1 Registration and Access
The Services comprise a cloud service that is generally available 24/7 except for interruptions due to support and maintenance. To use the Services, you will be responsible for obtaining and maintaining, at your expense, all necessary telecommunication, computer hardware, software and Internet connectivity and firewalls required from time to time to use the Services and that they work properly.
When registering for the Services, you must register a username and password ("Access Credentials") to create an account for the Services. You must provide accurate and complete information to register for an account and keep your account information updated. You shall safeguard the Access Credentials and be responsible for all acts and omissions under your account and notify us immediately of any suspected or confirmed unauthorized access to or use of the Services or your Access Credentials.
User of Company Subscriber
If you use the Services for business purposes you represent that you have the authority to use the Services for the organization at hand and that you have the authority to accept and be bound by the Terms on the organization's behalf.
You may not make your Access Credentials or account available to others outside your organization, and you are responsible for all activities that occur using your Access Credentials. In the following, where applicable, "you" means the organization that you represent.
Subscriber will be provided with administrative privileges to assigned staff (“Administrators”) to manage one or several Access Credentials for the Subscriber's use of the Services.
The Administrator may be able to:
(a) add, remove, and suspend end users’ access to Services;
(b) access, share, and remove Input; and
(c) access logging and information about end users’ use of the Services.
Consumer Users - Preview Tier
If you are an individual that uses the Services for your private purpose (consumer), you must be at least 18 years old (or older if it is the legal age in your jurisdiction).
You must be a User of Company Subscriber to subscribe for the Services that require payment of a subscription fee.
Limitation applicable on the Preview Tier
You may not create more than one account to benefit from the Preview Tier of the Services. We reserve the right at any time to suspend access to the Services if we believe in our sole discretion, you are in breach of these Terms or on reasonable notice if we cease providing a Preview Tier of the Services.
2 Usage Requirements
(a) Use of Services.
You may access, and we grant you a non-exclusive right during the Term (as defined below) to use the Services in accordance with these Terms.
You will comply with these Terms and all applicable laws when using the Services. We and our affiliates or licensors own all rights, title, and interest in and to the Services including but not limited to all inventions (whether or not patentable), copyright, design, trademarks, database rights, knowhow, underlying algorithms, models, data inputs, and processing methodologies as well as modifications, updates and upgrades thereof.
Nothing in this Terms shall be considered a transfer or license to those rights, except for your limited right to use the Services during the Term.
NOAN reserves the right, in its sole discretion, at any time to make improvements, additions, modifications (including removing functionalities), and to correct any errors or defects in the Services, notwithstanding that such measures may temporarily impair your access to or use of the Services.
Any enhancements, modifications, or improvements made by you to the Services, or made by NOAN using Input (as defined below), shall be the exclusive property of NOAN.
NOAN will take reasonable measures to mitigate the risk of unlawful discrimination or bias in the development, training, deployment, and ongoing use of the Services.
You acknowledge that NOAN's ability to address and mitigate discrimination or bias issues may be dependent on the accuracy, representativeness, and quality of the Inputs (as defined below) provided by you or used during the training or operation of the Services.
(b) Feedback.
We appreciate feedback, comments, ideas, proposals, and suggestions for improvements. If you provide any of these things, we may use it without restriction or compensation to you.
(c) Restrictions.
You may not
(i) use the Services in a way that infringes, misappropriates or violates any person’s rights;
(ii) reverse assemble, reverse compile, decompile, translate or otherwise attempt to discover the source code or underlying components of models, algorithms, and systems of the Services (except to the extent such restrictions are contrary to applicable law);
(iii) except as permitted through the API, use any automated or programmatic method to extract data or output from the Services, including scraping, web harvesting, or web data extraction;
(iv) represent that Output (as defined below) from the Services was human-generated when it was not or otherwise violate these Terms;
(v) buy, sell, or transfer licenses or API keys without our prior consent;
(vi), send us any personal information of children under 13 or the applicable age of digital consent; or
(v) use the Services in a manner that interferes or attempts to interfere with the proper working of the Services, or
(vi) use the Services to share or store inappropriate material. You will comply with any rate limits and other requirements in our documentation. You may use Services only in geographies currently supported by NOAN.
