Skip to main content

Data Processing Agreement

Data Processing Addendum (DPA) incorporated within the Customer Service Agreement

Updated over 3 weeks ago

PARTIES

  1. Erlibird Nest, Inc (dba Betatesting.com) located at 401 N. Michigan Ave, Suite 1200, Chicago IL 60611, USA (“BetaTesting”)

  2. The entity identified as "Customer" in the Customer Service Agreement (“Customer”)

BACKGROUND

  1. This Data Processing Agreement (“DPA”) forms part of the Customer Service Agreement between the two parties. The DPA also includes the Standard Contractual Clauses and associated Appendices and Exhibits.

  2. In the course of providing services in connection with the Agreement, BetaTesting will be processing Customer Personal Data (as defined below) on behalf of Customer. This Agreement sets out the terms on which BetaTesting will be processing that Customer Personal Data. Customer and BetaTesting agree to the terms and conditions of this DPA in connection with your use of the BetaTesting platform and services. By accessing the product and using the services, you agree to this DPA.

AGREED TERMS

  1. DEFINITIONS

    1. In this Agreement:

      1. “Customer Personal Data” means any personal data for which Customer is a controller and/or which Customer processes as a processor on behalf of its client, including without limitation any IP addresses, cookies or other identifiers for individual users;

      2. “Customer Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data transmitted, stored or otherwise processed;

      3. “Applicable Law” means any EU, EU member state or UK law;

      4. “Business Purposes” means the provision of the Services in accordance with the Services Agreement, together with any other purposes described in the Data Processing Particulars;

      5. “Data Processing Particulars” means, in relation to any processing of Customer Personal Data under this Agreement: (i) the subject matter and duration of the processing; (ii) the nature and purpose of the processing; (iii) the type of personal data being processed; and (iv) the categories of data subjects;

      6. “Data Protection Laws” means any data protection laws applicable to the provision of the Services from time to time, including the Data Protection Act 2018 and all subordinate legislation, the General Data Protection Regulation (“GDPR”) and the Regulation on Privacy and Electronic Communications;

      7. “EEA” means the European Economic Area plus (in the event that the United Kingdom ceases to be a member of the European Economic Area) the United Kingdom;

      8. “Security Measures” means technical and organisational measures against unauthorised or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Customer Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Customer Personal Data.

      9. “Services” means the services provided pursuant to the Services Agreement;

      10. “Services Agreement” means any agreement between Customer and BetaTesting from time to time for the provision of Services, including the General Terms and Conditions for the provision of SaaS;

      11. “controller”, “processor”, “data subject”, “personal data”, and “processing” have the meanings given to them in GDPR.

      12. “Shared Personal Data” is personal information shared with the other party where each party is responsible as an independent controller. Shared Personal Data includes any personal information that test participants make available as part of their BetaTesting profile to be shared with Customer as part of the tester recruiting and testing process.

    2. In this Agreement, the following rules apply:

      1. a reference to a statute or statutory provision is a reference to such statute or statutory provision as amended or re-enacted. A reference to a statute or statutory provision includes any subordinate legislation made under that statute or statutory provision, as amended or re-enacted;

      2. any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression will be construed as illustrative and will not limit the sense of the words preceding those terms; and

      3. a reference to “writing” or “written” includes emails but not faxes.

  2. AGREEMENT

    1. In consideration of Customer engaging BetaTesting to process Customer Personal Data and Customer agreeing to comply with Customer’s obligations under this Agreement, BetaTesting undertakes to comply with BetaTesting’s obligations set out in this Agreement.

    2. To the extent that any of the terms of this Agreement conflict or are inconsistent with the terms of the Services Agreement, those terms of this Agreement will apply to the extent that they impose a higher obligation on the BetaTesting than those terms of the Services Agreement, and those terms of the Services Agreement will apply to the extent that they impose a higher obligation on the BetaTesting than those terms of this Agreement.

