Common use of Policies and Logging Clause in Contracts

Policies and Logging. The Braze Services are operated in accordance with the following procedures to enhance security: ● User passwords are never transmitted or stored in clear text ● Braze uses industry-standard methods to determine password validity ● API key information for third-party services provided by the customer are encrypted for storage ● Braze keeps audit logs for all access to production servers ● Server access is controlled via public key access, instead of passwords, and only permitted while on VPN that requires multi-factor authentication ● Logs are stored in a secure centralized host to prevent tampering ● Braze application and ssh audit logs are stored for one year ● Passwords are not logged under any circumstances ● Access to Braze mail and document services is only allowed on approved mobile devices that have automated security policies enforced, such as encryption, autolock and passwords ● All access to customer dashboard accounts by Braze Employees must be done through an internal service that is accessible via a 3-factor VPN only ● As part of Xxxxx’s Employee Information Security Policy, employees may not store any Customer Data on removable media

Policies and Logging. The Braze Services are operated in accordance with the following procedures to enhance security: ● Dashboard User passwords are never transmitted or stored in clear text ● Braze uses industry-standard methods to determine password validity ● API key information for third-party services provided by the customer are encrypted for storage ● Braze keeps audit logs for all access to production servers ● Server access is controlled via public key access, instead of passwords, and only permitted while on VPN that requires multi-factor authentication ● Logs are stored in a secure centralized host to prevent tampering ● Braze application and ssh audit logs are stored for one year ● Passwords are not logged under any circumstances ● Access to Braze mail and document services is only allowed on approved mobile devices that have automated security policies enforced, such as encryption, autolock and passwords ● All access to customer dashboard accounts by Braze Employees must be done through an internal service that is accessible via a 3-factor VPN only ● As part of XxxxxBraze’s Employee Information Security Policy, employees may not store any Customer Data on removable media

Policies and Logging. The Braze Services are operated in accordance with the following procedures to enhance security: ● User passwords are never transmitted or stored in clear text ● Braze uses and use industry-standard methods hashing functions to determine password validity ● API key information for third-party services provided by the customer are encrypted for storage ● Braze keeps audit logs for all access to production servers ● Server access is controlled via public key access, access instead of using passwords, and . Server access is only permitted while on VPN that requires multi-factor authentication authentication. ● Logs are stored in a secure centralized host to prevent tampering ● Braze application and ssh audit logs are stored for one year ● Passwords are not logged under any circumstances ● Access to Braze mail and document services is only allowed on approved mobile devices that have automated security policies enforced, such as encryption, autolock and passwords ● All access to customer dashboard accounts by Braze Employees must be done through via an internal service that is accessible via a 3-three factor VPN only ● only. As part of XxxxxBraze’s Employee Information Security Policy, employees may not store any Customer Data on removable media.

Policies and Logging. The Braze Services are operated in accordance with the following procedures to enhance security: ● Dashboard User passwords are never transmitted or stored in clear text ● Braze uses industry-standard methods to determine password validity ● API key information for third-party services provided by the customer are encrypted for storage ● Braze keeps audit logs for all access to production servers ● Server access is controlled via public key access, instead of passwords, and only permitted while on VPN that requires multi-factor authentication ● Logs are stored in a secure centralized host to prevent tampering ● Braze application and ssh audit logs are stored for one year ● Passwords are not logged under any circumstances ● Access to Braze mail and document services is only allowed on approved mobile devices that have automated security policies enforced, such as encryption, autolock and passwords ● All access to customer dashboard accounts by Braze Employees must be done through an internal service that is accessible via a 3-factor VPN only ● As part of Xxxxx’s Employee Information Security Policy, employees may not store any Customer Data on removable media

Policies and Logging. The Braze Services are operated in accordance with pursuant to the following procedures to enhance security: ● • User passwords are never transmitted or stored in clear text ● Braze uses and use industry-standard methods hashing functions to determine password validity ● validity; • API key information for third-party services provided by the customer are encrypted for storage ● Braze storage; • Inkit keeps audit logs for all access to production servers ● servers; • Server access is controlled via public key access, access instead of using passwords, and . Server access is only permitted while on VPN that requires multi-factor authentication ● authentication; • Logs are stored in a secure centralized host to prevent tampering ● Braze tampering; • Inkit application and ssh audit logs are stored for one year ● year; • Passwords are not logged under any circumstances ● circumstances; • Access to Braze Inkit mail and document services is only allowed on approved mobile devices that have automated security policies enforced, such as encryption, autolock autolock, and passwords ● password; • All access to customer dashboard accounts by Braze Employees Inkit employees must be done through via an internal service that is accessible only via a 3-three factor VPN only ● VPN. As part of XxxxxInkit’s Employee Information Security Policyinformation security policy, employees may not store any Customer Data on removable media.

Policies and Logging. The Braze Services are operated in accordance with the following procedures to enhance security: ● • User passwords are never transmitted or stored in clear text ● Braze uses and use industry-standard methods hashing functions to determine password validity ● • API key information for third-party services provided by the customer are encrypted for storage ● • Braze keeps audit logs for all access to production servers ● • Server access is controlled via public key access, access instead of using passwords, and . Server access is only permitted while on VPN that requires multi-factor authentication ● authentication. • Logs are stored in a secure centralized host to prevent tampering ● • Braze application and ssh audit logs are stored for one year ● • Passwords are not logged under any circumstances ● • Access to Braze mail and document services is only allowed on approved mobile devices that have automated security policies enforced, such as encryption, autolock and passwords ● • All access to customer dashboard accounts by Braze Employees must be done through via an internal service that is accessible via a 3-three factor VPN only ● only. As part of XxxxxBraze’s Employee Information Security Policy, employees may not store any Customer Data on removable media.

Policies and Logging. The Braze Services are operated in accordance with the following procedures to enhance security: ● User passwords are never transmitted or stored in clear text ● Braze uses industry-standard methods to determine password validity ● API key information for third-party services provided by the customer are encrypted for storage ● Braze keeps audit logs for all access to production servers ● Server access is controlled via public key access, instead of passwords, and only permitted while on VPN that requires multi-factor authentication ● Logs are stored in a secure centralized host to prevent tampering ● Braze application and ssh audit logs are stored for one year ● Passwords are not logged under any circumstances ● Access to Braze mail and document services is only allowed on approved mobile devices that have automated security policies enforced, such as encryption, autolock and passwords ● All access to customer dashboard accounts by Braze Employees must be done through an internal service that is accessible via a 3-factor VPN only ● As part of XxxxxBraze’s Employee Information Security Policy, employees may not store any Customer Data on removable media