1.1. In this Agreement, unless the context requires otherwise, the following terms, shall have the following meanings:


2.1. Biobest grants the Licensee, who accepts, the non-exclusive, irrevocable right to download and use the Biobest Software (including any Embedded Software), subject to the terms and conditions set forth in this Agreement and in conformity with Applicable Laws and the User Guide.


3.1. Biobest and the Co-Developer guarantees to ensuring a minimum uptime of 95% for the Biobest Software exclusive Maintenance Periods. If the Biobest Software is down due to an Error that is wholly or partially attributable to the Licensee, then such downtime will not count as downtime for purposes of calculating uptime of the Biobest Software.

3.2. The Licensee will allow i) a maximum of 36.8 accumulated monthly hours of unplanned downtime of the Biobest Software attributable to Biobest and/or the Co-Developer and ii) a maximum of 7 weekly hours of downtime due to maintenance of the Biobest Software for security and system updates (the “Maintenance Period”).

3.3. Biobest and/or the Co-Developer have the right to apply an Emergency Change at any time, and such Emergency Change shall count towards the Maintenance Period.

3.4. Biobest and/or the Co-Developer will provide Corrective Maintenance for the Biobest Software according to the severity levels set out below:

Severity level Service Window Correction Proposal Time
Severity 1 and 2: Critical and Major Monday to Friday, 9am to 5pm PST Four Working Days
Severity 3: Minor All Working Hours of every Working Day Up to 11 days

3.5. The severity level of an Error will be defined by the Licensee when the Error is reported in the Communication based on the following criteria:

3.6. Biobest and/or the Co-Developer may adjust the severity level of an Error according to its findings. The Co-Developer will inform Biobest of any adjustment or severity level of an Error reported in a Communication.

3.7. The measurement of Correction Proposal Time begins at Biobest’s submission of the Communication to Biobest’s Tech Rep and ends when Biobest notifies the Licensee about the planned Correction process.

3.8. If there is an Error that occurs outside of the Service Window as stipulated above, Biobest and/or the Co-Developer will put its best efforts towards Correction of the Error as soon as possible.

3.9. For Errors of severity level 1 and/or 2, the Licensee, as the case may be, will either confirm to Biobest and/or the Co-Developer that there has been Correction of the Error after implementation of the Correction, or ask Biobest and/or the Co-Developer to re-examine the Error, as applicable.

3.10. The Licensee shall provide reasonable assistance to diagnose and reproduce an Error unknown to Biobest and/or the Co-Developer.

3.11. If Error diagnosis by Biobest and/or the Co-Developer demonstrates that the origin of the Error is wholly or partially attributable to the Licensee and/or a third party, then Biobest and/or the Co-Developer will continue to provide assistance to resolve the Error in co-operation with the Licensee or a third party, as applicable, but will not be required to meet the Corrective Maintenance Services Levels set out in Article 4.5.

3.12. If after the parties' reasonable efforts, an Error of severity level 1 and/or 2 cannot be reproduced but the Biobest Software is operational, then the Correction Proposal Time will be suspended until that Error is reproduced.

3.13. A communication is deemed validly sent only if it is directed to the email address of the technical representative as stipulated in the Agreement.


4.1. The Biobest Software is considered to be a collection of object code performing the functionality as defined in the Specifications at the date of installation (“as is”). All new Versions of the licensed Biobest Software, which Biobest may release at any time, shall include at least the same or a similar Specification as the previous version of the licensed Biobest Software, except when Biobest is able to prove that such Specification is not used by the Licensee.

4.2. The Licensee is required to utilize the most recent version of the Biobest Software. Online Biobest Software, access will be automatically granted only to the latest available version.

4.3. Biobest warrants that it has the necessary rights to grant the Licensee the license rights as defined in Article 2.

4.4. Biobest, when relying on data stored in the Biobest Software Platform to provide technical advice to Licensee, shall use good faith efforts to provide technical advice in accordance with high professional standards. Taking into account that Biobest does not have control on Licensee’s collection and introduction of data in the Biobest Software; that certain relevant circumstances may not be included in the Biobest Software; that Biobest does not control the implementation of any actions resulting from its advice, and that pollination and biological control/integrated pest management depend on a variety of biological parameters with complex interactions, Biobest does not provide any warranties that its advice will allow to obtain the desired effect in Licensee’s crop.

