Security Addendum

This Security Addendum is part of Your Terms with Hubble_S. Any capitalized terms used but not defined in this Security Addendum have the meaning set forth in the Terms. The computing services utilized to offer the Socrat_s product are cloud-based and provided to Hubble_S via one or more cloud serviceproviders and represent our “Cloud Environment”.

1.   SERVICE PROVIDERS CERTIFICATIONS

1.1. All our Service Providers areSOC Type 2 Compliant and are regularly assessed by independent third-party auditors.

2.  HOSTING LOCATION OF CUSTOMER DATA

2.1.   By default Customer Data andContent will be hosted by Hubble_S in data centers located in the EuropeanUnion, provided by Amazon Web Services, Inc.

2.2. You may request to have yourCustomer Data and Content stored outside the European Union, and Hubble_S will use commercially reasonable efforts to do so where supported by our underlying cloud service provider(s) and where otherwise in compliance with applicable laws and regulations.

3. ENCRYPTION

3.1.  All our Service Providers encryptCustomer Data and Content at-rest using AES 256-bit (or better) encryption. OurService Providers use Transport Layer Security 1.2 (or better) for CustomerData in-transit over untrusted networks.

4. SYSTEM AND NETWORK SECURITY

4.1.  Hubble_S personnel access to our Cloud Environment is with a unique user ID and is consistent with the principle of least privilege.  Access requires a secure connection from a white-listed IP, multi-factor authentication, and passwords meeting or exceeding reasonable length and complexity requirements.

4.2. Hubble_S personnel will not access Customer Data except to provide or support the Service.

4.3. In accessing our CloudEnvironment, our personnel will use company-issued laptops which utilize security controls.

4.4. Hubble_S shall protect itsCloud Environment using at least industry standard security practices.

5. ADMINISTRATIVE CONTROLS

5.1. Hubble_S maintains security awareness and training programs for its personnel including at time of on-boarding.

5.2. Hubble_S personnel are required to sign confidentiality agreements and are required to acknowledge responsibility for reporting security incidents involving Customer Data.

5.3. Hubble_S removes access on a timely basis for all separated personnel and additionally reviews the access privileges of its personnel to its cloud environment.

6. PHYSICAL DATA CENTER CONTROL

6.1.  Our Cloud Environment is maintained by one or more cloud service providers. We ensure that our cloud service providers data centers have appropriate controls as audited under their third-party audits and certifications. Each cloud service provider shall haveSOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks. Such controls include:

·      Physical access to facilities are controlled at building ingress points;

·      Visitors are required to present ID and must be signed in;

·      Physical access to servers is managed by access control devices;

·      Physical access privileges are reviewed regularly;

·      Facilities utilize monitor and alarm response procedures;

·      Facilities utilize CCTV;

·      Facilities have adequate fire detection and protection systems;

·      Facilities have adequate back-up and redundancy systems; and

·      Facilities have appropriate climate control systems.

6.2. Hubble_S does not maintain physical offices other than for limited corporate purposes. Under no circumstances is Customer Data stored or hosted at such offices.

7. INCIDENT DETECTION AND RESPONSE

7.1.  If Hubble_S becomes aware of a breach of security leading to the destruction, loss, alteration, un authorized disclosure of, or access to Customer Data (a “Security Incident“), Hubble_S shall notify You without undue delay, and in any case, within 72 hours after becoming aware. You will be notified at the security notice email address indicated on your currently operative order form or as otherwise determined appropriate by Hubble_S.

7.2. In the event of a SecurityIncident as described above, Hubble_S shall promptly take reasonable steps to contain, investigate, and mitigate any Security Incident. Any logs determined to be relevant to a Security Incident, shall be preserved for at least one year.

7.3. Hubble_S  shall provide You with timely information about the Security Incident, including the nature and consequences of theSecurity Incident; the status of our investigation, and a contact point from which additional information may be obtained. Hubble_S shall also share information about the measures taken and/or proposed by Hubble_S  to mitigate or contain the Security Incident after the investigation into the Security Incident has concluded.Communications in connection with a Security Incident shall not be construed asan acknowledgment by Hubble_S of any fault or liability with respect to the Security Incident.

8. CUSTOMER RIGHTS AND SHARED RESPONSIBILITY

8.1. It is the Customer’s responsibility to ensure that it is authorized to use any Input or CustomerData with the Service and that Your usage complies with relevant legal and regulatory obligations.

8.2. You are responsible for managing and protecting Your credentials to access the Service. User credentials must be kept confidential and may not be shared with un authorized parties. You must promptly report any suspicious activities related to Your account(s) (such as when You reasonably believe that credentials have been compromised).

8.3. You are responsible for keepingYour relevant IT systems (such as the browser You use to access the Service)up-to-date and appropriately patched.