  3. DATA PROCESSING PARTICULARS

    1. Each of the parties acknowledges and agrees that the table set out in Annex 1 is an accurate description of the Data Processing Particulars. Either party may from time to time propose in writing updates to the table set out in Annex 1 in order to ensure it remains an accurate description of the Data Protection Particulars, and neither party will unreasonably withhold its consent to any change reasonably necessary to ensure the table remains an accurate description of the Data Protection Particulars.

  4. DATA PROCESSING

    1. BetaTesting acknowledges that it acts as a processor in respect of any Customer Personal Data processed by it in connection with this Agreement. In the event that Customer acts as a data processor of one of its customers, BetaTesting may act as a subprocessor of Customer.

    2. Subject to clause 4.c, BetaTesting will:

      1. process Customer Personal Data only to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with Customer’s written instructions;

      2. not process Customer Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Laws; and

      3. implement and maintain appropriate technical and organizational measures to ensure that BetaTesting’s processing of Customer Personal Data meets the requirements of GDPR and ensures the protection of the rights of the data subjects; and

      4. comply with all obligations imposed on processors by the Data Protection Laws from time to time

    3. BetaTesting will promptly notify Customer if (a) in BetaTesting’s opinion, any Customer instruction would not comply with the Data Protection Laws; or (b) If it is required under Applicable Law to process any Customer Personal Data other than as stated in clause 4.b, except where those laws prohibit BetaTesting notifying Customer on important grounds of public interest.

  5. COMPLIANCE WITH DATA PROTECTION LAWS

    1. Taking into account the nature of BetaTesting’s processing and the information available to BetaTesting, BetaTesting will reasonably assist Customer with meeting Customer’s compliance obligations under the Data Protection Laws including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with supervisory authorities under the Data Protection Laws.

    2. In particular, BetaTesting will

      1. promptly comply with any Customer request or instruction requiring BetaTesting to amend, transfer, delete or otherwise process Customer Personal Data, or to stop, mitigate or remedy any unauthorized processing;

      2. promptly (and in any event within 5 days of receipt) notify Customer if BetaTesting receives any complaint, notice or communication that relates directly or indirectly to the processing of Customer Personal Data or to either party’s compliance with the Data Protection Laws.

      3. promptly (and in any event within 5 days of receipt) notify Customer if it receives a request from a data subject for access to their Customer Personal Data or to exercise any of their related rights under the Data Protection Laws.

      4. promptly assist Customer with all notices, requests or other enquiries relating to the Data Protection Laws which may be received whether by Customer or BetaTesting, including requests from data subjects;

      5. promptly assist Customer in fulfilling any obligation to respond to requests by data subjects, including Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of GDPR;

      6. not disclose any Customer Personal Data in response to any subject access request without first obtaining the consent of Customer;

      7. not disclose any Customer Personal Data to a third party except at the specific request of Customer or where obliged to do so under any statutory requirement (in which case it will advise Customer in advance of such disclosure);

      8. promptly assist Customer in ensuring compliance with any obligations of Customer in respect of data protection impact assessments and prior consultation, including if applicable Customer’s obligations pursuant to Articles 35 and 36 of GDPR;

      9. promptly provide any information requested by Customer concerning BetaTesting’s systems and processes relating to the processing of Customer Personal Data under this Agreement and BetaTesting’s compliance with its obligations under this Agreement; and

      10. allow its data processing facilities, procedures and documentation to be submitted for scrutiny by Customer or its auditors in order to ascertain compliance with the Data Protection Laws and the terms of this Agreement.

  6. CONFIDENTIALITY

    1. BetaTesting will maintain the confidentiality of all Customer Personal Data and will not disclose Customer Personal Data to third parties unless Customer or this Agreement specifically authorizes the disclosure, or as required by law. If a law, court, regulator or supervisory authority requires BetaTesting to process or disclose Customer Personal Data, BetaTesting will first inform Customer of the legal or regulatory requirement and give Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.

    2. BetaTesting will ensure that only such of its employees who may be required by BetaTesting to assist it in meeting its obligations under this Agreement will have access to the Customer Personal Data and that all employees’ use of it will be subject to written contractual obligations which are no less onerous than those imposed on BetaTesting by this Agreement, including contractual or statutory obligations of confidentiality no less onerous than those set out in clause 6.a.