4.5. The Biobest Software will be provided by Biobest to the Licensee pursuant to and in accordance with the Specifications.

4.6. Biobest does not provide any other warranties than those explicitly stipulated in this Agreement.


5.1. The Licensee acknowledges that all Intellectual Property Rights of whatever nature related to the Biobest Software, are and shall remain at all times the exclusive property of Biobest, the Co-Developer(each in relation to their respective parts), or their licensors. The Licensee shall have no right, unless otherwise provided in this Agreement, with respect to the Intellectual Property Rights vested in the Biobest Software.

5.2. The Licensee agrees that nothing in the Agreement is intended to transfer ownership of any pre-existing or subsequently acquired Intellectual Property Rights of a Party and that all Intellectual Property Rights in all records, materials, information, documents, designs, logos or other information of any kind provided by, or made available by one Party shall at all times vest in and remain the sole property of that Party. In no event shall any term of this Agreement be construed so as to require the transfer of title or license to either party’s Intellectual Property Rights unless expressly provided under this Agreement.

5.3. If the Biobest Software is, or in Biobest's opinion is likely to be, claimed to infringe, misappropriate, or otherwise violate any third-party intellectual property right, or if BioBest's use of any portion of the Biobest Software is enjoined or threatened to be enjoined, Biobest may, subject to reasonable consultation and input from Biobest, at its option and sole cost and expense:


6.1. The EULA shall initially be valid for the period stated in the agreement executed with the Licensee (the ‘Initial Commercial Term’).

6.2. After the Initial Commercial Term, this Agreement shall be tacitly extended for consecutive period(s) of one (1) year (each, a “Subsequent Commercial Term”), unless terminated in accordance with Article 7.4. hereunder. At the beginning of each Subsequent Commercial Term, Licensee shall have the obligation to pay the License Fee. Licensee shall have no right to terminate this Agreement during such active one-year term, except as explicitly foreseen in Article 7.4. hereunder.

6.3. Each Party has the right to formally notify the other Party of its refusal to an extension of the Agreement no later than thirty (30) days before the end of the Initial Commercial Term or any Subsequent Commercial Term in which case the Agreement shall be terminated at the end of the then ongoing active term, and all rights in relation to the Biobest Software Platform shall be terminated. If no such notification is sent by either Party, the Agreement shall be automatically extended for the duration of the Subsequent Commercial Term.

6.4. Biobest shall have the right to revise the Unit Price or the calculation method of the License Fee as defined under Article 4 by providing the Licensee with a notification defining the new Unit Price or setting out the details of the new License Fee calculation method no later than sixty (60) days before the end of either the Initial Commercial Term or any Subsequent Commercial Term.

6.5. For the avoidance of doubt and without limitation, Biobest may call on Article 7.5. to revise the License Fee or the calculation method of the License Fee, with regard to any Subsequent Commercial Term commencing after upgrading the Biobest Software with novel or substantially improved functionalities. Licensee acknowledges that Biobest shall not be under any obligation to maintain commercial availability of different Versions of the Biobest Software, with a different set of functionalities and a different License Fee.

6.6. Biobest shall further have the right at any time, without any damages due, to end this Agreement by providing the Licensee with a formal notice letter and a notice term of three (3) months. In case of termination in accordance with this Article 7.7., Biobest shall refund the License Fee paid by the Licensee with respect to the remaining period of the then ongoing active term from the date of providing such notice of termination. The amount to be reimbursed shall be based on the number of complete months from the date of notice of termination pro rata the number of months covered by the latest License Fee payment.

6.7. Notwithstanding any provisions to the contrary in this Agreement, Biobest and/or the Licensee shall further have the right to terminate this Agreement, effective immediately, and without court intervention, by registered letter without prior notice or compensation in the event:

In such case no refund of any paid License Fee shall be due.

6.8. Biobest has the right to suspend any and all rights granted to the Licensee under this Agreement, without prior notice, effective immediately and without court intervention, in the event that the Licensee breaches any of the terms of this Agreement, including, for the avoidance of doubt, failure to pay the License Fee on time. No refund of any paid License Fee or compensation of any kind shall be due in connection with such suspension.