(d) Third-party services. Any third-party software, services, or other products ("third-party services") you use in connection with the Services (including but not limited to such that constitute Input, (as defined below)) are subject to their own terms, and you are solely responsible for complying with all terms and conditions governing such third-party services. For avoidance of doubt, NOAN does not provide any warranty, liability, or support with respect to any third-party services.
3 Input and Output
(a) Input and Output.
"Input" means the data, software, third-party services, and other content uploaded, accessed, stored, or submitted (via the API or by other means) for the use of the Services by or on behalf of you, including text, voice recordings, imagery prompting and other interactions with the Services. You are solely responsible for any and all obligations with respect for the accuracy, quality and legality of the Input. You are further responsible for all third-party licenses, consents and permissions needed for us to use the Input to provide the Services (including but not limited to verifying that the Output does not infringe in any third party's rights).
The Input you provide will deliver output generated and returned by the Services based on the Input (“Output”). As between the parties and to the extent permitted by applicable law, you represent that you own or have relevant permission to all Input. Subject to your compliance with these Terms, NOAN hereby licenses to you a non-exclusive, non-transferrable right during the Term to use the Output.
This means that you can use the Output (in whole or in part) for any purpose, including commercial purposes such as sale or publication, as well as to modify the Output, if you comply with these Terms.
You grant to NOAN a non-exclusive license to use the Input for the provision of the Services. Except for the license granted to us, you reserve all right, title, and interest in and to the Input.
NOAN may collect and analyze aggregated and anonymized usage data derived from your use of the Services to improve the performance, functionality, and overall user experience of the Services, provided that such data cannot be linked back to you or identify any confidential information.
(b) Similarity of Output.
Due to the nature of machine learning, Output may not be unique across users and the Services may generate the same or similar output for your organisation or a third party. For example, you may provide input to a model such as “What color is an orange?” and receive output such as “The orange is orange.” Other users may also ask similar questions and receive the same response. Responses that are requested by and generated for other users are not considered Output licensed to you.
(c) Use of Content to Improve Services.
Notwithstanding anything contrary herein, you agree that NOAN has the right to collect, use and analyze any anonymized information derived from the Input for our internal business purposes, including to improve our Services by training our algorithms for the purposes of improving user experience and application infrastructure. We do however not use your Input to train generative AI models.
(d) Accuracy.
Artificial intelligence and machine learning are rapidly evolving fields of study. We are constantly working to improve our Services to make them more accurate, reliable, safe, and beneficial. Given the probabilistic nature of machine learning, use of our Services may in some situations result in Output that does not accurately reflect real people, places, or facts. You should evaluate the accuracy of any Output as appropriate for your use case, including by using human review of the Output.
4 Company Subscriber - Subscription Service Agreement
User of Company Subscriber may subscribe to the Services subject to payment of the applicable fees for the services ("Fees") charged in accordance with our offered subscription plans and payment methods from time to time. Purchase of the improved version is made by;
(i) completing the relevant Order Form;
(ii) accepting the terms of and signing the Subscription Service Agreement, and
(iii) paying the Fees by using one of the payment methods offered from time to time.
5 Confidentiality, Security, and Data Protection
(a) Confidentiality
You may be given access to confidential information of NOAN, its affiliates, and other third parties. You may use confidential information only as needed to use the Services as permitted under these Terms. You may not disclose confidential information to any third party, and you will protect confidential information in the same manner that you protect your own confidential information of a similar nature, using at least reasonable care. Confidential information means nonpublic information that NOAN or its affiliates or third parties designate as confidential or should reasonably be considered confidential under the circumstances, including software, specifications, and other nonpublic business information.
Confidential information does not include information that:
(i) is or becomes generally available to the public through no fault of yours;
(ii) you already possess without any confidentiality obligations when you received it under these Terms;
(iii) is rightfully disclosed to you by a third party without any confidentiality obligations; or
(iv) you independently developed without using confidential information. You may disclose confidential information when required by law or the valid order of a court or other governmental authority if you give reasonable prior written notice to NOAN (when permitted to do so) and use reasonable efforts to limit the scope of disclosure, including assisting us with challenging the disclosure requirement, in each case where possible.
