Privacy Safety

Everything Set: case studies

There’s no button to press which gives you instant device and network privacy, that’s not how it works. Network security is an ongoing process. Think of a security camera, a constant monitor of activity around your home, that’s similar to how this works. We constantly monitor network activity to ensure there isn’t the smart device equivalent of a stranger climbing over your fence or peeping through your curtains.

We have grown a community across America, analyzed thousands of smart devices, ran vulnerability scans on home networks, identified troublesome device chatter to bad IP addresses, and built device profiles from behavior patterns. The cumulative and ongoing data from this beta has provided a robust foundation for our users’ privacy and security.

The moment we notice anything strange, we alert the user and help to provide a fix.

Everything Set Cloud
Everything Set Cloud

We thought you might be interested to read about the kind of privacy and security issues we identified and helped to fix over the last year. The kind of privacy and security issues Everything Set could help you avoid.

Entertainment monitor: malware gateway

The beauty of smart home devices is that they learn our preferences and customize the home experience. We like it when they adjust our thermostats to make us cozy or turn our lights on at just the right time. However, we may not want these intimate details shared with third parties without our consent, or worse, find that they provide a gateway to other sensitive data in our home.

While running a vulnerability scan, we noticed two identical custom-installed smart home monitors (in different homes) had the same Telnet port running and open. Telnet is one of the prime culprits in the spread of many well-known botnets, most notably Mirai and its variants. We discovered that in addition to their vulnerability, they were actively communicating with the same flagged IP address: a known command and control server. With this connection, this IP address could send malware into the smart home monitor and eventually infect other smart devices on the home network, provide other network backdoors, or cause the device to attack other networks.

In layman's terms, we discovered this device offered an opening into the home network and the bad guys had access to it.

So, we alerted both users of this device, found there were no security patches available, and determined the devices themselves were compromised. As a result, we suggested the users disconnect the rogue devices and replace them with more secure devices complete with updated functionality. No other bad behaviors were found on either user’s network.

Smart phone: Pegasus hack

Last year, Citizen Lab discovered that both iOS and Android smartphones were being exploited by Pegasus, a spyware software that could be installed without any user knowledge or participation. In response, operating system developers released emergency firmware patches as a fix. We had a front-row seat to the Pegasus debacle thanks to the hundreds of smartphones we were monitoring as part of our security service.

Pegasus spyware works in a contactless way: users don’t have to download a text, open an email attachment, or conduct any action. Instead, the malware works simply by calling you on WhatsApp, you don’t even have to answer the call, and the spyware is installed on your phone. The record of the call is also erased so there is no way to trace it or prove that it happened. Meanwhile, all your activity on the phone can be stolen.

The way Pegasus infections are currently identified is by taking a backup of your phone and running it through a command line tool. This tool checks all the places your phone contacted and compares them against forensically determined lists of Pegasus servers. This works for a small subset of very technical users but not for the vast majority of people who won't know about this type of tool, or even how to produce a backup of their phone.

We tackle the Pegasus issue differently and, importantly, in a super easy, user-friendly way. We actively check a list of known Pegasus servers against all devices in our ecosystem and then alert users if their smartphone is in contact with them.

During our beta, we identified one phone that had contacted a Pegasus server and alerted the user immediately. They upgraded their phone’s operating system and, as a technical user, created a backup and ran the command line tool to see if there was further evidence of malicious activity after the update. No other issues were found, the problem was resolved, and the user was protected.

The ability to identify Pegasus quickly is a preventative measure in itself. Everything Set can then immediately stop access to the Pegasus servers within the home network. This is a solid first step as it can slow the problem down, but it may not prevent all data leaking from an infected device—particularly a mobile phone that will travel onto cellular (and other) networks unprotected by Everything Set. With the infection contained, users have the ability to apply the latest security update, reinstall software on their phone, or even switch to a new device if they choose before the problem spreads.

Desktop computer: exploited device

Desktop computers have a wide number of services designed to secure and protect them, including antivirus software embedded in the operating system and additional subscription-based antispyware, malware, and virus software. Despite all of these protections in place, we identified a desktop communicating to IP addresses that were flagged as dangerous by Cisco’s Talos group. Addresses like this tend to be flagged because they’re participating in widespread hacking or botnet activity, and activity to them can be an indicator that a device has already been exploited.