  7. SUBPROCESSORS

    1. Customer gives general authorization for BetaTesting to engage third parties as subprocessors to process Customer Personal Data. BetaTesting maintains a current list of Subprocessors on its website.

    2. BetaTesting will inform the Customer of any intended changes concerning the addition or replacement of Subprocessors. The Customer may object to a subprocessor if its involvement has caused or is likely to cause a data protection risk. To do so, the Customer must send written notice to BetaTesting within 30 calendar days of the subprocessor being added to the list referenced above.

    3. Without prejudice to Customer’s rights, BetaTesting will (at Customer’s request) discuss in good faith with Customer how to resolve Customer’s objections to a change notified under clause 7.b. BetaTesting must then either opt not to use (or stop using) the subprocessor for processing Customer Personal Data or allow the Customer to immediately terminate the Agreement without penalty.

    4. BetaTesting will ensure that any Subprocessor is bound by obligations no less onerous than those set out in this Agreement. In particular, any Subprocessor will undertake to implement appropriate technical and organizational measures to ensure that the processing will meet the requirements of GDPR.

    5. BetaTesting will be liable for the acts or omissions of any Subprocessor in relation to Customer Personal Data as if they were the acts or omissions of BetaTesting.

  8. SECURITY

    1. BetaTesting will at all times implement appropriate Security Measures to ensure a level of security appropriate to the risk involved, including as appropriate those set out below at (a)-(d). BetaTesting will document those Security Measures in writing and periodically review them to ensure they remain current and complete, at least annually.

    2. the pseudonymisation and encryption of personal data;

    3. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

    4. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and

    5. a process for regularly testing, assessing and evaluating the effectiveness of security measures.

  9. CUSTOMER PERSONAL DATA BREACH

    1. BetaTesting will promptly notify Customer if it becomes aware of any Customer Personal Data Breach, and it will, without undue delay, provide Customer with the following information:

      1. a description of the nature of the Customer Personal Data Breach, including the categories and approximate number of both Data Subjects and Personal Data records concerned;

      2. the likely consequences; and

      3. a description of the measures taken and/or proposed to be taken to address the Customer Personal Data Breach, including measures to mitigate its possible adverse effects.

    2. BetaTesting will provide all reasonable cooperation with Customer in assisting, researching, and mitigating the impact of the Customer Personal Data Breach on Customer and/or data subjects.

    3. BetaTesting will not inform any third party of any Customer Personal Data Breach without first obtaining Customer’s prior written consent, except when required to do so under the Data Protection Laws.

    4. BetaTesting will not be held liable for any failure to meet the requirements of this section if the Data Security Incident resulted from the actions of the Customer or occurred in accordance with the Customer’s instructions.

  10. DATA EXPORTS

    1. Customer authorizes BetaTesting and its authorized contractors, agents, vendors, and third party service providers (i.e. subprocessors) to transfer Company Personal Data across international borders as needed to provide the services in accordance with this Agreement. Customer Personal Data may be transferred to and processed by BetaTesting globally, including from from the European Economic Area or the United Kingdom, to the United States or other countries where BetaTesting or its affiliates and subprocessors operate.

    2. Any cross-border transfer shall comply with GDPR and other Data Protection Laws.

    3. To the extent required by Data Protection Laws, the parties agree that the appropriate Standard Contractual Clauses shall be deemed to be attached and executed and form part of this Agreement as part of the execution of this Agreement or by using the BetaTesting platform and services.

    4. Where additional information is required to complete the SCCs, the agreed options and supplemental information are included in the attached SCC Definitions exhibit. If any of the SCCs can no longer be used for lawful data transfers, the parties agree that other SCCs or legally valid alternative mechanisms shall apply without the need to ammend this Agreement.

  11. AUDIT

    1. Customer shall have the right to an audit or otherwise monitor BetaTesting’s architecture, systems, policies, and procedures relevant to the security and integrity of Company Personal Data or as otherwise required by a government regulator. BetaTesting shall:

      1. Answer reasonable inquiries from the Customer, including completing security-related questionnaires and audit requests;

      2. Make available relevant details, documentation, certifications, and audit results from trusted independent third parties.

