BY CREATING AN ACCOUNT FOR, OR BY ACCESSING, THE SERVICES, YOU CONFIRM YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY, THESE TERMS. IF YOU ARE ACTING ON BEHALF OF AN ENTITY, YOU REPRESENT THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THAT ENTITY TO THE AGREEMENT. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT CREATE AN ACCOUNT FOR, AND DO NOT USE, THE SERVICES.
1.CONDITIONS FOR ACCESS AND USE
Customer acknowledges and agrees that:
(a)Customer solely is responsible for administering and controlling access to the Services by Customer Personnel and ensuring that each individual uses only the Login assigned to them;
(b)Customer will maintain the confidentiality and security of all Logins and authentication credentials and will immediately disable, or request Edgefolio to disable, any Login that is compromised or used by an unauthorised individual;
(c)Logins are for individual use only. Customer will not permit any Login to be shared or used concurrently by more than one person;
(d)Customer is fully responsible for all activity occurring under its Edgefolio account(s), whether authorised or unauthorised, and for ensuring that all Customer Personnel comply with the Agreement and Applicable Laws. Edgefolio may monitor usage and access logs to verify compliance;
(e)Customer will not copy, export, store, or otherwise use data obtained through the Services other than through use of the Services authorised features and functions, nor for any purpose other than Customer’s internal business purposes;
(f)Edgefolio may implement and enforce technical or commercial controls, including rate, concurrency, and storage limits, to prevent misuse (such as spam or unsolicited marketing) or to protect the performance and security of the Services. Edgefolio reserves the right to throttle, restrict, or suspend any usage that exceeds these limits;
(g)Customer will not use the Services or any data therein in conjunction with machine learning, neural networks, deep learning, predictive analytics, or other artificial intelligence software, nor use such data to create algorithms or processes designed to predict trades for an individual portfolio or fund nor engage in data scraping, data extraction, or automated access to the Services except through APIs or automation interfaces provided by Edgefolio;
(h)Customer will not use the Services in any manner that is unlawful, infringes third‑party rights, exposes Edgefolio to liability, or is harmful, deceptive, or discriminatory;
(i)Customer will not interfere with, disrupt, or attempt to disrupt the availability, performance, or security of the Services or any related systems;
(j)Customer will immediately notify Edgefolio in writing of any misuse, unauthorised access, or security incident relating to Customer’s or Customer Personnel’s use of the Services;
(k)the Services provide informational tools only. Edgefolio does not provide investment, financial, tax, legal, or other professional advice, and Customer solely is responsible for all decisions made by Customer and Customer Personnel using the Services;
(l)Customer solely is responsible for maintaining its own backup copies of Customer Data. Edgefolio has no obligation to store or retain Customer Data except as expressly set out in the Agreement;
(m)Edgefolio may identify Customer as a user of the Services in its marketing materials and may use Customer’s trademarks for such purposes in accordance with any brand guidelines provided by Customer. Customer may opt out with thirty (30) days’ prior written notice;
(n)Customer solely is responsible for securing its own IT systems, including firewalls, antivirus software, and access controls. Edgefolio is not responsible for the configuration or security of Customer’s systems. For clarity, all obligations relating to Personal Data security, audits, and breach notification are governed exclusively by the DPA;
(o)Customer solely is responsible for any third‑party products, services, APIs, connectors, or integrations it elects to use with the Services. Edgefolio has no liability for any failure, error, data loss, corruption, unavailability, or security incident arising from or relating to any third‑party product or integration. Customer will ensure that all such third‑party use complies with Applicable Laws and the applicable third‑party terms;
(p)Customer will not reverse engineer, decompile, disassemble, bypass technical limitations, tamper with billing mechanisms, or otherwise misuse the Services, nor access or use the Services for benchmarking, competitive analysis, or to develop competing products or services;
(q)Customer solely is responsible for the accuracy, quality, and legality of all Customer Data (including Personal Data) submitted to the Services;
(r)all information made available through the Services is general in nature and not tailored to Customer’s circumstances. Customer will obtain its own professional advice and conduct its own due diligence before making any decisions based on such information;
(s)Customer solely is responsible for determining whether its use of the Services (including receipt of any information) complies with Applicable Laws, including financial services, securities, marketing, and financial promotion laws;
(t)Customer acknowledges that the Services may not be available at all times and that no minimum availability or uptime is guaranteed unless expressly stated in the Agreement;
(u)save as provided in Sub-Clause 7(f) (Third Party Data): (i) the Services do not include any third‑party data licensing rights; and (ii) if any third‑party data is made available, Customer must obtain and comply with the applicable third‑party licence terms (including payment obligations);
(v)Customer will not copy, reproduce, distribute, or transmit any part of the Services except for Customer Data and other information expressly made available for export through the Services’ authorised features and functions;
(w)Customer will not modify, adapt, translate, or create derivative works of the Services, nor use the Services to develop, operate, or support any competing product or service;
(x)Customer acknowledges that Edgefolio does not owe Customer nor any Customer Personnel any duty of care, fiduciary duty, advisory duty, suitability obligation, best‑interest obligation, or similar duty under Applicable Laws, and no such duties arise from Customer’s or Customer Personnel’s use of the Services;
(y)Customer will ensure that no person who, for the purpose of any Applicable Laws, is or is deemed to be a retail client or customer, uses or relies on the Services;
(z)the Services may contain incomplete, outdated, inaccurate, or unavailable information, and that data may be delayed, corrupted, or subject to interruption. Edgefolio does not warrant the accuracy, completeness, timeliness, or availability of any information made available through the Services, whether generated by Edgefolio, provided by third-parties, or uploaded by other Users. Customer assumes all risk arising from its, or Customer Personnel’s use of, or reliance on, any such information;
(aa)no service levels, uptime commitments, response times, credits, refunds, offsets, or other remedies apply to the Services unless expressly set out in an Order Form or other agreement signed by Edgefolio; and
(bb)its IT systems, networks, devices, browsers, configurations, and security controls meet the minimum technical requirements for use of the Services and are properly maintained. Customer solely is responsible for its own backups, connectivity, firewalls, antivirus protections, and access controls. Edgefolio has no responsibility for any failure, error, delay, or unavailability caused by Customer’s systems or environment.
2.INTELLECTUAL PROPERTY
(a)Customer will own and retain all rights, title, and interest in and to Customer Data. Customer acknowledges that Customer Data does not include Usage Data. For clarity, Proprietary Work Product constitutes Customer Data and all rights, title, and interest in it remain with Customer;
(b)Edgefolio (and its licensors) will own and retain all IP Rights of whatsoever nature comprised within, or otherwise relating to, the Services and its components, including all related applications, user interface designs, processes, software, source code, Usage Data, and any future enhancements or modifications (together, “Edgefolio IP”). Neither Customer nor any Customer Personnel has, nor will pursuant to the Agreement or its access to, or use of, the Services (or otherwise howsoever without the prior written consent of Edgefolio) acquire, any ownership interest (of whatsoever nature) in Edgefolio IP;
(c)No rights or licences in or to Edgefolio IP are granted by implication or otherwise except for the limited usage rights expressly set out in the Agreement. Subject to Customer’s continuing compliance with the Agreement, Edgefolio grants Customer a revocable, non-exclusive, non-transferable, non-sublicensable limited right to access and use the Services as made available by Edgefolio solely for Customer’s internal research, evaluation, analysis and related business purposes;
(d)To the fullest extent permitted by Applicable Laws, Customer will, and will ensure that its Affiliates and its and their respective personnel will, irrevocably waive and not assert any Moral Rights in any Feedback or other materials provided by or on behalf of Customer that are incorporated into, or used by Edgefolio to develop or improve, the Services (together, “Materials”).
