legal: update legal notices (#100)

- Update privacy notice with proper Markdown formatting and current contact info
- Update cookie notice with current services (Clarity, HubSpot), remove outdated (HotJar, Facebook, Twitter)
- Convert cookie notice tables to Markdoc format
- Update DPA with current security certifications (SOC 2, ISO 27001/27017/27018)
- Fix subscription agreement typo and standardize privacy email contact
- Fix grammar issues in vulnerability disclosure policy
- Archive previous versions of privacy and cookie notices

Author: adamaltman

pages/legal/cookie-notice-2021-07-18.md

@@ -28,8 +28,6 @@ The parties agree as follows:
 
 "EU Data Protection Law" means (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) ("EU GDPR"); (ii) the EU GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”);and (iii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector; (iv) the UK Privacy and Electronic Communications (EC Directive) Regulations 2003, and their applicable national implementations (in each case, as may be amended, superseded or replaced).
 
-"EU Data Protection Law" means (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) ("GDPR"); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector, and applicable national implementations of (i) and (ii) (in each case, as may be amended, superseded or replaced).
-
 “EU SCCs” means the Standard Contractual Clauses approved with Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as amended, supplemented, updated or replaced from time to time
 
 "Group" means any and all Affiliates that are part of an entity's corporate group.
@@ -319,5 +317,9 @@ Render data on electronic media unrecoverable so that data cannot be reconstruct
 #### Audit
 
 - Ensure that Redocly is compliant with any applicable regulations such as GDPR, CCPA, or other privacy regulations.
-- External audit for SOC 2 Type 2 annually.
-- Initiate regular ISO 27001 audit by Dec 1, 2023.
+- Redocly maintains the following security and privacy certifications:
+  - SOC 2 Type 2 (with annual audits)
+  - ISO 27001 (Information Security Management)
+  - ISO 27017 (Cloud Security)
+  - ISO 27018 (Protection of Personal Data in the Cloud)
+- Regular audit renewals and continuous compliance monitoring for all certifications.

pages/legal/cookie-notice.md

@@ -9,7 +9,7 @@ toc:
 
 # Redocly Subscription Agreement
 
-_Last updated: December 16, 2024_
+_Last updated: September 25, 2025_
 
 REDOCLY INC. (“REDOCLY”) PROVIDES THE PRODUCTS (AS DEFINED BELOW)TO YOU SOLELY ON THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT (AS DEFINED BELOW) AND ON THE CONDITION THAT CUSTOMER (AS DEFINED BELOW) ACCEPTS AND COMPLIES WITH THEM. BY EITHER CLICKING THE “ACCEPT” BUTTON OR USING THE PRODUCTS, CUSTOMER ACCEPTS THIS AGREEMENT AND AGREES THAT IT IS LEGALLY BOUND BY ITS TERMS. IF YOU ARE REGISTERING TO USE THE PRODUCTS OR OTHERWISE USE ANY PRODUCTS ON BEHALF OF AN ENTITY OR OTHER ORGANIZATION, YOU ARE AGREEING TO THIS AGREEMENT FOR THAT ENTITY OR ORGANIZATION AND REPRESENTING TO REDOCLY THAT YOU HAVE THE AUTHORITY TO BIND THAT ENTITY OR ORGANIZATION TO THESE TERMS (IN WHICH CASE, THE TERM “CUSTOMER” WILL REFER TO THAT ENTITY OR ORGANIZATION).  IF CUSTOMER DOES NOT AGREE TO THE TERMS OF THIS AGREEMENT, REDOCLY WILL NOT AND DOES NOT LICENSE OR OTHERWISE PERMIT THE USE OF THE PRODUCTS TO OR BY CUSTOMER AND CUSTOMER MUST NOT DOWNLOAD, INSTALL, OR USE THE PRODUCTS IN ANY MANNER.
 