We notified the user of the computer and also identified that their device was missing security updates that might patch the vulnerability being exploited. Following this update, our continued monitoring did not identify any further unsafe internet communication.

Set-top box: botnet attack participant

Many cable and satellite TV companies provide set-top boxes that stream their services. These devices are easy to use and provide a simple utility: you plug them in and watch TV. Most users don’t think twice about adding them to their home networks. Unfortunately, these devices are commonly involved in botnet attacks. They’re likely targeted because of their broad distribution and how uniform their vulnerabilities are. If a bad actor can exploit a specific problem, it can be widely deployed quite rapidly.

During our beta, we identified that a set-top box began repeatedly contacting a known bad IP address. The box was an older device provided by a large media company for a home TV service. We notified this user of the problem and suggested they return the box to their cable or satellite provider for a replacement (since users usually cannot update the firmware on these devices). After getting a replacement, the newer set-top box again began repeatedly contacting the same known bad IP address. The user again contacted their cable or satellite provider which finally provided a firmware upgrade to the device. Since that time, the user’s home showed no additional strange behavior from any of the devices on their network.

We use cookies (or similar technologies) to collect information about how you interact with our website and allow us to remember you. We use this to improve your experience and for analytics about who our visitors are. To learn more, see our Privacy policy

Everything Set Privacy Policy

(v1.1 December 7, 2020)

Everything Set Inc. (“Everything Set”, “we”, “our”, or “us”) will collect and use information obtained via the Everything Set iOS and Android application (the “App”), our Everything Set hardware device (the “Box”), and our website at www.everythingset.com (the “website”) and all related services (altogether the “services”) as described in this Privacy Policy (“policy”). In doing so, we are committed to protecting and respecting your privacy and personal information, in accordance with applicable data protection and privacy rules, including the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR).

This policy explains how we use, share and otherwise process the personal information we collect or receive when we provide services, such as when you visit the App or use the Box, or through your use of the website. Please read this policy carefully to understand our practices regarding your personal information and how we will treat it.

Everything Set App and Box users: when you either register an account with or are registered for an account with Everything Set, and are a user of the Box, we will collect your name, AppleID, Google account, phone number or email address and location. This information will be combined with technical information about your Box and other information we may collect about you or your use of the services, and we will handle all such information as described in this policy.

Details about our practices

This privacy policy is composed of the following sections:

  • I. Information we collect
  • II. How we use your information
  • III. Legal basis for processing your information
  • IV. Disclosure of your information
  • V. Where and how we store and process your information
  • VI. How long we store your information
  • VII. Your rights
  • VIII. Children’s information
  • IX. Links to third party websites
  • X. Changes to this policy
  • XI. How to contact us

I. Information we collect

When we provide our service, we collect or receive personal information in several different ways. In some cases you choose to provide us with information, while in other cases we automatically collect information from your use of our services.

We may collect and process the following data about you:

  • Information you give us:
    • You can give us information about you by filling in forms on the App or by corresponding with us by email or otherwise. This includes information you provide when you visit and use our website, register to use the App, subscribe to our service, use the service, or report a problem with the App.
    • Depending on the circumstances, the information you give us may include your name, address, phone, email address and geo-location. We may ask for or receive personal information from you when you submit web forms on our website or App or as you use interactive features, including, participation in surveys, requesting support, or otherwise communicating with us.
    • For example, if you register or are registered for an account with Everything Set, or if you are a user of the Box, we will collect your name, email address, phone number or Apple ID or Google account and location.
  • Information from your Box:
    • We give you as much control as possible over your information. In general, we may automatically collect the following information via our services:
      1. technical information, including the IP address used to connect your Box to the Internet, your login information, time zone setting, operating system and platform, type of device;
      2. information on MAC addresses and Wi-Fi networks collected through the App or the Box. Please note that this policy does not exempt you from any obligations you may incur should you collect other individuals’ personal information;
      3. information about your visit to and use of the App or website, including date and time; networks viewed or searched for; App response times, download errors, length of visits to certain website pages, App interaction information (such as scrolling, clicks, and other activity), and the method used to leave the App;
      4. information from cookies and similar technologies, including device identifiers, which helps us recognize you, remember your preferences, and personalize your experience. We will not use third party advertising partners nor share this type of data with others; and
      5. information from authentication services, SDKs and other storage technologies help us and certain third parties, such as data providers, to collect or receive information from our website and App to provide log-in or other services.
  • Information we may receive from other sources:
    • We may receive information about you if you use any other services we provide. We also work closely with third parties (including, for example, business partners, sub-contractors in technical and delivery services, analytics providers) and may receive information about you from them.
    • In addition, service providers may provide information about our users for analytics, tailored services and measurement. When you sign up or are signed up to our services, through Apple or Google, we will receive information from Apple or Google to automatically create your Everything Set account and populate your profile and login.

II. How we use your information

We use the information we have to help us provide, operate, improve, understand, customize, support, and market our services. This includes:

  • Information you give to us.
    • We may use this information:
      • (a) to provide and improve our services you have subscribed for or that you otherwise use;
      • (b) to create your account and populate your profile;
      • (c) to respond to any enquiries or requests for information you may have sent to us;
      • (e) to notify you about changes to the App or send you notifications;
      • (f) to send you information about our services, including marketing and information communications; and
      • (g) to ensure that content from the App is presented in the most effective manner for you and for your Box;
  • Information we collect about you.
    • We may use this information:
      • (a) to administer the App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
      • (b) to improve the App to ensure that content is presented in the most effective manner for you and for your Box; or to allow you to participate in interactive features of our service, when you choose to do so;
      • (c) as part of our efforts to keep the App safe and secure;
      • (d) to share the information with our trusted service providers, where applicable, for the provision of our services; trusted service providers are for example our cloud service provider or the service provider we use for sending out our own communications;
      • (e) to deliver relevant communications to you within the App or otherwise through our services, such as sending transactional alerts related to your use of the App or Box;
      • (f) for behavioral analysis;
      • (g) to diagnose and resolve problems, analyze trends, and monitor usage and resource needs; and
      • (h) in de-identified format for analytical, statistical and business purposes. We may for example publish aggregated reports on reliability and security of connected devices or provide you with statistics of how your performance compares to aggregated information from other users.
  • Information we receive from other sources.
    • We may combine this information with information you give to us and information we collect about you through other sources e.g. Google Analytics. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
    • When you sign up or are signed up to our services via Apple or Google we will receive information from Apple or Google to allow you to use the App on the iOS or Android device you use.

III. Legal basis for processing your information

Our legal basis for collecting and using your personal information will depend on the information concerned and the specific context in which we collect or receive it. However, we will only collect your personal information where: (a) we have your consent to do so, (b) where it is necessary to perform a contract with you (e.g. to deliver services you have requested), or (c) the processing is necessary in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms). In some cases, we may also have a legal obligation to collect or use your personal information or may otherwise need to use your personal information to protect your vital interests or those of another person.

Where we rely on your consent to process your personal information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide such information).

We rely on our or a third party’s legitimate interests to process your personal information in the following cases:

Keeping services safe and secure: we use your information as necessary in our and users’ legitimate interests of ensuring services are secure, such as implementing and enhancing security measures and protections, protecting against fraud, spam and abuse, and enforcing our Terms of Service.

Providing, improving, and developing services: we use your information to provide services, including any personalized services, and to understand and improve our business and our user relationships. We do so as it is necessary to pursue our legitimate interests of providing innovative and tailored services.

Sending marketing communications: we rely on our legitimate interests in marketing our services to use your contact information and send you communications in accordance with applicable law.

Sharing information for legal and safety reasons: where required for legal and safety reasons, we may disclose information to law enforcement and related agencies and authorities in furtherance of the legitimate interests described further below.

IV. Disclosure of your information

In the course of providing services, we may share your information with selected third parties including:

  • (a) suppliers and sub-contractors to help us operate, provide, improve, understand, customize, support, and market our services, such as the email service providers sending our communications;
  • (b) analytics providers that assist us in understanding, improving and optimizing services, such as our service provider of an SDK that helps us understand how you use the App;
  • (d) in the event that we sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets; and
  • (e) if we are under a duty to disclose or share your information in order to comply with any legal obligation; or to protect the rights, property, or safety of Everything Set, our customers, or others. This includes, where relevant, exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

V. Where and how we store and process your information

Everything Set currently only operates within the United States. To offer a consistent service to you, we manage services from compute resources provided by a third-party cloud service provider that are located in Northern Virginia. The information that we collect from you may be transferred to and stored on these compute resources. It may also be processed by staff operating in other countries, who work for Everything Set or for one of our suppliers. To provide you with services when you are on the go, we may need to store, process and transmit information in locations around the world from where you are accessing our services - including those outside your country.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to the App. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. For any questions about the security of your personal information, you can contact us through the Profile tab on the App.