(b) Security
You must implement reasonable and appropriate measures designed to help secure your access to and use of the Services. If you discover any vulnerabilities or breaches related to your use of the Services, you must promptly contact NOAN and provide details of the vulnerability or breach.
(c) Processing of Personal Data
User of Company Subscriber Each party (you and us) are responsible to ensure compliance with applicable data protection laws.
Information about NOAN's processing of personal data can be found in our Data Processing Agreement.
To the extent that you use the Services to process personal data, you must ensure that necessary consent or another legal basis for the processing of such data apply, and you represent to us that you are processing such data in accordance with applicable law. If you will be using the Services to process “personal data” as defined in the GDPR or “Personal Information” as defined in CCPA, the DPA In Appendix 1 of the Subscription Service Agreement applies.
Consumer Users
If you are a Consumer User, NOAN acts as data controller for the processing of your personal data that occurs when you use the Services.
Information about NOAN's processing of personal data can be found in our Data Processing Agreement.
6 Term and Termination
(a) Termination; Suspension
These Terms take effect when you register an account for the Services or start using the Services (whichever is earliest) and remain in effect until terminated (the "Term").
If you are a Consumer User of the Services, you may terminate your use of the Services at any time for any reason by discontinuing the use of the Services.
We may terminate your use of the Services immediately upon notice to you if you are in breach of Sections 2 (Usage Requirements), 5 (Confidentiality, Security and Data Protection), 8 (Dispute Resolution) or 9 (General Terms), if there are changes in relationships with third party technology providers outside of our control, or to comply with law or government requests.
We may suspend your access to the Services if you do not comply with these Terms, in the event of late payment of Fees, if your use of the Services poses a security risk to us or any third party, or if we suspect that your use is fraudulent or could subject us or any third party to liability.
(b) Effect of Termination
Upon termination, you will stop using the Services and you will promptly return or, if instructed by us, destroy any confidential information. The sections of these Terms which by their nature should survive termination or expiration should survive, including but not limited to Sections 3 and 6-10.
7 Indemnification; Disclaimer of Warranties; Limitations on Liability
(a) Indemnity
You represent and warrant that you will use the Services in accordance with applicable laws, rules, and regulations and that you have obtained and will maintain during the Term, all rights consents, and permissions to make available the Input for NOAN and for us to use the Input as contemplated herein. You will defend, indemnify, and hold harmless us, our affiliates, and our personnel, from and against any claims, losses, and expenses (including attorneys’ fees) arising from or relating to your use of the Services, including your Input, and your breach of these Terms or violation of applicable law. If you are a consumer, the foregoing will apply to the extent permitted by mandatory laws.
(b) Disclaimer
The Services are provided “as is.” Except to the extent prohibited by law, we and our affiliates and licensors make no warranties (express, implied, statutory, or otherwise) with respect to the Services, and disclaim all warranties including but not limited to warranties of merchantability, fitness for a particular purpose, satisfactory quality, non-infringement, and quiet enjoyment, and any warranties arising out of any course of dealing or trade usage. We do not warrant that the Services will be uninterrupted, accurate or error free, or that any Input or Output will be secure or not lost or altered.
(c) Limitations of Liability
Neither we nor any of our affiliates or licensors will be liable for any indirect, incidental, special, consequential, or exemplary damages, including damages for loss of profits, goodwill, use, or data or other losses, even if we have been advised of the possibility of such damages. Our aggregate liability under these terms shall not exceed the amount you paid for the Services that gave rise to the claim during the 12 months before the liability arose. The limitations in this section apply only to the maximum extent permitted by applicable law.
8 Governing Law and Dispute Resolution
(a) Governing Law
These Terms shall be governed by and construed in accordance with substantive Delaware law, without reference to its conflicts of laws principles.
(b) Informal Dispute Resolution
We would like to understand and try to address your concerns prior to formal legal action. Before filing a claim against NOAN, you agree to try to resolve the dispute informally by sending us notice at legal@getnoan.com of your name, a description of the dispute, and the relief you seek.
If we are unable to resolve a dispute within sixty (60) days, you may bring a formal proceeding. Any statute of limitations will be tolled during the 60-day resolution process. If you are a consumer that resides in the EU, the European Commission provides for an online dispute resolution platform, which you can access at https://ec.europa.eu/consumers/odr.
