Learn more here about our new look and feel, and how we're putting customers at the heart of Matrix Requirements
Because we believe in establishing long-term relationships with our customers, we decided to use plain English instead, to make our terms as clear as possible.
Please don't forget that we are real people: take a look at our company page to get to know us a little. We are not perfect, but we're trying our hardest, because we genuinely care about your success.
When you read Matrix Requirements or we below, it refers to Matrix Requirements GmbH (contact information), its affiliates and agents.
Should you have other questions or concerns about this document, please call us at +49 7802 931 4892 or send us an e-mail via our contact form.
Using Matrix Requirements products means accepting these terms
By accessing or using Matrix Requirements products in any way, whether you have created your own Matrix Requirements products site (by a subscribing to our services) or are invited to someone else's site as a project member, or are just browsing around, you agree to and are bound by the terms and conditions written in this document.
If you do not agree to all of the terms and conditions contained in this document, do not access Matrix Requirements products.
This is a living document
This is a living document. If you read something that rubs you the wrong way, or if you think of something that should be added, please get in touch! We're all ears! Email us via our contact form and we'll chat. We don't amend this document for any particular customer, but if your changes apply to all of our customers, we'll be happy to update it for everyone. Scroll to the bottom to see the history so far. We will likely improve this document over time. By continuing to use the site, you will implicitly accept the changes we make. Your access and use of Matrix Requirements products is always subject to the most current version of this document. If you'd like to be notified every time we make a change to this document, please let us know by using our contact form.
Breach of terms
We may block, restrict, disable, suspend or terminate your access to all or part of Matrix Requirements products at any time in our sole discretion, without prior notice or liability to you. To this day, we have never had to do this, and we hope it never happens.
If you think we removed your access by mistake, get in touch and we'll give you our reasoning. We also have a quick way to restore access without losing any of your data.
Support for Matrix Requirements products is provided via email, phone or chat (see contact information).
We also continuously update the Matrix Requirements products Documentation so that users can help themselves and subscription owners are better equipped to help their users.
We take pride in providing excellent customer support, but we are also a small team and value our work/life balance. This means that although we'll try our best, we do not guarantee 24 / 7 support.
What is the role of Matrix Requirements under the GDPR?
There is a strict distinction between the data that is entered into the system (data entered by you to create your product or qms documentation) and the system (i.e. MatrixQMS and MatrixALM) themselves (data for purpose of entering and operating the system).
For purposes of entering and operating the system, personal data such as the name and email address of the users is required.
These are within scope of the responsibilities of Matrix Requirements. Matrix Requirements also engages to protect the customers’ instance as a whole as per its defined processes.
Matrix Requirements however, does not control the content of the data entered into the system, neither the password policy of the customer or with whom that information is shared.
Therefore the handling of personal data that is managed by Matrix Requirements is limited to the credentials linked to the users.
Access to your data
What personal data do you collect and why?
We collect the following personal data for authentication in our application
We collect the following personal data for billing purposes
Optional Phone number and Skype ID
Optional Geographical location
We do not collect credit card information directly. See Who can see my credit card number? below.
Please be aware that your browser must be enabled to accept cookies from matrixreq.com in order for you to use Matrix Requirements products.
Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above.
Who can see my password?
No-one. We store your password hashed so no-one can read it, not even us. For encrypting the passwords, we use bcrypt hashing and a unique random salt for each user.
It is your sole responsibility to keep your user name, password and other sensitive information confidential. If you become aware of any unauthorized use of your account or any other breach of security, you shall notify Matrix Requirements immediately.
If you forget your password, we can generate a new temporary password and send it to you by email. You will then be able to specify a new password.
User management is done inside Matrix Requirements products, we don't have LDAP or OAuth integration at the moment. Subscription owners can assign passwords to staff and project members.
Matrix Requirements staff will never change a password for you, nor change the subscription owner, unless requested.
Who can see my credit card number?
No-one at Matrix Requirements. We use the very trustworthy and secure Stripe payment service. Read about their security measures on the http://mrq.ovh/stripe/security (in short, they encrypt your credit card info).
