Terms of Service
These Terms of Service hereafter referred to as "Agreement" is made and entered into by and between Klaar Digital Solutions Private Limited, hereafter referred to as "Klaar", "us", "we", "our" and you, hereafter referred to as "Licensee", "you", "your".
‍
This agreement will contain terms of service for using the Klaar application. Our Privacy Policy is outlined at Klaar Privacy Policy (klaarhq.com) and can be referred to for all matter related to data collection, storage, processing and use.
‍
By accepting this agreement you represent that
1. You fulfill all the requirements to enter contracts, in your local jurisdiction, such as minimum age and any other requirements which may be present
2. If you are creating a new admin account on Klaar you have the authority to do so on behalf of the other users you will be adding to your Klaar account

App
The term "app" refers to Klaar's proprietary application for work management available through electronic means on https://app.klaarhq.com, any other domains as may be applicable, any other mobile app on any platform and any integrations and plugins as published by Klaar.

Subscriptions
Klaar may offer free or paid subscriptions to use the Klaar application on the terms and conditions mentioned below.

Limited License
‍Klaar grants a non-exclusive, non-transferrable, revocable license for authorized users to access and use the app.

License Restrictions
‍The license does not grant you the permission to allow any third party except authorized users to access the app. The number of authorized users will be determined by the number of users you have taken the subscription for, or added to your User List in the app or otherwise agreed to with Klaar through any other agreement which is supplementing this agreement.

Subscription Fees
‍If you have opted for a paid subscription to Klaar then you agree to be responsible for paying the subscription fees and all applicable taxes. When option for a paid subscription Klaar will mention whether the price is inclusive of taxes or taxes are over and above the price. When opting for the subscription fees it will also be made clear the duration for which the fees is applicable. Subscription fees for the same number of users may vary depending on the duration for which the subscription is taken. The price of a subscription is valid only for the duration and number of users it is taken for. Klaar is not liable to provide subsequent follow on subscriptions at the same price as earlier ones.

Payment of Subscription Fees
‍To pay for a subscription you have to provide Klaar with up to date credit card details and or other methods of payment. You authorize us to charge the payment method for the subscription charges for the initial period and at the start of all renewal periods till such time that you cancel the subscription.

Termination
‍A subscription can be cancelled at any time by you upon which you can continue using the app for the duration for which the subscription fees is already paid. Klaar will not provide any refund for partially consumed subscriptions. For subscriptions which are set to renew automatically you have to cancel your subscription at least 30 calendar days prior to the date of renewal for the renewal to not be done. If you have a free subscription then Klaar may cancel that subscription with a notice of 10 calendar days. If you are using a demo subscription Klaar may cancel the demo subscription with 1 calendar day notice.Regardless of any other clause in this agreement, Klaar may cancel your subscription immediately with a notice if you or any of your authorized users violates any provision contained in this agreement.

Feedback
‍We are eager to learn from you about how we can improve the app and other offerings from Klaar. You can provide feedback to us in multiple ways including but not limited to emailing support@klaarhq.com, through the in-app chat functionality, discussions with authorized representatives from Klaar, replying to our support tickets etc. We may also solicit feedback from you through email, in-app messages, discussions etc. You grant us an unrestricted, perpetual, irrevocable, royalty-free right to use the feedback in any manner and purpose we want including but not limited to changing, modifying, correcting, improving the app or creating other products and services.

Publicity
‍We will retain the right to use the name and logo of your organization on our website to identify you as a customer.

Privacy and Data RightsWe have detailed all aspects of privacy and data rights in our Privacy Policy, the latest version of which is always accessible at Klaar Privacy Policy (klaarhq.com).

Warranties and Limitations
1. Each party represents and warrants to the other part that they have the full corporate right, power and authority to enter into this agreement and perform the acts mentioned herein and that in doing so they are not violating the terms or any other agreement to which they are a part
2. Performance warranty - If you have a paid subscription to the app we warrant to you that the app will be delivered to you and your authorized users to conform to all material descriptions and be of reasonable quality
3. we will put reasonable efforts to remedy any defects to the app
4. Licensee acknowledgement and disclaimer of other warranties
5. Except as mentioned in Section 11(b),
6. (1) you agree that the app is provided “as is” and that we make no other warranty as to the app;
7. (2) you acknowledge and agree that: (i) the app may contain issues, errors, design flaws or other problems; (ii) at times the app may not function fully or adequately; and (iii) use of the app may result in unexpected results, loss of data, project delays or other unpredictable damage or loss to you or your authorized users
8. (3) we disclaim all warranties, related tot he app, its use or any inability to use it, the results of its use and this agreement

Limitation of Liability
‍In no event shall we be liable for any consequential, special, exemplary, incidental or indirect damages arising out of or in connection with this Agreement or the use, the results of use, or the inability to use the app. In all cases our aggregate liability to you arising out of the use of this agreement and the results of use or the inability to use the app would be limited to the amount paid by you for the access and use of the app for a period of 12 months prior to the events or circumstances which give rise to the claim.

Transfer of Rights and Obligations
‍Neither party can transfer the rights and obligations of this agreement without the prior written consent of the other party.

Use of Third Party Services
‍The app may provide integration or linking with one or more third-party services. Your use of such third party services is governed by the terms and conditions established by each of those third party services with you. You are responsible for providing and maintaining all necessary rights and access for integrating or linking with third party services. All charges arising out of your use of third party services will be paid by you.

Questions and Clarifications
‍If you have any questions or seek any clarifications regarding this agreement or our Privacy Policy you can write to support@klaarhq.com. We will make every reasonable effort to resolve your query.

‍Data Protection Addendum
‍This Data Protection Addendum ("Addendum"), forms part of the Terms of Service ("Terms") https://www.klaarhq.com/terms-and-conditions or such other written or electronic agreement incorporating this Addendum, in each case governing Customer’s access to and use of the Services (the “Agreement”) between (i) Klaar Digital Solutions Private Limited ("Klaar")  and (ii) Customer each being a “Party” and together the “Parties”.

Customer enters into this Addendum on behalf of itself and any Affiliates authorized to use the Services under the Agreement and who have not entered into a separate contractual arrangement with Klaar Digital Solutions Private Limited. For the purposes of this Addendum only, and except where otherwise indicated, references to “Customer” shall include Customer and such Affiliates.

The Parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Agreement.

1. Definitions1.1 In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
(a) "Addendum Effective Date" has the meaning given to it in section 2;
(b) "Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with either Client or Klaar (as the context allows), where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;
(c) "Client Personal Data" means any Personal Data Processed by Klaar (i) on behalf of Client (including for the sake of clarity, any Client Affiliate), or (ii) otherwise Processed by Klaar, in each case pursuant to or in connection with instructions given by Client in writing, consistent with the Terms;
(d) "Controller to Processors" means the Standard Contractual Clauses (processors) for the purposes of Article 26(2) of Directive 95/46/EC set out in Decision 2010/87/EC as the same are revised or updated from time to time by the European Commission;
(e) "Data Protection Laws" means (i) Directive 95/46/EC and, from May 25, 2018, Regulation (EU) 2016/679 ("GDPR") together with applicable legislation implementing or supplementing the same or otherwise relating to the processing of Personal Data of natural persons, and (ii) to the extent not included in sub-clause (i), the Data Protection Act 1998 of the United Kingdom, as amended from time to time, and including any substantially similar legislation that replaces the DPA 1998;
(f) "Privacy Shield" means the EU-US Privacy Shield Framework; and
(g) "Services" means the services to be supplied by Klaar to Client or Client Affiliates pursuant to the Terms.
(h) “EU Area” means the European Union, European Economic Area, United Kingdom, and Switzerland;
(i) “EU Area Law” means (i) Directive 95/46/EC and, from May 25, 2018, Regulation (EU) 2016/679 ("EU GDPR") together with applicable legislation implementing or supplementing the same or otherwise relating to the processing of Personal Data of natural persons; (ii) the Data Protection Act 1998 of the United Kingdom and the EU GDPR as saved into United Kingdom Law by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 (the “UK GDPR”); (iii) the swiss Federal Data Protection Act of 19 June 1992 and its Ordinance (“Swiss DPA”); (iv) any other law relating to the data protection, security, or privacy of individuals that applies in the EU Area; or (v) any successor or amendments thereto (including, without limitation, implementation of the EU GDPR by Member States into their national law);
(j) “Third Country” means countries that, where required by applicable Data Protection Laws, have not received an adequacy decision from an applicable authority relating to cross-border data transfers of Personal Data, including regulators such as the European Commission, UK ICO, or Swiss FDPIC.

