This LinkSquares Security Addendum (the “Security Addendum”) outlines our approach with respect to the security and integrity of Client Data. As the security landscape evolves, we may make updates to our security program and approach and we reserve the right to update these terms from time to time; provided, however, we agree not to materially diminish the overall security measures that we have outlined in this Security Addendum unless required to comply with applicable law or address an emergency situation. This Security Addendum is incorporated into and made a part of the agreement between LinkSquares and Client covering Client’s use of the Services that references this document (the “Agreement”).
Capitalized terms that are not defined in this Security Addendum shall have the meaning ascribed to them in the Agreement. To the extent that any provisions of this Security Addendum conflict with the terms of the Agreement, the terms of this Security Addendum shall control but solely as it relates to the security of Client Data.
1. Security Organization Overview & Certifications: LinkSquares takes commercially reasonable efforts to adopt, implement and maintain appropriate technical, organizational, administrative, and physical security measures designed to protect and safeguard Client Data that are appropriate to the nature of the Services and LinkSquare’s operations (the “Security Program”).
2. Personnel and Training: LinkSquares requires its employees to undergo security training during onboarding, and annually thereafter (unless an extension is allowed due to an authorized leave of absence or other justifiable reason).
3. Secure Software Development: LinkSquares develops its products using commercially reasonable secure software development practices, which may include (a) segregating development and production environments; (b) filtering out potentially malicious character sequences in user inputs; (c) using secure communication techniques, including encryption; (d) using sound memory management practices; (e) using web application firewalls to address common web application attacks such as cross-site scripting, SQL injection and command injection; (f) patching of software; (h) testing object code and source code for common coding errors and vulnerabilities using code analysis tools; or (i) testing of web applications for vulnerabilities using web application scanners.
4. Encryption: LinkSquares has implemented encryption architecture for saving and transmitting Client Data that is in line with commercially reasonable industry standard practices. LinkSquares will encrypt, using commercially reasonable industry standard encryption tools, Client Data that LinkSquares transmits or sends wirelessly or across public networks or within the facilities, systems, equipment, hardware, and software used in connection with LinkSquares processing of Client Data (the “LinkSquares Systems”).
5. System & Network Controls: LinkSquares has implemented and will maintain a software and system vulnerability program that is designed to detect critical security issues and is capable of providing a record of LinkSquares’ routine and regular use of such systems. LinkSquares uses internal and external audit and compliance processes for the network including but not limited to blocking unauthorized ingress, egress and exfiltration through technologies such as firewalls. LinkSquares has implemented a standardized two-factor remote access architecture with documented controls for access to Client Data.
6. Access Controls and Account Management: LinkSquares has processes in place to: (a) implement a “principle of least privilege” policy pursuant to which we restrict the access or use of Client Data to personnel, contractors, or authorized agents (the “Representatives”) that have a need to access or use such Client Data to provide the Services or other obligations under the Agreement, (b) promptly terminate its Representatives access to Client Data when such access is no longer required under the Agreement, and (c) retain records detailing its Representatives access to Client Data for no less than 90 days. Additionally, LinkSquares will use commercially reasonable efforts to manage the creation, use, and deletion of all account credentials that may be used to access the LinkSquares Systems. These efforts may include: (i) segregated accounts with unique credentials for each user, (ii) limiting access to users with administrative accounts, (iii) implementing password best practices, including use of strong passwords and secure password storage methods, and (iv) periodic audits of accounts and credentials.
7. Physical Security: All Client Data access is limited to only the systems and authorized individuals that have a need to access such Client Data to provide the Services to Client. In addition, LinkSquares has implemented physical security controls at LinkSquares’ headquarters, offices and data centers, including badge access controls at all points of egress, security cameras, and access logs.
8. Security Incidents: LinkSquares will use commercially reasonable efforts to notify Client without undue delay after becoming aware of any actual unauthorized and improper use of Client Data (“Security Incident”). In any such notice, LinkSquares will use reasonable efforts to provide Client with an overview of the Security Incident, and such overview may include: (a) a description of the Security Incident, (b) categories and number of records concerned, (c) types of information affected, (d) date and time of the Security Incident, (e) a summary of the circumstances that caused the Security Incident and any ongoing risks that the Security Incident poses, (f) a description of the measures proposed or taken by LinkSquares to address the Security Incident, and (e) any other information reasonably requested by Client relating to the Security Incident. If and solely to the extent it is not possible to provide the above information at the same time, the information may be provided in phases without undue delay. LinkSquares will provide reasonable assistance to Client to investigate, remediate or take any other action that LinkSquares deems, in its sole opinion, reasonably necessary to mitigate and remediate the Security Incident.
9. Policies: LinkSquares will implement and maintain commercially reasonable information technology security policies.