7.1. Biobest and the Co-Developer shall qualify as an intermediate providing information society services that consist of the transmission of information provided by a recipient of the service (“mere conduit”), and as such cannot be held liable for the information transmitted, on the conditions that Biobest and/or the Co-Developer:

7.2. Neither Biobest nor the Co-Developer (or their distributors) shall be liable for any direct damage, except in case of fraud or willful misconduct. In no event shall Biobest nor the Co-Developer (or their distributors) be liable for any indirect damage, including but not limited to, loss of profit, loss of data, loss of income, increase in operational costs, or loss of licensees.

7.3. In any event, the total aggregate liability of Biobest and the Co-Developer (or of their distributors) for all damages and losses that arise under or in connection with this Agreement, whether in contract, tort or otherwise or that result from the Licensee’s use of or inability to use the Biobest Software, shall not in any circumstance exceed the total amount, if any, actually paid by the Licensee to Biobest for using the Biobest Software within the twelve (12) month period preceding the date of bringing a claim.

7.4. The Licensee agrees to defend, indemnify and hold harmless Biobest and/or the Co-Developer from and against any and all claims, damages, obligations, losses, liabilities, costs and expenses (including but not limited to legal fees and disbursements) arising from: (i) the Licensee’s improper use of the Biobest Software; (ii) the Licensee’s violation of this Agreement; and (iii) the Licensee’s violation of any third party right, including without limitation any copyright, property, or privacy right.

7.5. Neither Biobest nor Ecoation (or a Biobest Distributor) shall be held liable for failure to perform under this Agreement if such failure is due to causes beyond its reasonable control (“overmacht/force majeure”), such as, but not limited to, fire, flood, strikes, downtime attributable to a licensor, labour disputes or other industrial disturbances, (declared or undeclared) war, embargos, blockades, legal restrictions, riots, insurrections, governmental regulations, pandemics, epidemics or the unavailability of the internet.

7.6. Biobest and/or the Co-Developer’s liabilities under article 8.2 do not apply to any claims, damages or liabilities arising out of or relating to any of the following:


8.1. Biobest undertakes to protect your Personal Data in accordance with the applicable data protection legislation, including the EU General Data Protection Regulation 2016/679 and any applicable national implementing and supplementing laws, and to ensure compliance with such legislation by its personnel, agents, representatives and subcontractors.

8.2. Depending on the specific processing activity carried out by Biobest, Biobest may be considered either Controller or Processor.

8.3. In the context of the Biobest Software, Biobest shall act as Processor and the Licensee as Controller. In this case, Biobest will process the personal data in accordance with the Data Processing Agreement concluded between Biobest and the Licensee included as Annex I to this Agreement.

Biobest may also act as Controller for certain processing activities (together with Ecoation as Joint Controller, as the case may be), including but not limited to the processing of personal data to improve the design and quality of the Biobest Software and its user experience, to inform about updates and new features or services on the Biobest Software or to comply with the legal obligations Biobest is subject to. Biobest shall Process such Personal Data in accordance with the Privacy Policy, available at and the Cookie Policy, available at


9.1. All Non-Personal Data Processed via the Biobest Software may be used by Biobest and Ecoation (or their distributors) for the following purposes:


10.1. During the term of this engagement, Biobest and the Co-Developer on the one hand and the Licensee on the other hand may be exposed to each other’s Confidential Information. The recipient party agrees to treat any Confidential Information in accordance with this Article 11. The disclosing party shall remain the owner of the information that it communicates to the recipient party.

10.2. The recipient party agrees to take all necessary measures to maintain the confidential nature of the Confidential Information, specifically the recipient party shall:

10.3. Unless expressly agreed otherwise, all rights, title and interest to and in Confidential Information shall vest and remain in the disclosing Party (or, where applicable, the disclosing Party’s Affiliates). This Agreement does not grant any license whatsoever for any patent, copyright or other intellectual property right of any kind.

10.4. This Article 11 shall not restrict the use of Confidential Information as foreseen under Articles 8 and 9.


11.1. This Agreement may not be amended, supplemented or otherwise modified, except by a written instrument executed by all Parties.

11.2. The invalidity or unenforceability of any provision of this Agreement shall not result in the invalidity or unenforceability of any other provision of the Agreement or of the Agreement as a whole. In the event that the validity or enforceability of any provision of this Agreement is jeopardized or challenged, the Parties undertake to do whatever is reasonably necessary or advisable, including effecting such applications or filings, or restructurings of the provision in question, so as to be able to lawfully maintain such provision in full force or to substitute another provision that has economically substantially the same effect for all Parties.