Once you sign up Stripe will charge your card each month. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
How can I access or correct my information?
You can access your name and email information by logging in to any Matrix Requirements products site you have access to and visiting the user settings page or the administration page (if you have been given access rights by the subscription owner). For billing details contact us.
You can download your projects' data at any time in a simple xml format.
You can cancel your subscription at any time. We keep your data around for at least 1 month and at the most 9 months, so that we can recover it if you cancelled your subscription by mistake.
If you delete your subscription manually, or if your subscription gets suspended for payment and stays in that state for more than 1 month, we retain the right to destroy your subscription completely (thus “releasing” its subdomain), based on our best judgment.
What are the system requirements for using Matrix Requirements products?
Matrix Requirements products stores auto-save data and other settings in browser local storage on the end user's computer. We do not clear those on exit. Matrix Requirements products does not use ActiveX or Java in the browser.
Who can see my data?
The subscription owner can give access to registered users, nobody besides users which explicitly got the right and the authorized employees of Matrix Requirements can see the data. In order to see data, the users must authenticate themselves.
It is possible to store file attachments in Matrix Requirements. These files have permalinks which can be used to share file attachments without authentication. These links is intentionally very long and hard to guess.
We use HTTPS to transfer all data. Other than passwords, data is not encrypted when stored in our database (to allow full text search).
Only subscription owners can request the creation of new users.
As we are proud of having you as a customer, we will post your company name and logo on out website along with a pin on google maps with your approximate office location. If you prefer to stay incognito please let us know.
What are the guidelines Matrix Requirements follows when accessing my data?
We restrict who at Matrix Requirements can access customer data to only senior members of the team, and never to outside parties.
We only do it in response to a customer support question.
We only do it in order to debug and fix the issue.
We never make changes to anything unless explicitly requested by a subscription owner.
If the subscription owner or a work group member asks us to look into a project in order to debug a software issue, we will go in and look at that project and possibly make minor edits in order to fix the issue.
We never ever share what we see with other customers or the general public.
We might give access to country authorities if requested in writing. We'll try not to, but we don't have the resources to fight the government. We'll also keep your subscription owner informed as much as we can if this happens.
Who else has access to my data?
For our US-based customers, we host our data on OVHCloud US:
Here is OVH's Security and confidentiality information.
For our other customers, we host our data on OVHCloud France (with servers in Germany, France, Canada, UK).
Here is OVH's Security and confidentiality information.
Optionally for any customer we can also use Google Cloud.
Here is Google's Security and confidentiality information.
We use secure private keys when accessing Matrix Requirements products servers via SSH, and protect our console passwords locally with KeyPass.
We log application data (username, subdomain and project name). We rotate logs with 14-days conservation.
How is my data protected from another customer's data?
Each customer instance contains its own database. Each customer application can only access the data on the customer's database, and no other database are accessible to it.
The only exception to the above principle is the list of links you may have with your JIRA Clouds instance. For this we use a single database with all the links of all our clients. There is now way another customer can access your data through that mean though, since that database only contains links.
How are you protecting my data from hacker attacks?
Matrix Requirements is ISO27001 certified. We follow the industry's best practices. We only give access to our servers to senior Matrix Requirements security experts, we keep our servers always up to date with security fixes, have one-click ways to take down servers should they become infected/compromised and to create and deploy new clean ones, we always code-review security-related code internally before checking in, have an automated suite of tests against XSS attacks and more. We don't run background checks on employees nor have CISSP certifications or have audit logs.
The entire matrixreq.com domain uses HSTS to ensure browsers interact with us only over HTTPS. We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. You can check for yourself these details on the Qualys SSL Labs service.
Our Matrix Requirements products service has never been compromised so far.
Should our systems get compromised, we will replace the server(s) that have been hacked with new ones (we can do this with very few clicks). If this doesn't stop the attack, we'll shut down the service until we can fix the vulnerability. We will also hire experts to help us and verify that we're safe to resume service.
What should I do if I find a security vulnerability in Matrix Requirements products?
If you have discovered a security concern, please email us by using our contact form. We will work to address any issues that arise as quickly as possible.
