Align Cloud Data Processing Addendum
This Data Processing Addendum (“Addendum”) is incorporated into the Align Cloud Order Form and Terms and Conditions (collectively “the Agreement”) by and between MFB Technologies, Inc. (“MFB Technologies”) and the entity identified as Customer (“Customer”) in the Agreement. All defined terms that are not defined in this Addendum have the meaning provided to them in the Agreement.
1. Definitions
1.1. "Applicable Privacy Laws" means Applicable Canadian Privacy Laws and Applicable State Privacy Laws.
1.2. "Applicable Canadian Privacy Laws" means the Personal Information Protection and Electronic Documents Act and substantially similar provincial privacy laws.
1.3. "Applicable State Privacy Laws" means the CPRA and in other applicable state privacy laws in the United States, such as (but not limited to): Virginia Consumer Data Protection Act, Connecticut Act Concerning Personal Data Privacy and Online Monitoring, Utah Consumer Privacy Act, and the Colorado Privacy Act.
1.4. "Breach" means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Content, during its Processing by MFB Technologies.
1.5. "Consumer" means a natural person, including a natural person in their professional or work capacity.
1.6. "CPRA" means Cal. Civ. Code §1798.100 et seq. and the regulations at 11 C.C.R. §7000 et seq.
1.7. "Customer Content" means all information, content and other materials uploaded or input into the Align Cloud Services, by or on behalf of Customer.
1.8. "Process" (and its cognate terms) means any operation or set of operations that are performed on Customer Content or on sets of Customer Content, whether or not by automated means, such as copying, storage, modification, transmission, and deletion.
1.9. "Sell" (and its cognate terms) means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, Customer Content for monetary or other valuable consideration.
1.10. "Share" (and its cognate terms) means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, Customer Content for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions for cross-context behavioral advertising in which no money is exchanged.
2. MFB Technologies acknowledges that:
2.1. The Customer Content belongs to the Customer.
2.2. The Customer Content may be protected by the attorney-client privilege, the attorney work-product doctrine, court imposed protective orders, attorney ethical obligations, or other confidentiality restrictions.
3. MFB Technologies may only Process the Customer Content to perform the Agreement. MFB Technologies is prohibited from retaining, using, or disclosing the Customer Content for any commercial purpose other than the foregoing business purposes. Additionally, MFB Technologies is prohibited from retaining, using, or disclosing the Customer Content pursuant to this Agreement outside the direct business relationship between MFB Technologies and Customer. Customer agrees that MFB Technologies may use any data relating to and analysis of users’ use of the Services (collectively, “Usage Metadata”) for the purposes of providing the Services to Customer and for improving its products and services with the understanding that Usage Metadata does not constitute Customer Content.
4. MFB Technologies must not Sell or Share any Customer Content it Processes.
5. MFB Technologies may disclose the Customer Content to the limited extent required: (a) by Applicable Law, including court orders, provided that the MFB Technologies will first provide written notice to Customer (email being sufficient), unless prohibited by law, and will reasonably cooperate with Customer, at Customer’s expense, in its efforts to obtain a protective order or (b) to establish a party’s rights under this Agreement, including to make such court filings as it may be required to do.
6. MFB Technologies shall comply with all applicable sections of the Applicable Privacy Laws and shall provide, with respect to Customer Content, the same level of privacy protection as required by Applicable Privacy Laws.
7. Customer shall comply with all Applicable Privacy Laws. Customer is solely responsible for ensuring that it has necessary legal authority to make Customer Information available to MFB Technologies for Processing, including complying with applicable notice and consent requirements, and for ensuring that this Addendum complies with Applicable Privacy Laws. Customer must promptly notify MFB Technologies when it makes a determination that it can no longer meet its obligations under this Addendum or Applicable Privacy Laws.
8. Commensurate with the nature of MFB Technologies's services to Customer and in accordance with Customer's specific instructions to MFB Technologies, MFB Technologies shall help Customer to comply with Consumer requests made pursuant to Applicable Privacy Laws of which MFB Technologies is informed by Customer.
