This document sets out the description of types of technical and organizational security measures that have been implemented by Dorsia to protect customer data:

1. Dedicated staff responsible for the development, implementation and maintenance of Dorsia’s information security program.

2. Audit procedures for the purposes of periodic review and assessment of risks to Dorsia’s organization and monitoring and maintaining compliance with Dorsia’s policies and procedures.

3. Data security controls which include at a minimum, but may not be limited to, logical segregation of data and restricted (e.g., role‑based) access and monitoring.

4. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g., granting access on a need‑to‑know basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access when employment terminates or changes in job functions occur).

5. Physical and environmental security of data centers and other areas containing personal data designed to protect information assets from unauthorized physical access.

Dorsia may update or modify these security measures from time to time provided that such updates and modifications do not materially decrease the overall security of the relevant personal data.