3.Customer DATA
(a)As between the Parties, Customer owns all Customer Data. Customer grants Edgefolio a non‑exclusive, worldwide, royalty‑free licence to use, host, store, reproduce, transmit, and display Customer Data solely to operate, provide, maintain, secure, and support the Services (including internal testing, diagnostics, troubleshooting and service improvement) and to perform Edgefolio’s obligations under the Agreement. For clarity, this licence does not apply to Personal Data, which is governed exclusively by the DPA.
(b)Any international transfers of Personal Data and any appointment of Sub-processors will be carried out as permitted under the DPA.
(c)Edgefolio may Process Usage Data as an independent Controller for the purposes and subject to the restrictions set out in Clause 4 (Data Ethics and Services Integrity) of the Terms and Conditions and the DPA (to the extent Usage Data constitutes Personal Data). For clarity, Usage Data does not include Customer Data or Proprietary Work Product.
4.DATA ETHICS AND SERVICES INTEGRITY
The Parties acknowledge and agree that:
(a)Edgefolio will not disclose Customer Data or Personal Data in identifiable form to third parties (for the avoidance of doubt, excluding authorised Sub-processors) except as required to provide the Services to Customer, comply with Applicable Laws or as otherwise permitted under this Clause 4. Any use of such data to train generalised AI or machine‑learning models will require Customer’s express opt‑in;
(b)the Services may enable the exchange and distribution of certain information and interaction outputs between Users and participating Counterparties based on Customer’s and Customer Personnel’s actions, settings, permissions, and Affirmative Interactions, as further described in this Clause 4;
(c)Edgefolio will not disclose Services participant‑specific relationship information, pipeline or diligence activity, or behavioural or interaction data relating to Customer to third parties (for the avoidance of doubt, excluding authorised Sub-processors) or other Services participants, except where required to provide the Services to Customer, for internal support, where such data is aggregated and de-identified such that it cannot be attributed to Customer, or as otherwise permitted under this Clause 4;
(d)Edgefolio may compile, use, and disclose Services-based Insights, provided such outputs do not identify, and could not reasonably be used to identify, Customer or any Customer Personnel. For clarity, Proprietary Work Product will not form part of Usage Data or Services-based Insights and will not be used in aggregated or de‑identified analytics;
(e)to support the Services’ core functionality, Edgefolio may provide a Counterparty with records of a User’s Affirmative Interactions with that Counterparty (including document access, Fund views, message activity, meeting activity, and related engagement analytics);
(f)Edgefolio will use commercially reasonable endeavours to maintain logical, technical, and organisational controls designed to prevent any unauthorised inter-client data commingling, and ensure the segregation of confidential pipelines and relationships;
(g)visibility of Customer Data and engagement within the Services is governed by the Services’ standard visibility rules, which Customer may customise where configuration options are made available;
(h)Edgefolio may Process and surface non‑aggregated Customer Data, Usage Data, engagement analytics, and interaction records between Services participants to the extent they are connected through an Affirmative Interaction or any capital introduction workflow or other mutually initiated or authorised interaction within the Services that is treated as an Affirmative Interaction under the Services’ intended functionality; and
(i)nothing in this Clause 4 restricts Edgefolio from Processing Customer Data and/or Personal Data as necessary to operate, provide, maintain, secure and support the Services for Customer (including through authorised Sub-processors), to enforce its rights under the Agreement, to comply with Applicable Laws or prevent fraud or misuse.
5.pERSONAL DATA PROCESSING
(a)Where and to the extent the Services involve the Processing of Personal Data, the DPA forms part of, and is incorporated into, the Agreement and prevails over any inconsistent provision in the Agreement in respect of the Processing of Personal Data.
(b)Each Party will comply with the DPA. Customer will obtain and maintain necessary permissions required under Applicable Data Protection Laws to disclose Personal Data to Edgefolio and to permit Edgefolio to Process Personal Data as contemplated by the Agreement.
(c)The details of the Processing of Personal Data (including the Parties’ roles, categories of Personal Data, Processing purposes, Sub‑processors, international transfers, security measures, audit rights, and breach notification) are set out in the DPA. For Customer Data that does not constitute Personal Data, the provisions of these Terms and Conditions (excluding the DPA) apply. The Parties acknowledge that, in providing the Services, Edgefolio acts as a Processor in respect of Personal Data and as an independent Controller in respect of Usage Data.
(d)Any privacy policy published by Edgefolio is provided for informational purposes only and does not form part of, nor constitute, Customer’s documented instructions to Edgefolio under the DPA.
(e)Edgefolio may appoint Sub-processors and make international transfers of Personal Data as set out in the DPA.
(f)Each Party will reasonably cooperate with the other Party as required to comply with Applicable Data Protection Laws, including in relation to data subject requests, regulator engagement, and breach notification, in each case as further described in the DPA.
(g)Return and deletion of Personal Data are governed by the DPA. Return and deletion of Customer Data that is not Personal Data are governed by Clause 15 (Consequences of Termination), subject to Applicable Laws and Edgefolio’s backup retention practices.
6.CONFIDENTIALITY
(a)Each receiving Party will use the disclosing Party’s Confidential Information solely to perform its obligations and exercise its rights under the Agreement, to use the Services, and to comply with Applicable Laws. Each receiving Party will protect the disclosing Party’s Confidential Information using at least a reasonable degree of care. For clarity, Proprietary Work Product constitutes Customer’s Confidential Information.
(b)A receiving Party may disclose the disclosing Party’s Confidential Information:
(i)to its and its Affiliates’ employees, agents, subcontractors, auditors, and professional advisers who need to know it for the purposes of the Agreement, provided they are bound by confidentiality obligations at least as protective as those in this Clause 6;
(ii)as required by Applicable Laws, court order, or legal process, provided that (to the extent permitted) the receiving Party gives prompt written notice and reasonably cooperates (at the disclosing Party’s expense) to seek confidential treatment;
(iii)to prospective investors, acquirers, or financing sources (and their advisers) for due diligence purposes, provided they are informed of the confidential nature of the information and are bound to keep it confidential;
(iv)as necessary to provide the Services’ intended functionality, including making available through the Services (or otherwise providing) records of Affirmative Interactions and related engagement analytics to the relevant Counterparty or Services participants; and
(v)as authorised in writing by the disclosing Party.
(c)The Parties acknowledge that Edgefolio is an independent Controller of Usage Data. As between the Parties, Usage Data and any data, analytics, or insights derived from Usage Data constitute Edgefolio’s Confidential Information. Edgefolio may use and disclose such data as permitted under the Agreement or required by Applicable Laws.
