Your access to systems and networks owned by The Broad Institute, Inc. ("Broad") is governed by, and subject to the following terms and conditions, as well as all Federal laws, including, but not limited to, the Privacy Act, 5 U.S.C. 552a, if the applicable Broad system maintains individual Privacy Act information. Your access to Broad systems constitutes your consent to the retrieval and disclosure of the information within the scope of your authorized access, subject to the Privacy Act, and applicable State and Federal laws.

Cookies 

Terra uses cookies to enable sign on and other essential features when signed in, and to provide statistics to our development team regarding how the site is used. For more information, see our privacy policy. Privacy policy, including privacy policy of uploaded data, is here. You agree to read and consider before uploading data.

Modification of the Agreement

Broad maintains the right to modify these Terms of Service at any time, and may do so by posting notice of such modifications on this page. Any modification made is effective immediately upon posting the modification (unless otherwise stated). You should visit this page periodically to review the current Terms of Service.

Conduct

You agree to access and use Terra for lawful purposes only. You are solely responsible for the knowledge of and adherence to any and all laws, statutes, rules, and regulations pertaining to your use of Terra.

By accessing and using Terra, you agree that you must:

• Conduct only authorized business on the system.

• Access Terra using only your own individual account. Group or shared accounts are NOT permitted.

• Maintain the confidentiality of your authentication credentials such as your password. Do not reveal your authentication credentials to anyone; a Broad employee should never ask you to reveal them.

• Report all security incidents or suspected incidents (e.g., lost passwords, improper or suspicious acts) related to Broad systems and networks to the Broad Institute Operations Center infosec@broadinstitute.org.

• Follow proper logon/logoff procedures. You must manually logon to your session; do not store you password locally on your system or utilize any automated logon capabilities. You must promptly logoff when session access is no longer needed. If a logoff function is unavailable, you must close your browser. Never leave your computer unattended while logged into the system.

• Ensure that Web browsers use Secure Socket Layer (SSL) version 3.0 (or higher) and Transport Layer Security (TLS) 1.0 (or higher). SSL and TLS must use a minimum of 256-bit, encryption.

• Safeguard system resources against waste, loss, abuse, unauthorized use or disclosure, and misappropriation.

• Contact the the Broad Institute Operations Center (infosec@broadinstitute.org) if you do not understand any of these rules.

By accessing and using Terra, you agree that you must NOT:

• Use Terra to commit a criminal offense, or to encourage others to conduct acts that would constitute a criminal offense or give rise to civil liability.

• Process U.S. classified national security information on the system.

• Browse, search or reveal any protected data by Broad except in accordance with that which is required to perform your legitimate tasks or assigned duties.

• Retrieve protected data or information, or in any other way disclose information, for someone who does not have authority to access that information.

• Establish any unauthorized interfaces between systems, networks, and applications owned by Broad.

• Upload any content that contains a software virus, such as a Trojan Horse or any other computer codes, files, or programs that may alter, damage, or interrupt the daily function of Terra and its users.

• Post any material that infringes or violates the academic/intellectual rights of others.

• View or use The Cancer Genome Atlas ("TCGA") controlled access data hosted on Terra unless you are authorized through dbGaP.

• Share or distribute TCGA controlled access data hosted on Terra with other users unless they have dbGaP authorization.

• Use Terra to generate, distribute, publish, or facilitate unsolicited mass email, promotions, advertisings or other solicitations or mine for cryptocurrency.

Registration

You must sign up to Terra under a Google-managed identity. Both private Gmail accounts and institutional Google Apps accounts are allowed. For increased security when using Terra, we recommend enabling 2-Step verification for your Google-managed identity. For information about how your registration information is accessed and used, see our privacy policy.

Restrictions on the Use of Shared and Group Accounts

You cannot access Terra using group or shared accounts. The credentials used for authenticating to Terra must belong to a single individual.

Restrictions on the Use of Tutorial Workspaces

Terra provides tutorial workspaces preloaded with best practice analysis pipelines and example data from TCGA. These workspaces are intended for tutorial purposes only, not for computing on personal data.

You must not upload your own data sets to these workspaces, nor should you add workflows (Method Configs). If you do not follow these guidelines, your Terra/Firecloud account may be deactivated.

Accessing a Government Website

Terra is a multi-tenant data storage and analysis platform. Terra may host or otherwise facilitate access to government-owned research datasets. Additionally, Terra may serve or interface with select approved web portals that function as an entry point to the platform. Some of these web portals are US Government websites.