Please act in good faith towards our users' privacy and data during your disclosure. We won't take legal action against you or administrative action against your account if you act accordingly: White hat researchers are always appreciated.
Can I run Matrix Requirements products on my own servers, behind the firewall?
Yes, you can. Please contact us for implementation details.
Intellectual Property Rights
Who owns Matrix Requirements Materials?
Matrix Requirements Materials are all the information, data, documents (e.g. white papers, press releases, datasheets, FAQs, etc.), communications, downloads, files, text, images, photographs, graphics, videos, webcasts, publications, content, tools, resources, software, code, programs and products produced by Matrix Requirements.
You agree not to copy, republish, frame, download, transmit, modify, adapt, create derivative works based on, rent, lease, loan, sell, assign, distribute, display, perform, license, sublicense or reverse engineer the Matrix Requirements products service or Matrix Requirements Materials or any portions of them.
You agree that you will not decompile, reverse engineer or otherwise attempt to discover the source code of the software. Any copying or redistribution of the software is prohibited, including any copying or reproduction of the software to any other server or location for further reproduction, redistribution or use on a service bureau basis. Any unauthorized use, copying or distribution of the software is expressly prohibited by law, and may result in severe civil and criminal penalties. Violators will be prosecuted to the maximum extent possible.
The trademarks, logos and service marks displayed on this Site are the property of Matrix Requirements GmbH, or other third parties. You are not permitted to use them without the prior written consent of Matrix Requirements GmbH or such third party that may own the Marks. Matrix Requirements and the Matrix Requirements logo are trademarks of Matrix Requirements GmbH.
Matrix Requirements Materials may not be modified or altered in any way.
Matrix Requirements Materials on Matrix Requirements products may not be distributed or sold, rented, leased, licensed or otherwise made available to others.
You may not remove any copyright or other proprietary notices contained in the Matrix Requirements Materials.
You may not copy or distribute any graphics in the Matrix Requirements Materials apart from their accompanying text.
You will not quote or display Matrix Requirements Materials, or any portions thereof, out of context.
Matrix Requirements reserves the right to revoke the authorization to view, download and print the Matrix Requirements Materials available via Matrix Requirements products at any time, and any such use shall be discontinued immediately upon notice from Matrix Requirements.
The rights granted to you constitute a license and not a transfer of title.
Any Matrix Requirements Materials made available only upon payment of a fee may only be viewed, downloaded and printed subject to your payment of such fee.
Who owns the IP of my data?
Matrix Requirements does not claim intellectual property rights over data entered by his customers on Matrix Requirements products.
You are solely and entirely responsible for all of your user materials that you post or otherwise submit via Matrix Requirements products. You shall assume all risks associated with the use of your user materials including any reliance on the accuracy, completeness or usefulness of your user materials. Matrix Requirements does not guarantee the accuracy, integrity or quality of your user materials.
Service Level Commitment
During the Subscription Term for which Matrix has agreed to provide a relevant SaaS product to you, we will use commercially reasonable efforts to provide a Monthly Uptime Percentage to you of at least 99.9% ("Service Level Commitment").
(a) If we confirm there is a failure to meet a Service Level Commitment in a particular calendar month and you make a request for service credit within fifteen (15) days after the end of such calendar month, you will be entitled to a credit based on (a) the monthly fees invoiced for the affected SaaS Product you have provisioned in the month experiencing such failure, if you have a monthly subscription plan or (b) 1/12 of annual fees invoiced for the affected SaaS Product you have provisioned, if you have an annual plan (“Service Credit”). To receive a Service Credit, you must submit a ticket at https://support.matrixreq.com, and provide any other reasonably requested information or documentation. Our monitoring and logging infrastructure is the source of truth for determining Monthly Uptime Percentage, errors and whether we have met the Service Level Commitment. All calendar months will be measured in the UTC time zone.