(d)Each Party acknowledges that unauthorised use or disclosure of Confidential Information may cause irreparable harm. The non-breaching Party may seek injunctive or equitable relief in addition to any other remedies.
(e)Neither Customer nor Customer Personnel are required to provide Feedback. However, if Customer or Customer Personnel provide Feedback, Customer (or such Customer Personnel, as applicable) assigns to Edgefolio all rights, title, and interest (including all IP Rights) in such Feedback. Feedback will be deemed non‑confidential and non‑proprietary as to Customer and Customer Personnel. Customer will not, and will ensure Customer Personnel do not, provide Feedback that infringes any third‑party rights.
(f)Nothing in this Clause 6 prevents Edgefolio from using Residuals. “Residuals” means information that is retained in the unaided memory of Edgefolio personnel who have had access to Customer’s Confidential Information, provided that such personnel have not intentionally memorised the information for the purpose of retaining and subsequently using or disclosing it. Edgefolio may use Residuals for any purpose, including developing or improving its products and services, provided that such use does not result in the disclosure of Customer’s Confidential Information.
7.THIRD PARTY DATA
(a)Customer acknowledges and agrees that if the Services include data (including indices and benchmarks) sourced from third-party data providers (each a “Third-party Data Provider”), Edgefolio acts as a distributor of such third-party data and has no control over its creation or continued availability.
(b)Edgefolio does not warrant the accuracy, timeliness, completeness, or continued availability of any data provided by any Third-party Data Provider. All such data is provided on an “as is” and “as available” basis.
(c)Customer acknowledges that a Third-party Data Provider may reserve the right to remove, alter, or change the commercial terms of providing, specific data points (including benchmarks and indices) at any time at their sole discretion. Edgefolio reserves the right to introduce a charge for data should a Third-party Data Provider to Edgefolio in relation to the Services increase its licensing or royalty fees, effective upon no less than thirty (30) days’ written notice to Customer.
(d)Edgefolio shall have no liability to Customer or any third-party for any losses, costs, or damages (whether direct or indirect) arising from or in connection with:
(i)the removal, alteration, or cessation of any Third-party Data Provider data point;
(ii)any errors, omissions, or inaccuracies in any Third-party Data Provider data; or
(iii)any delays or interruptions in the delivery of any Third-party Data Provider data.
(e)Customer authorises Edgefolio to disclose identity and Usage Data to a Third-party Data Provider if required by such Third-party Data Provider for royalty and license verification purposes.
(f)Customer is not required to obtain a specific license from, or fulfil independent payment obligations to, the Third-party Data Provider, Morningstar, Inc (“Morningstar”) in order to access Morningstar data provided by Edgefolio via the Services, provided the Customer: (i) complies with the terms of the Agreement; and (ii) acknowledges and agrees to the following Morningstar terms and disclaimers:
“All Rights Reserved.
The information, data, and opinions (“Information”) contained herein: (1) are proprietary to Morningstar and/or its content providers; (2) may not be copied or redistributed; (3) do not constitute investment advice; (4) are provided solely for informational purposes; and (5) are not warranted to be accurate, complete, or timely.
Neither Morningstar nor its content providers are responsible for any damages, trading decisions, or losses arising from the use of this Information. Past performance is no guarantee of future results. The value of investments and the income derived from them may go down as well as up.”.
8.DISCLAIMER
(a)The Services are provided on an “as is” and “as available” basis without warranty of any kind. Edgefolio does not warrant that access to or availability of the Services will be uninterrupted, error‑free, free of viruses or other harmful components, or compatible with any particular hardware or software.
(b)Customer acknowledges that features within the Services designed to restrict access to, or use of, Customer’s or Customer Personnel’s information cannot prevent manual copying of displayed information and may not prevent electronic or digital capture of content using third‑party tools intended to circumvent such features.
(c)To the fullest extent permitted by Applicable Laws, Edgefolio disclaims all warranties, express or implied, including any implied warranties of merchantability, fitness for a particular purpose, and non‑infringement. Customer acknowledges, and will procure that Customer Personnel acknowledge, that access to and use of the Services is at their sole risk and that they have not relied on any warranty, condition, guarantee, or representation from Edgefolio.
(d)Nothing on or received via the Services constitutes, or should be relied upon as, investment, financial, tax, legal, or other professional advice, or as a recommendation or solicitation to buy, sell, or hold any security or to pursue any investment strategy.
(e)Edgefolio does not warrant the accuracy, completeness, timeliness, or reliability of any data or information made available via the Services, whether generated by Edgefolio, provided by third-parties, or uploaded by Users.
(f)Edgefolio is not responsible for, and makes no warranties regarding, any content, data, services, or materials made available through integrations, links, or uploads within the Services. Customer solely is responsible for verifying the accuracy, completeness, and suitability of any such content.
(g)Edgefolio has no obligation to update, correct, or maintain any information made available via the Services, except as expressly required under the Agreement.
(h)Customer acknowledges that Edgefolio does not act as a fiduciary, adviser, or agent to Customer or any Customer Personnel. Customer solely is responsible for its, and any Customer Personnel’s, decisions and for verifying the suitability of any actions taken in reliance by it or any of them on information obtained via the Services.
(i)From time to time, Edgefolio may make features, functionality, or services available to Customer on a trial, evaluation, pilot, early access, or beta basis (“Beta Features”). Beta Features are provided solely for evaluation and testing, are made available “as is” without warranties of any kind, may be modified or discontinued at any time, and are not subject to any support, security, availability, or performance commitments. Edgefolio has no liability arising out of or relating to Beta Features. Customer, and Customer Personnel, use all Beta Features at their sole risk.
9.REPRESENTATIONs and WARRANTIES
Customer represents and warrants that:
(a)it is duly incorporated and validly existing under the laws of its jurisdiction of incorporation;
(b)it has the power to own its own assets and carry on its business in all material respects as it is from time to time being conducted;
(c)it has the power to enter into, perform and deliver, and has taken all necessary corporate action to authorise its entry into, performance and delivery of, the Agreement and its, and any Customer Personnel’s, use of the Services;
(d)it is not a Restricted Party, has not been engaged in any transaction, activity or conduct since the date of its incorporation that has or could reasonably be expected to result in it being designated a Restricted Party, and has not received notice of, and is not otherwise aware of, any claim, action, suit, proceedings or investigation involving it relating to Sanctions;
(e)without derogating from its general obligation to comply with all Applicable Laws, it has, and will, conduct its business in compliance with all applicable anti-corruption laws and its use of the Services complies with all Applicable Laws, including financial services, securities, AML, sanctions, marketing, and financial promotion laws;
(f)the individual creating an Edgefolio account for the Services for Customer is duly authorised to do so by Customer;
(g)all Customer Personnel who are provided with access to the Services are duly authorised to access and use the Services by Customer; and
(h)any document or information that Customer or Customer Personnel provides and/or distributes, or other communication that it makes, via the Services will be accurate, will not include any untrue statement of a material fact, nor omit to state a material fact, necessary in order to make any statement therein, in light of the circumstances under which it was made, not misleading, will not infringe any third-party rights (including IP Rights and data privacy rights), will include all disclosures, legends or rubrics required by, and will at all times remain in compliance with, Applicable Laws, and Customer will notify Edgefolio in the event that any such document, information or other communication no longer meets the requirements of this Sub-Clause 9(h).
