Terms of Use of Yandex Security Deck

This is an old version of the document, which expired on September 24, 2025. The current version is available at: https://yandex.com/legal/cloud_terms_security_deck/en/.

This document contains specific terms of use of Yandex Security Deck (the "Service") and is an integral part of Yandex Cloud Customer Agreement (the "Agreement") and Service Terms set forth at https://yandex.com/legal/cloud_service_terms. Capitalized terms used herein but not defined herein shall have the meanings set forth in Agreement and Linked Documents.

1. Service Functionality

1.1. The Service offers the Customer the ability to scan Content and perform other actions as provided for by the functionality of the Service.

1.2. The Service provides the Customer with access to:

Data Security Posture Management (DSPM)

1.2.1. Scanning Content for Sensitive data and Secrets

1.2.2. Managing the place where records of Sensitive data are uploaded

Cloud Infrastructure Entitlement Management (CIEM)

1.2.3. Viewing and revoking the list of rights and privileges of the Customer's employees, including users, service accounts, user groups, system groups, and public groups, to the Organization's Cloud resources

Access Transparency (Access Transparency Module)

1.2.4. The ability to receive data on facts of access to Platform resources used by the Customer in cases where Yandex employees gain access to Organization's Cloud resources.

When Yandex employees gain access to the Organization's Cloud resources, a record is created with the following information:

  • Start and end times of the access session
  • Access session ID
  • Reason for obtaining access
  • Evaluation and summary of the employee's actions during the session
  • List of Cloud resources accessed during the session
  • Data upload using the Audit Trails Service

The summary of employee actions during the session is generated using the Yandex Foundation Models Service. Yandex cannot guarantee the accuracy or correctness of this summary.

Records of Yandex employees' access to the Organization's Cloud resources are created in the following scenarios:

  • Obtaining remote access to the hypervisor where the Customer's Virtual Machines are located
  • Obtaining remote access to Virtual Machines hosting managed database Clusters.

Sessions of Yandex employees' access to the Organization's Cloud resources are not recorded in the following cases:

  • Performing actions described in standard regulations that technically exclude access to Customer’s data,
  • Performing actions aimed at fulfilling obligations in cases provided for by the legislation.

1.3. Other functionalities of the Service that Yandex makes available to the Customer at its discretion. The full list of functionalities is available to the Customer on the Site and/or in the Management Console.

2. Service Tariffication

2.1. The use of the Service is not charged at the Preview.

3. Data Processing

3.1. When using the Service, the Customer shall instruct Yandex to process personal data that may be contained in Content.

3.2. The Data Processing Addendum applies to the relationship of the parties when using the Service to the extent that does not contradict these Terms of Use, while considering the functional features of the Service. If there are any discrepancies between the Data Processing Addendum and these Terms of Use, the latter shall prevail.

3.3. The Customer warrants that it will ensure the existence and validity of legal grounds for the processing of personal data sufficient in accordance with the applicable law for their processing by Yandex to the extent stipulated by the Terms of Use.

Terms

Capitalized terms used in these Terms and not defined in the Offer or the terms of use of other Services shall have the following meanings:

A Record is a minimal indivisible unit of user information, which may include information about events and/or operations occurring in Services or the Customer's software deployed on the Platform.

Sensitive data – full name, SNILS, email address and Secrets.

Secrets are authentication data used by the Customer in the Platform's Services, including access keys, passwords, tokens, SSH keys, etc.

Cloud resources are Virtual Machines, disks, networks and other computing resources that are provided as part of the Platform's Services.

Database clusters are a group of nodes hosted on Virtual Machines and connected inside a virtual private cloud. A Cluster consists of one or more database hosts — Virtual Machines with deployed database management system servers.

An Organization is a workspace that unites different types of Platform resources and users.

The document is available online at:  https://yandex.com/legal/cloud_terms_security_deck

The document is published on: December 6, 2024

Effective date: December 6, 2024