VI. How long we retain your information

Everything Set stores your information on its cloud servers for as long as necessary in order to provide you with services. We may need to retain some of your information for a longer period, such as in order to comply with our legal or regulatory obligations, to resolve disputes or defend against legal claims, or to enforce our Terms of Use. You can request the deletion of your personal information at any time by terminating your account or by contacting us through the Profile tab on the App.

VII. Your rights.

We take our users’ rights into the highest regard. You benefit from a number of rights in relation to the personal information that we use. While some of these rights apply generally, certain rights apply only in certain limited cases. We recognize, and commit to respect and enforce, the following rights:

  • (a) The right to be informed: upon request, we will provide you with information about whether we hold or process any of your personal information. To request this information, please contact us through our website.
  • (b) The right of access: as a user of our services, you may access your personal information, at any time, by logging into the Everything Set App and accessing the Profile tab.
  • (c) The right to rectification: as a user of our services, you may update or change your Account Information by editing them yourself from the Profile section of the Everything Set App. For any further information, or if you encounter any difficulty in updating your information, you may contact us through our website.
  • (d) The right to erasure: if you no longer wish to use our services, you can erase your personal information from the Profile area of the Everything Set App. You can also exercise this right by making a request through our website.
  • (e) The right to restrict or object to processing: you have the right to object to or request that we refrain from or restrict our processing of your personal information under certain circumstances. If you object to us processing your data for the purpose of direct marketing, we will no longer process your data for this purpose. Where you object to our processing of your personal information based on our legitimate interests explained above, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. To exercise these rights, update your preferences in your account or contact us through our website.
  • (f) The right to data portability: in certain circumstances, you have the right to request that some of your personal information is exported and transferred – in a safe way – to another provider of services similar to ours. You may exercise this right by making a request through our website.
  • (g) The right to lodge a complaint: in addition to the other rights you have, you have a right to lodge a complaint with your local supervisory authority or our supervisory authority, California Attorney General.

VIII. Children’s information

The Everything Set services are not directed to, nor do we knowingly collect personal information from children under the age of 16. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us through our website.

IX. Links to third party websites

The App may, from time to time, contain links to and from the websites of our partner networks. If you follow a link to any of these apps or websites, please note that these have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any data to such apps or websites.

X. Changes to this policy

From time to time, we make changes to this policy so please check back frequently to see any updates or changes. Any material changes we may make to this policy will be notified via the App and, where appropriate, notified to you by phone or email.

XI. How to contact us

If you have questions or comments about this policy, you can contact our Data Protection Officer in the App, on our website or write to our office at Everything Set Inc., 2323 Broadway, Oakland, CA 94612.

Everything Set Terms of Service

(v1.1 December 7, 2020)

1. THE EVERYTHING SET TERMS OF SERVICE

These Terms of Service (the “terms”), including with any extension, annex and update, together with the Everything Set Privacy Policy govern the way you will use our iOS and Android application (the “App”) our hardware device (the “Box”) and all related services (altogether the “services”). By using our services, you agree to be bound by these terms. If you don’t agree to be bound by these terms, do not use the services. If you are accessing and using the services on behalf of a company (such as your employer) or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity and each of its affiliates to these terms. In that case, “you” and “your” will refer to that company or other legal entity and its affiliates.

2. THE EVERYTHING SET PRIVACY POLICY

Please refer to our Privacy Policy for information on how we collect, use and disclose information from our users. You acknowledge and agree that your use of the services is subject to our Privacy Policy.

3. USE OF THE SERVICES

3.1 Eligibility

You may use the services only if you are 18 years or older and capable of forming a binding contract with Everything Set and are not barred from using the services under applicable law.

3.2 Registration and Your Information

To use the services, you’ll have to create an Everything Set account (“account”) via the Everything Set App, available on the Apple App Store or Google Play Store or the Everything Set website. It’s important that you provide us with accurate, complete and up-to-date information for your account and you agree to update such information, as needed, to keep it accurate, complete and up-to-date. If you don’t, we might have to suspend or terminate your account. You agree that you’ll notify us immediately of any unauthorized use of your account. You’re responsible for all activities that occur under your account, whether or not you know about them.

4. CONTENT AND CONTENT RIGHTS

For purposes of these terms “content” means text, graphics, images, music, software, audio, video, works of authorship of any kind, and information or other materials that are posted, generated, provided or otherwise made available through the services.

Everything Set and its licensors exclusively own all right, title and interest in and to the services and content, including all associated intellectual property rights. You acknowledge that the services and content are protected by copyright, trademark, and other laws of the United States and foreign countries. You agree not to remove, alter or obscure any copyright, trademark, service mark or other proprietary rights notices incorporated in or accompanying the services or content. Subject to your compliance with these terms, Everything Set grants you a limited, non-exclusive, nontransferable, non-sublicensable license to download, view, copy, display and print the content solely in connection with your permitted use of the services and solely for your personal and noncommercial purposes.

5. RIGHTS AND TERMS FOR SOFTWARE AND APPS

5.1 Rights in Software

Subject to your compliance with these terms, with respect to any software installed or embedded in any Everything Set products (“software”), Everything Set grants you a limited non-exclusive, non-transferable, non-sublicensable license to use the software on the Everything Set product solely for your own personal noncommercial purposes. You may not: (i) copy, modify, translate or create derivative works based on the software; (ii) distribute, transfer, publish, disclose, sublicense, lease, lend, sell or rent the software to any third party; (iii) reverse engineer, decompile, reverse decompile or disassemble the software, or otherwise attempt to derive the source code; (iv) make the functionality of the software available to third parties or multiple users through any means, or (v) benchmark or conduct any performance or comparison tests on the software. Everything Set reserves all rights in and to the software not expressly granted to you under these terms.

5.2 Rights in App Granted by Everything Set

Subject to your compliance with these terms, Everything Set grants you a limited non-exclusive, nontransferable, non-sublicensable license to download and install a copy of the App on an iOS or Android device that you own or control and to run such copy of the App solely for your own personal non-commercial purposes. You may not copy the App, except for making a reasonable number of copies for backup or archival purposes. Except as expressly permitted in these terms, you may not: (i) copy, modify, translate or create derivative works based on the App; (ii) distribute, transfer, publish, disclose, sublicense, lease, lend, sell or rent the App to any third party; (iii) reverse engineer, decompile, reverse decompile or disassemble the App, or otherwise attempt to derive the source code; (iv) make the functionality of the App available to third parties or multiple users through any means, or (v) benchmark or conduct any performance or comparison tests on the App. Everything Set reserves all rights in and to the App not expressly granted to you under these terms.

5.3 General Prohibitions and Everything Set’s Enforcement Rights

You agree not to do any of the following: Use, display, mirror or frame the services or any individual element within the services, Everything Set’s name, any Everything Set trademark, logo or other proprietary information, or the layout and design of any page or form contained on a page, without Everything Set’s express written consent; Access, tamper with, or use non-public areas of the services, Everything Set’s computer systems, or the technical delivery systems of Everything Set’s providers; Attempt to probe, scan or test the vulnerability of any Everything Set system or network or breach any security or authentication measures;

Avoid, bypass, remove, deactivate, impair, descramble or otherwise circumvent any technological measure implemented by Everything Set or any of Everything Set’s providers or any other third party (including another user) to protect the services or content; Attempt to access or search the services or content or download content from the services through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers, data mining tools or the like) other than the software and/or search agents provided by Everything Set or other generally available third-party web browsers; Send any unsolicited or unauthorized advertising, promotional materials, email, junk mail, spam, chain letters or other form of solicitation; Use any meta tags or other hidden text or metadata utilizing a Everything Set trademark, logo URL or product name without Everything Set’s express written consent; Use the services or content, or any portion thereof, for any commercial purpose or for the benefit of any third party or in any manner not permitted by these terms; Attempt to decipher, decompile, disassemble or reverse engineer any of the software used to provide the services or content; Interfere with, or attempt to interfere with, the access of any user, host or network, including, without limitation, sending a virus, overloading, flooding, spamming, or mail-bombing the services; Collect or store any personally identifiable information from the services from other users of the services without their express permission; Impersonate or misrepresent your affiliation with any person or entity; Violate any applicable law or regulation; or Encourage or enable any other individual to do any of the foregoing. Although we’re not obligated to monitor access to or use of the services or content or to review or edit any content, we have the right to do so for the purpose of operating the services, to ensure compliance with these terms, and to comply with applicable law or other legal requirements. We reserve the right, but are not obligated, to remove or disable access to any content, at any time and without notice, including, but not limited to, if we, at our sole discretion, consider any content to be objectionable or in violation of these terms. We have the right to investigate violations of these terms or conduct that affects the services. We may also consult and cooperate with law enforcement authorities to prosecute users who violate the law.