10.indemnity
(a)Customer will defend, indemnify and hold harmless Edgefolio and its officers, directors, employees, and agents (each an “Indemnified Party”) from and against any and all losses, claims, damages, liabilities (whether joint or several), expenses (including legal and professional fees), judgments, fines, settlements, and other amounts arising out of, or in connection with, any claim, demand, action, suit, or proceeding (civil, criminal, administrative, or investigative), whether actual, threatened, future, or contingent, and whether direct, indirect, incidental, or consequential, suffered or incurred by an Indemnified Party as a result of: (i) the misuse of the Services by Customer or any Customer Personnel; (ii) any breach of the Agreement by Customer or any Customer Personnel (including any breach of any third-party data licence terms caused by unauthorised use or redistribution of relevant third-party data); (iii) any allegation that any content, communication, or materials provided or made available by Customer or any Customer Personnel (including via the Services), infringe, misappropriate, or violate the rights (including IP Rights and privacy rights) of any third-party or breach Applicable Laws; and/or (iv) Edgefolio acting on any instruction from Customer or Customer Personnel.
(b)Edgefolio will notify Customer as soon as reasonably practicable of any claim for which it seeks indemnity under the Agreement, provided that failure to give such notice will not relieve Customer of its obligations except, and only to the extent, Customer is materially prejudiced as a consequence. Customer will control the defence and settlement of indemnified claims, provided that Customer will not settle any such claim without Edgefolio’s prior written consent if the settlement admits liability of, or imposes any obligation on, any Indemnified Party, or does not unconditionally release each Indemnified Party from any and all liability in respect thereof. Edgefolio may, at its own cost, participate with its own counsel in any such defence or settlement process.
(c)Nothing in this Clause 10 will exclude or limit any liability which cannot be excluded under Applicable Laws.
11.EXCLUSIONS AND LIMITATION OF LIABILITY
(a)Subject to Sub-Clause 11(c), Edgefolio will not be liable for any: (i) loss of profits, revenue, business, or anticipated savings; (ii) loss or corruption of data or information; (iii) loss of goodwill or reputation; (iv) business interruption; or (v) indirect, special, incidental, exemplary, punitive, or consequential losses (including any loss arising from reliance on information obtained via the Services), in each case whether arising in contract, tort (including negligence), misrepresentation, breach of statutory duty, or otherwise.
(b)Subject to Sub-Clause 11(c): (i) if Customer is not a Subscription Tier Customer, Edgefolio’s total aggregate liability arising out of or in connection with the Agreement will not exceed £100; and (ii) if Customer is a Subscription Tier Customer, Edgefolio’s total aggregate liability arising out of or in connection with the Agreement will not exceed the total Services fees (excluding implementation fees) paid by Subscription Tier Customer in the twelve (12) months immediately preceding the event giving rise to the relevant claim, in the case of each of (i) and (ii) above, whether such liability arises in contract, tort (including negligence), misrepresentation, breach of statutory duty, or otherwise.
(c)Nothing in this Clause 11 limits or excludes any liability for: (i) death or personal injury caused by negligence; (ii) fraud or fraudulent misrepresentation; or (iii) any other liability that cannot be limited or excluded under Applicable Laws.
(d)Each of the Parties acknowledges and agrees that the provisions of the Agreement fairly allocate the risks between Edgefolio, on the one hand, and Customer and Customer Personnel, on the other. Customer acknowledges and agrees that the basis on which Edgefolio grants access to, and use of, the Services reflects this allocation of risk and the limitations of liability specified in the Agreement, and that Edgefolio would not have entered into the Agreement without such allocation and limitations.
12.FORCE MAJEURE
Any delay or failure by Edgefolio to provide the Services will be excused to the extent caused by an event or circumstance beyond Edgefolio’s reasonable control, including acts of God, acts of civil or military authorities, labour disputes, fires, interruptions or failures in telecommunications, internet or network services, power outages, or governmental restrictions. Edgefolio will also not be responsible for any delay or failure caused by faults, failures, or unavailability of equipment, systems, or services owned or controlled by Customer or Customer Personnel.
13.suspension
Edgefolio may suspend access to the Services and/or any Login with immediate effect if it reasonably believes a Login has been compromised, if Customer or any Customer Personnel has breached the Agreement, and/or to address security, legal or regulatory risks. Edgefolio will use reasonable efforts to restore access promptly once the relevant issue has been resolved and, where practicable, will notify Customer without undue delay of any suspension and the reasons for it. Edgefolio may decline any request to reissue a Login to any person whose access has been suspended or revoked due to breach of the Agreement. For the avoidance of doubt, the terms of the Agreement will remain in full force and effect during any suspension, and Edgefolio’s election to suspend access to the Services rather than terminate the Agreement is not a waiver of any of its rights.
14.TERMINATION
Edgefolio may terminate the Agreement by giving written notice to Customer specifying a termination date which is at least seven (7) calendar days after the date of such written notice. Customer’s, and Customer Personnel’s, right to access and use the Services will end at close of business on the termination date specified in such written notice. Customer may terminate the Agreement if Edgefolio has materially breached the Agreement and has not remedied that breach within twenty (20) Business Days of receiving written notice from Customer requiring it to do so. Termination will not affect any rights or obligations that have accrued before the Agreement termination date.
15.CONSEQUENCES OF TERMINATION
(a)Following termination or expiry of the Agreement:
(i)return and/or deletion of Personal Data will be handled in accordance with the DPA;
(ii)in relation to Customer Data which is not Personal Data, upon Customer’s written request made within thirty (30) calendar days following termination or expiry, Edgefolio will make available an export or offline archive of such data using its standard export or archiving process. After expiry of that thirty (30) calendar days period, Edgefolio may delete such data in accordance with its standard deletion processes, subject to any retention required by Applicable Laws and any residual backup retention consistent with Edgefolio’s backup policies. Customer is responsible for exporting or backing up its data before expiry of such thirty (30) calendar days period, and Edgefolio has no obligation to retain such data thereafter.
(b)Following termination or expiry of the Agreement, the Services will no longer be accessible to Customer nor any Customer Personnel unless reactivated by Edgefolio in its discretion and on such terms as Edgefolio may require (including payment in full of any outstanding fees).
(c)Termination of the Agreement will not prejudice any rights of any of the Parties accrued prior to such termination.
(d)The provisions of this Clause 15, Clauses 2-11 (inclusive) and 16-22 (inclusive) will survive termination or expiry of the Agreement.
16.PAID SUBSCRIPTION
(a)This Clause 16 applies only to a Customer with a paid subscription for the Services (a “Subscription Tier Customer”) entitling it to enhanced features and functionality not available to non‑paying Customers. If there is any conflict between this Clause 16 and any other provision of the Agreement, this Clause 16 will prevail. The initial Services subscription period for a Subscription Tier Customer will commence on the Subscription Start Date and end on the date agreed by the Parties. At the end of the initial subscription period, and on each anniversary thereafter, the Services subscription will automatically renew for a further one‑year period (a “Renewal Period”) unless either Party gives written notice of non‑renewal at least thirty (30) calendar days before the end of the then-current Services subscription period. If such notice is given, Subscription Tier Customer’s paid subscription will end at close of business on the last day of the then‑current Services subscription period. A notice of non‑renewal must be sent to the e-mail address or portal location designated by Edgefolio for notices, and any notice sent to another address will not be effective. For clarity, following the termination of a paid subscription for the Services, a Subscription Tier Customer will remain a Customer under this Agreement, but will transition to non-paying status with access limited to standard features and functionality (as determined by Edgefolio).