(b) The Service Credit will be calculated like this:
Monthly Uptime Percentage Service Credit
99% <= uptime < 99.9% 10%
95% <= uptime < 99.0% 25%
uptime < 95.0% 50%
We will apply each Service Credit against a future payment otherwise due from you for the affected SaaS Product, provided that your account is fully paid up, without any outstanding payment issues or disputes. No refunds or cash value will be given for unused Service Credits. We reserve the right to deny a Service Credit if you do not qualify for one.
You will not be entitled to a Service Credit if you are in breach of the Terms. The Service Level Commitment will not include unavailability to the extent due to: (a) your use of the SaaS Products in a manner not authorized in the Terms or not in accordance with the applicable documentation; (b) force majeure events or other factors outside of our reasonable control, including, without limitation, Internet access, denial of service attacks, or related problems; (c) your equipment, software, network connections or other infrastructure; (d) your abnormal use of the application, either directly or through the REST API, for example with abnormally fast automated requests; (e) third-party equipment, apps, add-ons, software or technology (other than our agents and subcontractors); or (f) routine scheduled maintenance or reasonable emergency maintenance. No Service Level Commitment or Service Credits are provided for free, proof-of-concept, beta or trial services.
Service Credits are your sole and exclusive remedy, and our sole and exclusive liability, for our failure to meet the Service Level Commitment.
How is our data backed up?
We have a hourly backup to 3 servers every hour. We keep hourly backups for 3 days, then daily backups for 30 days, then weekly backups for 6 months.
The backup data from our US customers are encrypted and send to 3 different backup servers in the US
The backup data from our non-US customers are encrypted and send to 3 different backup servers in Germany
Transmission of business
What happens if the Matrix Requirements company is sold, or the Matrix Requirements products product is sold?
Even though it is quite difficult to predict what will happen in those cases, we guarantee that we will provide all our users with a grace period of 30 days before anything is changed to the user's access or the financial conditions. This will allow our customers to retrieve all data from our servers, and plan on alternate technical solutions.
We will make all efforts to ensure a continuity of the service in this case, and to provide assistance to them should they need it to design an alternate solution.
Play Nice Clauses
Use of Matrix Requirements products
You agree that you shall not:
Use the credentials of another individual. Our licenses are per user and can only be used by the designated individuals.
Use or attempt to gain access to or use another's user or company account, password, data, or computer systems or networks connected to any Matrix Requirements products server, whether through hacking, password mining or any other means.
Access or attempt to access any material that you are not authorized to access.
Make available any files containing materials where you do not own or control, or have not received the necessary licenses to, all intellectual property rights, rights of privacy and publicity and all other rights in and to such materials.
Use any materials in any manner that infringes any intellectual property rights or other rights of any party.
Disrupt or interfere with the security of, or otherwise cause harm to, the Matrix Requirements products service, systems resources, accounts, passwords, servers or networks connected to or accessible through Matrix Requirements products or any affiliated or linked sites.
Post or otherwise submit any software, programs or files that are harmful or disruptive of another's equipment, software or other property, including any corrupted files, time bombs, Trojan horses, viruses and worms.
Disrupt, interfere or inhibit any other user from using and enjoying the Matrix Requirements products service or other affiliated or linked sites, materials or services.
Access or use Matrix Requirements products in any manner that could damage, disable, overburden or impair any Matrix Requirements products server or the network(s) connected to any Matrix Requirements products server.
Violate the rights of Matrix Requirements or any third party (including rights of privacy and publicity) or abuse, defame, harass, stalk or threaten another.
Use any Matrix Requirements domain name as a pseudonymous return e-mail address.
Special Treatment for Spammers
Matrix Requirements may without restriction block, filter or delete unsolicited e-mail.
Restriction and Termination of Use
In case of severe breach of contract from your side, Matrix Requirements may block or restrict your access to all or part of Matrix Requirements products. This will be done only after repeated warnings from us. In this case, the data will not be deleted from our servers, in the hope the situation will be resolved.
Severe breaches of contract include but are not restricted to:
hacking attempts from your employees
reuse of the same credentials from different people at the same time
Notification of Copyright Infringement
Matrix Requirements will, in appropriate circumstances, terminate the accounts of users who infringe the intellectual property rights of others.
