Security SOC 2 — SSAE 18 (ISAE 3402) Type II

Statements on Standards for Attestation Engagements No. 18 (SSAE 18) supersede ISAE 3402 and are a generally accepted standard for auditing, published by the American Institute of Certified Public Accountants (AICPA). The SSAE 18 standards apply to Systems and Organizational Control (SOC) reports.

MATRIXX complies with SSAE 18 AICPA Trust Principles for Security, Confidentiality and Availability (and, where in scope, Privacy and Processing Integrity), and undergoes an audit each year for the purposes of examining the relevant controls. These audits are performed by an independent, certified third party and the resulting reports are provided to our customers upon request.

The SOC 2 report demonstrates controls in place to meet the AICPA’s SOC 2 Trust Services Criteria (TSC) for the following principles:

• Privacy: personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in MATRIXX’s privacy notice and with criteria set forth in the Generally Accepted Privacy Principles issued by the AICPA
• Confidentiality: information that is designated “confidential” is protected according to policy or agreement
• Security: the system is protected against unauthorized access, both physical and logical
• Availability: the system is available for operation and use in accordance with MATRIXX’s commitments
• Processing Integrity: system processing is complete, accurate and authorized