11.3. Neither this Agreement nor any right or obligation hereunder may be assigned, delegated or otherwise transferred in whole or in part to a third person by any Party without the prior written consent of each and any of the other Parties and any such attempted assignment or delegation without such consent shall be ab initio, null, void, and without effect.

11.4. No provision of this Agreement shall be deemed to have been waived by any act or acquiescence on the part of any Party, their agents or employees, but may be waived only by an instrument in writing signed by an officer of the waiving Party. No waiver of any provision of this Agreement on one occasion shall constitute a waiver of any other provision or of the same provision on another occasion.

11.5. The Co-Developer is a third-party beneficiary of this Agreement. Upon the Licensee’s acceptance of this Agreement, the Co-Developer will have the right to enforce the Agreement against Licensee as a third-party beneficiary thereof.

11.6. This Agreement does not constitute either Party the agent of the other, or create a partnership, joint venture or similar relationship between the Parties, and neither Party will have the power to obligate the other in any manner whatsoever.

11.7. This Agreement shall be binding upon and enure to the benefit of each of the Parties hereto, as well as their respective permitted successors and assigns.


12.1. This Agreement shall be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein if the Licensee is located in North America, and otherwise in accordance with the laws of Belgium.

12.2. Any and all disputes arising from or in connection with this Agreement shall be submitted to the exclusive jurisdiction of the courts of the Province of Ontario, if the Licensee is located in North America, and otherwise to the exclusive jurisdiction of the courts of Belgium competent for the registered office of Biobest.



1.1. This Data Processing Agreement (the “DPA”) is concluded between Biobest and the Licensee pursuant to and subject to the License Agreement in relation to the Biobest Software.

1.2. This DPA forms an integral part of the Agreement (as defined in the License Agreement) between the Parties. In the performance of the Agreement, Biobest will receive and process Personal Data for the benefit and on behalf of the Licensee and in accordance with the instructions and purpose defined by the Licensee. Parties agree that Biobest is the Processor and the Licensee is the Controller in respect of such Processing of Personal Data. Parties acknowledge that specific legislation applies to the Processing of Personal Data in relation the Agreement. Such legislation includes, among others, the GDPR (including implementing laws, if applicable) and the Belgian Privacy Act.

1.3. By means of this Data Processing Agreement, Parties wish to lay down their specific agreements in respect to Personal Data Processing within the framework of the Agreement. This Data Processing Agreement supersedes and replaces all previous agreements made in respect of Personal Data Processing and data protection.


2.1. The following definitions apply in this DPA:

2.2. In the case of conflict or ambiguity between:


3.1. The Controller retains control of the Personal Data and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to the Processor. The Controller shall inform the Processor of any additional national and/or sector-specific mandatory legislation that applies to the processing by the Processor as a result of the processing by the Controller.

3.2. Appendix A describes the nature and purpose of processing, the retention term(s) and the Personal Data categories and Data Subject types in respect of which the Processor may process to fulfil the Services.


4.1. The Processor will only process the Personal Data to the extent, and in such a manner, as is necessary for the Services in accordance with the Controller's written instructions. The Processor will not process the Personal Data for any other purpose or in a way that does not comply with this DPA or the Data Protection Legislation. The Processor must promptly notify the Controller if, in its opinion, the Controller's instruction would not comply with the Data Protection Legislation.

4.2. The Processor will maintain the confidentiality of all Personal Data and will not disclose Personal Data to third parties unless the Controller or this DPA specifically authorises the disclosure, or as required by law. If a law, court, regulator or supervisory authority requires the Processor to process or disclose Personal Data, the Processor must first inform the Controller of the legal or regulatory requirement and give the Controller an opportunity to object or challenge the requirement, unless the law prohibits such notice.

4.3. The Processor will reasonably assist the Controller with meeting the Controller's compliance obligations under the Data Protection Legislation, taking into account the nature of the Processor's processing and the information available to the Processor, including in relation to Data Subject rights, Data Protection Impact Assessments and reporting to and consulting with supervisory authorities under the Data Protection Legislation.


5.1. The Processor will ensure that all employees:


6.1. The Processor must implement appropriate technical and organisational measures against unauthorised or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data, as further described in Appendix A.

6.2. The Processor must implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:


7.1. The Processor will without undue delay and in any case within 24 hours notify the Controller if it becomes aware of a Personal Data Breach in the framework of the Services.

7.2. Where the Processor becomes aware of a Personal Data Breach, it shall, without undue delay, also provide the Controller with the following information:

7.3. Immediately following a Personal Data Breach, the Parties will co-ordinate with each other to investigate the matter. The Processor will reasonably co-operate with the Controller in the Controller's handling of the matter, including:

7.4. The Processor will not inform any third party of any Personal Data Breach without first obtaining the Controller's prior written consent, except when required to do so by law.

7.5. The Controller shall cover all reasonable expenses associated with the Processor’s performance under this Clause 7 unless the matter arose from the Processor's negligence, wilful misconduct or breach of this DPA.


8.1. Any transfer of Personal Data outside the European Economic Area (EEA) by the Processor may only take place in accordance with the principles set out in the applicable Data Protection Legislation and this DPA.

8.2. Controller grants Processor permission to transfer Personal Data to its Sub-Processors as listed in Appendix A (as may be amended by Processor from time to time according to Article 8.1.1 of this DPA). Authorization by the Controller in accordance with this DPA is not required, when the transfer of Personal Data to countries outside the EEA is mandatory under applicable law.


9.1. The Processor may only authorise a third party (Sub-Processor) to process the Personal Data if:

9.2. Those Sub-Processors approved at the commencement of this DPA are as set out in Appendix A. The Processor must list all approved subcontractors in Appendix A and include any Sub-Processor's name, location and contact information for the person responsible for data protection compliance.

9.3. Without prejudice to Clause 14.1, the Processor shall remain fully liable to the Controller for any failure by a Sub-Processor to fulfil its obligations in relation to the processing of the Personal Data.


10.1. The Processor must take such technical and organisational measures as agreed in writing between the Parties, and promptly provide such information to the Controller as the Controller may reasonably require, to enable the Controller to comply with:

10.2. The Processor must notify the Controller immediately if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either Party's compliance with the Data Protection Legislation.

10.3. The Processor must notify the Controller within 5 working days if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their related rights under the Data Protection Legislation.

10.4. The Processor will reasonably cooperate with, and assist, the Controller in responding to any complaint, notice, communication or Data Subject request.

10.5. The Processor must not disclose the Personal Data to any Data Subject or to a third party other than at the Controller's request or instruction, as provided for in this DPA or as required by law.


11.1. This DPA will remain in full force and effect so long as:

11.2. Any provision of this DPA that expressly or by implication should come into or continue in force on or after termination of the Agreement (including, but not limited to, Clause 14.1) will remain in full force and effect.


12.1. On termination of the Agreement for any reason or expiry of its term, the Processor will securely delete or destroy or, if directed in writing by the Controller, return and not retain, all or any Personal Data related to this DPA in its possession or control.

12.2. If any law, regulation, or government or regulatory body requires the Processor to retain any documents or materials that the Processor would otherwise be required to return or destroy, it will notify the Controller in writing of that retention requirement, giving details of the documents or materials that it must retain, the legal basis for retention, and establishing a specific timeline for destruction once the retention requirement ends.

12.3. The Processor will certify in writing that it has destroyed the Personal Data within 14 days after it completes the destruction.

11.4. If the Processor cannot destroy or delete all Personal Data because of technical reasons, Processor will immediately inform Controller thereof and will take all necessary steps to:


13.1. The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations under this DPA and the Data Protection Legislation and allow the Controller and its authorized auditors to perform audits regarding the compliance by the Processor with its obligations under this DPA and the Data Protection Legislation.

13.2. Any such audit may not take place more than once every contract year, shall be at the sole expense of the Controller and shall be subject to the Controller providing the Processor with at least thirty (30) days prior written notice of its intention to perform an audit. The audit shall take place during the normal business hours and shall not unreasonably interfere with the Processor’s business activities. The Processor shall have the right to require Controller and any third-party auditor to enter into a non-disclosure agreement prior to performing the audit.


14.1. To the extent permitted under applicable law, any limitations and/or exclusions of liability in the Agreement are applicable to this DPA.

14.2. If at any time during the Term, one of the provisions of this DPA, is determined to be or to have become invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions of the DPA shall not in any way be affected or impaired. The Parties shall negotiate in good faith to replace such invalid, illegal or unenforceable provision with a valid, legal and enforceable provision the effect of which comes as close as possible to that of the invalid, illegal or unenforceable provision.

14.3. This DPA will be governed by, and construed in accordance with, the laws applicable to the Agreement. The same court as stated in the Agreement shall have exclusive jurisdiction for any disputes arising from or in connection with this DPA.

APPENDIX A: Data Processing Details

Purpose and means of Processing Personal Data is processed for the provision of the Biobest Software
Category (type) of Data Subjects
  • Employees of Controller
  • Users of the Biobest Software
Category (type) of Personal Data being processed
  • Personal identification data (name, surname, e-mail address, telephone number);
  • Account info (user ID, password);
  • Geographical info (location);
  • Professional information (current employer);
  • Technical identifiers (IP address, type of browser used, device info like operating system and version);
  • Platform usage (time and date of access, features used, actions taken while using the platform).
  • Ecoation Innovative Solutions Inc.
    • Registered office: 949 3rd St. West, Suite 113, North Vancouver, BC, Canada V7P 3P7.
    • Nature of sub-processing: Development, configuration and setup services of the Biobest Software.
    • Location of processing: The AWS physical data center in Oregon, US.
  • Pats Indoor Drone Solutions
    • Registered office: Kluyverweg 1, 2629 HS Delft, The Netherlands.
    • Nature of sub-processing: Provision of intelligent pest monitoring and control systems for greenhouses.
    • Location of processing: Amsterdam, The Netherlands.
  • ePotentia VOF Data Science Hosting
    • Registered office: Lodewijk van Berckenlaan 18, 2600 Berchem, Belgium.
    • Nature of sub-processing: hosting services.
    • Location of processing: Google Europe-West4 datacenter in Eemshaven and Middenmeer Amsterdam, The Netherlands.
Storage Period Term of Agreement
Technical and Organizational Measures Our Sub-Processor Ecoation Innovative Solutions Inc. takes the following technical measures:
  1. Physical Access Controls

    ecoation utilizes AWS as its physical hosting provider. AWS's facilities are secured in access-controlled locations protected from unauthorized access, damage, and interference. These facilities employ physical security measures appropriate to the classification of the assets and information being managed. Entry to these locations is limited and screened through measures such as on-site security guards, badge readers, electronic locks, or monitored closed-circuit television (CCTV). By leveraging AWS's infrastructure, ecoation ensures adherence to the highest standards of physical access controls.

  2. System Access Controls

    For system access, ecoation employs stringent protocols including two-factor authentication. Access to the company's IT systems is only allowed from approved, ecoation-managed devices equipped with appropriate technical security controls. Periodic security awareness training is conducted for all staff, and only those with an actual need-to-know are granted system access. A formal access management process is in place for requesting, reviewing, approving, and provisioning all staff access to IT systems.

  3. Data Access Controls

    At the data level, ecoation has put in place robust access management processes. These controls are designed to limit access to customer data only to those staff members with a need-to-know basis. A formal access management process is in place for the request, review, approval, and provisioning of all staff with access to customer data. Separation of duties is also enforced to prevent a single employee from controlling all key aspects of a critical transaction or business process related to customer data or systems.

  4. Transmission Controls

    ecoation ensures that all customer data is transmitted securely over HTTPS using TLS encryption protocols. JSON Web Tokens (JWT) are used for secure and stateless communication between services.

  5. Input Controls

    ecoation maintains methods to securely store passwords and other sensitive customer data. The input of this data into systems is governed by strict protocols that follow industry-standard practices. All data, once entered into the system, is pseudonymized and encrypted to ensure its security.

  6. Data Backups

    In terms of business continuity and disaster recovery, ecoation has plans that cover human resources, IT infrastructure, data storage, and data continuity. Clear recovery time objectives (RTOs) and recovery point objectives (RPOs) are established. The plans are reviewed periodically to ensure that data can be restored in a timely manner following any physical or technical incidents.

  7. Data Segregation

    ecoation uses established measures to ensure that customer data is kept logically segregated from other customers' data when stored. This logical separation is maintained at all times to prevent any unauthorized access or mixing of data between different clients.

More information can be provided at first request.