Common use of Policies and Logging Clause in Contracts

Policies and Logging. The Braze Services are operated in accordance with the following procedures to enhance security: ● Dashboard User passwords are never transmitted or stored in clear text ● Braze uses industry-standard methods to determine password validity ● API key information for third-party services provided by the customer are encrypted for storage ● Braze keeps audit logs for all access to production servers ● Server access is controlled via public key access, instead of passwords, and only permitted while on VPN that requires multi-factor authentication ● Logs are stored in a secure centralized host to prevent tampering ● Braze application and ssh audit logs are stored for one year ● Passwords are not logged under any circumstances ● Access to Braze mail and document services is only allowed on approved mobile devices that have automated security policies enforced, such as encryption, autolock and passwords ● All access to customer dashboard accounts by Braze Employees must be done through an internal service that is accessible via a 3-factor VPN only ● As part of Braze’s Employee Information Security Policy, employees may not store any Customer Data on removable media

Policies and Logging. The Braze Services are operated in accordance with the following procedures to enhance security: ● Dashboard User passwords are never transmitted or stored in clear text ● Braze uses industry-standard methods to determine password validity ● API key information for third-party services provided by the customer are encrypted for storage ● Braze keeps audit logs for all access to production servers ● Server access is controlled via public key access, instead of passwords, and only permitted while on VPN that requires multi-factor authentication ● Logs are stored in a secure centralized host to prevent tampering ● Braze application and ssh audit logs are stored for one year ● Passwords are not logged under any circumstances ● Access to Braze mail and document services is only allowed on approved mobile devices that have automated security policies enforced, such as encryption, autolock and passwords ● All access to customer dashboard accounts by Braze Employees must be done through an internal service that is accessible via a 3-factor VPN only ● As part of BrazeXxxxx’s Employee Information Security Policy, employees may not store any Customer Data on removable media

Policies and Logging. The Braze Services are operated in accordance with the following procedures to enhance security: ● Dashboard User passwords are never transmitted or stored in clear text ● Braze uses industry-standard methods to determine password validity ● API key information for third-party services provided by the customer are encrypted for storage ● Braze keeps audit logs for all access to production servers ● Server access is controlled via public key access, instead of passwords, and only permitted while on VPN that requires multi-factor authentication ● Logs are stored in a secure centralized host to prevent tampering ● Braze application and ssh audit logs are stored for one year ● Passwords are not logged under any circumstances ● Access to Braze mail and document services is only allowed on approved mobile devices that have automated security policies enforced, such as encryption, autolock and passwords ● All access to customer dashboard accounts by Braze Employees must be done through an internal service that is accessible via a 3-factor VPN only ● As part of BrazeXxxxx’s Employee Information Security Policy, employees may not store any Customer Data on removable media

Policies and Logging. The Braze Services are operated in accordance with the following procedures to enhance security: ● Dashboard User passwords are never transmitted or stored in clear text ● Braze uses industry-standard methods to determine password validity ● API key information for third-party services provided by the customer are encrypted for storage ● Braze keeps audit logs for all access to production servers ● Server access is controlled via public key access, instead of passwords, and only permitted while on VPN that requires multi-factor authentication ● Logs are stored in a secure centralized host to prevent tampering ● Braze application and ssh audit logs are stored for one year ● Passwords are not logged under any circumstances ● Access to Braze mail and document services is only allowed on approved mobile devices that have automated security policies enforced, such as encryption, autolock and passwords ● All access to customer dashboard accounts by Braze Employees must be done through an internal service that is accessible via a 3-factor VPN only ● As part of Braze’s Employee Information Security Policy, employees may not store any Customer Data on removable media