      3. Permit the Customer, at its own expense, to carry out penetration tests and assessments of system vulnerabilities.

    2. Any audits conducted under this section shall be:

      1. Conducted during reasonable times

      2. When possible, conducted upon reasonable advanced notice to BetaTesting

      3. Of reasonable duration

      4. Not unreasonably interfere with BetaTesting’s daily operations

    3. Customer is entirely responsible for all costs related to any audit conducted under this section, including fees charged by any auditor it hires. Customer is also liable for any harm, disruption, or damage to BetaTesting’s facilities, systems, staff, or operations caused by the auditor’s activities.

    4. Unless restricted by law, Customer will share any audit reports generated under this Section with BetaTesting. Information gathered through an audit may only be used as needed to show compliance with Data Protection Laws or to address regulatory inquiries. Customer may carry out one audit per calendar year, unless additional audits are required by Data Protection Laws, requested by a regulatory authority, or necessary due to a Customer Personal Data Breach.

  12. TERMINATION OF THE CUSTOMER SERVICE AGREEMENT

    1. This Agreement will terminate immediately upon termination of the Customer Service Agreement.

    2. On termination of this Agreement, howsoever caused, BetaTesting will immediately cease processing the Customer Personal Data and, at Customer’s option or direction, arrange for the prompt and safe return and/or destruction or all Customer Personal Data together with all copies in its possession or control and, where requested by Customer, certify that such destruction has taken place.

  13. SHARED PERSONAL DATA

    1. Each party acts as an independent Controller of Shared Personal Data and separately determines how and why to process such data. Each party is fully responsible for complying with Applicable Data Protection Law and must provide at least the level of privacy protection required by Applicable Law. Neither party is responsible for the other’s processing of Shared Personal Data. Each party must ensure it has a lawful basis to process Shared Personal Data, including the right to share it with the other party, and must provide any required notices or obtain necessary consents.

    2. When appropriate, each party agrees to promptly inform the other and reasonably cooperate and exchange necessary information to respond to either: (a) a legitimate request from an individual seeking to exercise their rights under applicable Data Protection Laws; or (b) any complaint, notice, or other correspondence from an individual, regulatory authority, government body, or court that concerns the processing of personal data.

    3. If the Customer can no longer fulfill its legal obligations under Applicable Data Protection Law concerning Shared Personal Data, it must promptly notify BetaTesting. Upon receiving such notice, BetaTesting may choose to take reasonable steps to prevent or correct unauthorized processing. The Customer agrees to process Shared Personal Data received from BetaTesting solely as needed for the Agreement and in accordance with Applicable Data Protection Law. Each party confirms it will not carry out any processing that would cause the other party to violate its legal obligations regarding the Shared Personal Data.

    4. Each party will manage and delete Shared Personal Data according to its own data retention policies. Both parties acknowledge that the other may retain Shared Personal Data after this DPA ends, unless otherwise required by Applicable Law or this DPA.

    5. If the Standard Contractual Clauses (SCCs) can no longer be used for lawful data transfers, the parties will agree on a legally valid alternative mechanism without unnecessary delay.

  14. GENERAL

    1. Severance. If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it will be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision will be deemed deleted. Any modification to or deletion of a provision or part-provision under this condition will not affect the validity and enforceability of the rest of this Agreement.

    2. Waiver. A waiver of any right or remedy under this Agreement or law is only effective if given in writing and will not be deemed a waiver of any subsequent breach or default. No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law will constitute a waiver of that or any other right or remedy, nor will it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy will prevent or restrict the further exercise of that or any other right or remedy.

    3. No partnership or agency. Nothing in this Agreement is intended to, or will be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, or authorize any party to make or enter into any commitments for or on behalf of any other party.

    4. Third parties. A person who is not a party to this Agreement will not have any rights to enforce its terms.

    5. Costs. Except as set out expressly in this Agreement or in the Services Agreement, each party is responsible for its own costs incurred in complying with its obligations under this Agreement.

