Data Handling Policy

Overview

Yellow Dog Software handles a substantial amount of data in order to pursue its mission and vision. Much of this data is private and confidential to our customers. This policy will outline our standards and practices for handling customer related data.

Purpose

The purpose of this policy is to define rules and requirements for for handling customer data.

Scope

This policy applies to any and all customer facing data during any phase of the Yellow Dog Software setup. Initial Sales, Implementation, and Support of the data will be covered.

Policy

• All customer data at Yellow Dog Software shall be processed lawfully and fairly. Where customer data, including sensitive data, is handled, this shall also be done in a manner transparent to the identified or identifiable person to which the data refers.

• All customer data at Yellow Dog Software shall be collected for specified, explicit and legitimate purposes in accordance with the our mission and vision. This data is never processed in a manner that is incompatible with those purposes. This means that when collecting and/or processing data, you should always specify exactly what the data will be used for and limit any handling and processing to only what is necessary to meet the specified purpose.

• Where the purpose for processing data is no longer valid or there no longer exists a valid legal basis for it, the data must be securely deleted.

• Personal and sensitive data shall be kept for no longer than necessary for the purpose for which the data is collected, stored and processed. Where possible, data that is retained for historic, statistical or other relevant purposes should be anonymised as much as possible.

• All data at Yellow Dog Software should be handled, at all times, in a manner that is secure and that maintains the data’s integrity and confidentiality. All necessary precautions must be taken to protect against unauthorized or unlawful processing, against accidental loss, destruction or damage and against theft.

• Transfer of data is only to be done using Yellow Dog IT Staff approved methods of data transferal. No data at any time will be stored on any media not owned/controlled by Yellow Dog Software.

• Customers data is only accessible at customer request and by authorized Yellow Dog Software employees. Third party or Government request must go through proper legal channels for access.

Legal Data Request Policy

At Yellow Dog Software, we believe customers deserve to understand our policies for responding to government requests for their data. This transparency also helps inform policymakers as they work to modernize laws that impact our customers. These are the core policies we adhere to across our services:

• Yellow Dog Software does not provide any government with direct and unfettered access to our customers’ data, and we do not provide any government with our encryption keys or the ability to break our encryption.

• If a government wants customer data, it must follow applicable legal process. It must serve us with a warrant or court order for content, or a subpoena for subscriber information or other noncontent data.

• All requests must target specific accounts and identifiers.

• Yellow Dog Software’s legal compliance team reviews all requests to ensure they are valid, rejects those that are not valid, and only provides the data specified.