(c) Arbitration Procedures.
The Parties undertake and agree that all arbitral proceedings conducted with reference to these Terms will be kept strictly confidential. This confidentiality undertaking shall cover all information disclosed during such arbitral proceedings, as well as any decision or award that is made or declared during the proceedings. Information covered by this confidentiality undertaking may not, in any form, be disclosed to a third party without the consent of the other Party.
Notwithstanding the above provisions, a Party shall not be prevented from disclosing such confidential
information to safeguard in the best possible way its rights vis-à-vis the other Party in connection with a dispute, or if obligated to disclose such information pursuant to statute, regulation, a decision by a court or other public authority or rules of a regulated market or recognized stock exchange.
(e) Exceptions.
If you are a user of the Services in the US, you agree that disputes must be brought on an individual basis only and may not be brought as a plaintiff or class member in any purported class, consolidated, or representative proceeding. Class arbitrations, class actions, private attorney general actions, and consolidation with other arbitrations are not allowed. If for any reason a dispute proceeds in court rather than through arbitration, each party knowingly and irrevocably waives any right to trial by jury in any action, proceeding, or counterclaim. This does not prevent either party from participating in a classwide settlement of claims.
(f) Mass Filings
If you are a user of the Services in the US, you agree that if, at any time, 30 or more similar demands for arbitration are asserted against NOAN or related parties by the same or coordinated counsel or entities (“Mass Filing”), ADR services will randomly assign sequential numbers to each of the Mass Filings.
Claims numbered 1-10 will be the “Initial Test Cases” and will proceed to arbitration first. The arbitrators will render a final award for the Initial Test Cases within 120 days of the initial pre-hearing conference, unless the claims are resolved in advance, or the parties agree to extend the deadline. The parties will then have 90 days (the “Mediation Period”) to resolve the remaining cases in mediation based on the awards from the Initial Test Cases. If the parties are unable to resolve the outstanding claims during this time, the parties may choose to opt out of the arbitration process and proceed in court by providing written notice to the other party within 60 days after the Mediation Period. Otherwise, the remaining cases will be arbitrated in their assigned order. Any statute of limitations will be tolled from the time the Initial Test Cases are chosen until your case is chosen as described above.
(g) Severability
If any part of this Section 9 is found to be illegal or unenforceable, the remainder will remain in effect, except that if a finding of partial illegality or unenforceability would allow Mass Filing or class or representative arbitration, this Section 9 will be unenforceable in its entirety. Nothing in this section will be deemed to waive or otherwise limit the right to seek public injunctive relief or any other non-waivable right, pending a ruling on the substance of such claim from the arbitrator.
9 General Terms
(a) Relationship of the Parties
These Terms do not create a partnership, joint venture, or agency relationship between you and NOAN or any of NOAN’s affiliates. NOAN and you are independent parties and neither Party will have the power to bind the other or to incur obligations on the other’s behalf without the other Party’s prior written consent.
(b) Use of Brands
You may not use NOAN’s or any of its affiliates’ names, logos, or trademarks, without our prior written consent.
(c) U.S. Federal Agency Entities
The Services were developed solely at private expense and are commercial computer software and related documentation within the meaning of the applicable U.S. Federal Acquisition Regulation and agency supplements thereto.
(d) Copyright Complaints
If you believe that your intellectual property rights have been infringed, please send notice to legal@getnoan.com or the address below. We may delete or disable content alleged to be infringing and may terminate accounts of repeat infringers.
Attn: General Counsel
Written claims concerning copyright infringement must include the following information:
• A physical or electronic signature of the person authorized to act on behalf of the owner of the
copyright interest;
• A description of the copyrighted work that you claim has been infringed upon;
• A description of where the material that you claim is infringing is located on the site;
• Your address, telephone number, and e-mail address;
• A statement by you that you have a good-faith belief that the disputed use is not authorized by
the copyright owner, its agent, or the law; and
• A statement by you, made under penalty of perjury, that the above information in your notice is
accurate and that you are the copyright owner or authorized to act on the copyright owner’s
behalf.
(e) Assignment and Delegation
You may not assign or delegate any rights or obligations under these Terms, including in connection with a change of control. Any purported assignment and delegation shall be null and void. We may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all assets, or to any affiliate or as part of a corporate reorganization.
