As an extension of the Chekin API License Agreement, you will comply with the following API Security Standards (“Security Standards”):
1.1 Audit. Chekin reserves the right to periodically audit the systems to ensure compliance with the requirements of this Exhibit. Non-intrusive network and application security scans may be performed randomly without prior notice.
1.2 Audit After a Security Breach Incident. For purposes of these Security Standards, a “Security Breach” is defined as a breach of security of your facility, systems or site where Chekin Content or Chekin User Data has been acquired by an unauthorized person. In the event of a Security Breach, Chekin may suspend or terminate your access to the API and Chekin Content and Chekin may conduct a security audit.
1.3 Chekin Results and your Response. Chekin will provide you with detailed results of any security audit performed by Chekin pursuant to these Security Standards. You will be granted thirty (30) days to resolve any issues Chekin has identified through a security audit. Should you fail to resolve such identified issues, Chekin may immediately suspend or terminate your access to the API and Chekin Content without notice.
2.1 Notification and Timing. You agree to immediately notify Chekin in writing upon your discovery of a Security Breach. You agree to use commercially reasonable efforts to notify Chekin of your detection of a Security Breach no more than twenty-four (24) hours after detection of a Security Breach. Notwithstanding the foregoing, under no circumstances will more than two (2) days pass between your detection of a Security Breach and Chekin being notified.th
2.2 Notification Format. Your notification of a Security Breach in accordance with the requirements set forth above will take the form of an email to support@chekin.io. Such notification email will include: a problem statement, expected resolution time (if known), and the name and phone number of your representative that Chekin can contact to obtain incident updates.
In the event of any security deficiency or intrusion involving the Application, Chekin APIs or Data, you will make no public statements regarding such deficiencies or intrusions (e.g., press, blogs, social media, bulletin boards, etc.) without prior written and express permission from Chekin in each instance.
You agree to adhere at all times to reasonable security practices, as specified in current industry literature on topics relevant to your interaction with Chekin. In the event such best practices conflict with these Security Standards, you will comply with these Security Standards.
You agree to maintain reasonable safeguards to protect the security of all the information that you process, access, or store.
Chekin access credentials must be kept secret and confidential and under no circumstances be exposed to the public.
If Chekin believes that access credentials have been compromised, Chekin reserves the right to immediately terminate access and issue new access credentials.
Chekin is GPDR compliant.