Acceptable Use Policy

1. Introduction

This Acceptable Use Policy (“AUP” or “Policy”) governs the use of the ThirdProof platform, website, APIs, reports, and all related services (collectively, the “Services”) provided by ThirdProof, Inc. (“ThirdProof,” “we,” “us,” or “our”), a Delaware C-corporation.

ThirdProof is an autonomous vendor risk intelligence platform that investigates third-party vendors by querying publicly available data sources — including sanctions databases, business registries, cybersecurity intelligence feeds, certificate transparency logs, and adverse media — and produces AI-synthesized, audit-ready risk reports. This Policy ensures that the Services are used responsibly, ethically, and in accordance with applicable law.

By accessing or using the Services, you (“Customer,” “User,” or “you”) agree to comply with this Policy. This Policy supplements and is incorporated into the ThirdProof Terms of Service and Privacy Policy. In the event of a conflict between this Policy and the Terms of Service, the Terms of Service shall control.

2. Definitions

“AI Components” means the artificial intelligence and machine learning systems used within the Services, including natural language processing engines that synthesize data source findings into narrative risk reports, executive summaries, and compliance-framework-specific analysis.

“Customer Data” means data that you submit to the Services, including vendor names, domains, investigation parameters, organization profiles, and any configuration or preference data associated with your account.

“Investigation” means a single instance of ThirdProof querying its data sources to produce a risk intelligence report on a specified vendor or entity.

“Output” means the reports, risk ratings, tier assignments, confidence scores, findings, executive summaries, and any other content generated by the Services as a result of an Investigation.

“Data Sources” means the publicly accessible third-party databases, registries, intelligence feeds, and scanning services that the platform queries during an Investigation, including but not limited to sanctions databases, business registries, cybersecurity scanning services, certificate transparency logs, DNS intelligence, and adverse media sources.

“Risk Tier” means the risk classification assigned to an investigated vendor by the platform's deterministic rule engine based on evidence gathered from Data Sources.

3. Scope and Applicability

This Policy applies to all individuals and organizations that access or use the Services, including:

1. Account holders who have registered for a ThirdProof account under any subscription tier (including free trial accounts).
2. Authorized users who access the Services through a Customer's organizational account.
3. API consumers who access the Services programmatically through the ThirdProof API.
4. Visitors who interact with publicly accessible features of the ThirdProof website, including the demo investigation page.

You are responsible for ensuring that all individuals who access the Services through your account comply with this Policy. If you are accepting this Policy on behalf of an organization, you represent that you have the authority to bind that organization to these terms.

Age requirement. The Services are intended for use by individuals who are at least eighteen (18) years of age. By accessing the Services, you represent and warrant that you are at least 18 years old. If you are under 18, you may not use the Services.

4. Permitted Uses

The Services are designed for legitimate vendor risk management, third-party due diligence, and compliance documentation purposes. Permitted uses include:

1. Vendor risk assessment. Conducting Investigations on third-party vendors, suppliers, service providers, and business partners as part of your organization's vendor risk management program.
2. Compliance documentation. Using Output to support compliance with regulatory frameworks, including SOC 2 (Trust Services Criterion CC9.2), HIPAA (45 CFR §164.308(b)), PCI-DSS 4.0 (Requirement 12.8), CMMC, ISO 27001, NIST SP 800-171, DORA, and other applicable standards.
3. Audit evidence. Retaining Output as documented evidence of third-party risk assessment practices for internal and external audit purposes.
4. Internal risk management. Using Output to inform procurement decisions, vendor onboarding processes, periodic vendor reviews, and supply chain risk management within your organization.
5. Regulatory examination readiness. Maintaining Output as part of your documented vendor oversight program for regulatory examinations and compliance reviews.

5. Prohibited Uses

You may not use the Services for any purpose that is unlawful, harmful, or inconsistent with their intended use as a vendor risk intelligence tool. The following uses are strictly prohibited:

5.1 General Prohibitions

(a) Illegal activity. Using the Services to facilitate, support, or engage in any activity that violates applicable local, state, national, or international law or regulation.

(b) Harassment or intimidation. Using Output or the Services to harass, threaten, intimidate, defame, or coerce any individual or organization, including any vendor or entity that is the subject of an Investigation.