(f) Modifications
We may amend these Terms from time to time by posting a revised version on the website, or if an update materially adversely affects your rights or obligations under these Terms, we will provide notice to you either by email or providing an in-product notification at least thirty (30) days before those changes will become effective. All other changes will be effective immediately. Your continued use of the Services after any change means you agree to such change.
(g) Notices
All notices will be in writing. We may notify you using the registration information you provided, or the email address associated with your use of the Services. Service will be deemed given on the date sent if delivered by email or via courier if delivered by post. NOAN accepts service of process at legal@getnoan.com.
(h) Waiver and Severability
If you do not comply with these Terms, and NOAN does not act right away, this does not mean NOAN is giving up any of our rights. Except as provided in Section 9, if any part of these Terms is determined to be invalid or unenforceable by a court of competent jurisdiction, that term will be enforced to the maximum extent permissible, and it will not affect the enforceability of any other terms.
(i) Export Controls
The Services may not be used in or for the benefit of, exported, or re-exported (a) into any EU or U.S. embargoed countries (collectively, the “Embargoed Countries”) or (b) to anyone on any restricted party lists, e.g. the list of persons, groups, and entities subject to EU financial sanctions, the U.S. Treasury Department’s list of Specially Designated Nationals. You represent and warrant that you are not located in any Embargoed Countries and not on any such restricted party lists. You must comply with all applicable EU and US export control laws, including any requirements or obligations to know your end users directly.
(j) Equitable Remedies
You acknowledge that if you violate or breach these Terms, it may cause irreparable harm to NOAN and its affiliates, and NOAN shall have the right to seek injunctive relief against you in addition to any other legal remedies.
(k) Entire Agreement
These Terms and any policies incorporated in these Terms contain the entire agreement between you and NOAN regarding the use of the Services and, other than any Service specific terms of use or any applicable Subscription Service Agreement, supersedes any prior or contemporaneous agreements, communications, or understandings between you and NOAN on that subject.
Noan Technology Inc.,
E-mail: legal@getnoan.com
Website: https://www.getnoan.com/
SUBPROCESSOR | PURPOSE | Data categories processed | Location of processing | Legal entity |
---|---|---|---|---|
Amazon AWS
| Cloud storage
| Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior).
| USA | Amazon Web Services Inc.
410 Terry Avenue North, Seattle, WA 98109-5210, aws-EU-privacy@amazon.com
|
Supabase | Cloud database storage & authorization
| Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior).
| USA | Singapore, 970 Toa Payoh N, #07-04, Singapore
|
Netlify
| USA | Netlify, San Francisco, 44 Montgomery St STE 300, United States | ||
Storyblok | Marketing website | Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior) | Storyblok GmbH
Peter-Behrens-Platz 2 Bau 2, 2. Stock Linz, Oberösterreich 4020 Austria | |
Squarespace
| Marketing website | Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior).
| USA
| 8 Clarkson St New York, NY 10014, USA
|
Stripe
| Payment provider | Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, billing address, Location – country, territory, city,
Payment – credit card details, subscription duration, Behavioral – product usage (page views, clicks, browsing behavior).
| USA
| South San Francisco, 354 Oyster Point Blvd, United States
|
OpenAI | LLM for content generation
| USA | San Francisco, 3180 18th St, United States
| |
Anthropic AI
| LLM for content generation
| USA
| Anthropic PBC.
548 Market Street, PMB 90375 San Francisco CA 94104
| |
Perplexity AI
| LLM for content generation
| USA | 341 Moultrie Street San Francisco, CA 94110 United States
| |
Sentry | Application monitoring
| Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior).
| USA
| San Francisco, 45 Fremont Street, United States
|
Posthog | Application monitoring
| Identifying – name, username, Computer device – IP address, MAC address, browser footprint, Contact – email address, Location – country, territory, city, Behavioral – product usage (page views, clicks, browsing behavior).
| USA | 2261 Market St #4008, San Francisco, United States
|
APPENDIX C SECURITY MEASURES
NOAN is an AI-powered business building platform for small businesses.
Our obligations to Subscriber are to ensure a continuous high quality delivery of our services, built on the highest level of security and resilience. We use the latest technology to make sure our infrastructure is reliable, and Subscriber data is protected.
