Privacy Policy

IUNU Security Assurance

We’re committed to the security of our customers’ data and provide multiple layers of protection for the
personal data and business information you entrust to iUNU. These include:

You control access
As our customer, you have the flexibility to invite users into your account to collaborate on your data, and the
person that holds the administrative privileges has control over who has access and what they are able to do.
If you choose to administer these privileges, our customer support staff cannot access your information unless
you invite them to help.

User authentication
We provide standard access to our software-as-a-service through a login and password. In addition, you have
the option of using two-step authentication (using a unique code sent by text or generated by a separate
authenticator app on your smartphone) for your account. This provides a second level of security and reduces
the risk of your account being accessed if your password is compromised.

Data encryption
We encrypt all data that goes between you and our servers using industry-standard TLS (Transport Layer
Security), protecting your personal and business data. Your data is also encrypted at rest when it is stored on
our servers, and encrypted when we transfer it between data centers for backup and replication.

Data Segregation
We keep user data and customer-specific information separate from “crop data” that we gather from our
customer’s business operations, thus minimizing access to users who do not have a “need to know.”

Network protection
We take a “defense in depth” approach to protecting our systems and your data. Multiple layers of security
controls protect access to and within our environment, including firewalls, protection from intrusion, and
network segregation. Our security services are configured, monitored, and maintained according to industry
best practice. We utilize industry-leading data storage vendors and their security systems to leverage their
expertise and global threat intelligence to protect our systems and your data.Secure data centers
Our cloud services are hosted on enterprise-grade hosting facilities that employ robust physical security
controls to prevent physical access to the servers they house. These controls include 24/7/365 monitoring and
surveillance, on-site security staff, and regular ongoing security audits. We maintain multiple geographically
separated data replicas and hosting environments to minimize the risk of data loss or outages.

Security monitoring
Our support team continuously monitors security systems, event logs, notifications, and alerts from all
systems to identify and manage threats.

IUNU Privacy Notice

By accessing our websites and using our services, you explicitly accept, without limitation or qualification, our practices surrounding the collection, use, and sharing of personal data provided by you or others in the manner described in this
Privacy Notice. If you disagree with this, please do not access our websites or use our services.

I. Scope of This Privacy Notice
This Privacy Notice describes the types of personal data that we (and by this we mean iUNU, Inc. and all its
wholly owned subsidiaries) collect from you or from others when you access, view, and interact with our
websites, when you use our software-as-a-service (no matter how you access it), or when you attend our
online or in-person events and trainings (we refer to all of this as our “services”).

When we refer to “personal data,” we mean identifiable information about you, like your name, employer, job
title, email, address, telephone number, bank account details, payment information, support queries,
community comments, and so on. If you can’t be identified (including when personal data has been
aggregated and anonymized), then this notice doesn’t apply. Our Terms of Use (along with any applicable
services agreement that we enter into with a customer) describes our obligation with respect to data that is
not personal data.

We may need to update this notice from time to time. If we make a significant change, we will notify you
ahead of time, typically by email.

II. We Collect Personal Data
We collect personal data from or about you in the following general ways:
Information you provide to us directly: When you visit our websites or use our services, we might ask you to
provide personal data to us. For example, we collect information when you sign up for an account, respond to
a job application or an email offer, participate in community forums, join us on social media, take part in
training and events, contact us with questions, or request support. If you don’t want to provide us with
personal data, you don’t have to, but it might mean you can’t use some parts of our websites or services.

Information we collect automatically: We collect some information about you automatically when you visit our
websites or use our services, like your IP address and device type. We also collect information when you
navigate through our websites and services, including what pages you looked at and what links you clicked on.2This information is useful for us as it helps us get a better understanding of how you’re using our websites
and services so that we can continue to provide the best experience possible (e.g., by personalizing the content
you see).

Some of this information is collected using cookies and similar tracking technologies. If you want to find out
more about cookies and how you can control them, take a look at, for example,
http://www.allaboutcookies.org.

