<p style='color:red;'>DRAFT ONLY FOR DISCUSSION AND REVIEW.</p>
<p align="center">
    <b>DATA
SECURITY POLICY</b></p>
<p align="center">
    <b>CUTE.EXCHANGE</b></p>
<p>
    <b>Organizational
Controls</b></p>
<p align="justify">
    CUTE.EXCHANGE (the “Company”) personnel are expected to be competent, thorough, helpful, and courteous stewards of customer information that is stored on COMPANY products and in COMPANY data centers. COMPANY has established a number of measures to ensure
    that customers and their data are treated properly.</p>
<p>
    <b>Privacy
and Control Mechanisms</b></p>
<p align="justify">
    COMPANY only uses the information provided by our customers to deliver the products and services purchased. All customer data is managed in compliance with our Privacy Policy. In addition, some products and all US Data Centers are audited to provide an
    independent validation of our policies and procedures around securing customer data.
</p>
<p align="justify">
    COMPANY complies with any portion of HIPAA or the HITECH Act that are directly applicable to COMPANY. In particular, the COMPANY Platform safeguards replicated data in such a way as to satisfy HIPAA’s Security Rule. Customers wishing to establish a Business
    Associate relationship with COMPANY per 45 CFR 164.502(e) and 164.504(e) should request a Business Associate Agreement from COMPANY. The Business Associate Agreement defines commitments that COMPANY will make to maintain HIPAA and HITECH compliance
    as required
</p>
<p>
    <b>COMPANY
Employees</b></p>
<p>
    All employees are required to accept and acknowledge in writing COMPANY’s policies for nondisclosure and protection of COMPANY and third-party confidential information, including acceptable use of confidential information. In the course of assisting customers
    with their technology solutions, COMPANY support technicians understand that they may come into contact with customer communications and/or customer data and they must keep this information confidential.</p>
<p>
    <b>Training</b></p>
<p>
    Technicians who support COMPANY products are prepared in a variety of ways. New tier 1 technicians receive class time training with tier 2 technicians and the support management team. New support technicians also spend a period of time as an understudy
    to an established technician for each product in which they intend to become certified. Product knowledge is tested and established through formal online training and all technicians are expected to meet a pre-defined standard before supporting customers
    directly.
</p>
<p>
    All COMPANY support technicians receive ongoing training in product-specific training sessions.
</p>
<p>
    When an employee or contractor leaves COMPANY, a formal process is in place to immediately revoke physical and network access to COMPANY facilities and resources.</p>
<p>
    <b>Architecture
and Infrastructure Security</b></p>
<p>
    <b>Storage
Facility Standards</b></p>
<p>
    COMPANY leases space in a number of data centers worldwide. Each COMPANY data center is equipped with the following:</p>
<ul>
    <li>
        <p>
            Controlled access systems requiring key-card authentication</p>
        <li>
            <p>Video-monitored access points</p>
            <li>
                <p>Intrusion alarms
                </p>
                <li>
                    <p>Locking cabinets
                    </p>
                    <li>
                        <p>Climate control systems</p>
                        <li>
                            <p>Waterless fire-suppressant systems</p>
                            <li>
                                <p>Redundant power (generator backup, UPS, no single point of failure)</p>
                                <li>
                                    <p>Redundant Internet connectivity</p>
                                    <li>
                                        <p>ISO and/or SOC II certified</p>
</ul>
<p>
    <b>Data
Location</b></p>
<p>
    Knowing the geographic location of their data is important for customers operating in regulated industries or in countries with data protection laws. COMPANY understands that some customers must maintain their data in a specific geographic location, such
    as within the European Union or within countries that are members of the Asia-Pacific Economic Cooperation (APEC) forum.
</p>
<p>
    To that end, COMPANY maintains a network of Platform-scale data centers by geographic location around the globe, and verifies that each meets defined security requirements. However, not all COMPANY products are deployed in all regions. To determine where
    data for a particular COMPANY product is stored, please refer to the product-specific security document.
</p>
<p>
    <b>Redundancy</b></p>
<p>
    Data in the COMPANY Platform is stored in a proprietary storage system developed and managed by COMPANY. This system maintains two copies of customer data to provide redundancy. In the United States, the two copies are stored in separate data center locations.
    Outside of the United States, the two copies are stored within the same location on separate storage systems.</p>
<p>
    <b>Platform
Security</b></p>
<p>
    COMPANY uses a defense-in-depth strategy and proprietary hardened software and operating systems to protect data and services. COMPANY conducts regular inspections to ensure the security of its systems.</p>
<p>
    <b>Product
Security</b></p>
<p>
    <b>COMPANY
Central</b></p>
<p>
    COMPANY Central is the 24/7 security center operated by COMPANY Networks to monitor and block the latest Internet threats. Data collected at COMPANY Central is analyzed and used to create definitions for automatic Energize Updates that fuel COMPANY products.
</p>
<p>
    COMPANYCentral.org is dedicated to providing technical insight for security professionals. By sharing data, COMPANYCentral.org aims to build a strong community to collectively fight the latest Internet threats.