(b)Edgefolio may invoice Subscription Tier Customer for the initial Services subscription fee and any applicable implementation fees prior to, on, or after the Subscription Start Date. These fees will be set out in the order form signed by the Parties (the “Order Form”) and are payable on or before the Subscription Start Date (or, if later, within fourteen (14) calendar days of the date of invoice). Services subscriptions are non‑cancellable, and Services subscription fees are non‑refundable except where expressly stated in the Agreement. Any promotions, discounts, or free trials apply only for the period expressly stated in the Order Form and will revert to the then‑current undiscounted rates thereafter. For clarity, such reversion shall not constitute a fee increase for the purposes of Sub-Clause 16(c).
(c)The Services subscription fee for each Renewal Period is payable by Subscription Tier Customer annually in advance within fourteen (14) calendar days of the date of invoice, unless otherwise agreed in writing by the Parties. Edgefolio may issue a Renewal Period invoice at any time after the date that is forty-five (45) calendar days before the start of the next Renewal Period. The Services subscription fee for each Renewal Period will automatically increase from the per annum fee for the final twelve months of the immediately preceding Services subscription period by the greater of: (i) five percent (5%) compounded annually for each year of the preceding Services subscription period ; and (ii) the cumulative percentage increase in the UK Consumer Prices Index (as published by the Office for National Statistics) since the start of the preceding Services subscription period. Such inflationary adjustments apply automatically and do not constitute a fee increase for the purposes of the notice requirements in this Sub-Clause 16(c). Edgefolio will provide at least forty-five (45) calendar days’ notice of any increase in the Services subscription fee for a Renewal Period above the then‑current undiscounted Services subscription fee amount. If Subscription Tier Customer does not accept such fee increase, it must give at least thirty (30) calendar days’ written notice of non‑renewal to Edgefolio, in which case it will cease to be a Subscription Tier Customer at the end of the then‑current Services subscription period.
(d)All fees are exclusive of VAT and any other applicable taxes, which will be payable by Subscription Tier Customer in addition. If any such tax is required to be deducted under Applicable Laws, the amount payable will be increased so that Edgefolio receives the full amount it would have received had no deduction been required. All fees are payable in full and without any set‑off, counterclaim, deduction, or withholding (other than taxes required to be withheld under Applicable Laws).
(e)Edgefolio may suspend access to the Services if there are any overdue amounts not disputed in good faith by Subscription Tier Customer, but access will be restored promptly upon full payment. In the event of an uncured breach by Subscription Tier Customer, the Parties agree that Edgefolio will suffer damages that are difficult to quantify. Therefore, as liquidated damages and not as a penalty, an amount equal to the total remaining unpaid Services fees for the then-current Services subscription period will become immediately due and payable. The Parties agree that this amount represents a fair and reasonable estimate of the benefit of the bargain between them and the anticipated losses resulting from such breach. The amount payable under this Sub-Clause 16(e) shall be reduced by any direct costs Edgefolio actually avoids as a result of the early termination of the Services.
(f)Edgefolio may adjust the Services subscription fee to reflect any material increase in its cost of providing the Services arising from changes in Applicable Laws, regulatory requirements, or third‑party data or infrastructure costs, and will notify Subscription Tier Customer of any such adjustment.
(g)Any additional users, modules, or features activated by or on behalf of Subscription Tier Customer during a Services subscription period will be charged at Edgefolio’s then‑current rates and invoiced on a pro-rated basis to the end of the then‑current Services subscription period. Any discount applicable to Services fees is conditional upon timely payment of all fees; if Subscription Tier Customer fails to pay any undisputed amount when due, all discounts will automatically cease to apply, and Services fees will revert to the then‑current undiscounted rates.
(h)Where the Order Form specifies a minimum annual commitment (including seats, usage, or AUM tiers), Subscription Tier Customer will pay the minimum commitment regardless of actual usage. Any excess usage will be charged at Edgefolio’s then‑current rates. Renewal pricing will be based on Subscription Tier Customer’s highest usage, seat count, AUM tier or commitment level during the immediately preceding Services subscription period, unless otherwise agreed in writing by the Parties.
(i)Edgefolio may charge interest on overdue amounts at an annual rate of three percent (3%) above the Bank of England base rate from time to time, accruing daily from the due date until payment is received in full.
17.INDEPENDENT CONTRACTORS
Edgefolio and Customer will at all times be independent contractors. Neither Party will have any authority to enter into any agreement on behalf of, or to assume or incur any obligation or liabilities in the name of, the other Party. Nothing in the Agreement nor the provision of access to the Services will be interpreted or construed to create an association, joint venture or partnership between the Parties.
18.NOTICES
In connection with the Agreement: (a) Edgefolio may give notice to Customer by: (i) posting a notification on Customer’s Services portal; (ii) sending an e-mail to Customer’s e-mail address on record in Edgefolio’s account information; or (iii) sending a written communication by first‑class mail or prepaid post to the Customer’s address on record in Edgefolio’s account information or as shown on Customer’s Services portal; and (b) Customer may give notice to Edgefolio by e-mail to legal@edgefolio.com. All notices will be deemed given five (5) Business Days after mailing (if sent by first-class mail or pre-paid post) or, if sent by e‑mail, when sent, if transmitted during business hours (9:00 a.m. to 5:30 p.m. on a Business Day in London, England), or at 9:00 a.m. (London, England time) on the next Business Day if sent outside such business hours, provided no automated message is received by the sender that the e‑mail was not delivered. If any notice or report is required to be given “promptly”, the notifying Party will notify the other Party within five (5) Business Days after becoming aware that the relevant event has occurred.
19.MISCELLANEOUS
(a)No assignment or transfer of any rights or obligations under the Agreement or the right to access and use the Services (or of all or any part of the rights and obligations arising in relation thereto) by a Party may be made without the prior written consent of the other Party, and any attempted assignment or transfer in breach of this Clause 19 will be void and of no effect. Notwithstanding the foregoing, Edgefolio may assign or transfer its rights and/or obligations (in whole or in part) without consent to any of its Affiliates or in connection with any merger, reorganisation, sale of equity or assets, or other change of control, and will use reasonable efforts to notify Customer of any such assignment or transfer.
(b)Edgefolio may modify, enhance, update, discontinue, or otherwise change any aspect of the Services (including any features, functionality, user interface components, integrations, or technical infrastructure) at any time. Edgefolio will use reasonable efforts to avoid materially reducing the core functionality of the Services during any active Services subscription period. Edgefolio may update the Agreement from time to time, and continued use of the Services after any such update will constitute acceptance of the updated Agreement. Customer’s sole and exclusive remedy for any modification to the Services or the Agreement is to cease using the Services.