‍1.2 The terms "Controller", "Data Subject", "Personal Data", "Personal Data Breach", "Process", "Processor" and “Supervisory Authority” have the same meanings as described in applicable Data Protection Laws and cognate terms shall be construed accordingly.

‍1.3 Capitalized terms not otherwise defined in this Addendum shall have the meanings ascribed to them in the Terms.2. Formation of this AddendumThis Addendum is deemed agreed by the Parties, and comes into effect, on the “Addendum Effective Date”, being the later of (i) the date that this Addendum is accepted by Client; and (ii) Klaar.

3. Roles of the Parties

The Parties acknowledge and agree that with regard to the Processing of Client Personal Data, and as more fully described in Annex 1 hereto, Client acts as a Controller and Klaar acts as a Processor (as defined in section 5.2.4 below).The Parties expressly agree that Client shall be solely responsible for ensuring timely communications to Client’s Affiliates or the relevant Controller(s) who receive the Services, insofar as such communications may be required or useful in light of applicable Data Protection Laws to enable Client’s Affiliates or the relevant Controller(s) to comply with such Laws.

4. Description of Personal Data Processing

4.1 In Annex 1 to this Addendum, the Parties have mutually set out their understanding of the details of the Processing of the Client Personal Data to be Processed by Klaar pursuant to this Addendum, as required by Article 28(3) of the GDPR. Either Party may make reasonable amendments to Annex 1 by written notice to the other Party and as reasonably necessary to meet those requirements. Annex 1 does not create any obligation or rights for any Party.

5. Data Processing Terms

5.1
‍Client shall comply with all applicable Data Protection Laws in connection with the performance of this Addendum. As between the Parties, Client shall be solely responsible for compliance with applicable Data Protection Laws regarding the collection of and transfer to Klaar of Client Personal Data. Client agrees not to provide Klaar with any data concerning a natural person’s health, religion or any special categories of data as defined in Article 9 of the GDPR.

‍5.2
‍Klaar shall comply with all applicable Data Protection Laws in the Processing of Client Personal Data and Klaar shall:
‍
‍5.2.1
‍process the Client Personal Data relating to the categories of Data Subjects for the purposes of the Terms and for the specific purposes in each case as set out in Annex 1 to this Addendum and otherwise solely on the documented instructions of Client, for the purposes of providing the Services and as otherwise necessary to perform its obligations under the Terms including with regard to transfers of Client Personal Data to a third country outside to an international organization; Klaar shall immediately inform Client if, in Klaar’s opinion, an instruction infringes applicable Data Protection Laws;
‍
‍5.2.2
‍ensure that persons authorized to process the Client Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
‍
‍5.2.3
‍implement and maintain the technical and organizational measures set out in the Terms and, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, implement any further appropriate technical and organizational measures necessary to ensure a level of security appropriate to the risk of the Processing of Client Personal Data as per following:(a) pseudonymization and encryption of Client Personal Data;(b) ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services that process Client Personal Data;(c) restoring availability and access to Client Personal Data in a timely manner in the event of a physical or technical incident; and(d) regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of the Client Personal Data.Any amendment to such agreed measures that is necessitated by Client shall be dealt with via an agreed change control process between Klaar and Client;

‍5.2.4
‍Client (on behalf of the relevant Controller(s), as applicable), hereby expressly and specifically authorizes Klaar to engage another Processor to Process the Client Personal Data ("Other Processor"), and specifically the Other Processors listed in Annex 2 hereto, subject to Klaar's:notifying Client of any intended changes to its use of Other Processors listed in Annex 2 by emailing notice of the intended change to Client; including data protection obligations in its contract with each Other Processor that are materially the same as those set out in this Addendum; and remaining liable to the Client for any failure by each Other Processor to fulfill its obligations in relation to the Processing of the Client Personal Data.In relation to any notice received under section 5.2.4 a., the Client shall have a period of 30 (thirty) days from the date of the notice to inform Klaar in writing of any reasonable objection to the use of that Other Processor. The parties will then, for a period of no more than 30 (thirty) days from the date of the Client's objection, work together in good faith to attempt to find a commercially reasonable solution for the Client which avoids the use of the objected-to Other Processor. Where no such solution can be found, either Party may (notwithstanding anything to the contrary in the Terms) terminate the relevant Services immediately on written notice to the other Party, without damages, penalty or indemnification whatsoever;