(c) Competitive intelligence abuse. Conducting Investigations for the primary purpose of obtaining competitive intelligence about a business rival rather than for legitimate vendor risk management purposes.

(d) Misrepresentation of affiliation. Representing that you are affiliated with ThirdProof, that you are a ThirdProof employee or agent, or that ThirdProof has endorsed your products, services, or business decisions, unless expressly authorized in writing.

(e) Resale without authorization. Reselling, sublicensing, or redistributing the Services or access to the Services to third parties without prior written authorization from ThirdProof.

(f) Circumvention of controls. Attempting to bypass, disable, or circumvent any technical limitations, access controls, rate limits, usage quotas, or security measures implemented by ThirdProof.

(g) Reverse engineering. Reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code, algorithms, data models, or underlying methodology of the Services, except to the extent expressly permitted by applicable law.

(h) System interference. Introducing viruses, malware, or other harmful code into the Services, or taking any action that imposes an unreasonable or disproportionate load on the platform's infrastructure.

(i) Unauthorized access. Accessing the Services using another person's credentials, or attempting to gain unauthorized access to any accounts, systems, or networks connected to the Services.

(j) Spam and abuse. Using the Services to send unsolicited communications, or using automated means to create accounts, run Investigations, or interact with the Services in a manner that exceeds reasonable use or is designed to abuse free trial or promotional offerings.

(k) Unauthorized security testing. Conducting vulnerability scans, penetration tests, load tests, or any form of security testing against the Services or ThirdProof infrastructure without prior written authorization from ThirdProof. If you wish to conduct authorized security testing, contact contact@thirdproof.ai with the subject line “Security Testing Request” to coordinate.

5.2 Prohibited Investigation Targets

(a) Individuals. The Services are designed to investigate business entities, not natural persons. You may not use the Services to investigate, profile, monitor, or compile intelligence on individuals in their personal capacity.

(b) Protected categories. You may not use the Services to investigate entities for the purpose of discrimination based on race, ethnicity, national origin, religion, gender, sexual orientation, disability, or any other legally protected characteristic.

(c) Surveillance. You may not use the Services for surveillance of individuals, political organizations, labor unions, religious organizations, or any non-commercial entity where the Investigation is not related to a legitimate vendor risk management need.

5.3 Prohibited Output Uses

(a) Public shaming or retaliation. Publishing or distributing Output for the purpose of publicly shaming, disparaging, or retaliating against a vendor, rather than for legitimate risk management purposes.

(b) Extortion or coercion. Using or threatening to use Output to extract payments, concessions, or favorable terms from a vendor under threat of publishing or sharing unfavorable findings.

(c) Automated decision-making with legal effect. Using Output as the sole basis for decisions that have significant legal effects on a vendor without meaningful human review. ThirdProof reports are designed to inform — not replace — human judgment in vendor management decisions.

(d) Misrepresentation of Output. Altering, modifying, or selectively presenting Output in a manner that materially misrepresents the findings, risk tier, confidence score, or conclusions of an Investigation. You may not remove or obscure the methodology version, investigation date, confidence score, or data source attribution from any Output you share externally.

6. AI-Specific Use Restrictions

The Services incorporate AI components that synthesize findings from multiple data sources into narrative risk reports. The following restrictions apply specifically to the AI-generated elements of the Services:

