JOY LABS VENTURES LLC SECURITY MEASURES

Last Updated: Apr 5, 2026

This Joy Labs Ventures LLC Security Measures document ("Security Measures") is incorporated into and forms part of the Joy Labs Ventures LLC Terms of Service located at (Terms of Service) between Joy Labs Ventures LLC ("Joy Labs") and Customer. Capitalized terms not defined in this Security Measures document have the meanings set forth in the Terms of Service. In the event of a conflict between these Security Measures and the Terms of Service, the Terms of Service shall control. Joy Labs Ventures LLC will implement and maintain appropriate technical and organizational measures designed to protect Customer Data. The following constitute the baseline security controls applicable to the Services. Joy Labs Ventures LLC reserves the right to update these controls from time to time in its sole discretion to reflect industry best practices, provided such updates do not materially diminish the overall security of the Services.

  1. Authentication and Access Controls

    1. Administrative Access. Joy Labs Ventures LLC requires secure authentication methods for administrative access to production environments, including support for multi-factor authentication (MFA) or passkey-based authentication.

    2. Credential Restrictions. Joy Labs Ventures LLCs’ platform supports the ability for Customer to restrict API keys and credentials by IP range (allowlisting) as a configurable feature.

    3. Interface Access. Joy Labs Ventures LLC supports the ability for Customer to restrict dashboard (web interface) access by IP range as a configurable feature.

    4. Access Logging. Joy Labs Ventures LLC maintains audit trails logging API and web interface access, which are searchable and filterable by Customer for their respective environment.

  2. Data Security and Isolation

    1. Transmission Security. Joy Labs Ventures LLC enforces HTTPS (TLS 1.2 or higher) for all endpoints, including tracking, unsubscribe, redirect URLs, and webhook endpoints. Where Joy Labs Ventures LLC offers custom domain functionality, Joy Labs Ventures LLC manages certificate issuance and renewal to ensure secure transmission.

    2. Logical Segregation. Joy Labs Ventures LLC logically segregates Customer Data from other customers’ data within the production environment to ensure that Customer Data is accessible only to the authorized Customer tenant or users associated with Customer.

  3. Application Security

    1. Webhook Security. Joy Labs Ventures LLC signs webhook payloads to allow Customer to verify the origin and integrity of requests. Joy Labs Ventures LLC provides documentation regarding signature verification best practices.

    2. Suppression Management. Joy Labs Ventures LLC maintains automatic suppression mechanisms for unsubscribes and hard bounces to reduce repeated delivery attempts and protect sender reputation.

  4. Vulnerability and Threat Management

    1. Vulnerability Scanning. Joy Labs Ventures LLC performs regular vulnerability scans of infrastructure and applications and applies critical patches in accordance with industry standard timelines based on risk severity.

    2. Penetration Testing. Joy Labs Ventures LLC conducts periodic third-party penetration tests of the Services. Joy Labs Ventures LLC may make a summary of the penetration test findings available to Customer upon request, subject to Joy Labs Ventures LLCs’ confidentiality obligations.

    3. Security Incident Response. Joy Labs Ventures LLC maintains documented incident response procedures to detect, respond to, and contain Security Incidents. Joy Labs Ventures LLC will notify Customer of a Security Incident affecting Customer Data in accordance with the notice provisions set forth in the Data Protection Addendum.

  5. Resilience and Availability

    1. Backup and Recovery. Joy Labs Ventures LLC maintains backup or replication mechanisms designed to enable restoration of Customer Data in the event of a system failure.

    2. Business Continuity. Joy Labs Ventures LLC maintains business continuity and disaster recovery plans designed to maintain the availability of the Services in the event of a significant disruption.

  6. Subprocessor and Data Lifecycle Management

    1. Subprocessor Oversight. Joy Labs Ventures LLC contractually requires Subprocessors to adhere to data protection obligations at least as restrictive as those contained in the DPA.

    2. Data Deletion. Upon termination of the Terms of Service or Customer’s written request (where required by law), Joy Labs Ventures LLC will delete or anonymize Customer Data in accordance with the data retention and deletion provisions set forth in the DPA.

  7. Shared Responsibility. Customer acknowledges that the effectiveness of certain security controls depends on Customer’s configuration and use of the Services. Customer remains solely responsible for the following:

    1. configuring authentication settings, IP restrictions, and API key permissions appropriately for its use case;

    2. securing Customer’s own account credentials and administrative access;

    3. implementing appropriate protections for Customer’s webhook endpoints (including signature verification, rate limiting, and idempotency handling); and

    4. complying with all applicable laws regarding the collection and processing of Customer Data prior to submission to the Services.