‍5.2.5
‍to the extent legally permissible, promptly notify Client of any communication from a Data Subject regarding the Processing of Client Personal Data, or any other communication (including from a Supervisory Authority) relating to any obligation under the applicable Data Protection Laws in respect of the Client Personal Data and, taking into account the nature of the Processing, assist Client (or the relevant Controller) by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Client’s, Client’s Affiliates’ or the relevant Controller(s)’ obligation to respond to requests for exercising the data subject's rights laid down in Chapter III GDPR; Client agrees to pay Klaar for time and for out of pocket expenses incurred by Klaar in connection with the performance of its obligations under this Section 5.2.5;

‍5.2.6
‍Upon Klaar’s becoming aware of a Personal Data Breach involving Client Personal Data, notify Client without undue delay, of any Personal Data Breach involving Client Personal Data, such notice to include all information reasonably required by Client (or the relevant Controller) to comply with its obligations under the applicable Data Protection Laws;

‍5.2.7
‍to the extent required by the applicable Data Protection Laws, provide reasonable assistance to Client, Client’s Affiliates’ or the relevant Controller(s)’ with its obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of the Processing and information available to Klaar; Client agrees to pay Klaar for time and for out of pocket expenses incurred by Klaar in connection with any assistance provided in connection with Articles 35 and 36 of the GDPR;

‍5.2.8
‍Cease Processing the Client Personal Data upon the termination or expiry of the Terms, and at option of Client, Client’s Affiliates or the relevant Controller(s) either return or delete (including by ensuring such data is in non-readable format) all copies of the Client Personal Data Processed by Klaar, unless (and solely to the extent and for such period as) Country law requires storage of the Personal Data. Notwithstanding the foregoing or anything to the contrary contained herein, Klaar may retain Personal Data and shall have no obligation to return Personal Data to the extent required by applicable laws or regulations obligations. Any such Personal Data retained shall remain subject to the obligations of confidentiality set forth in the Terms; and

‍5.2.9
‍make available to Client all information necessary to demonstrate compliance with this Addendum and allow for and contribute to audits, including inspections, by Client, or an auditor mandated by Client. For the purposes of demonstrating compliance with this Addendum under this section 5.2.9, the Parties agree that once per year during the term of the Terms, Klaar will provide to Client, on reasonable notice, responses to cybersecurity and other assessments. Client agrees to pay Klaar for time and for out of pocket expenses incurred by Klaar in connection with assistance provided in connection with such audits, responses to cybersecurity and other assessments.

6. Transfers
‍Klaar is certified to Information Security Management as per ISO 27001:2013. Klaar shall notify Client in writing without undue delay if it can no longer comply with its obligations under the Privacy compliance, and, in such a case, Klaar will have the option of (i) promptly taking reasonable steps to remediate any non-compliance with applicable obligations under this Addendum, or (ii) engaging in a good faith dialogue with Client to determine a new data transfer mechanism to carry out the purposes of the Terms. Klaar acts as a Processor with respect to Personal Data received pursuant to a data transfer.In the event the Privacy Compliance is invalidated, Client and each Client Affiliate (on behalf of the relevant Controller(s), as the case may be), if applicable (as "data exporter") and Klaar (as "data importer"), with effect from the commencement of the relevant transfer, shall enter into the Controller to Processor SCCs (mutatis mutandis, as the case may be) in respect of any transfer (or onward transfer) from Client or Client Affiliate to Klaar, where such transfer would otherwise be prohibited by applicable Data Protection Laws or by the terms of data transfer agreements put in place to address applicable Data Protection Laws. Appendix 1 to the Controller to Processor SCCs shall be deemed to be prepopulated with the relevant sections of Annex 1 to this Addendum and the processing operations are deemed to be those described in the Terms. Appendix 2 to the Controller to Processor SCCs shall be deemed to be prepopulated with the following "Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood for the rights and freedoms of natural persons, Klaar shall implement appropriate technical and organizational measures as set forth in the Addendum."

‍7. Precedence
‍The provisions of this Addendum are supplemental to the provisions of the Terms. In the event of any inconsistency between the provisions of this Addendum and the provisions of the Terms, the provisions of this Addendum shall prevail.

8. Indemnity
‍To the extent permissible by law, Client shall indemnify and hold harmless Klaar against all (i) losses, (ii) third party claims, (iii) administrative fines and (iv) costs and expenses (including, without limitation, reasonable legal, investigatory and consultancy fees and expenses) reasonably incurred in relation to (i), (ii) or iii), suffered by Klaar and that arise from any breach by Client of this Addendum or of its obligations under applicable Data Protection Laws.