1. No reliance without human review. AI-generated narrative content within Output — including executive summaries, finding descriptions, and compliance-framework-specific analysis — is produced by machine learning models and should be reviewed by a qualified professional before being relied upon for material business decisions. Risk Tier assignments are computed by a deterministic rule engine and are not subject to AI interpretation, but the narrative context should be validated against your organization's specific requirements.
2. No training or model development. You may not use Output, including AI-generated narrative content, to train, fine-tune, or develop competing AI models, machine learning systems, or automated risk assessment tools without prior written authorization from ThirdProof.
3. Disclosure of AI involvement. If you share Output with third parties (including auditors, regulators, business partners, or vendors), you should not misrepresent AI-generated content as having been produced entirely by human analysts. ThirdProof reports include methodology disclosures that identify the role of AI synthesis in the investigation process; these disclosures must not be removed or obscured.
4. Prompt injection and manipulation. You may not attempt to manipulate, override, or inject adversarial inputs into the AI components of the Services through investigation parameters, vendor names, custom fields, or any other input mechanism. Any attempt to cause the AI to produce false, misleading, or harmful output is a violation of this Policy.
5. No high-risk autonomous decisions. You may not integrate the Services into fully automated pipelines that make consequential decisions — such as automatic vendor rejection, contract termination, or regulatory reporting — without incorporating meaningful human oversight at the decision point.
6. Output variability. AI-generated narrative content (executive summaries, finding descriptions, and recommendations) may vary in wording between separate Investigations of the same vendor, even when the underlying evidence is identical. This is an inherent characteristic of AI language generation. The deterministic components — Risk Tier assignment, confidence score, and individual finding classifications — are rule-based and reproducible given the same underlying evidence. You should rely on the deterministic components for consistency and treat narrative content as explanatory context.
7. AI output limitations. AI-generated content within Output may contain inaccuracies, generalizations, or contextual errors. While ThirdProof takes reasonable measures to validate AI-generated content and constrain it to the evidence gathered during the Investigation, the AI synthesis layer is not infallible. You are responsible for reviewing AI-generated narrative content and validating it against your organization's specific circumstances before acting on it.

7. Data Usage and Integrity

7.1 Your Data Obligations

(a) Accuracy of inputs. You are responsible for the accuracy of the information you provide to the Services, including vendor names, domains, and investigation parameters. ThirdProof is not responsible for inaccurate Output resulting from incorrect or misleading inputs.

(b) Authorized data only. You may only submit data to the Services that you have the lawful right to process. You may not submit personal data, protected health information, or other regulated data categories through the investigation input fields unless such data is necessary for the investigation (such as a vendor's legal business name).

(c) No sensitive personal data in inputs. You may not submit Social Security numbers, financial account numbers, protected health information, biometric data, or other categories of sensitive personal information as investigation inputs.

7.2 Data Integrity

(a) No data manipulation. You may not tamper with, alter, or manipulate data returned by the Services, the investigation audit trail, or the cryptographic integrity verification included in Output.

(b) Report integrity. Output is produced as a point-in-time snapshot based on data available at the time of the Investigation. You should not represent Output as reflecting current conditions if a material amount of time has elapsed since the Investigation date.

7.3 Anonymized and Aggregated Data

ThirdProof may create anonymized, aggregated, and de-identified data derived from the use of the Services, including investigation frequency, risk tier distributions, data source response patterns, and cross-customer vendor risk trends. This anonymized data will not identify you, your organization, or any specific investigation. ThirdProof may use this anonymized data for any lawful purpose, including platform improvement, benchmarking, research, and the development of aggregated risk intelligence features (such as anonymized cross-customer vendor risk signals). Your use of the Services constitutes consent to this anonymized data usage, as further described in our Privacy Policy.

7.4 Data Retention

Investigation data and Output are retained in accordance with ThirdProof's data retention schedule as described in our Privacy Policy. You are responsible for maintaining your own copies of Output for audit, compliance, and record-keeping purposes. ThirdProof may delete investigation data and associated Output upon account termination or as required by our data retention policies, subject to any applicable legal hold or regulatory retention requirements.

8. Fair Use and Resource Consumption

1. Investigation limits. Each subscription tier includes a defined number of Investigations per billing period. You may not exceed your tier's allocation, and unused Investigations do not roll over unless your plan explicitly provides otherwise.
2. Rate limiting. The Services enforce rate limits on API requests and investigation submissions to ensure platform stability and fair access for all Customers. You may not circumvent, evade, or attempt to override these rate limits through any technical means, including the use of multiple accounts.
3. Reasonable use. Free trial accounts are intended for evaluation purposes. Use of free trial accounts for production vendor risk management, or the creation of multiple free trial accounts to circumvent usage limits, is prohibited.
4. Automated usage. Automated or programmatic usage of the Services is permitted via the ThirdProof API within the scope of your subscription tier. Automated scraping, crawling, or extraction of data from the ThirdProof website or non-API interfaces is prohibited.