(c)Edgefolio may update its Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service enhancements, and will notify Customer in advance of any material changes that affect the scope, nature, or purpose of Personal Data processing. Customer may object to such notified changes to the Privacy Policy on reasonable grounds within ten (10) Business Days of receiving notice. If Customer objects on reasonable grounds, the Parties shall negotiate in good faith to resolve such objection, failing which Edgefolio may terminate the affected Services. Continued use of the Services following expiry of that notice period will constitute acceptance of the updated Privacy Policy. For clarity, the Privacy Policy is provided for informational purposes only and does not form part of the Agreement, but Edgefolio will notify Customer of material changes to it as required by Applicable Data Protection Laws.
(d)The Services may include links to third‑party websites. When Customer or any Customer Personnel accesses such sites, they will be subject to the relevant third-party’s terms of use and privacy and security policies, which Edgefolio recommends be reviewed by Customer or the relevant Customer Personnel. Edgefolio is not responsible for the accuracy, completeness, legality, practices, or availability of any linked sites (including any related services, content, software applications, or other technologies). Links on the Services to any third‑party website do not constitute an endorsement of any such third-party by Edgefolio.
(e)If any term or condition of the Agreement is held invalid or unenforceable by a court of competent jurisdiction: (i) the relevant term or condition will be deemed to be restated to reflect as nearly as possible the original intentions of the Parties in accordance with Applicable Laws; and (ii) none of the other terms or conditions of the Agreement will be affected.
(f)Unless expressly stated otherwise in the Agreement, all rights and remedies provided for in the Agreement will be cumulative and in addition to any other rights or remedies available to either Party.
(g)No third-party is or will be deemed to be an intended or unintended third-party beneficiary of any of the rights and obligations under the Agreement and no third-party will have any right under the Contracts (Rights of Third Parties) Act 1999 to enforce any such rights and obligations.
(h)Save as otherwise provided herein, no failure to exercise, nor any delay in exercising, any right or remedy on the part of any Party will operate as a waiver of such right or remedy, nor will any single or partial exercise of any right or remedy prevent any further or other exercise thereof nor the exercise of any other right or remedy of a Party under the Agreement.
(i)By opening an account for the Services, the individual doing so represents and warrants that they have the legal authority to bind Customer to the Agreement. Where an entity name is provided, or an e-mail address affiliated with an entity is used during registration, onboarding, or access, that entity will be deemed to be Customer for the purposes of the Agreement.
(j)The Agreement constitutes the entire agreement between the Parties in relation to the provision of the Services and supersedes all prior and contemporaneous agreements, representations, understandings, negotiations and discussions in relation thereto between the Parties (whether oral or written). All terms and conditions implied by law and not expressly set forth in the Agreement are, to the extent permitted by Applicable Laws, excluded. Customer acknowledges that it has not relied on, and will have no remedy in respect of, any statement, representation, warranty, assurance, or understanding (whether made innocently or negligently) that is not expressly set out in the Agreement. No sales or marketing materials, product descriptions, demonstrations, roadmaps, or other communications in connection with the Services create any warranty or contractual commitment on the part of Edgefolio.
(k)The Agreement may be executed and delivered electronically (including via secure e-signature platform), and such execution will be deemed valid and binding as if signed physically. If the Agreement is executed in counterparts, each counterpart will be deemed an original, and together they will constitute one and the same agreement.
20.LAW AND JURISDICTION
(a)The Agreement and any obligation (whether contractual or non-contractual) arising out of or in connection with the Agreement and/or the Services will be governed by and construed in accordance with English law.
(b)Subject to Sub-Clause 20(c), the courts of England have exclusive jurisdiction to settle any dispute or claim between the Parties which arises under or in connection with the Agreement and/or the Services.
(c)If Edgefolio, in its sole discretion, elects, it may refer any dispute, controversy, or claim arising out of or relating to the Agreement (or the breach, termination, or invalidity thereof) and/or the Services (each a “Litigation Matter”), to arbitration. If Edgefolio makes such an election, the relevant Litigation Matter will be finally settled by arbitration in accordance with the Arbitration Rules of the London Court of International Arbitration (LCIA) (the “Rules”) by a single arbitrator appointed in accordance with the Rules. The place of arbitration will be London, England. The language to be used in the arbitral proceedings will be English. If Edgefolio makes such an election: (i) all documents and communications in such arbitral proceedings, as well as any resulting decision(s), will be treated as confidential; (ii) the arbitrator will have the authority to grant interim or conservatory measures if deemed necessary; (iii) the costs and fees of the arbitration, including the arbitrator’s fees and administrative expenses, will be borne equally by the Parties unless otherwise determined by the arbitrator; (iv) the decision of the arbitrator will be final and binding upon both Parties; and (v) electronic submissions and communications will be permitted in the arbitration process.
(d)Nothing in this Clause 20 prevents either Party from seeking urgent or interim injunctive, protective, or equitable relief from the courts of England in respect of any actual or threatened breach of confidentiality, misuse of the Services, infringement of intellectual property rights, or other matter requiring immediate judicial intervention.
21.COMMUNICATIONS AND ELECTRONIC MARKETING
(a)By creating an account for, or by accessing, the Services, Customer and Customer Personnel agree that Edgefolio may send them service-related communications, including product updates, platform announcements, and feature notifications. Such communications form part of the Services and are sent on the basis of contract performance and legitimate interests under Applicable Data Protection Laws and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) as amended or substituted from time to time (“PECR”). Customer and Customer Personnel may opt out of non-essential communications at any time by following the unsubscribe instructions in any such communication or by contacting Edgefolio at legal@edgefolio.com. Communications of a promotional nature are sent on the basis of Edgefolio’s legitimate interests, including keeping customers informed about developments in the Services.
(b)By creating an account for, or by accessing, the Services, Customer and Customer Personnel acknowledge that the Services are designed to facilitate connections and communications between fund managers, investors, and prime brokers and that other participants may contact them through the Services in connection with investment opportunities and related activities facilitated by the Services. Such connections and communications are an integral part of the Services and are made on the basis of contract performance.
(c)Customer solely is responsible for ensuring that its own communications sent through the Services comply with all Applicable Laws, including Applicable Data Protection Laws, PECR, and any equivalent electronic communications and marketing laws applicable in Customer’s jurisdiction.