@@ -33,7 +33,7 @@ REDOCLY INC. (“REDOCLY”) PROVIDES THE PRODUCTS (AS DEFINED BELOW)TO YOU SOLE
 
 ### 2. Product Rights and Scope
 
-Subject to and conditioned upon Customer’s strict compliance with all terms and conditions set forth in this Agreement, and upon payment of the Subscription Fees as set forth in the applicable Subscription Confirmation and Order Form, Redocly hereby grants to Customer a personal, non-exclusive, non-transferable (except pursuant to a permitted assignment of this Agreement), non-sublicensable, limited right to access and use the Prouct(s) set forth in such Subscription Confirmation and Order Form (including a license to install any Licensed Software, if applicable), in each case during the applicable subscription term for Customer’s business purposes solely as set forth in this Agreement. Customer may extend the foregoing rights to use the Products to its Users that create a User Account.
+Subject to and conditioned upon Customer's strict compliance with all terms and conditions set forth in this Agreement, and upon payment of the Subscription Fees as set forth in the applicable Subscription Confirmation and Order Form, Redocly hereby grants to Customer a personal, non-exclusive, non-transferable (except pursuant to a permitted assignment of this Agreement), non-sublicensable, limited right to access and use the Product(s) set forth in such Subscription Confirmation and Order Form (including a license to install any Licensed Software, if applicable), in each case during the applicable subscription term for Customer’s business purposes solely as set forth in this Agreement. Customer may extend the foregoing rights to use the Products to its Users that create a User Account.
 
 #### 2.1. Use Restrictions.
 
@@ -83,7 +83,7 @@ Customer is responsible and liable for all uses of the Products through access t
 
 4.2. On Redocly’s written request, Customer shall conduct a review of its use of the Products and certify to Redocly in a written instrument that it is in full compliance with this Agreement.
 
-4.3 “Confidential Information” means any information or data disclosed by either party that is marked or otherwise designated as confidential or proprietary or that should otherwise be reasonably understood to be confidential in light of the nature of the information and the circumstances surrounding disclosure.  However, “Confidential Information” will not include any information which (a) is in the public domain through no fault of receiving party; (b) was properly known to receiving party, without restriction, prior to disclosure by the disclosing party; (c) was properly disclosed to receiving party, without restriction, by another person with the legal authority to do so; or (d) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information.  Each party agrees that it will use the Confidential Information of the other party solely in accordance with the provisions of this Agreement and it will not disclose the same directly or indirectly, to any third party without the other party’s prior written consent, except as otherwise permitted hereunder.  However, either party may disclose Confidential Information (i) to its employees, officers, directors, attorneys, auditors, financial advisors and other representatives who have a need to know and are legally bound to keep such information confidential by confidentiality obligations consistent with those of this Agreement; and (ii) as required by law (in which case the receiving party will provide the disclosing party with prior written notification thereof, will provide the disclosing party with the opportunity to contest such disclosure, and will use its reasonable efforts to minimize such disclosure to the extent permitted by applicable law.  Neither party will disclose the terms of this Agreement to any third party, except that either party may confidentially disclose such terms to actual or potential lenders, investors or acquirers.  Each party agrees to exercise due care in protecting the Confidential Information from unauthorized use and disclosure.  In the event of actual or threatened breach of the provisions of the Use Restrictions or this Section 4, the non-breaching party will be entitled to seek immediate injunctive and other equitable relief, without waiving any other rights or remedies available to it.  Each party will promptly notify the other in writing if it becomes aware of any violations of the confidentiality obligations set forth in this Agreement.
+4.3 “Confidential Information” means any information or data disclosed by either party that is marked or otherwise designated as confidential or proprietary or that should otherwise be reasonably understood to be confidential in light of the nature of the information and the circumstances surrounding disclosure.  However, “Confidential Information” will not include any information which (a) is in the public domain through no fault of receiving party; (b) was properly known to receiving party, without restriction, prior to disclosure by the disclosing party; (c) was properly disclosed to receiving party, without restriction, by another person with the legal authority to do so; or (d) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information.  Each party agrees that it will use the Confidential Information of the other party solely in accordance with the provisions of this Agreement and it will not disclose the same directly or indirectly, to any third party without the other party’s prior written consent, except as otherwise permitted hereunder.  However, either party may disclose Confidential Information (i) to its employees, officers, directors, attorneys, auditors, financial advisors and other representatives who have a need to know and are legally bound to keep such information confidential by confidentiality obligations consistent with those of this Agreement; and (ii) as required by law (in which case the receiving party will provide the disclosing party with prior written notification thereof, will provide the disclosing party with the opportunity to contest such disclosure, and will use its reasonable efforts to minimize such disclosure to the extent permitted by applicable law).  Neither party will disclose the terms of this Agreement to any third party, except that either party may confidentially disclose such terms to actual or potential lenders, investors or acquirers.  Each party agrees to exercise due care in protecting the Confidential Information from unauthorized use and disclosure.  In the event of actual or threatened breach of the provisions of the Use Restrictions or this Section 4, the non-breaching party will be entitled to seek immediate injunctive and other equitable relief, without waiving any other rights or remedies available to it.  Each party will promptly notify the other in writing if it becomes aware of any violations of the confidentiality obligations set forth in this Agreement.
 
