must match the verified email address of the account owner
+- State the reason why you're not able to recover the account yourself
+
+Please allow us time to validate your request.
+Our support will get back to you to request additional information for verification.
+
+### Manager access to an Instance
+
+If you need to recover a Manager account to an instance, please make sure you can't recover the account via another user or service user with Manager permissions.
+
+Please visit the [support page in the customer portal](https://zitadel.cloud/admin/support):
+
+- State clearly in the subject line that this is related to an account lockout the affected instance
+- State the reason why you're not able to recover the account yourself
+
+Please allow us time to validate your request.
+Our support will get back to you to request additional information for verification.
+
+## Entry into force
+
+This policy is valid from May 31, 2023.
+
+Last revised May 31, 2023
diff --git a/docs/docs/legal/rate-limit-policy.md b/docs/docs/legal/rate-limit-policy.md
@@ -2,7 +2,6 @@
 title: Rate Limit Policy
 custom_edit_url: null
 ---
-## Introduction
 
 This policy is an annex to the [Terms of Service](terms-of-service) and clarifies your obligations while using our Services, specifically how we will use rate limiting to enforce certain aspects of our [Acceptable Use Policy](acceptable-use-policy).
 

diff --git a/docs/docs/legal/vulnerability-disclosure-policy.mdx b/docs/docs/legal/vulnerability-disclosure-policy.mdx
@@ -3,8 +3,6 @@ title: Vulnerability Disclosure Policy
 custom_edit_url: null
 --- 
 
-## Introduction
-
 At ZITADEL we are extremely grateful for security aware people who disclose vulnerabilities to us and the open source community.
 All reports will be investigated by our team and we will work with you closely to validate and fix vulnerabilities reported to us.
 
@@ -91,6 +89,6 @@ In case we have confirmed your report, we may compensate you, given prior writte
 
 ## Entry into force
 
-This privacy policy is valid from March 16, 2023.
+This policy is valid from March 16, 2023.
 
 Last revised March 16, 2023
diff --git a/docs/sidebars.js b/docs/sidebars.js
@@ -592,10 +592,17 @@ module.exports = {
           type: "category",
           label: "Policies",
           collapsed: false,
+          link: {
+            type: "generated-index",
+            title: "Policies",
+            slug: "/legal/policies",
+            description: "Policies and guidelines in addition to our terms of services.",
+          },
           items: [
             "legal/privacy-policy",
             "legal/acceptable-use-policy",
             "legal/rate-limit-policy",
+            "legal/policies/account-lockout-policy",
             "legal/vulnerability-disclosure-policy",
           ],
         },