22.DEFINITIONS, INTERPRETATION AND CONSTRUCTION
(a)In the Agreement:
“Affiliate” means an entity controlling, controlled by, or under common control with, a Party. The term “control” means that a person possesses, directly or indirectly, the power to direct or cause the direction of the management and policies of the other person (whether through the ownership of voting securities or other equity interests, representation on its board of directors or other governing body, by contract or otherwise) and cognate terms will be interpreted accordingly;
“Affirmative Interaction” means a deliberate interaction initiated by a User through the Services with a Counterparty, including making or accepting an introduction, requesting or granting access, sharing or exchanging documents, sending messages, scheduling meetings, or otherwise engaging through the Services’ intended workflows and permissions model;
“Agreement” means these Terms and Conditions (including the DPA), any Order Form, and any other documents expressly incorporated by reference, in each case as the same may be amended from time to time;
“Applicable Data Protection Laws” has the meaning given to it in the DPA;
“Applicable Laws” means all laws, regulations, rules, directives, and binding requirements of any jurisdiction relevant to a Party, its activities, and/or the Agreement;
“Business Day” means a day (other than a Saturday or Sunday) on which banks are open for general business in London, England;
“Confidential Information” means any and all information disclosed by or at the direction of a Party to the other Party in connection with the Agreement and the provision or use of the Services, including information relating to the business, operations, technology, properties and employees of the disclosing Party. Without limiting the foregoing: (a) all information processes, know-how, designs and technology relating to the Services, as well as the terms of the Agreement, will be deemed to be Edgefolio’s Confidential Information; and (b) all Proprietary Work Product will be deemed to be Customer’s Confidential Information. Notwithstanding the foregoing, Confidential Information does not include any information that a receiving Party can demonstrate: (a) was known to it prior to the disclosure of such information; (b) is or becomes known publicly through no wrongful act of the receiving Party; or (c) was rightfully received from a third-party under no contractual, legal or fiduciary obligation to keep such information confidential. For clarity, Usage Data and Services-based Insights constitute Edgefolio’s Confidential Information;
“Counterparty” means another participant in the Services with whom a User (or Customer) interacts through the Services;
“Customer” means the body corporate, partnership, trust or other legal person on whose behalf an account with Edgefolio in relation to the Services has been created (and, for the avoidance of doubt, includes any Subscription Tier Customer);
“Customer Data” means data (including Personal Data and Proprietary Work Product) uploaded to, stored in, sent through, or otherwise made available via the Services by or on behalf of Customer or Users, excluding Usage Data, Services-based Insights and data which originates from Edgefolio or its licensors;
“Customer Personnel” means individuals who are: (a) employees of Customer; (b) directors or officers of Customer; or (c) consultants or contractors of Customer operating under a written contract with Customer, and, in each case, who are authorised to use the Services in accordance with the Agreement;
“Customer Personnel Login” means a login to the Services that enables both read and write access, including the ability to view, modify, upload, and manage content or data within the scope of functionality made available to the User (or Customer);
“DPA” means the data processing addendum set out in the Appendix;
“Edgefolio” means Edgefolio UK Limited, a company incorporated in England and Wales with company registration number 09721556, and may also be referred to as “we,” “us,” or “our” throughout the Agreement;
“Feedback” means any suggestions, enhancement requests, recommendations, corrections, or other input provided by Customer or Customer Personnel relating to the operation, features, or functionality of the Services;
“Fund” means any investment fund, product, vehicle, account, or strategy whose information is made available through the Services, and includes any co-mingled investment vehicle, separately managed account, fund of one, special purpose vehicle or investable strategy wrapper (including any SICAV, OEIC, special purpose vehicle, offshore partner arrangement, closed-ended fund, exchange traded fund, co-investment or UCITS fund);
“IP Rights” means any rights, title and interest in patents, trademarks, service marks, trade and business names, rights in design, utility models, copyright (including Moral Rights and rights in derivative works), database rights, know-how (including trade secrets and confidential information), trade dress, domain names, social media identifiers, rights of publicity, unregistered rights, rights in software and source code, and any other similar or analogous rights, whether registered or unregistered, existing or applied for, anywhere in the world;
“Login” means a Customer Personnel Login, a View-Only Access Login or any other type of login for the Services made available by Edgefolio to Customer or Customer Personnel;
“Materials” has the meaning given to it in Sub-Clause 2(d) (Intellectual Property);
“Moral Rights” means any right to claim authorship, to object to or prevent the modification, or to withdraw from circulation or control the publication or distribution, of any Materials, and any similar right, existing under judicial or statutory or other law of any jurisdiction or under any treaty, regardless of whether or not such right is denominated, or generally referred to, as a “moral right”;
“Order Form” has the meaning given to it in Sub-Clause 16(b) (Paid Subscription);
“Party” means any of Edgefolio and Customer and “Parties” means Edgefolio and Customer collectively;
“Personal Data” has the meaning given to it in the DPA;
“Privacy Policy” means Edgefolio’s then-current privacy policy made available to Users via the Services and/or Edgefolio’s website, as updated from time to time;
“Proprietary Work Product” means Users’ private work within the Services, including internal notes, personal ratings, investment theses, pipeline forecasts, watchlists, campaign strategies and internal analysis, and any similar private annotations or internal workflow artefacts designated or presented as private within the Services;
“Restricted Party” means any person or entity that is: (a) a specific target of Sanctions; (b) located in, or organised under the laws of, a country or territory that is subject to Sanctions; or (c) owned or controlled by, or acting on behalf of any person subject to Sanctions;
“Sanctions” means any economic, financial, trade or export sanctions, embargoes, or restrictive measures administered, enacted, or enforced by: (a) the United Nations Security Council; (b) the United States government (including the U.S. Department of the Treasury’s Office of Foreign Assets Control); (c) the United Kingdom government (including His Majesty’s Treasury); (d) the European Union or any of its Member States; or (e) any other governmental authority with jurisdiction over a Party;
“Services” means the proprietary technology platform and digital infrastructure provided by Edgefolio to facilitate user-led investment research, due diligence, and secure information exchange between participating Fund managers, investors, and prime brokers;
“Services-based Insights” means aggregated and/or de-identified analytics, benchmarks, metrics, trend reports, market intelligence or other outputs derived from the operation or use of the Services that do not identify, and are not reasonably capable of identifying, any individual or specific participant;
“Sub-processor” means any third-party appointed by Edgefolio to Process Personal Data on Edgefolio’s behalf in connection with the Services;
“Subscription Start Date” means the date on which Customer first becomes entitled to use, and is granted access to, the Services as a Subscription Tier Customer;
“Subscription Tier Customer” has the meaning given to it in Clause 16 (Paid Subscription);
“Terms and Conditions” means the terms and conditions contained herein, as amended or varied from time to time;
“Usage Data” means data generated or collected automatically through operation of the Services regarding Users’ and systems’ interaction with the Services (including device and browser information, IP addresses, identifiers, log data, configuration settings, clickstream patterns, timestamps, feature usage, error logs, and performance/latency metrics). For clarity, Usage Data may be Personal Data where it relates to an identified or identifiable individual;
“User” means any person permitted by Customer to access the Services; and
“View-Only Access Login” means a login to the Services that enables view only access to the Services, allowing the User to view content and data within the scope of functionality made available by the Services, without the ability to edit, upload, delete, or otherwise modify that content.
(b)In the Agreement, unless the context requires otherwise: (i) words importing the singular include the plural and vice versa; (ii) words importing a gender include all genders; (iii) references to persons include individuals, companies, corporations, partnerships, and other legal entities; (iv) Clause headings are for convenience only and do not affect interpretation and references to Clauses, Sub-Clauses and the Appendix are to Clauses, Sub-Clauses and the Appendix to this Agreement, unless expressly stated otherwise or where the context otherwise requires; (v) references to “including” or “includes” will be deemed to be followed by “without limitation”; and (vi) capitalised terms used in these Terms and Conditions and defined in the DPA shall have the meaning given to them in the DPA.