If you believe that your work has been used or copied in a way that constitutes copyright infringement and such infringement is occurring on Matrix Requirements products or on sites linked to from Matrix Requirements products, please provide written notification of claimed copyright infringement to the designated agent for Matrix Requirements products (identified below), which must contain the following elements:
A physical or electronic signature of the person authorized to act on behalf of the owner of the copyright interest that is alleged to have been infringed;
A description of the copyrighted work or works that you claim have been infringed and identification of what content in such work(s) is claimed to be infringing and which you request to be removed or access to which is to be disabled;
A description of where the content that you claim is infringing is located on Matrix Requirements products;
Information sufficient to permit Matrix Requirements to contact you, such as your physical address, telephone number, and e-mail address;
A statement by you that you have a good faith belief that the use of the content identified in your Notice in the manner complained of is not authorized by the copyright owner, its agent, or the law;
A statement by you that the information in your notice is accurate and, under penalty of perjury, that you are the copyright owner or authorized to act on the copyright owner's behalf.
Matrix Requirements' designated agent for notice of claims of copyright infringement can be reached as follows: matrixreq.com/legal
Links to Third Party Sites
Matrix Requirements products may include links that will take you to other sites outside of the Matrix Requirements products service. The linked sites are provided by Matrix Requirements to you as a convenience and the inclusion of the links do not imply any endorsement by Matrix Requirements of any linked site. Matrix Requirements has no control of the linked sites and you therefore acknowledge and agree that Matrix Requirements is not responsible for the contents of any linked site, any link contained in a linked site or any changes or updates to a linked site. You further acknowledge and agree that Matrix Requirements is not responsible for any form of transmission (e.g. webcasting) received from any linked site.
Warranties and Disclaimers
the Matrix Requirements products service and Matrix Requirements Materials will meet your requirements;
the Matrix Requirements products service and Matrix Requirements Materials will be uninterrupted, timely, secure, or error-free;
the results that may be obtained from the use of Matrix Requirements products service and Matrix Requirements Materials will be effective, accurate, or reliable;
the quality of the site or any services or materials purchased or accessible by you will meet your expectations; and
any errors or defects in Matrix Requirements products service and Matrix Requirements Materials will be corrected.
We do however provide a test plan to our users to validate (per ISO 13485) that their use of our system fit their needs.
The Matrix Requirements products service and Matrix Requirements Materials may include technical or other mistakes, inaccuracies, or typographical errors. Matrix Requirements may make changes to the site, materials and services, including the prices and descriptions of any software or products listed, at any time in its sole discretion and without notice. The Matrix Requirements products service and Matrix Requirements Materials may be out of date, and Matrix Requirements makes no commitment to update the site, materials and services.
You acknowledge and agree that:
Matrix Requirements does not control, endorse, or accept responsibility for any materials or services offered by third parties, including third-party vendors and third parties accessible through linked sites;
Matrix Requirements makes no representations or warranties whatsoever about any such third parties, their materials or services;
any dealings you may have with such third parties are at your own risk; and
Matrix Requirements shall not be liable or responsible for any materials or services offered by third parties.
Matrix Requirements does not control or endorse the materials found in any services and specifically disclaims any liability with regard to the site, services and any actions resulting from your use of the Matrix Requirements products service and Matrix Requirements Materials and participation in any services. Managers, hosts, subscription owners, project members and other third parties are not authorized Matrix Requirements spokespersons, and their views do not necessarily reflect those of Matrix Requirements. To the maximum extent permitted by law, Matrix Requirements will have no liability related to user materials arising under intellectual property rights, libel, privacy, publicity, obscenity or other laws. Matrix Requirements also disclaims all liability with respect to the misuse, loss, modification or unavailability of any user materials.
Some states or jurisdictions do not allow the exclusion of implied warranties or limitations on how long an implied warranty may last, so the above limitations may not apply to you. To the extent permissible, any implied warranties are limited to ninety (90) days.