9. Account Security and Access

1. Credential security. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must use a strong, unique password and should enable multi-factor authentication when available.
2. Unauthorized access notification. You must notify ThirdProof promptly at support@thirdproof.ai if you become aware of any unauthorized access to or use of your account.
3. Account sharing. You may not share your account credentials with individuals outside your organization. Within your organization, access should be limited to personnel with a legitimate business need to use the Services for vendor risk management purposes.
4. API key management. If you access the Services via API, you are responsible for the secure storage, rotation, and revocation of your API keys. API keys must not be embedded in client-side code, public repositories, or otherwise exposed to unauthorized parties.

10. Use of Reports and Output

1. Internal use. Output may be used internally within your organization for vendor risk management, compliance documentation, audit evidence, procurement decisions, and board or management reporting.
2. Sharing with auditors and regulators. Output may be shared with your external auditors, compliance assessors (including SOC 2 auditors, QSAs, C3PAOs, and similar), regulatory examiners conducting routine oversight or examination, your organization's outside legal counsel, and your organization's outside compliance consultants (including vCISOs and managed service providers acting on your behalf) as evidence of your vendor risk management program. When sharing Output under this provision, you must share the complete, unaltered report with all disclaimers, methodology disclosures, and confidence scores preserved. This permission applies to routine compliance examinations, audits, and regulatory oversight. Use of Output in adversarial legal, regulatory, enforcement, or administrative proceedings is subject to the prior written consent requirement in the Terms of Service.
3. Sharing with investigated vendors. You may share Output with the investigated vendor for the purpose of discussing findings, requesting remediation, negotiating contract terms, or facilitating vendor onboarding decisions, provided that all of the following conditions are met:
   • You must share the complete report — you may not selectively excerpt findings in a manner that misrepresents the overall assessment.
   • You must preserve all disclaimers, the methodology version, investigation date, confidence score, data source attribution, and the “analytical opinion” disclosure included in the report.
   • You must not represent to the vendor that the report constitutes a certification, guarantee, endorsement, or approval by ThirdProof.
   • You must not represent to the vendor that they can improve their ThirdProof rating by contacting ThirdProof directly or by providing self-reported information outside of the formal dispute and correction process described in Section 16.
   • You assume all responsibility for any claim, dispute, or action brought by the investigated vendor arising from your sharing of the report. Your indemnification obligations with respect to vendor sharing are governed by the Terms of Service.
4. No public redistribution. You may not publicly publish, post, or distribute complete Output on public websites, social media, press releases, or other public channels without prior written authorization from ThirdProof. Brief references to ThirdProof's involvement in your vendor risk program (such as “vendor assessments conducted using ThirdProof”) are permitted.
5. Attribution and integrity. When sharing Output, you must preserve the investigation date, methodology version, confidence score, and data source attribution. You must not alter, redact, or selectively present findings in a manner that changes the substance or conclusion of the report.
6. No certification claims. You may not represent that a vendor has been “certified,” “approved,” or “endorsed” by ThirdProof. The following language restrictions apply to any external communication referencing ThirdProof Output:
   • Do not state or imply “ThirdProof certifies vendors” — the correct language is “ThirdProof rates vendors.”
   • Do not use the phrase “ThirdProof-certified vendor.” ThirdProof does not certify vendors. The correct language is that a vendor has been “rated” or “investigated” by ThirdProof.
   • Do not state or imply “Use ThirdProof and you're covered” or “guaranteed compliance” — ThirdProof provides risk intelligence; your compliance team approves vendors and makes compliance determinations.
   • Do not state or imply that ThirdProof approves, endorses, or vouches for any vendor's security, compliance, or business practices.
7. Investigation independence. The vendor cannot influence the investigation. All evidence in ThirdProof reports is independently sourced from publicly available data — no vendor questionnaires, no self-reported data, no vendor-supplied documentation. You must not represent to vendors that they can improve their ThirdProof rating by communicating directly with ThirdProof's analytical function or by providing self-reported information outside of the formal dispute and correction process described in Section 16.