9. Severability
‍The Parties agree that, if any section or sub-section of this Addendum is held by any court or competent authority to be unlawful or unenforceable, it shall not invalidate or render unenforceable any other section of this Addendum.

10. OthersThe organization ensures that the contract to process PII addresses the organization’s role in providing assistance with the customer's obligations.The Agreement considers following and follows:
a. Privacy by Design and default
b. Achieving Security of Processing
c. Notification of breaches involving PII to a Supervisory authority
d. Notification of breaches involving PII to Customers and PII Principals
e. Conducting Privacy Impact Assessment
f. Assurance of Assistance by the PII Processors if prior consultations with relevant PII Protection authorities are needed.
g. Klaar shall inform the customer if in its opinion a processing instruction infringes applicable legislation or regulation.
h. The organization does not use PII processed under a contract for the purposes of Marketing and Advertising
i. Coordinate with Clients for helping Audit the systems. The organization provides the customer with the appropriate information so that it can demonstrate compliance with their obligations
j. Klaar shall use Azure as sub processors with Security and Privacy requirements fullfilled.
k. The organization shall comply with all statutory and regulatory requirements, ISO 27001:2013, ISO 27701:2019 and EU GDPR requirements.
l. The Data shall be deleted or de-identified after the processing is complete (This is after the retention period selected is complete).
m. Klaar shall inform 24 hours in advance to clients in case of any legally binding requests for disclosure of PII.
n. For Access, Correction and/or Erasure of PII of Data subjects can be done by contacting the Data Protection Officer (DPO) below. Also for raising concerns and/or any complaints related with PII that can be done by contacting the Data Protection Officer below:
Name: Anshul Gupta
Email ID: anshul@klaarhq.com

‍Annexure 1: Description of Processing of Client Personal Data
This Annex includes certain details of the Processing of Client Personal Data as required by Article 28(3) GDPR and, as applicable, Controller to Processor SCC. 

1. List of Parties
            
Data Exporter
‍Name: Customer (as defined in the Agreement)

Address: As set forth in the Agreement.

Contact person’s name, position and contact details: As set forth in the Agreement.

Activities relevant to the data transferred under these Clauses: Recipient of the Services provided by Klaar Digital Solutions Private Limited in accordance with the Agreement.

Signature and date: This Annex I shall automatically be deemed executed when the Agreement is executed by Customer

Role (controller/processor): Controller            


Data Importer
‍Name: Klaar Digital Solutions Private Limited

Address: HD- 019, WeWork Embassy TechVillage, Block L, Devarabisanahalli, Outer Ring Road, Bellandur, Bengaluru (Bangalore) Urban, Karnataka, 560103

Contact person’s name, position and contact details: Anshul Gupta, anshul@klaarhq.com

Activities relevant to the data transferred under these Clauses: Provision of the Services to the Customer in accordance with the Agreement.

Signature and date: Signature and date are set out in the Agreement.

Role (controller/processor): Processor 


2. Competent Supervisory Authority
Identify the competent supervisory authority/ies in accordance (e.g. in accordance with Clause 13 SCCs): As determined by application of Clause 13 of the EU SCCs. 

3. Processing Information
Categories of data subjects whose personal data is transferred: Customer’s authorized users of the Services

Categories of personal data transferred: Processed automatically by the Services:·   
Names·   
Email IDs

Processed where and to the extent provided by Customer or its authorized users in connection with services provided by Klaar Digital Solutions Private Limited:·   

Phone Number
‍
Sensitive personal data transferred: None

Frequency of the transfer: Continuous

Nature of the processing & Purpose of the data transfer and further processing: The nature of the processing is more fully described in the Agreement and will include the following basic processing activities: The provision of Services to Customer. The purpose of the transfer is to facilitate the performance of the Services more fully described in the Agreement.