Just as we put hard work into our product, we also put the same energy and enthusiasm into our security practices.
This document describes the technical and organizational security measures and controls implemented by Noan Technology Inc. to protect Personal Data and ensure the ongoing confidentiality, integrity and availability of Noan Technology Inc.' products and services. More details on the measures we implement are available upon request.
Noan Technology Inc. reserves the right to revise these technical and organizational measures at any time, without notice, so long as any such revisions will not materially reduce or weaken the protection provided for Personal Data that Noan Technology Inc. processes in providing its products and services.
How NOAN works: NOAN is a web-based AI-powered strategy development and business building platform. The platform is an all-in-one place for teams to build, share, and collaborate on go-to-market strategy. With NOAN, our users rapidly accelerate their ability to take a product or service to market digitally by using AI as a copilot to build and develop their brand.
Sub-processors
Noan Technology Inc. engages carefully vetted sub-processors for specific purposes to enhance NOAN for our Subscribers. For a list of sub-processors, please see Appendix B Pre-approved Sub-processors.
Business continuity management
Data backup is one of the pillars of Noan Technology Inc.' IT continuity plan. Trained personnel manage and follow up on backup execution to ensure the integrity, confidentiality, and accuracy of the backup data. Backups are taken daily. Personal Data is kept in backups for the first 10 days of the backup time, after which all Personal Data is scrubbed from the backup, and the scrubbed backup is stored indefinitely. Another pillar is the IT and management processes and routines that are carried out when a serious incident occurs. Noan Technology Inc. continually works on keeping processes and routines updated.
Noan Technology Inc. has a high degree of digitization and all the services and tools are digitally accessible remotely. As a result, all employees of Noan Technology Inc.' offices work remotely, insulating us from any potential business continuity risk that would be posed by having a single site office.
Supplier relationship management
Noan Technology Inc. ensures that identified security requirements are met by external suppliers during the procurement process. A contract with a chosen supplier addresses the demands on the supplier's IT environment and information security measures. The supplier shall present and account for their technology, routines, and processes as well as IT and information security policies. Non-disclosure agreements and other relevant regulatory agreements are signed by the supplier before the service is taken into service. Noan Technology Inc. conducts regular control of suppliers' access rights and other aspects of the agreement with the supplier. Suppliers agree to carry out assignments in accordance with the provisions specified in applicable laws and regulations in the country where the assignments are performed.
System access control
Measures that prevent unauthorized persons from using IT systems and processes:
● When provisioning access, Noan Technology Inc. adheres to the principle of least privilege and role-based permissions — meaning our employees are only authorized to access data that they reasonably must handle in order to fulfill their job responsibilities.
● Noan Technology Inc. utilizes multi-factor authentication for access to systems with highly confidential data, including our production environment which houses Personal Data. Physical access control Measures to prevent physical access of unauthorized persons to IT systems that handle Personal We Data:
● Noan Technology Inc. partners with industry-leading data center and cloud infrastructure providers. Access to all data centers is strictly controlled. All data centers are equipped with 24x7x365 surveillance and biometric access control systems. Additionally, all providers are ISO27001, ISO27017, ISO27018, SOC2 Type II, PCI DSS, and CSA STAR certified.
● Data centers are equipped with at least N+1 redundancy for power, networking, and cooling infrastructure.
Data access control
Measures to ensure that persons authorized to use NOAN have access only to the Personal Data pursuant to their access rights:
● Noan Technology Inc. utilizes the zxcvbn-estimator to validate passwords and only ensures strong passwords are used by users.
● Recovery of lost passwords is done by requesting a signed link to the user’s email account — no passwords are sent in plain text over email, chat, phone, or any other communication method.
● Noan Technology Inc. ensures passwords are hashed (and salted) securely using industry-standard best practices, and upon Subscriber request, requires single sign-on (SSO) powered by SAML 2.0, for secure user authentication.
● Noan Technology Inc. uses best-practice tools for vulnerability scanning, malicious activity detection, and blocks suspicious behavior automatically.
● Noan Technology Inc. utilizes firewalls to segregate unwanted traffic from entering the network. A DMZ is utilized using firewalls to further protect internal systems protecting sensitive data.
