Easol has multiple policies in place, including Terms and Conditions, Privacy Policy, Acceptable Use Terms, and Creator Terms. Easol is also governed by AML, counter terrorist financing and sanctions policies.

To ensure secure storage of information, all data stored in the Easol platform is encrypted at rest using AES 256.

Easol operates an internal Data Retention Policy. In respect of all personal data within the scope of this Policy, Easol will retain such personal data until advised to securely dispose of it, or until it becomes outdated, or it is no longer appropriate for us to retain such data. Outdated personal data is periodically deleted in accordance with our Data Retention Policy which is available for review upon request.

Easol maintains a patch management program that includes high-risk security

patches applied and verified at least monthly on all devices, systems and applications that access, store, process or transmit scoped data.

Easol requires the use of unique accounts for each user, disallowing the use of shared accounts. Multi-factor Authentication is used for all systems storing, accessing or transmitting scoped data. Access to store, access or transmit scoped data is provisioned according to the principle of least privilege.

Easol maintains a business continuity program, including a disaster recovery plan, that is reviewed annually. Easol also has a backup of production data that is updated daily to protect against data loss. Backup procedures and system restorations are tested and reviewed at least once a year.

Easol has Worldwide 1st Party coverage worth £5M. This insurance policy covers cyber loss, cyber damage, business interruption (including extra expenses), cyber theft, and cyber extortion.

All Easol employees are required to take periodic training on security policies, including security awareness training, at least annually.

Easol operates an internal Information Security Policy, which is reviewed regularly. We have taken technical and organisational measures to ensure our own and our suppliers’ information security standards are appropriate to the risks associated with the personal data processing we undertake. Our security objectives include guaranteeing the confidentiality, integrity and availability of personal data and the resilience of the systems that process it. An enforcement section which allows for consequences up to and including dismissal for violations is also included in this policy. Our Information Security Policy is available for review upon request.

Easol operates a cybersecurity incident management program, including an incident response plan. We also perform simulated cyber incident table top exercises at least annually. In the event of a cybersecurity breach, we have an established process to track and notify all customers of loss or theft of, or unauthorized access to scoped data. We also regularly monitor, collect and review logs on scoped systems and systems containing, accessing or transmitting scoped data to uncover potential incidents.

To protect personal information collected, accessed, transmitted, processed, disclosed, or retained, Easol has a privacy program in place as outlined in our Privacy Policy.

Easol has a vulnerability management program in place. We perform network vulnerability scans against internal networks and systems, including penetration tests that are run regularly. Easol also has security tools installed on servers to detect malicious software.