For processing involving California consumers, please select the Business Purpose(s) for Processing Personal Data
☐ N/A
☐ Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
☒ Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes
☒ Debugging to identify and repair errors that impair existing intended functionality.
☐ Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business
☒ Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.
☐ Providing advertising and marketing services, except for cross-context behavioral advertising, to the consumer provided that, for the purpose of advertising and marketing, a service provider or contractor shall not combine the personal information of opted-out consumers that the service provider or contractor receives from, or on behalf of, the business with personal information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with consumers.
☒ Undertaking internal research for technological development and demonstration.
☒ Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
☒ To retain and employ another service provider or contractor as a subcontractor where the subcontractor meets the requirements for a service provider or contractor under CCPA.
☒ To build or improve the quality of the services it is providing to the business even if this Business Purpose is not specified in the written contract required by CCPA provided that Service Provider does not use the Customer Personal Data to perform Services on behalf of another person.
☒ To prevent, detect, or investigate data security incidents or protect against malicious, deceptive, fraudulent, or illegal activity, even if this Business Purpose is not specified in the written contract.

Period for which the personal data will be retained or criteria used to determine that period: The period for which the Customer Personal Data will be retained is more fully described in the Agreement.

Subprocessor transfers – subject matter, nature, and duration of processing: The subject matter, nature, and duration of the Processing are more fully described in the Agreement. 

‍Subject matter and duration of the Processing of the Personal Data
‍The subject matter and duration of the Processing of the Client Personal Data are set out in Section 2 of the Terms.

‍The categories of Data Subject to whom the Client Personal Data relates
   - Employees and Contractors of Clients.

‍The types of Client Personal Data to be Processed
Name, Address, Email, Phone, Related person, Related URL, User ID, Username

‍Special categories of data
None

‍The obligations and rights of Client
The obligations and rights of Client are set out in the Terms and this Addendum.

‍Data exporter (as applicable)
The data exporter is: Client of Klaar that uses the Services

‍Data importer (as applicable)The data importer is: PIPL, a company that provides services to the client, which requires receiving the Client’s query data

‍Processing operations (as applicable)
The personal data transferred will be subject to the following basic processing activities: The provision of Klaar Limited to Client for Due Dillegence and Background Verification as per Client requirements.
‍
Technical and Organizational Security Measures
‍Description of the  technical and organizational security measures implemented by Klaar Digital Solutions Private Limited as the data processor/data importer to ensure an appropriate level of security, taking into account the nature, scope, context, and purpose of the processing, and the risks for the rights and freedoms of natural persons.