Indemnity and Liability
You agree to indemnify and hold Matrix Requirements and its officers, co-branders, other partners and employees harmless from any claim or demand, including reasonable attorneys' fees, made by any third party due to or arising out of:
your user materials and any other content (e.g. computer viruses) that you may submit, post to or transmit through Matrix Requirements products, including a third party's use of such user materials or content (e.g. reliance on the accuracy, completeness or usefulness of your user materials);
your access to or use of Matrix Requirements products (including any use by your employees, contractors or agents and all uses of your account numbers, user names and passwords, whether or not actually or expressly authorized by you, in connection with Matrix Requirements products);
your connection to Matrix Requirements products;
the actions of any member of your work group, including non-logged in users you have granted access to your Matrix Requirements products site;
your infringement of any third party's intellectual property rights when using any of the software made available on Matrix Requirements products;
your violation of any rights of any third party;
your access to or use of linked sites and your connections thereto; or
any dealings between you and any third parties advertising or promoting via Matrix Requirements products.
Limitation of Liability
In no event shall Matrix Requirements, its officers, directors, employees, partners or suppliers be liable to you or any third party for any special, punitive, incidental, indirect or consequential damages or losses of any kind, or any damages or losses whatsoever, including those resulting from loss of use, data or profits, whether or not foreseeable or if Matrix Requirements has been advised of the possibility of such damages or losses, and on any theory of liability, including breach of contract or warranty, negligence or other tortious action, or any other claim arising out of or in connection with:
the access or use of or the inability to access or use the Matrix Requirements products service or Matrix Requirements Materials;
the statements or actions of any third party on or via the site, services or materials;
any dealings with vendors or other third parties;
any unauthorized access to or alteration of your transmissions, user materials or other data;
any information that is sent or received or not sent or received;
any failure to store or loss of data, files, materials or other content;
any services available that are delayed or interrupted;
any web site referenced or linked to from this site; or
your access to or use of or inability to access or use any linked site.
Some jurisdictions prohibit the exclusion or limitation of liability for consequential or incidental damages. Accordingly, the limitations and exclusions set forth above may not apply to you.
The monthly fees for the Matrix subscriptions are to be paid by credit card, with automatic renewal.
In the event that the customer doesn't pay the monthly fees in time for the period covered by the subscription, Matrix Requirements will apply a nominal fee for the administrative processing of the payments and reminders.
To cover the extrajudicial collection costs and the additional administrative work involved, a compensation payment is estimated equal to 10% of the outstanding balance with a minimum of €125 (or $150), plus a fixed charge of €13 (or $15) per reminder plus any registration charge; in addition, if we bring in third parties to collect the amounts demanded by us amicably, the relevant charges will also be charged to the customer.
Matrix Requirements will also have the ability to suspend the service until the fees are paid.
If the customer requires lengthy processes and administrative forms to be filled in before any payment occurs, an administrative fee will be added to the subsequent invoice to cover for the time spent.
Governing Law and Jurisdiction
The Matrix Requirements products service (excluding linked sites) is controlled by Matrix Requirements GmbH from its offices within the state of Baden-Württemberg, Germany. By accessing Matrix Requirements products, you agree that all matters relating to your access to, or use of, Matrix Requirements products shall be governed by the statutes and laws of Germany, without regard to the conflicts of laws principles thereof.
December 11, 2015 - adapted from (https://balsamiq.com) with authorization from Balsamiq.
February 29th, 2016 - added business transmission chapter, soften the restrictions, added clause to explicitly forbid use of other's credentials
Jun 30st, 2017 - copied to new website design, updated email addresses
November 20th, 2017 - added google cloud service option, removed azure hosting, added info about posting customer names on web site. Removed section about domain squatting.
April 24th, 2018 - replaced the product name "Matrix Requirements Medical" with "Matrix Requirement products" to make clear that all products (i.e. at this time MatrixALM and MatrixQMS) are covered.
May 17th, 2018 - added GDPR details.
November 26th, 2019 - added
A section for SLA
A mention that we are ISO27001
A section about fees for non-payments
November 9, 2020 - updated hosting and backup details. By default
Data from US customers is hosted and backed up in the US
All other data is hosted in OVH outside of US at OVH close to location of customer and backed up in Germany.