</p>
<p>
    <b>Data
Privacy</b></p>
<p>
    <b>1.
Your Data </b>
</p>
<p>
    Data stored in the COMPANY Platform is our customers’ data and we protect their right to make decisions about that data and we are transparent about what happens to that data. With the COMPANY Platform, you are the owner of your customer data.
</p>
<p>
    Customer data is defined as all data, including text, sound, video, or image files and software, that you provide to COMPANY, or is provided on your behalf.
</p>
<p>
    COMPANY will use your customer data only to provide the services we have agreed upon, and for purposes that are compatible with providing those services.
</p>
<p>
    You can access your customer data at any time and for any reason without assistance from COMPANY. We restrict access to it to COMPANY personnel and subcontractors. We provide simple, transparent data-use policies.
</p>
<p>
    <i><b>We
do not use customer data for advertising </b></i>
</p>
<p>
    Except as set forth below, COMPANY does not share customer data with our advertiser-supported services, nor do we mine it for marketing or advertising.
</p>
<p>
    In addition to providing the service and day-to-day operations, COMPANY may use your data for the following:</p>
<ul>
    <li>
        <p>
            Troubleshooting aimed at preventing, detecting, and repairing problems affecting the operation of services</p>
        <li>
            <p>Ongoing improvement of features, such as those that improve the reliability of our services, or involve the detection of, and protection against, threats to the services or customer data (such as malware or spam)
            </p>
            <li>
                <p>Providing personalized customer experiences</p>
                <li>
                    <p>Contacting you about new products and services</p>
</ul>
<p>
    Furthermore, the COMPANY Platform uses systems that are kept logically separate from internal systems run by COMPANY.
</p>
<p>
    <i><b>We
use logical isolation to segregate each customer’s data from that
of others </b></i>
</p>
<p>
    COMPANY Platform services are multi-tenant services, meaning that your data, deployments, and virtual machines may be stored on the same physical hardware as that of other customers. When data from many customers is stored at a shared physical location,
    COMPANY logically segregates storage and processing for different customers through specialized technology engineered specifically for that purpose.
</p>
<p>
    COMPANY takes strong measures to protect customer data from inappropriate use or loss and to prevent customers from gaining access to one another’s data.
</p>
<p>
    <i><b>We
provide simple, transparent data-use policies and get independent
audits</b></i></p>
<p>
    COMPANY provides you with details of our data protection policies and practices in clear, straightforward language in the Privacy Policy.</p>
<p>
    <i><b>Our
subcontractors are contractually obligated to meet our privacy
requirements </b></i>
</p>
<p>
    COMPANY may hire other companies to provide limited services, such as data colocation services. We provide customer data as required to deliver the services we have retained them to provide. Subcontractors are prohibited from using customer data for any
    other purpose, and they are required to maintain the confidentiality of our customers’ information.
</p>
<ul>
    <li>
        <p>
            Subcontractors who handle customer data in COMPANY Platform services must enter into additional agreements with COMPANY that subject them to data protection terms.</p>
        <li>
            <p>Subcontractors who handle COMPANY Platform customer data in their own facilities are required to set up and follow privacy standards equivalent to our own.</p>
</ul>
<p>
    <b>Control
of your Data</b></p>
<p>
    <b>You
control access to your customer data </b>
</p>
<p>
    <b>Access
by COMPANY personnel. </b>
</p>
<p>
    COMPANY personnel are granted access only when necessary under management oversight. COMPANY personnel will use customer data only for purposes compatible with providing you the services, which can include customer support and troubleshooting services.</p>
<p>
    <b>Access
by subcontractors.</b></p>
<p>
    COMPANY may hire other companies to provide limited services. Subcontractors can access customer data only to deliver the services we have hired them to provide. Subcontractors are prohibited from using customer data for any other purpose, and are required
    to maintain the confidentiality of our customers’ information.</p>
<p>
    <b>Limits
to access.</b></p>
<p>
    The operational processes and controls that govern access to and use of customer data in the COMPANY Platform are regularly verified. COMPANY regularly performs sample audits to attest that access is only for legitimate business purposes. Strong controls
    and authentication help limit access to customer data to authorized personnel only. When access is granted, whether to COMPANY personnel or our subcontractors, it is carefully controlled and logged, and revoked as soon as it is no longer needed.</p>
<p>
    <b>Government
and law enforcement requests.</b></p>
<p>
    COMPANY imposes carefully defined requirements around government and law enforcement requests for customer data. We will not disclose data hosted in the COMPANY Platform to a government agency except as you direct or where required by law. When we receive
    a government or law enforcement request for customer data, we attempt to redirect the third-party to obtain the requested data from our customer.</p>
<p>
    <b>You
control your customer data if you leave the service</b></p>
<p>
    COMPANY follows strict standards and specific processes for removing customer data from all systems under our control.</p>
<p>
    <b>Data
portability</b></p>
<p>
    You can retrieve a copy of your customer data at any time and for any reason without any assistance or notification required from COMPANY.</p>
<p>
    <b>Data
retention</b></p>
<ul>
    <li>
        <p>
            If you, the customer, terminate your subscription or it expires (except for free trials), COMPANY will store your customer data in a limited-function account for 30 days (the retention period) to give you time to export the data or renew your subscription.