 ### 5. Maintenance and Support.
 
@@ -93,7 +93,7 @@ Redocly will provide the Products in accordance with the Service Level Agreement
 
 6.1 Customer acknowledges and agrees that, to the extent set forth in the applicable Order Form, Customer is granted a right to use  Cloud Products and/or a license to use the Licensed Software, and the Products are not sold to Customer. Customer does not acquire any ownership interest in the Products under this Agreement, or any other rights thereto other than to use the same in accordance with the rights granted herein, and subject to all terms, conditions and restrictions, under this Agreement. Redocly reserves and shall retain its entire right, title, and interest in and to the Products and System Data and all intellectual property rights arising out of or relating to the Products, except as expressly granted to the Customer in this Agreement.  “System Data” means data collected by Redocly regarding the Products that may be used to generate logs, statistics or reports regarding the performance, availability, usage, integrity or security of the Products. Customer reserves and shall retain its entire right, title, and interest in and to the Customer Data.  Customer shall safeguard all Products (including all copies thereof) from infringement, misappropriation, theft, misuse or unauthorized access. Customer shall promptly notify Redocly if Customer becomes aware of any infringement of Redocly’s intellectual property rights in the Products and fully cooperate with Redocly in any legal action taken by Redocly to enforce its intellectual property rights.
 
-6.2. Customer agrees that Redocly has the right to aggregate and use Customer Data and other information relating to the Products (during and after the term hereof) to (i) improve Redocly’s products and services, and (ii) disclose such data and information solely in an aggregated and anonymized format that does not identify Customer or any individual. Notwithstanding the foregoing, if Customer does not want Redocly to use Customer Data to train AI models, Customer can opt out of such training by sending an email to team@redocly.com, with the subject line “Model Training Opt-Out Request”, from the admin email associated with Customer’s Product account, and Redocly will not use any new Customer Data submitted after Redocly’s receipt of such email for AI model training.
+6.2. Customer agrees that Redocly has the right to aggregate and use Customer Data and other information relating to the Products (during and after the term hereof) to (i) improve Redocly’s products and services, and (ii) disclose such data and information solely in an aggregated and anonymized format that does not identify Customer or any individual. Notwithstanding the foregoing, if Customer does not want Redocly to use Customer Data to train AI models, Customer can opt out of such training by sending an email to privacy@redocly.com, with the subject line "Model Training Opt-Out Request", from the admin email associated with Customer's Product account, and Redocly will not use any new Customer Data submitted after Redocly's receipt of such email for AI model training.
 
 6.3 Customer may from time to time provide Redocly suggestions or comments for enhancements or improvements, new features or functionality or other feedback (“Feedback”) with respect to the Products.  Redocly will have full discretion to determine whether or not to proceed with the development of any requested enhancements, new features or functionality.  Redocly will have the full, unencumbered right, without any obligation to compensate or reimburse Customer, to use, incorporate and otherwise fully exercise and exploit any such Feedback in connection with its products and services.
 

pages/legal/data-processing-addendum.md

@@ -8,7 +8,7 @@ slug: /vulnerability-disclosure-policy
 
 ## Introduction
 
-Redocly is committed to ensuring the security of the its users by protecting their information. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.
+Redocly is committed to ensuring the security of its users by protecting their information. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.
 
 This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.
 
@@ -17,7 +17,7 @@ We encourage you to contact us to report potential vulnerabilities in our system
 
 ## Authorization
 
-If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized we will work with you to understand and resolve the issue quickly, and Redocly will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.
+If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized. We will work with you to understand and resolve the issue quickly, and Redocly will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.
 
 Please keep in mind that Redocly is hosted on AWS and you should comply with [AWS vulnerability reporting policies](https://aws.amazon.com/security/vulnerability-reporting/) as well.