Information we get from our customers and other third parties: The majority of information we collect, we collect
directly from you or from a customer who has authorized you to use our services on its behalf. Sometimes we
might collect personal data about you from other sources, such as from publicly available materials or trusted
third parties like our marketing and research partners. We use this information to supplement the personal
data we already hold about you, in order to better inform, personalize, and improve our services, and to
validate the personal data you provide.

If we don’t collect your personal data, we may be unable to provide you with all our services, and many
functions and features on our websites may not be available to you.

II. We Use Personal Data
We use your personal data primarily to operate our websites and to provide the services you or a customer
requests, and to manage our relationship with you. We also use your personal data for other purposes, which
may include the following:

To communicate with you, such as:
• providing you with information you’ve requested from us (like training or education materials) or
information we are required to send to you;
• operational communications, like changes to our websites and services, security updates, or assistance
with using our websites and services;
• marketing communications (about our services or another product or service we think you might be
interested in) in accordance with your marketing preferences; and3• asking you for feedback or to take part in any research we are conducting (which we may engage a
third party to assist with).

To support you: This may include assisting with the resolution of technical support issues or other issues
relating to the websites or services, whether by email, in-app support, or otherwise.
To enhance our websites and services: We may track and monitor your use of websites and services so we can
keep improving; or we may conduct a technical analysis so that we can optimize user experience and provide
more efficient tools.

To protect: We may use personal data so that we can detect and prevent any fraudulent or malicious activity,
and to make sure that everyone is using our websites and services fairly and in accordance with our terms of
use.

To analyze, aggregate, and report: We may use the personal data we collect about you and other users of our
websites and services (whether obtained directly or from third parties) to produce aggregated and anonymized
analytics and reports, which we may share publicly or with third parties.

III. We Share Personal Data
There will be times when we need to share your personal data with third parties. We will only disclose your
personal data to:

• other companies in the iUNU group of companies;
• customers with whom you are affiliated and who have granted you the right to access and use our
services on their behalf;
• third party service providers and partners who assist and enable us to use the personal data to, for
example, support delivery of or provide functionality on the website or services, or to market or
promote our goods and services to you;
• regulators, law enforcement bodies, government agencies, courts or other third parties where we
think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend
our legal rights (where possible and appropriate, we will notify you of this type of disclosure);4• an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed
purchase, merger, or acquisition of any part of our business; and
• other people where we have your consent.

IV. We Aim to Safeguard Personal Data
We take every reasonable measure and precaution, consistent with standard industry practices, to protect and
secure your personal data from unauthorized access, alteration, disclosure, or destruction. For more
information, please view our page on Security Assurance.
If you believe for any reason that your personal data is no longer secure, please notify us immediately by
sending an email to privacy@iunu.com.

V. We Retain Personal Data as Long as Necessary
The length of time we keep your personal data depends on what it is and whether we have an ongoing
business need to retain it (for example, to provide you with a service you’ve requested or to comply with
applicable legal, tax, or accounting requirements).

We’ll retain your personal data for as long as we have a relationship with you and for a period of time
afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies
and practices. Following that period, we’ll make sure it’s deleted or anonymized.

VI. You May Have Certain Rights Concerning the Personal Data We Collect
It’s your personal data and you may have certain rights relating to it. When it comes to marketing
communications, you can always ask us not to send these to you by following the unsubscribe instructions
contained in the marketing communication, or by sending a request to privacy@iunu.com.
You also may have the right under applicable law to:

• know what personal data we hold about you, and to make sure it’s correct and up to date;
• request a copy of your personal data, or ask us to restrict processing your personal data or delete it; and
• object to our continued processing of your personal data.
You may exercise these rights by sending an email to us at privacy@iunu.com.5If you’re someone who doesn’t have a relationship with us, but believe nonetheless that a customer or other
user has given us your personal data, you’ll need to contact that customer or user directly for any questions
you may have.

VII. You May Contact Us.
We’re always keen to hear from you. If you’re curious about what personal data we hold about you or you
have a question or feedback for us on this notice, our websites or services, please get in touch.
As a technology company, we prefer to communicate with you by email – this ensures that you’re put in
contact with the right person, in the right location, and in accordance with any regulatory time frames.
Our email is privacy@iunu.com