            During this period, COMPANY provides multiple notices, so you will be amply forewarned of the upcoming deletion of data.
        </p>
        <li>
            <p>After this 30-day retention period, COMPANY will disable the account and may delete all customer data at its discretion, including any cached or backup copies.</p>
</ul>
<p>
    In the multitenant environments of COMPANY Platform services, we take careful measures to logically separate customer data to help prevent one customer’s data from leaking into the data of another customer, as well as to help block any customer from accessing
    another customer’s deleted data.
</p>
<p>
    <b>Data
deletion on physical storage devices</b></p>
<ul>
    <li>
        <p>
            When a disk drive used for storage in the COMPANY Platform suffers a hardware failure, it is securely erased or destroyed before COMPANY returns it to the manufacturer for replacement or repair. All of the data on the drive is completely overwritten to
            ensure that the data cannot be recovered by any means.</p>
</ul>
<p>
    <b>You
have options to control the security of your customer data </b>
</p>
<p>
    The COMPANY Platform uses encryption to safeguard your data and help you maintain control over it.</p>
<p>
    When customer data moves over a network, the COMPANY Platform uses industry- standard secure transport protocols between user devices and COMPANY data centers, as well as within the data centers themselves.
</p>
<p>
    The COMPANY Platform uses industry-standard encryption for data at rest in transit.</p>
<p>
    <b>How
we respond to government requests</b></p>
<p>
    When governments or law enforcement make a lawful request for customer data from COMPANY, we are committed to transparency and limit what we disclose. Because COMPANY believes that customers should control their own data, we will not disclose data hosted
    in the COMPANY Platform to a government or law enforcement agency except as you direct or where required by law.</p>
<p>
    <b>We
do not offer direct access to customer data.</b></p>
<p>
    We believe that you should control your own data. COMPANY does not give any third-party (including law enforcement, other government entity, or civil litigant) direct or unfettered access to customer data except as you direct, or as required by law.</p>
<p>
    <b>We
redirect law enforcement and other third-party requests to the
customer.</b></p>
<p>
    When we receive a government or law enforcement request for customer data, we always attempt to redirect the third third-party to obtain the requested data from our customer.</p>
<p>
    For valid requests that we are not able to redirect to the customer, we disclose information only when we are legally compelled to do so, and we always make sure that we provide only the data specified in the legal order.
</p>
<p>
    In either case, requests may require the release of the customer’s basic contact information.</p>
<p>
    <b>We
do not give access to platform encryption keys. </b>
</p>
<p>
    We do not provide any government with our encryption keys or the ability to break our encryption.</p>
<p>
    <b>Acceptable
Use and Conduct</b></p>
<p>
    All users must be registered to access the COMPANY Platform. Individual users must register using their name, and entity users must register under the legal name of their entity. You will be solely responsible and liable for any activity that occurs under
    your account.</p>
<p>
    You are solely responsible for the legality and appropriateness of your customer data uploaded or otherwise placed into the COMPANY Platform.

</p>
<p>
    COMPANY may immediately and without prior notice to You, remove any content or data, or suspend or cancel accounts if it becomes aware of any misuse or illegal actions associated with an account or user.
</p>
<p>
    When using the COMPANY Platform, you must not use the services to do any of the following things:</p>
<ul>
    <li>
        <p>
            Copy or upload files or information unless you have a legal right to the files or information;
        </p>
        <li>
            <p>Probe, scan, or test the vulnerability of any system, or attempt to circumvent any security or authentication measures;
            </p>
            <li>
                <p>Access, tamper with, or use non-public areas of the COMPANY Platform. or attempt to access or search the COMPANY Platform through non-public interfaces;
                </p>
                <li>
                    <p>Attempt to disrupt any user or network by sending a virus, malware, overloading, flooding, spamming, or mail-bombing, or otherwise interfere with the use of other users;
                    </p>
                    <li>
                        <p>Send unsolicited communications, promotions, advertisements, or spam;
                        </p>
                        <li>
                            <p>Attempt to access another user’s account;</p>
                            <li>
                                <p>Send altered, deceptive, or false source-identifying information, including “spoofing” or “phishing”;
                                </p>
                                <li>
                                    <p>Publish anything that is fraudulent, misleading, or infringes on another’s rights;
                                    </p>
                                    <li>
                                        <p>Misrepresent yourself or affiliation with an entity; or</p>
                                        <li>
                                            <p>Publish or share materials that are offensive, defamatory, or unlawful.
                                            </p>
</ul>
<p>
    <b>Export
Restrictions</b></p>
<p>
    The COMPANY Platform services may be controlled for export purposes. You must comply with all United States export laws and regulations. You assume sole responsibility for any required export approval and/or licenses and all related costs and for the
    violation of any United States export law or regulation. If you are located in a country subject to embargo by the United States government, you are not entitled to use the COMPANY Platform services.</p>
<p>
    Updated: June 2024
</p>