11. Third-Party Data Sources and Limitations

ThirdProof queries multiple independently operated, publicly accessible data sources during each Investigation. You acknowledge and agree to the following:

1. Third-party data accuracy. ThirdProof does not control the accuracy, completeness, timeliness, or availability of data returned by third-party sources. While we take reasonable steps to validate data and flag inconsistencies, we cannot guarantee that all information from external sources is accurate or current.
2. Source availability. Third-party data sources may experience downtime, rate limiting, or service interruptions beyond ThirdProof's control. When a data source is unavailable during an Investigation, this is reflected in the confidence score and noted in the Output. You should not interpret the absence of findings from an unavailable source as a positive signal.
3. Point-in-time snapshots. Each Investigation represents a point-in-time assessment based on data available at the moment of the query. Vendor risk postures can change, and a favorable investigation result does not guarantee continued security or compliance. We recommend periodic re-investigation of critical vendors in accordance with your organization's risk management cadence.
4. Sanctions and regulatory data. ThirdProof queries sanctions databases and regulatory watchlists as part of each Investigation. These queries are informational and do not constitute legal advice regarding sanctions compliance. You are responsible for consulting with qualified legal counsel regarding sanctions obligations, including OFAC, EU sanctions, and other applicable regimes.

12. Compliance with Laws

You are solely responsible for ensuring that your use of the Services complies with all applicable laws, regulations, and industry standards, including but not limited to:

(a) Data protection and privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), the General Data Protection Regulation (GDPR), and applicable state, federal, and international privacy laws.

(b) Industry-specific regulations applicable to your organization, including HIPAA, GLBA, PCI-DSS, FERPA, CMMC, DORA, NAIC Model Law, and similar frameworks.

(c) Export control and sanctions laws, including U.S. Export Administration Regulations (EAR) and Office of Foreign Assets Control (OFAC) regulations.

(d) Anti-discrimination and fair business practice laws applicable in your jurisdiction.

(e) Applicable AI governance laws and regulations, including the EU AI Act and any other AI-specific legislation applicable to your use of the Services.

ThirdProof does not provide legal, compliance, or regulatory advice. The Services are tools that provide risk intelligence to support — not replace — your organization's compliance program and qualified professional advisors.

Geographic restrictions. The Services may not be accessed or used from, or on behalf of any person or entity located in, any country or territory subject to comprehensive U.S. sanctions (including Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine), or by any person or entity on the U.S. Treasury Department's Specially Designated Nationals (SDN) list or any other applicable restricted party list. ThirdProof reserves the right to restrict access to the Services from any jurisdiction where the use of the Services would violate applicable law.

13. Intellectual Property

1. ThirdProof ownership. The Services, including the platform, investigation methodology, rule engine logic, AI synthesis prompts, report templates, user interface, documentation, and all associated intellectual property, are and remain the exclusive property of ThirdProof, Inc. Nothing in this Policy or the Terms of Service grants you any ownership interest in the Services.
2. Output license. Subject to your compliance with this Policy and the Terms of Service, ThirdProof grants you a limited, non-exclusive, non-transferable license to use Output for the permitted purposes described in Section 10 of this Policy. This license does not include the right to sublicense, resell, or redistribute Output except as expressly permitted.
3. Customer Data. You retain all rights in your Customer Data. By submitting Customer Data to the Services, you grant ThirdProof a limited license to process that data solely for the purpose of providing the Services to you.
4. Feedback. If you provide ThirdProof with suggestions, feedback, or ideas regarding the Services, you grant ThirdProof an unrestricted, perpetual, irrevocable, royalty-free license to use such feedback for any purpose without obligation to you.

14. Reporting Violations

If you become aware of any use of the Services that violates this Policy, please report it promptly to contact@thirdproof.ai with the subject line “AUP Violation Report.” When reporting a violation, please include:

(a) Your contact information.

(b) A description of the violation, including specific facts and any supporting evidence.

(c) The date(s) and approximate time(s) of the observed violation, if known.

(d) The identity of the individual or organization involved, if known.

ThirdProof will review all reports and take appropriate action in its sole discretion. We may, but are not obligated to, notify you of the outcome of our review. ThirdProof will not retaliate against any person who reports a suspected violation in good faith.

15. Enforcement and Consequences

ThirdProof reserves the right to investigate suspected violations of this Policy and to take any action we deem appropriate, including but not limited to:

(a) Warning. Issuing a written warning identifying the violation and requiring corrective action.

(b) Suspension. Temporarily suspending access to the Services pending investigation or remediation of a violation.

