This Security Measures addendum ("Security Measures") form part and governed by the Unitalk Master Services Agreement established between Unitalk ("Unitalk") and the Customer ("Customer") (the "Agreement"), and take effect concurrently with the Agreement's Effective Date.

Terms utilized herein but not specifically defined will adopt the meanings ascribed to them within the Data Processing Addendum (DPA) or the Master Services Agreement.

1. Roles of the Parties

Unitalk maintains an information security program designed to safeguard its systems, data, Unitalk's Services and Customer Data (including Customer Personal Data).

Unitalk commits to implementing reasonable and appropriate organizational and technical security measures to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of data submitted by Customer.

This Addendum describes the information security program and security standards that Unitalk maintains with respect to the Services and handling of Customer Data and Customer Personal Data.

The Customer holds the responsibility for examining the information presented by Unitalk in this addendum. Based on this review, the Customer must make an independent judgment regarding whether these Security Practices adequately meet the Customer's specific needs and fulfill its legal responsibilities under relevant Data Protection Laws.

2. Updates to Security Measures

The Customer recognizes that security measures naturally evolve alongside technological advancements and that Unitalk may periodically update or adjust these Security Practices provided that such revisions or modifications will not result in the degradation of the overall security level provided for the Services purchased by the Customer.

3. Security Measures description

A. Data Security

• Data Hosting. Customer Data is hosted by AWS Cloud Platform, which is SOC2, ISO 27001 and ISO 27018 compliant.
• Data Backups. Automated backups of all Customer Data and system data is enabled, and data is backed up daily at minimum. The backups are encrypted in the same way as live production data, and are monitored and alerted.
• Encryption at rest. Customer Data is encrypted at rest using AES-256. Customer Data is encrypted when at rest in cloud storage and databases, and in backups.
• Encryption in transit. Data sent in-transit is encrypted using TLS 1.2 or greater.
• Data erasure. Unitalk customers are Controllers of their data. Each customer is responsible for the information they create, use, store, process and destroy. Unitalk customers have the ability to request data deletion, when data is not subject to regulatory or legal retention periodicity requirements. Please refer to our Data Processing Agreement (”DPA”) for more details.
• Physical security. Unitalk leverages AWS to host our application, and defers all data center physical security controls to AWS which you can read more about here.
• Data Ingestion. Unitalk provides granular control over which data sources get ingested. When adding a managed connection, admins can specifically select which spaces, channels, or folders Unitalk will access.
• Data Segregation. Unitalk applies a strict logical segregation of data across workspace, all data being directly related to a unique workspace identifier.