Terms of Use of Yandex Security Deck Service

This document represents the Terms of Use of Yandex Security Deck Service (hereinafter referred to as the "Service") and is an integral part of the Agreement for the use of Yandex.Cloud Platform Services and the Special Terms of Use of Yandex.Cloud Platform Services available on the Internet at https://yandex.ru/legal/cloud_specialterms.

1. Functionality of the Service

1.1. The Service offers the Customer the ability to scan Content and perform other actions as provided for by the functionality of the Service.

1.2. The Service provides the Customer with access to:

1.2.1. Presentation of security signals and notifications from the Security Deck modules.

1.2.2. Creation of security environments to simplify the Customer's work with the security modules.

1.2.3 Providing definition of the modules' area of operation, applicable security rules for the defined area and the management of access rights to the security modules.

1.2.4 Creating connectors to securely connect the modules to cloud resources and other resources in the defined area of the modules.

1.2.5 Providing control of security rules supported by the modules.

1.2.6 Providing security compliance assessment of cloud resources and other resources in the defined area of operation of the modules.

Data control module (DSPM)

1.2.7. Scanning the Content for Sensitive Data and Secrets.

1.2.8. Managing the upload location of the Records of the found sensitive data.

Access Diagnostics Module (CIEM)

1.2.9. Viewing and revoking the list of rights and privileges of the Customer's employees: users, service accounts, user groups, system groups and public groups to the Organization's Cloud Resources.

Cloud Platform Transparency Module (Access Transparency)

1.2.10. The ability to receive data on the facts of access to the Platform resources used by the Customer in the following cases of access of Yandex employees to the Organization's Cloud Resources.

When Yandex employees gain access to the Organization Cloud Resources, a record containing the following information shall be created:

  • the start and end time of the access session,

  • the access session identifier,

  • the reason for access,

  • evaluation and summarization of information about the actions of the Yandex employee during the session,

  • a list of Cloud Resources accessed during the session,

  • data upload using the Audit Log Service.

Summarization of information about Yandex employees' actions during the session is performed using the Yandex Fundamental Models service, Yandex does not guarantee the accuracy and correctness of the summarization provided.

A record of Yandex employees' access sessions to the Organization Cloud Resources is created in the following cases:

  • gaining remote access to the hypervisor on which the Customer's Virtual Machines are located,

  • gaining remote access to the Virtual Machines on which the managed Database Clusters are located.

No record of Yandex employees' access sessions to the Organization's Cloud Resources shall be created in the following cases:

  • performance of actions described in standard regulations that technically exclude access to the Customer's data,

  • performance of actions aimed at fulfillment of obligations in cases stipulated by the legislation.

Kubernetes Control Module (KSPM)

1.2.11 Infusion of protection of kubernetes Clusters and components within Clusters.

Configuration Control Module (CSPM)

1.2.12. Search for configuration errors in cloud resources.

1.2.13. Search for non-compliance with security requirements in the Customer's cloud resources settings.

1.3 Other functionalities of the Service that Yandex makes available to the Customer at its discretion. The list of functionalities is available to the Customer on the Website and/or in the Management Console.

2. Tariffication of the Service

At the Preview stage, the use of the Service is not charged.

3. Data Processing

3.1 When using the Service, the Customer entrusts Yandex with the processing of personal data that may be included in the Content.

3.2 The Data Processing Agreement shall apply to the relations between the parties when using the Service to the extent that it does not contradict these terms and conditions, as well as taking into account the functional features of the Service. In case of discrepancies between the Data Processing Agreement and these terms and conditions, these terms and conditions shall prevail.

3.3 The Customer guarantees that he/she will ensure the existence and validity of legal grounds for the processing of personal data sufficient in accordance with applicable law for their processing by Yandex within the scope provided for herein.

Terms and Definitions

Capitalized terms used herein and not defined in the Offer or terms of use of other Services have the following meanings:

“Record” means a minimum indivisible unit of user information, which may include information about events and/or transactions occurring in the Services or the Customer's software deployed on the Platform.

“Sensitive Data” means the full name, SNILS (individual insurance account number), e-mail address and the Secrets.

“Secrets” means authentication data used by the Customer in the Platform Services, including access keys, passwords, tokens, SSH keys, etc.

“Cloud Resources” means the Virtual Machines, disks, networks and other computing resources that are provided as part of the Platform Services.

“Database Clusters” means a group of nodes hosted on the Virtual Machines and interconnected within a virtual private cloud. A cluster consists of one or more database hosts - Virtual Machines with deployed database management system servers.

“Kubernetes Clusters” means a group of nodes that function based on Kuberenetes services to run containerized applications.

“Organization” means a workspace that connects different types of Platform resources and users.

“Security Environment” means a workspace that defines the scope of modules and applicable security rules.

Internet address: https://yandex.ru/legal/cloud_terms_security_deck.

The document is published on: September 15, 2025

Effective date: September 25, 2025

Previous version of the document: https://yandex.ru/legal/cloud_terms_security_deck/en//06122024/