Transmission access control
Measures to ensure that Personal Data cannot be read, copied, altered, or deleted by unauthorized persons during electronic transmission or during transport or storage on data media and that those areas can be controlled and identified where transmission of Personal Data is to be done via data transmission systems:
● Subscriber data at rest is encrypted with AES-128 and AES-256, and data in transit is encrypted with TLS 1.2.
● Noan Technology Inc. attests that the key for the encryption (for data in rest and data in transit) is kept within the EU.
Entry control
Measures to ensure that it can be subsequently reviewed and determined if and from whom Personal Data was entered, altered, or deleted in the IT system:
● Systems are monitored for security events to ensure quick resolution.
● Logs are centrally stored and indexed. Critical logs, such as security logs, are retained for at least 2 months. Logs can be traced back to individual unique usernames with timestamps to investigate nonconformities or security events. Availability control Measures to ensure that Personal Data are protected against accidental destruction or loss:
● Noan Technology Inc. saves a full backup copy of production data daily to ensure rapid recovery in the event of a large-scale disaster. Incremental/point-in-time recovery is available for all primary databases. Backups are encrypted-in-transit and at rest using strong encryption.
● Noan Technology Inc.'s patch management process ensures that systems are patched at least once every month. Monitoring, alerting, and routine vulnerability scanning occurs to ensure that all product infrastructure is patched consistently.
● When necessary, Noan Technology Inc. patches infrastructure in an expedited manner in response to the disclosure of critical vulnerabilities to ensure system uptime is preserved.
● Subscriber environments are logically separated at all times. Subscribers are not able to access accounts other than those given authorization credentials.
Separation control
Measures to ensure that Personal Data collected for different purposes can be processed separately:
● Noan Technology Inc. employs different data processing systems for different purposes. These systems are architecturally (logical and physically) separated. All systems require valid authorization to be accessed.
● To ensure against the unintentional amalgamation of data, Noan Technology Inc. separates development, testing, staging, and production environments.
Risk management
Measures to ensure that the appropriate risk management and security risk management in place include but are not limited to:
● Noan Technology Inc. conducts periodic reviews and assessments of risks, monitoring and maintaining compliance with Noan Technology Inc.' policies and procedures.
● Noan Technology Inc. ensures periodic, effective reporting of information security conditions and compliance to senior internal management. Operations security
Measures to ensure that the appropriate operations security safeguarding against malicious code in place include but are not limited to:
● Noan Technology Inc. has different systems and methods to protect the IT infrastructure against malicious code, including various antivirus scanners, spam filters, security updates, and training.
● Noan Technology Inc. uses active monitoring to ensure that antivirus scanners and spam filters are active and updated.
● Noan Technology Inc. actively installs the latest security updates on systems and applications to minimize the risk for exploitation of vulnerabilities.
● Noan Technology Inc., as part of basic training, ensures all employees and contractors take periodic training covering the identification of malicious code.
Measures to ensure that the appropriate operations security safeguarding email in place include but are not limited to:
● Noan Technology Inc. utilizes world-class email security to protect all inbound and outbound emails from malware.
● Noan Technology Inc. leverages email spam filtering services to guard against spam, virus, and phishing attacks.
● Employees of Noan Technology Inc. immediately notify staff of email identified as infected or harmful and ensure that the email sender is blocked and quarantined. The verification and assessment of whether an email is malicious or not is automated and based on the rules but rather based on the competency of each Noan Technology Inc. employee — educated on a periodic basis to identify harmful emails.
Security regarding personnel
Measure to ensure that Noan Technology Inc.' personnel comply with the laws and regulations of the country, and ensuring that personnel abides by the relevant terms and conditions of supplier and customer agreements:
● Noan Technology Inc.' personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Noan Technology Inc. conducts reasonably appropriate background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
● Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Noan Technology Inc.' confidentiality and privacy policies. Personnel is provided with security training. Noan Technology Inc.' personnel will not process customer data without authorization.
Retention of Personal Data
During the term of the DPA, the Personal Data processed by Noan Technology Inc. will be subject to the retention requirements instructed from time to time by Subscriber. After the termination or expiration of the DPA, Section 13 of the DPA shall apply.