    6. Variation. Except as set out in these Agreement, no variation of this Agreement, including the introduction of any additional terms and conditions, will be effective unless it is agreed in writing and signed by both parties.

The parties have entered into this Agreement on the Effective Date of the Customer Service Agreement.

ANNEX 1- DATA PROCESSING PARTICULARS

The subject matter, nature, and

purpose of the processing

To provide the Services pursuant to the Services Agreement

The duration of the processing

For the term of the Services Agreement

The type of personal data being

processed

Categories of data include:

  • Direct identifying information (e.g., name, email, phone)

  • Indirect identifying information (e.g., job title, gender, date of birth)

  • Device identification data and traffic data (e.g., IP address, web logs)

  • Any personal data supplied by test participants

The categories of data subjects

Customer’s employees, customers, contractors, test participants

ANNEX 2- SUBPROCESSORS

Subprocessor Name

Subprocessor Location

Subprocessor Role

Amazon Web Services, Inc

USA

Cloud Web Hosting

Google, Inc

USA

Office functions (e.g. email)

Atlassian, Inc.

USA

If Customer chooses to integrate with Jira

Intercom R&D Unlimited Company

USA

Chat support with customers or testers

Calendly, LLC

USA

Support

DeviceAtlas

USA

Device data analysis

MaxMind, Inc.

USA

Browsing data and IP information

Onfido

USA

Identity verification for testers. Only used for BetaTesting-sourced testers and data is not shared with Customer.

Twilio

USA

SMS verification of phone numbers

Quickbooks

USA

Accounting and billing

EXHIBIT - SCC DEFINITIONS

LIST OF PARTIES

Data Exporter

Customer (as defined in the General Terms and Conditions or other negotiated agreement between the parties (the “Agreement”))

Data Importer

BetaTesting (as defined in the Agreement) and/or any of its Affiliates that may receive data from Customer

APPLICABILITY / ROLES:

For exports from the European Economic Area:

  • For a transfer or disclosure of, or other type of access to personal data from the UK, Switzerland, or from the EEA, in each case to a person or entity in a third country or to an international organization which does not ensure an adequate level of protection or is not governed by an existing appropriate safeguard (e.g. binding corporate rules) in accordance with the relevant data protection laws (each an “International Transfer”) in respect of Shared Personal Data between the parties, Module 1 of the SCC approved by the European Commission in Decision C(2021) 3972 (“EU SCC”).

  • For International Transfers where Customer (as a Data Controller) transfers Customer Personal Data to BetaTesting (as a Data Processor), Module 2 of the EU SCC that corresponds to the parties’ roles as Processor or Controller in the context of the International Transfer.

  • For International Transfers where Customer (as a Data Processor) transfers Customer Data to BetaTesting (as a Data Sub-Processor), Module 3 of the EU SCC that corresponds to the parties’ roles as Processor or Controller in the context of the International Transfer.

For exports from the United Kingdom (“UK”):

  • For International Transfers that occur prior to 21 March 2022:
    When the exporter is a Controller and the importer is a Processor, the SCC approved by the European Commission in Decision C(2010) 593, as amended, updated, or replaced by the UK Government from time to time (“2010 UK SCC”).

  • For International Transfers that occur on or after 21 March 2022:
    The modules of the EU SCC that correspond to the parties’ roles as Processor or Controller in the context of the International Transfer, as such EU SCC are amended by the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses, Version B.10 (21 March, 2022), issued under S1198A(1) of Data Protection Act 2018 (“UK Addendum”), each of which shall be completed as set forth in the UK SCC section below.

For exports from Switzerland:

  • The modules of the EU SCC that correspond to ther parties’ roles as Processor or Controller in the context of the International Transfer, each of which shall be completed as set forth in the EU SCC section below, as amended as set forth in the Swiss SCC section below. For the avoidance of doubt, nothing in these amendments is intended to decrease the level of protection to be provided by the EU SCC.

