Security Capabilities and Policy for Transmission of Payment Card Details

Effective Date: 11/11/2023

At Rapid Start Inc Inc & connected retailers. ("Rapid Start Inc," "we," "us," or "our"), the security and confidentiality of payment card information is of utmost importance. This Security Capabilities and Policy for Transmission of Payment Card Details ("Policy") outlines the measures we take to protect the transmission of payment card details when you use our Point of Sale (POS) software and payment processing services (collectively, the "Services").

1. Compliance with Industry Standards a. PCI DSS Compliance: Rapid Start Inc adheres to the Payment Card Industry Data Security Standards (PCI DSS) to ensure the secure handling and transmission of payment card information. We undergo regular assessments to maintain our PCI DSS compliance. b. Secure Encryption: All payment card details transmitted through our Services are encrypted using industry-standard encryption protocols, such as Transport Layer Security (TLS) or Secure Socket Layer (SSL), to protect the confidentiality and integrity of the data.

2. Secure Transmission and Storage a. End-to-End Encryption: Payment card information is encrypted from the moment it is captured by our POS software until it reaches our secure payment processor, Stripe. This end-to-end encryption ensures that payment card details are not accessible to unauthorized parties during transmission. b. Tokenization: We use tokenization technology to replace sensitive payment card information with a unique, randomly generated token. This token is used for subsequent transactions, minimizing the need to store actual payment card details on our systems. c. Secure Storage: In the rare instances where payment card information needs to be stored, it is encrypted and securely stored in accordance with PCI DSS requirements. Access to stored payment card information is strictly limited to authorized personnel on a need-to-know basis.

3. Third-Party Payment Processor a. Stripe: We partner with Stripe, a leading and PCI DSS-compliant payment processor, to handle the processing of payment card transactions. Stripe's security measures and practices are outlined in their documentation, available at https://stripe.com/docs/security/stripe. b. Limited Data Sharing: We only share the necessary payment card information with Stripe to process transactions. We do not have access to or store complete payment card details on our systems.

4. Employee Training and Access Control a. Security Awareness Training: All Rapid Start Inc employees undergo mandatory security awareness training, which includes guidance on the proper handling and protection of payment card information. b. Access Control: Access to systems and data related to payment card processing is restricted to authorized personnel only. We follow the principle of least privilege, granting access only to those who require it to perform their job functions.

5. Monitoring and Incident Response a. Continuous Monitoring: We continuously monitor our systems and networks for suspicious activities or potential security breaches. Any detected anomalies are promptly investigated and addressed. b. Incident Response Plan: In the event of a suspected or confirmed breach involving payment card information, we have an incident response plan in place to swiftly contain the incident, notify relevant parties, and take necessary remediation steps.

6. Regular Security Assessments a. Vulnerability Assessments: We conduct regular vulnerability assessments and penetration testing to identify and address any potential vulnerabilities in our systems and applications. b. Third-Party Audits: We engage independent third-party security firms to perform periodic audits of our security controls and practices to ensure ongoing compliance with industry standards.

7. Customer Responsibilities a. Secure Handling of Payment Card Information: Customers are responsible for securely handling payment card information on their end, such as properly disposing of any written records containing payment card details and using secure payment devices. b. Reporting Suspicious Activities: If a customer suspects any unauthorized use or disclosure of their payment card information, they should immediately notify Rapid Start Inc and their payment card issuer.

8. Updates to this Policy a. We reserve the right to update or modify this Policy at any time. Any changes will be effective immediately upon posting the revised Policy on our website.

If you have any questions or concerns about this Policy or our security practices related to payment card information, please contact us at 952-222-7935 or at www.myrapidstart.com/contact.

By using our Services, you acknowledge that you have read, understood, and agree to the terms and conditions outlined in this Policy.