(c) Termination. Permanently terminating your account and access to the Services for serious or repeated violations.

(d) Content removal. Removing, disabling, or restricting access to any content or data associated with a violation.

(e) Legal action. Pursuing available legal remedies, including injunctive relief, damages, and reporting to law enforcement where appropriate.

(f) Cooperation with authorities. Cooperating with law enforcement, regulatory authorities, or third parties in the investigation of suspected illegal activity, when required by law, legal process, or in ThirdProof's good-faith judgment that such cooperation is necessary to protect the rights, property, or safety of ThirdProof, its customers, or the public.

A violation of this Policy constitutes a material breach of the Terms of Service. ThirdProof may exercise these enforcement measures at any time and in its sole discretion, with or without prior notice, depending on the severity and nature of the violation. We will endeavor to provide notice and an opportunity to cure where commercially reasonable and where the nature of the violation permits.

16. Vendor Dispute and Correction Process

ThirdProof is committed to the accuracy and fairness of its risk intelligence ratings. Vendors who are the subject of an Investigation may dispute findings that they believe contain factual inaccuracies.

16.1 Scope of Disputes

The dispute process allows vendors to submit evidence that a data source returned inaccurate information — for example, that a news article was about a different entity with a similar name, or that a sanctions match was a false positive. The dispute process does not allow vendors to request a more favorable risk tier simply because they disagree with the rating outcome. The distinction is between correcting factual errors in the underlying evidence and objecting to the methodology or conclusions drawn from accurate evidence.

16.2 How to Submit a Dispute

Vendors may submit disputes by contacting contact@thirdproof.ai with the subject line “Vendor Dispute” and the following information:

(a) The name of the vendor entity and the approximate date of the Investigation, if known.

(b) A specific identification of the finding(s) believed to be inaccurate.

(c) Supporting evidence demonstrating the factual inaccuracy (such as documentation showing a name mismatch, a corrected regulatory record, or evidence of remediated security findings).

16.3 Review and Resolution

ThirdProof will acknowledge receipt of disputes within five (5) business days and will conduct a good-faith review of the submitted evidence within a commercially reasonable timeframe. If the review determines that a factual inaccuracy exists, ThirdProof will issue a correction. All corrections are logged, including the reason for the correction and the methodology version under which the correction was made. ThirdProof will make reasonable efforts to notify affected customers who received the original report when a material correction is issued.

16.4 Independence of the Dispute Process

The dispute and correction process is entirely separate from any commercial relationship between ThirdProof and the vendor. A vendor's participation (or non-participation) in any ThirdProof commercial program has no bearing on the review or outcome of a dispute. The analytical function is architecturally firewalled from any commercial vendor relationships.

17. Modifications to This Policy

ThirdProof may update this Policy from time to time to reflect changes in our Services, applicable laws, industry standards, or enforcement priorities. When we make material changes, we will:

(a) Update the “Last Updated” date at the top of this Policy.

(b) Post the revised Policy on our website at thirdproof.ai/acceptable-use.

(c) Provide notice to registered account holders via email or in-product notification at least thirty (30) days before material changes take effect, except where a shorter notice period is required to address an imminent security, legal, or safety concern.

Your continued use of the Services after the effective date of a revised Policy constitutes acceptance of the updated terms. If you do not agree with any changes, you may discontinue use of the Services and close your account.

18. Severability and General Provisions

(a) Severability. If any provision of this Policy is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent.

(b) Entire agreement. This Policy, together with the Terms of Service and Privacy Policy, constitutes the complete agreement between you and ThirdProof regarding the acceptable use of the Services. This Policy does not create any third-party beneficiary rights.

(c) Indemnification. Your indemnification obligations with respect to violations of this Policy are governed by the Terms of Service. A material breach of this Policy constitutes a material breach of the Terms of Service.

(d) No waiver. ThirdProof's failure to enforce any provision of this Policy does not constitute a waiver of that provision or of any other provision. Any waiver must be in writing and signed by an authorized representative of ThirdProof.

(e) Assignment. You may not assign or transfer your rights or obligations under this Policy without ThirdProof's prior written consent. ThirdProof may assign this Policy in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets.

19. Contact Information

If you have questions about this Policy or need to report a concern, please contact us: