California Consumer Privacy Act Addendum

Last Updated: May 22, 2020

This CCPA Addendum (the “ CCPA Addendum ”) is incorporated into the Terms of Service (“ Agreement ”) between Secureframe, Inc. (“ Secureframe ”), and you, the customer (“ Customer ”) that has signed up for the Services and agreed to the terms of the Agreement pursuant to the Order Form (as defined in the Agreement) with which you purchased the Services and any subsequent Order Forms (submitted in written or electronic form). This CCPA Addendum applies where Secureframe processes Personal Information on behalf of Customer pursuant to the Agreement. This CCPA Addendum is effective from January 1, 2020 until the Agreement is terminated. This CCPA Addendum shall control in the event of any inconsistencies between this CCPA Addendum and the Agreement.

I. Definitions

a. “Business” has the meaning given that term under the CCPA.

b. “CCPA” means the California Consumer Privacy Act, as may be amended from time to time, and any rules or regulations implementing the foregoing.

c. “Personal Information” means any information Customer provides to Secureframe that relates to or could reasonably be associated with a California resident or household.

d. “Service Provider” means an entity that receives Personal Information and is prohibited from retaining, using, selling, or disclosing such information other than in connection with providing the Services.

II. CCPA.

a. The parties agree that, for purposes of the CCPA, Customer is a Business and Secureframe is a Service Provider. Customer represents and warrants that it will only provide or make Personal Information available to Secureframe in compliance with the CCPA.

b. Secureframe shall not (1) retain, use, or disclose Personal Information other than as provided for in the Agreement, as needed to perform the Services, to build or improve the quality of the Services, to detect security incidents, to protect against fraudulent or illegal activity, to employ subcontractors that qualify as Service Providers, or as otherwise permitted by the CCPA; or (2) sell such Personal Information.

c. Notwithstanding anything else in this CCPA Addendum or in the Agreement, Customer agrees that Secureframe, its affiliates, and each of their directors, officers, employees, agents, representatives, successors and assigns will not be liable under the Agreement for any claim arising from any action or omission by Secureframe that resulted from the Customer’s instructions or from Customer’s failure to comply with its obligations under the CCPA.