By accepting these Terms of Service, you acknowledge:

• Websites and datasets that are US Government websites and datasets may contain information that must be protected under the US Privacy Act or other sensitive information and are intended for Government authorized use only. Unauthorized attempts to upload information, change information, or use of these websites or datasets may result in disciplinary action, civil, and/or criminal penalties. Unauthorized users of these websites or datasets should have no expectation of privacy regarding any communications or data processed by these websites. A list of US Government websites and datasets can be found here

• By using any of these websites or otherwise accessing these datasets through Terra, you expressly consent to monitoring of your actions and all communications or data transiting or stored on related to this website and are advised that if such monitoring reveals possible evidence of criminal activity, NIH may provide that evidence to law enforcement officials.

Access Levels

Your level of access to systems and networks owned by Broad is limited to ensure your access is no more than necessary to perform your legitimate tasks or assigned duties. If you believe you are being granted access that you should not have, you must immediately notify the Broad Operations Center at infosec@broadinstitute.org.

Restricted Use of TCGA Controlled-Access Data

To access TCGA controlled access data, you must first request to link your Terra account to the eRA Commons or NIH identity under which you are granted dbGaP authorized access. If you have dbGaP authorized access, Terra permits read access to the TCGA controlled-access data files.

If the NIH or eRA commons identity authentication fails or the authenticated identity no longer appears in the NIH-provided whitelist, you can no longer access TCGA controlled access data files. It is your responsibility to delete any TCGA controlled-access data in your personal workspaces if you lose dbGaP authorized access. You must also refrain from distributing TCGA controlled access data to users unless they have dbGaP authorized access.

Termination of Use

We may in our sole discretion suspend/terminate your access to Terra without notification. We may also periodically review and remove accounts for which a user has not logged on.

External Links

Terra may provide links that are maintained or controlled by external organizations. The listing of links are not an endorsement of information, products, or services, and do not imply a direct association between the Broad and the operators of the outside resource links.

Content

By accessing Terra, you expressly consent to monitoring of your actions and all content or data transiting or stored therein. We reserve the right to delete, move, or edit any data, which we consider to be unacceptable or inappropriate.

Data and Workspaces

When a user uploads private data to a workspace, they are responsible for ensuring authorization domains are attached to the workspace to control the set of possible users to only those who have adequate permissions to work with those data. For instance, if a lab collects sensitive human genomic information through their research, the user who uploads the lab's data to a Terra workspace must select one or more managed groups to set as authorization domains. This way, only members from the group (perhaps other lab members who may also see and use the data) have access. Authorization domains will remain with all cloned versions of the workspace. If data are shared inappropriately or with unauthorized users through the Terra platform, your access to Terra may be suspended or terminated and, in some instances, Terra staff may contact the user's institution.

Users creating a Terra Workspace are expected to ensure that data use and sharing within any workspace to which they upload private data, or any copies of such workspaces, are conducted in accordance with all applicable national, tribal, and state laws and regulations, as well as relevant institutional policies and procedures for handling genomic data.

Questions? Contact infosec@broadinstitute.org.

Disclaimer of Warranty

You expressly understand and agree that your use of Terra, or any material available through it, is at your own risk. Neither the Broad nor its employees warrant that Terra will be uninterrupted, problem-free, free of omissions, or error-free; nor do they make any warranty as to the results that may be obtained from Terra.

Limitation of Liability

In no event will Broad, its affiliates or participating institutions, or their respective directors, officers, employees, faculty members or students be liable for any damages, include incidental, indirect, special, punitive, exemplary, or consequential damages, arising out of your use of or inability to use Terra, including without limitation, loss of revenue or anticipated profits, loss of goodwill, loss of data, computer failure or malfunction, or any and all other damages.

HIPAA, Protected Health Information, and the Clinical Compliance Features

Terra is not a Covered Entity as that term is defined in the Health Insurance Portability and Accountability Act of 1996, as amended, and its related regulations (collectively, "HIPAA"). On occasion, Terra may agree in writing with a user to perform services for the user in the storing PHI. We recommend that such users enter into a formal agreement with Terra/Firecloud.

Terra does offer clinical compliance features as part of its service ("Compliance Features") for users who wish to upload, store, or otherwise transfer PHI, as well as users who are using the Site in connection with their clinical operations. Users who desire to upload, store, or otherwise transfer PHI using the Site must implement all of the required Clinical Features and must enter into a formal agreement with Terra/Firecloud stating that. The uploading, storing, or transferring of PHI using the Site by users that have not implemented the Clinical Features is strictly prohibited. You agree that, unless you have implemented the Clinical Features, you will not upload, store, or otherwise transfer PHI using the Site.

You acknowledge that this may require you, in some instances, to anonymize sequence data prior to uploading it to the Site. You further agree to indemnify and hold harmless Terra of and from any and all claims, demands, losses, causes of action, damage, lawsuits, judgments, including attorneys' fees and costs, arising out of or relating to your uploading, storing, or transferring of PHI without having fully implemented the Clinical Features.

Terms as of February 12, 2020.