6. LINKS TO THIRD PARTY WEBSITES OR RESOURCES

The services and App may contain links to third-party websites or resources. We provide these links only as a convenience and are not responsible for the content, products or services on or available from those websites or resources or links displayed on such websites. You acknowledge sole responsibility for and assume all risk arising from, your use of any third-party websites or resources.

7. TERMINATION

We may terminate your access to and use of the services, at our sole discretion, at any time and without notice to you. You may cancel your account at any time from your profile area of the Everything Set App, or by reaching us through our website. Upon any termination, discontinuation or cancellation of services or your account, all provisions of these terms which by their nature should survive will survive, including, without limitation, ownership provisions, warranty disclaimers, limitations of liability, and dispute resolution provisions.

8. WARRANTY DISCLAIMERS

Everything Set provides a limited warranty on its Box as follows: For a period of two (2) years following the shipment date of the Box to you, Everything Set will repair or replace any Box that was defective as of the date of shipment to you. Everything Set does not provide any warranty for any data that may be stored on the Box or Everything Set’s servers and Everything Set does not provide any warranty regarding such data. EXCEPT FOR THE FOREGOING WARRANTY, THE SERVICES AND CONTENT ARE PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND. WITHOUT LIMITING THE FOREGOING, WE EXPLICITLY DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. We make no warranty that the services will meet your requirements or be available on an uninterrupted, secure, or error-free basis. We make no warranty regarding the quality, accuracy, timeliness, truthfulness, completeness or reliability of any content.

9. INDEMNITY

You will indemnify and hold harmless Everything Set and its officers, directors, employee and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of or in any way connected with, (ii) your use of these services, or (iii) your breach of these terms.

10. LIMITATION OF LIABILITY

NEITHER EVERYTHING SET NOR ANY OTHER PARTY INVOLVED IN CREATING, PRODUCING, OR DELIVERING THE SERVICES OR CONTENT WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA OR GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR NETWORK INTERRUPTION OR IMPACT ON OTHER DEVICES OR SYSTEM FAILURE OR THE COST OF SUBSTITUTE SERVICES ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES OR CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT EVERYTHING SET HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE, EVEN IF A LIMITED REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU. IN NO EVENT WILL EVERYTHING SET’S TOTAL LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SERVICES OR CONTENT EXCEED THE AMOUNTS YOU HAVE PAID TO EVERYTHING SET FOR USE OF THE SERVICES OR CONTENT IN THE SIX (6) MONTHS PRIOR TO THE APPLICABLE EVENT.

THE EXCLUSIONS AND LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN EVERYTHING SET AND YOU.

11. GOVERNING LAW

These terms and any action related thereto will be governed by the laws of the State of California without regard to its conflict of law’s provisions.

12. GENERAL TERMS

These terms constitute the entire and exclusive understanding and agreement between Everything Set and you regarding the services and content, and these terms supersede and replace any and all prior oral or written understandings or agreements between Everything Set and you regarding the services and content. If any provision of these terms is held invalid or unenforceable, that provision will be enforced to the maximum extent permissible and the other provisions of these terms will remain in full force and effect. You may not assign or transfer these terms, by operation of law or otherwise, without Everything Set’s prior written consent. Any attempt by you to assign or transfer these terms, without such consent, will be null. Everything Set may freely assign or transfer these terms without restriction. Subject to the foregoing, these terms will bind and inure to the benefit of the parties, their successors and permitted assigns. Any notices or other communications provided by Everything Set under these terms, including those regarding modifications to these terms, will be given: (i) via email; or (ii) by posting us to the contacts provided in section 14. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted. Everything Set’s failure to enforce any right or provision of these terms will not be considered a waiver of such right or provision. The waiver of any such right or provision will be effective only if in writing and signed by a duly authorized representative of Everything Set. Except as expressly set forth in these terms, the exercise by either party of any of its remedies under these terms will be without prejudice to its other remedies under these terms or otherwise.

13. CHANGES TO THE TERMS OF SERVICE

We may modify the terms at any time, in our sole discretion. If we do so, we’ll let you know either by posting the modified terms on the Site or through other communications. It’s important that you review the terms whenever we modify them because if you continue to use the services after we have posted modified terms on the Site, you are indicating to us that you agree to be bound by the modified terms. If you don’t agree to be bound by the modified terms, then you may not use the services anymore. Because our services are evolving over time we may change or discontinue all or any part of the services, at any time and without notice, at our sole discretion.

14. CHARGES AND PAYMENT

To access Everything Set services, users will be required to enter into a subscription via the Everything Set App or Everything Set website. All relevant information concerning price, duration, activation and other matters relating to use of the subscriptions is provided on the application itself or on our website and may change from time to time.

You can cancel your subscription at any time, and you will continue to have access to the subscription services up to the end of the term.

Everything Set shall be entitled to vary the fees for subscription and other charges at any time. Such price changes will not affect existing subscriptions or licenses.

15. CONTACTS

If you have any questions about these terms or the services, please contact us through our website. You may also mail us at Everything Set Inc., 2323 Broadway, Oakland, CA 94612.

ADDITIONAL TERMS FOR EVERYTHING SET BOX

1. REJECTION OF ADDITIONAL OR DIFFERENT TERMS.

These additional terms are the exclusive terms upon which Everything Set is willing to provide the Box and on which the same Box can be operated. These terms are part of the general Everything Set Terms of Service and supersede and replace any prior agreement, undertaking, representation or warranty whether in writing or oral. Any different or additional terms and conditions on your purchase order or other documentation shall not be binding on Everything Set and are hereby expressly objected to and rejected.

2. DELIVERY AND ACCEPTANCE

Risk of loss or damage to the Box shall pass to you upon Everything Set’s delivery to a carrier. Any delivery dates shown are approximate only and Everything Set shall have no liability for any delays in delivery. Subscriber shall inspect the Box for any damage upon delivery. Everything Set will replace a faulty Box within a period of two (2) years from date of shipment to you.

3. LIMITED WARRANTY

Everything Set warrants that Everything Set’s Box will conform in all material respects to the Documentation and be free from defects in material or workmanship for a period of two (2) years from the date of shipment to you (“Warranty Period”). If, during the warranty period, you notify Everything Set, in writing, of any fault or defect which prevents the Box from functioning in accordance with the documentation, Everything Set will, at its sole option and free of charge to you, repair or replace the Box. EVERYTHING SET MAKES NO OTHER EXPRESS REPRESENTATIONS OR WARRANTIES AND MAKES NO IMPLIED REPRESENTATIONS OR WARRANTIES INCLUDING, WITHOUT LIMITATION, IMPLIED REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, USAGE IN TRADE, COURSE OF CONDUCT, NON-INFRINGEMENT OR INTEGRATION. EVERYTHING SET’S LIABILITY ON ANY WARRANTY CLAIM SHALL BE LIMITED TO THE ACTUAL PURCHASE PRICE PAID. EVERYTHING SET SHALL NOT BE RESPONSIBLE TO SUBSCRIBER OR ANY THIRD PARTY FOR ANY CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE OR INDIRECT DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, LOSS OF DATA, REVENUES, SALES, BUSINESS, GOODWILL OR USE. The foregoing warranty expressly excludes and Everything Set will not repair or replace the Box in the following instances: If the alleged defect arises because you (or someone acting under the your instruction) has altered or repaired the Box without the prior written consent or authorization of Everything Set; If you did not follow any applicable instructions for proper storage, usage, or maintenance of the Box; If you have failed to notify Everything Set of any defect where the defect should have been reasonably apparent on inspection; or If you fail to notify Everything Set of any defect within two (2) years from the date of shipment to you. This warranty covers the cost of shipping the defective Box to Everything Set for repair, or the cost of shipping the repaired or replacement Box to you. The above represents the sole and exclusive remedy and is contingent on you providing all necessary information to assist Everything Set in attempting to resolve the alleged fault.