EU SCC

  • The parties select Option 2 (General Written Authorisation) in Clause 9 (Use of Sub-Processors), in relevant modules. BetaTesting maintains an up-to-date list of Sub-Processors for the services, on its website and incorporated in this Agreement. The time period within and process by which an importer must inform the exporter of intended changes to Sub-Processors is that set forth in the Data Processing Agreement between the parties (hereinafter, the “DPA”).

  • The optional clause in Clause 7 (Docking) of the EU SCC does not apply.

  • The optional clause in Clause 11(a) (Redress) of the EU SCC does not apply.

  • The parties select Option 1 in Clause 17 (Governing Law) of the EU SCC, in relevant modules, and agree to the law and courts of Ireland for purposes of Clause 17 and Clause 18 (Choice of Forum and Jurisdiction).

  • For purposes of Annex I of the EU SCC:
    The description of Processing in the DPA applies to International Transfers, unless otherwise specified.
    Personal Data may be transferred on a continuous basis.

  • The Irish DPA is the competent Supervisory Authority. For purposes of Annex II of the EU SCC, the technical and organizational measures are set forth in the Data Processing Agreement attached to this Agreement.

UK SCC

For International Transfers under the 2004 UK SCC or 2010 UK SCC:

  • The governing law is that of England and Wales for purposes of Clause 9 (Governing Law) and 11 (Sub-Processing) of the 2010 UK SCC.

  • For purposes of Appendix 1 of the 2010 UK SCC, the description of Processing in the DPA applies to International Transfers, unless otherwise specified.

  • For purposes of Appendix 2 of the 2010 UK SCC, the technical and organizational measures are set forth in the Data Processing Agreement attached to this Agreement and the optional paragraph on liabilities does not apply.

  • The parties select option (i) (the data protection laws of the country in which the data exporter is established) in Clause II(h) of the 2004 UK SCC.

  • For purposes of Annex B of the 2004 UK SCC:
    - The description of Processing in the DPA applies to International Transfers, unless otherwise specified.
    - The parties may disclose transferred Personal Data to recipients listed in the parties’ respective privacy notices.
    - Registration information will be made available upon request.
    - The illustrative commercial clauses do not apply.

For International Transfers under the EU SCC, as modified by the UK Addendum:

  • Table 1 shall be completed as set forth in the DPA and the Agreements.

  • Table 2: The selection shall be “the Approved EU SCC, including the Appendix Information and with only the following modules, clauses or optional provisions of the Approved EU SCC brought into effect for the purposes of this Addendum” and the table shall be completed as follows:
    - The operative modules shall be deemed completed in a manner corresponding with the parties’ roles as set forth in the DPA.
    - Clause 7 (Docking Clause) does not apply.
    - Clause 11 (Option) does not apply.
    - Clause 9a (Prior Authorisation or General Authorisation) shall be “General Authorisation,” and the time period and process by which this is done is, “as set forth in the DPA.”
    - The question, “is personal data received from the Importer combined with personal data collected by the Exporter” shall be “no,” unless otherwise specified in the DPA.

  • Table 3 shall be completed as follows:
    - Annex I.A: “The parties as set forth in the Agreement”
    - Annex I.B: “The Description of Processing set forth in the DPA”
    - Annex II: “The technical and organizational measures are set forth in the Data Processing Agreement attached to this Agreement.
    - Annex III: “The relevant list(s) of Sub-processors are as set forth in Annex 2 of this Agreement

  • Table 4: The selection shall be “Importer.”

Swiss SCC

  • References to GDPR shall be interpreted to also include references to the Swiss Federal Act on Data Protection (“FADP”)

  • Clause 13 and Annex I.C. of the EU SCC shall include the Federal Data Protection and Information Commissioner as an additional competent Supervisory Authority.

  • In the event that the International Transfer is exclusively subject to the FADP, Clause 17 of the EU SCC shall include Swiss law as the governing law; and

In Clause 18 of the EU SCC, references to “member state” shall also include references to Switzerland in order to ensure that Swiss Data Subjects may exercise their rights under FADP.

Related Articles
BetaTesting GDPR Overview
BetaTesting Privacy Policy
Test Types: Single Session Test
BetaTesting Responsible Vulnerability Disclosure Program
Customer Service Agreement
Did this answer your question?