Common use of Preventing Unauthorized Product Access Clause in Contracts

Preventing Unauthorized Product Access. Outsourced processing: We host our Service with outsourced cloud infrastructure providers. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors. Physical and environmental security: We host our product infrastructure with multi- tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications. Authentication: We implement a uniform password policy for our customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. Authorization: Customer Data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of our products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorization.

Preventing Unauthorized Product Access. Outsourced processing: We host our Company hosts its Service with outsourced cloud infrastructure outsourced, US-based data center providers. Additionally, we maintain Company maintains contractual relationships with vendors in order to provide the Service in accordance with our DPAService. We rely Company relies on contractual agreements, privacy policies, and vendor compliance programs in order to protect assure the protection of data processed or stored by these vendors. Physical and environmental security: We host our Company hosts its product infrastructure with multi- multi-tenant, outsourced infrastructure data center providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 I compliance, among other certifications. Authentication: We implement Company implemented a uniform password policy for our its customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. Authorization: Customer Data data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of our Company’s products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorization.

Preventing Unauthorized Product Access. Outsourced processing: We host our Service with outsourced cloud infrastructure providers. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors. Physical and environmental security: We host our product infrastructure with multi- multi-tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications. Authentication: We implement a uniform password policy for our customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. Authorization: Customer Data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of our products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth OAuth authorization.

Preventing Unauthorized Product Access. Outsourced processing: We host our Service with outsourced cloud infrastructure providers. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors. Physical and environmental security: We host our product infrastructure with multi- tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications. Authentication: We implement a uniform password policy for our customer Client products. Customers Clients who interact with the products via the user interface must authenticate before accessing non-public customer Client data. Authorization: Customer Client Data is stored in multi-tenant storage systems accessible to Customers Clients via only application user interfaces and application programming interfaces. Customers Clients are not allowed direct access to the underlying application infrastructure. The authorization model in each of our products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the $XWKRUL]DWLRQ WR GDWD VHWV LV SHUIRUPHG WKURXJK Y attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorization.

Preventing Unauthorized Product Access. Outsourced processing: We host our Service with outsourced cloud infrastructure providers. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors. Physical and environmental security: We host our product infrastructure with multi- multi-tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications. Authentication: We implement a uniform password policy for our customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. Authorization: Customer Data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of our products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorization.

Preventing Unauthorized Product Access. Outsourced processing: We host our Service with outsourced cloud infrastructure providers. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors. Physical and environmental security: We host our product infrastructure with multi- multi-tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 complianceII, among other certifications. Authentication: We implement a uniform password policy for our customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. Authorization: Customer Data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of our products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorizationkey.