Yak Privacy Notice

Effective Date: December 20, 2024

This Privacy Notice describes how Yak collects, uses, shares, and otherwise processes personal information. Yak provides software (the “Digital Platform”) to our customers who conduct audits, including under the System and Organization Controls (SOC) standard. This Privacy Notice applies to personal data collections and processing on our Digital Platform as well as on our corporate website, https://www.yaktech.io (the “Website”). This Privacy Notice is addressed to our customers and their representatives and employees (“Customers”), visitors to the Website (“Visitors”), and individuals whose personal data may be uploaded to the Digital Platform in the course of an audit (“End-Users”).

For individuals who interact with us online, we collect information you choose to give us and other information that may be collected from your use of our Website and Digital Platform, including from your device. We use that information to operate our business and for purposes set forth below. Below, we also describe choices we offer with respect to your information.

This Privacy Notice does not apply to information which is not processed by Yak. If you are an End User who wants to understand the information practices of our Customers and how they collect and process your personal data for their own purposes, you should contact them directly or refer to their privacy notice(s). This Privacy Notice does not apply to information that cannot be identified to any individual, household, or their devices, such as de-identified or anonymized information.

The sections of this Privacy Notice are hyperlinked below for your convenience:

Information We Collect
Automatic Information Collection, Logging, and Tracking
Other Ways We Use Information We Collect
How We Secure Information
How We Share Information
What Choices Do I Have?
Updates to Our Privacy Notice
Contact Information

Information We Collect

We collect information about individuals from a variety of sources, including:

Directly from End Users, Customers, and Visitors: when provided to us, for instance when contacting us via the Website, signing up for an account on our Digital Platform, providing information responsive to an audit into the Digital Platform, or responding to our inquiries or a survey.
Automatically: as you utilize the Website or Digital Platform. We may receive information in connection with content, widgets, cookies, components, or other tools deployed on our Website and Digital Platform, including from third parties.
From third parties: We may collect information from advertisers, marketing service providers, analytics services, affiliates, promotional partners, and application providers.

We may collect and process personal data, including collection from third parties, as detailed in the chart below:

Categories of Personal Information

Category of Individual	Personal Information Collected	Key Information Uses
Customer	- First and last name. - Business or personal contact information such as email, phone number, and mailing address. - Job title, responsibilities, and supervisors/reporting structure. - Content of your communications and materials sent, received, or maintained through the Digital Platform. Usage Data, as defined below.	- Provide and support the functionality of the Digital Platform. - Manage the business relationship with you. - Facilitate, record, and store communications or materials on the Digital Platform. - For marketing and advertising such as to provide information about new or related services we may offer. - For other general purposes noted below (e.g., to maintain records, enforce legal terms or comply with law), see Other Ways We Use Information We Collect.
End Users	- Data you communicate to Yak's Customers or the Digital Platform in the course of an audit, including but not limited to: - Name and contact details such as email, phone number, and address; - Employment data including roles and responsibilities, reporting structure, and access permissions; - Content of your communications and materials sent, received, or maintained through the Digital Platform; - Criminal background check information; - Information submitted through open text fields. - Information provided to respond to Yak's Customers' question or controls testing; - Usage Data, as defined below.	- Provide and support the functionality of the Digital Platform. - Develop analytics to understand our Website audiences. - Develop business strategies and marketing plans. - Provide information about new or related services we may offer. - For other general purposes noted below (e.g., to maintain records, enforce legal terms or comply with law), see Other Ways We Use Information We Collect.
Visitors	- Data you communicate to us while using the Website. - Information you provide in response to a form or survey. - Usage Data, as defined below.	- Provide Website functionality. - Develop analytics to understand our Website audiences, develop business strategies and marketing plans. - Provide information about new or related services we may offer. - For other general purposes noted below (e.g., to maintain records, enforce legal terms or comply with law), see Other Ways We Use Information We Collect.

Automatic Information Collection, Logging, and Tracking

If you are a Website Visitor, a Customer, or an End User, utilizing our Digital Platform, your browser or device may be subject to our collection of logging and other automatically collected information. This includes information collection via cookies, scripts, web beacons, and other technologies. The information we automatically collect may include your IP address, date and time you access our Website or Digital Platform and the pages and content you access during your visit, language preferences, websites that you link to or from, whether you receive or open an email or other communication from us, and the links you click on within those emails, information from your mobile device or your computer about how you interact with our Website or Digital Platform, including unique device identifier, mobile network information, the type of device used and the operating system on that device, browser type, a list of files downloaded or pages viewed, and any errors encountered (collectively, “Usage Data”).

Please note that third parties may collect personal information about your online activities over time and across third-party websites and online services. These third parties may provide us information in connection with content, widgets, components, cookies, or other tools offered on our Website and Digital Platform. They may use this information to provide you with interest-based advertising or other targeted content, and for other purposes. We may not control personal information once collected by these parties.

In all cases, we may collect and use other information you choose to provide or with your consent.

Other Ways We Use Information We Collect

In addition to the uses described above, we may use the information we collect in order to:

Maintain, analyze, customize, and improve your experience on our Website and Digital Platform.
Support business development, research, marketing and promotional purposes, press inquiries or aggregate statistical analysis and site customization.
Communicate with Visitors, Customers, and End Users about our products and services, including technical notices, security alerts, and support and administrative messages. We may also provide Website or Digital Service support, including notices about accounts and changes to our service.
Send promotional and marketing materials, support contests and other promotions, notify you about incentives and rewards.
Provide you information that you request from us or otherwise respond to your communications and questions.
Monitor and enforce our contracts, legal terms, acceptable use or other policies or similar terms.
Comply with law and satisfy our regulatory and compliance obligations. Additionally, we may use information we collect to support compliance efforts on behalf of others and ourselves.
Provide a personalized experience. Automatically collected and device information may also be used to help us estimate our audience size, usage patterns, and analyze trends and administer our Website and Digital Platform, and used for research and marketing purposes.
Help detect and prevent fraudulent use of our Website and Digital Platform and other prohibited, illicit or illegal activity.
Monitor information security, manage and protect our technical infrastructure (servers, networks, etc.), and to protect the rights and vital interests of you, others, and ourselves.
Address existing or anticipated disputes and to protect our legal interests.
Otherwise operate our business, including support for transactions impacting our company as a whole (such as mergers, acquisitions, reorganizations, underwriting or asset purchases).
Fulfill any other purpose for which you provide your information to us and for other purposes disclosed to you in connection with our services.
Other purposes permitted by law or to which you consent.

We may also retain and use your information in an anonymized or de-identified format where your identity is not recognizable. Such information is not subject to the same usage restrictions as personal information and can be used to improve our products and services, conduct research, or for our other business purposes.

As permitted by law, we may combine the information we gather about you in identifiable form, including information from third parties. We may use this information, for example, to improve and personalize our services, content and advertising.

How We Secure Information

We are committed to maintaining measures to protect the security of your personal information maintained in our systems. However, no network or system is ever entirely secure, and we cannot guarantee the security of networks and systems that we operate or that are operated on our behalf. If we face a security breach, we may notify you as required by law via email or conspicuous posting on our Website or Digital Platform.

The safety and security of your personal information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our services, you are responsible for keeping this password confidential. You should not share your password with anyone.

We may share your personal information with third parties as reasonable to operate our business (including for the purposes described above), to provide the Website and Digital Platform to you and others, as permitted or required by law, or as directed or authorized by you. For example:

Customers and End Users. We may communicate personal data between Customers and End Users to provide our services.

Affiliated Organizations. We may share some or all of your information with our parent organizations, subsidiaries, affiliates, joint ventures, or other organizations or entities under common control with us.

Third Party Sharing. We work with third parties to help us provide our Website and Digital Platform and to support internal operations. In some cases, they may use your information subject to their own privacy policies and to comply with their own legal and regulatory obligations. We work with different types of third parties, presently including:

Data hosting, storage and cloud service providers.

Platform and/or application security service providers.

Technical and customer support providers;

Marketing and analytics providers; and

Other third parties.

Professional Advisors, Law Enforcement and Regulators. We share information with our professional advisors who provide legal, compliance, auditing, accounting, banking, consulting, or other professional services, and with regulators, law enforcement, or government agencies, including to:

Comply with our legal and regulatory obligations, including those compliance obligations of federal, state or local regulators;

Protect our interests, property or legal rights, or those of our customers or third parties;

Respond to a subpoena, court order, or similar law enforcement request, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of this Privacy Notice or other applicable terms; and

For other legal purposes, such as to enforce our terms and conditions, or to exercise or defend legal claims.

Transaction Impacting the Organization as a Whole. In the event of a transaction or reorganization impacting us as an entity or organization, we may share your personal information. We may share your information in connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, restructuring, divestiture or dissolution of all or a portion of our business, or other similar event.

Other Disclosures. In addition to the above disclosures, we may disclose personal information in the event that we believe such disclosure is (i) necessary to provide our products and services or operate our business; (ii) in accordance with purposes we describe when you share it with us; (iii) permitted by law; or (iv) with your consent or at your direction.

We may disclose aggregated or deidentified information that does not identify any individual without restriction.

What Choices Do I Have?

Update personal information. If you are a Customer or End User with which we have an ongoing business relationship, you may request changes to information we maintain concerning you by emailing us at support@yaktech.io. As permitted by law, we may deny a request to change information if we believe the change would violate any law or legal requirement, cause the information to be incorrect, or prevent the provision of our products or services.

Marketing communications. You may receive marketing communications from Yak, including if you sign up for marketing or other communications. You may opt out of receiving marketing emails by following the unsubscribe link in each email, or by contacting us at support@yaktech.io. Please note that you may continue to receive non-marketing emails from us after you opt out. Please note that we do not control communications from others, including from Yak's Customers. If you have received marketing communications from Yak's Customers or other third parties, you should contact them directly to understand communication choices they may provide you.

Cookies. You have choices regarding certain cookies. Most web browsers automatically accept cookies, but you may modify your browser’s setting to notify you of cookie placement or decline cookies. If you choose to decline cookies, certain features of our website may not function properly or at all as a result.

Yak is not responsible for any practices employed by websites linked to or from our Website or Digital Platform, nor their information or content. Please remember that when you use a link to go from our Website or Digital Platform to another website, this Privacy Notice is no longer in effect.

Updates to Our Privacy Notice

We may update this Privacy Notice from time to time in order to provide clarification or notice of changes to our practices. If we make changes, we will revise the Effective Date at the top of this Privacy Notice. Changes to this Privacy Notice will be effective once they are posted unless otherwise indicated. We may choose to notify you by email to the email address in our records. We encourage you to periodically review our Privacy Notice to be sure you are familiar with the most current version.

Contact Information

If you have any questions or concern about this Privacy Notice or the privacy practices at Yak, please contact us at support@yaktech.io.