Security
Security Management System
‍Organization - Klaar Digital Solutions Private Limited designates qualified security personnel whose responsibilities include development, implementation, and ongoing maintenance of the Information Security Program.
‍Policies - Management reviews and supports all security related policies to ensure the security, availability, integrity and confidentiality of Customer Personal Data.  These policies are updated at least once annually.
‍Assessments - Klaar Digital Solutions Private Limited engages a reputable independent third-party to perform risk assessments of all systems containing Customer Personal Data at least once annually.
‍Risk Treatment - Klaar Digital Solutions Private Limited maintains a formal and effective risk treatment program that includes penetration testing, vulnerability management and patch management to identify and protect against potential threats to the security, integrity or confidentiality of Customer Personal Data.
‍Vendor Management - Klaar Digital Solutions Private Limited maintains an effective vendor management program
‍Incident Management - Klaar Digital Solutions Private Limited reviews security incidents regularly, including effective determination of root cause and corrective action.
‍Standards - Klaar Digital Solutions Private Limited operates an information security management system that complies with the requirements of ISO/IEC 27001:2013 standard.
‍Personnel Security - Klaar Digital Solutions Private Limited personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Klaar Digital Solutions Private Limited conducts reasonably appropriate background checks on any employees who will have access to client data under this Agreement, including in relation to employment history and criminal records, to the extent legally permissible and in accordance with applicable local labor law, customary practice and statutory regulations.
Personnel are required to execute a confidentiality agreement in writing at the time of hire and to protect Customer Personal Data at all times. Personnel must acknowledge receipt of, and compliance with, Klaar Digital Solutions Private Limited’s confidentiality, privacy and security policies. Personnel are provided with privacy and security training on how to implement and comply with the Information Security Program. Personnel handling Customer Personal Data are required to complete additional requirements appropriate to their role (e.g., certifications). Klaar Digital Solutions Private Limited’s personnel will not process Customer Personal Data without authorization.
‍Access Controls
Access Management - Klaar Digital Solutions Private Limited maintains a formal access management process for the request, review, approval and provisioning of all personnel with access to Customer Personal Data to limit access to Customer Personal Data and systems storing, accessing or transmitting Customer Personal Data to properly authorized persons having a need for such access. Access reviews are conducted periodically to ensure that only those personnel with access to Customer Personal Data still require it.
‍Infrastructure Security Personnel - Klaar Digital Solutions Private Limited has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Klaar Digital Solutions Private Limited’s infrastructure security personnel are responsible for the ongoing monitoring of Klaar Digital Solutions Private Limited’s security infrastructure, the review of the Services, and for responding to security incidents.
‍Access Control and Privilege Management - Klaar Digital Solutions Private Limited’s and Customer’s administrators and end users must authenticate themselves via a Multi-Factor authentication system or via a single sign on system in order to use the Services
‍Internal Data Access Processes and Policies - Access Policy. Klaar Digital Solutions Private Limited’s internal data access processes and policies are designed to protect against unauthorized access, use, disclosure, alteration or destruction of Customer Personal Data. Klaar Digital Solutions Private Limited designs its systems to only allow authorized persons to access data they are authorized to access based on principles of “least privileged” and “need to know”, and to prevent others who should not have access from obtaining access. Klaar Digital Solutions Private Limited requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; a need to know basis; and must be in accordance with Klaar Digital Solutions Private Limited’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies follow industry standard practices. These standards include password complexity, password expiry, password lockout, restrictions on password reuse and re-prompt for password after a period of inactivity
‍Data Center and Network Security
Data Centers Infrastructure - Klaar Digital Solutions Private Limited has Azure as its data center.
‍Resiliency - Multi Availability Zones are enabled on Azure and Klaar Digital Solutions Private Limited conducts Backup Restoration Testing on regular basis to ensure resiliency.
‍Server Operating Systems - Klaar Digital Solutions Private Limited’s servers are customized for the application environment and the servers have been hardened for the security of the Services. Klaar Digital Solutions Private Limited employs a code review process to increase the security of the code used to provide the Services and enhance the security products in production environments.
‍Disaster Recovery - Klaar Digital Solutions Private Limited replicates data over multiple systems to help to protect against accidental destruction or loss. Klaar Digital Solutions Private Limited has designed and regularly plans and tests its disaster recovery programs.
‍Security Logs - Klaar Digital Solutions Private Limited’s systems have logging enabled to their respective system log facility in order to support the security audits, and monitor and detect actual and attempted attacks on, or intrusions into, Klaar Digital Solutions Private Limited’s systems.
‍Vulnerability Management - Klaar Digital Solutions Private Limited performs regular vulnerability scans on all infrastructure components of its production and development environment.  Vulnerabilities are remediated on a risk basis, with Critical, High and Medium security patches for all components installed as soon as commercially possible.
‍Networks and Transmission.Data Transmission - Transmissions on production environment are transmitted via Internet standard protocols.
‍External Attack Surface - AWS Security Group which is equivalent to virtual firewall is in place for Production environment on AWS.
‍Incident Response - Klaar Digital Solutions Private Limited maintains incident management policies and procedures, including detailed security incident escalation procedures. Klaar Digital Solutions Private Limited monitors a variety of communication channels for security incidents, and Klaar Digital Solutions Private Limited’s security personnel will react promptly to suspected or known incidents, mitigate harmful effects of such security incidents, and document such security incidents and their outcomes.
‍Encryption Technologies - Klaar Digital Solutions Private Limited makes HTTPS encryption (also referred to as SSL or TLS) available for data in transit.
‍Data Storage, Isolation, Authentication, and Destruction - Klaar Digital Solutions Private Limited stores data in a multi-tenant environment on AWS servers. Data, the Services database and file system architecture are replicated between multiple availability zones on AWS. Klaar Digital Solutions Private Limited logically isolates the data of different customers. A central authentication system is used across all Services to increase uniform security of data. Klaar Digital Solutions Private Limited ensures secure disposal of Client Data through the use of a series of data destruction processes.

‍Annex 2: Klaar’s Other Processors
Name of Other Processor - Description of Processing - Location of Other Processor
Azure - Hosting the Production Environment - Mumbai
Intercom - Handling Customer Queries - USA
Supersend - Sending out mails and notifications - USA
Mixpanel - Tracking user activity on the platform - USA
Craftmypdf - For generating user reports - USA
Amazon Web Services - For hosting FE application - USA
Hubspot - CRM solution - USA
Google Workspace - Email services - India
Zoho - Invoicing solutions - India
Atlassian - Work management - USA
Github - Code version control - USA
Slack - Messaging - USA
Apollo.ai - Customer Outreach - USA
Sentry - Bug Tracking - Iowa, USA

High converting sites, in a few clicks with Hellix.