9. MFB Technologies and Customer shall each implement reasonable security procedures and practices appropriate to the nature of the Customer Content to protect it from unauthorized or illegal access, destruction, use, modification, or disclosure in accordance with the division of responsibilities specified in Exhibit A.
10. MFB Technologies will make arrangements to be audited, and obtain an annual independent third-party assessment report, for SOC 2 Type 2 from a reputable third-party auditing firm assessing MFB Technologies's technical and organizational security measures for all environments in which Customer Content is Processed. Upon the reasonable request of Customer, MFB Technologies shall make available to Customer all information in its possession necessary to demonstrate MFB Technologies's compliance with the obligations in this clause.
11. MFB Technologies grants Customer the right to take reasonable and appropriate steps, in coordination with MFB Technologies, to ensure that MFB Technologies uses the Customer Content in a manner consistent with Customer's obligations under this Addendum and Applicable Privacy Laws. MFB Technologies grants Customer the right, upon notice, to take reasonable and appropriate steps to stop and remediate MFB Technologies's unauthorized use of Customer Content.
12. MFB Technologies must promptly notify Customer when it makes a determination that it can no longer meet its obligations under this Addendum or Applicable Privacy Laws.
13. MFB Technologies shall, without undue delay, and in any event within 72 hours, notify Customer of any Breach it becomes aware of. The notification to Customer will include information about the nature and scope of the Breach, its cause, an assessment of the risks arising from the Breach, MFB Technologies's response efforts, and any other information reasonably requested by Customer. If any such information is not readily available to MFB Technologies at the time of the notification to Customer, MFB Technologies shall provide the information in phases as it becomes available. MFB Technologies will thoroughly and timely investigate the Breach and take all reasonably available measures to contain and mitigate the Breach and prevent its reoccurrence.
14. MFB Technologies must ensure that each person involved in Processing the Customer Content pursuant to this Agreement is subject to a contractual or statutory duty of confidentiality with respect to that Customer Content.
15. Upon termination or expiration of this Agreement, and subject to the conditions of MFB Technologies's agreement with Customer as to timing and manner, MFB Technologies will upon Customer's request delete the Customer Content and provide to Customer certificates evidencing such deletion. Notwithstanding anything to the contrary contained herein, MFB Technologies: (a) may retain one copy of the Customer Content for archival, audit, legal or regulatory purposes and (b) will not be required to delete the Customer Content from its archived electronic back-up files. MFB Technologies must maintain confidentiality of any retained Customer Content as if the Agreement were still in effect.
16. MFB Technologies may use subcontractors to assist MFB Technologies in Processing the Customer Content, provided that MFB Technologies enters a binding and enforceable contract with the subcontractor that complies with Applicable Privacy Laws and flows-down to the subcontractor comparable provisions as those set forth in this Addendum.
17. The limitations and exclusions of liability specified in the Agreement apply to this Addendum.
18. This Addendum shall survive and continue to apply insofar as MFB Technologies continues to Process Customer Content.
Exhibit A – Division of Information Security Responsibilities
1. MFB Technologies Security Responsibilities.
1.1. Implementing appropriate measures designed to secure the Customer Content while stored in the Service
1.2. Implementing appropriate measures designed to secure the Customer's access to the Service.
1.3. Implementing appropriate measures designed to secure the operation of the Service.
1.4. Implementing appropriate measures designed to keep Customer Content available to the Customer through the Service and recoverable in case of unavailability or damage. These measures include daily backups retained for seven days, and monthly backups retained for six months.
1.5. Implementing appropriate measures designed to ensure Customer Content is logically isolated from information of other customers of MFB Technologies.
2. Customer Security Responsibilities
2.1. Implementing appropriate security measures on the Customer's end-devices used to access the Service, including as appropriate, access restrictions, encryption, software updates, and antivirus protection.
2.2. Securely maintain Customer’s access credentials to the Service.
2.3. Implementing appropriate measures to ensure that the files and other content that the Customer uploads to the Service does not contain or link to malicious materials.
Updated: 10/24/2025