APPENDIX
DATA PROCESSING ADDENDUM
1.DEFINITIONS AND INTERPRETATION
In this data processing addendum (“DPA”):
“Applicable Data Protection Laws” means the UK GDPR (as defined in the Data Protection Act 2018) and the Data Protection Act 2018. To the extent Edgefolio processes Personal Data relating to individuals located in the EEA or the United States, it also includes the EU GDPR and any relevant U.S. state privacy laws (including, where applicable, the CCPA), but only to the extent such laws apply to Edgefolio’s delivery of the Services;
“EU GDPR” has the meaning given to it in the Data Protection Act 2018;
“Personal Data” means any electronic information provided by or for Customer that relates to an identified or identifiable natural person where: (i) such information is contained within Customer Data; and (ii) is protected as personal data, personal information, or personally identifiable information under Applicable Data Protection Laws; and
Terms such as “Controller”, “Processor”, “Process”, “Processing”, “Data Subject”, “Personal Data Breach”, “Supervisory Authority” (and cognate terms) have the meaning given to them in Applicable Data Protection Laws; and “Transfer” means the communication, disclosure, or other making available, of Personal Data to a recipient in a third country or international organisation.
2.SCOPE, ROLES AND CUSTOMER INSTRUCTIONS
(a)Scope: This DPA applies to Edgefolio’s Processing of Personal Data as Processor on behalf of Customer in connection with the Services.
(b)Roles: For the purposes of Applicable Data Protection Laws:
(i)Customer is the Controller (or, where applicable, a Processor acting on behalf of another Controller) of Personal Data;
(ii)Edgefolio is the Processor of Personal Data;
(iii)Clause 7 (Usage Data) of this DPA describes circumstances in which Edgefolio may act as an independent Controller of Usage Data.
(c)Customer instructions: Edgefolio will Process Personal Data only:
(i)to provide, operate, maintain, secure, and support the Services and perform Edgefolio’s obligations under the Agreement (including this DPA);
(ii)in accordance with Customer’s lawful, documented and technically feasible instructions (including Customer’s configuration and use of the Services); and
(iii)to comply with a binding legal obligation applicable to Edgefolio.
(d)No sale/no independent use of Personal Data: Except as expressly permitted under Clause 7 (Usage Data) of this DPA or required by Applicable Data Protection Laws, Edgefolio will not: (i) sell Personal Data; (ii) Process Personal Data for advertising or marketing to any individuals whose Personal Data is provided by or on behalf of Customer; or (iii) Process Personal Data for purposes other than providing and supporting the Services, including security, troubleshooting, service integrity, compliance with the Agreement and for internal operations such as monitoring, capacity planning, and improving the security, stability, and performance of the Services. For clarity, nothing in this Sub-Clause 2(d) prevents Edgefolio from communicating with Customer or Customer Personnel about new features, service updates, or other information relating to the Services.
(e)Customer responsibility: Customer solely is responsible for: (i) ensuring it has a lawful basis for providing all Personal Data it provides to Edgefolio; (ii) all Processing instructions it issues; (iii) the accuracy, quality, and legality of Personal Data and the means by which Customer acquired it; and (iv) its compliance with Applicable Data Protection Laws in relation to its use of the Services.
(f)Unlawful instructions: If Edgefolio reasonably believes a Customer instruction infringes Applicable Data Protection Laws, Edgefolio will notify Customer and is not required to comply with that instruction to the extent it believes it to be unlawful.
(g)Third-party rights: Customer represents, warrants, and undertakes to ensure, that its instructions will not cause Edgefolio to violate any contract, confidentiality obligation, or rights of any third-party.
3.Edgefolio’s obligations as Processor
(a)Confidentiality: Edgefolio will ensure that its personnel authorised by it to Process Personal Data:
(i)are subject to a duty of confidentiality (contractual or statutory); and
(ii)receive appropriate privacy and security training commensurate with their role.
(b)Security: Edgefolio will implement and maintain appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data. Those measures may include those described in Annex B hereto and will be appropriate to the risk, taking account of the state of the art, costs of implementation, and the nature, scope, context, and purposes of Processing. Edgefolio is not responsible for any access, disclosure, or Processing resulting from Customer’s configuration of the Services, including visibility settings, permissions, or sharing choices.
(c)Assistance – Data Subject rights: Edgefolio will:
(i)taking into account the nature of the Processing, provide reasonable assistance to Customer to enable Customer to respond to Data Subject requests under Applicable Data Protection Laws (including requests to access, rectify, erase, restrict, port, or object), to the extent Customer cannot reasonably fulfil the request through self-service controls in the Services;
(ii)if it receives a Data Subject request relating to Personal Data and the request identifies Customer, unless legally prohibited, promptly notify Customer and will not respond to the request except on Customer’s documented instructions.
(d)Assistance: Taking into account the nature of the Processing and information available to Edgefolio, Edgefolio will provide reasonable assistance to Customer with:
(i)data protection impact assessments and related consultations with Supervisory Authorities required by Applicable Data Protection Laws; and
(ii)Customer’s obligations regarding security of Processing and Personal Data Breach notifications, in each case solely in respect of Edgefolio’s Processing of Personal Data under the Agreement.
Any assistance beyond providing existing documentation may be subject to Edgefolio’s then current professional services rates.
(e)Personal Data Breach/Security incident notification:
(i)Notification: Edgefolio will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Personal Data (a “Breach Notice”).
(ii)Content: To the extent information is available to Edgefolio, the Breach Notice will include: (aa) a description of the nature of the Personal Data Breach (including, where possible, categories and approximate number of Data Subjects concerned and categories and approximate number of Personal Data records concerned); (bb) the likely consequences of the Personal Data Breach; (cc) the measures taken or proposed to be taken to address the Personal Data Breach, including measures to mitigate its possible adverse effects; and (dd) a point of contact for further information.
(iii)Updates: Edgefolio will provide further information in phases without undue delay as it becomes available.
(iv)No admission: Edgefolio’s notification of, or response to, a security incident will not be construed as an admission of fault or liability by Edgefolio.
(f)Sub-processing: Edgefolio will not appoint a Sub-processor to Process Personal Data except as permitted under Clause 4 (Sub-processors) of this DPA.
(g)Deletion or return at end of Services period:
(i)Upon expiration or termination of the Agreement, Edgefolio will, at Customer’s choice (to be communicated in writing within 30 days following such termination or expiration), return Personal Data to Customer and/or delete Personal Data, in each case in accordance with the Agreement (including this DPA). If Customer does not provide a timely election within that period, Edgefolio may (at its option) delete Personal Data in accordance with its standard deletion processes.
(ii)Unless otherwise agreed in writing, any return of Personal Data will be made available via Edgefolio’s standard export or archiving process. Any non-standard export, migration assistance, or bespoke extraction will be subject to Edgefolio’s then-current professional services rates and scheduling.
(iii)Edgefolio may retain Personal Data to the extent required by Applicable Laws and will continue to protect any retained Personal Data in accordance with this DPA and will delete it when no longer required to be retained.
(iv)Customer acknowledges that residual copies of Personal Data may remain in backups for a limited period consistent with Edgefolio’s backup retention procedures, provided that such data will be isolated and protected and deleted in accordance with those procedures. Customer acknowledges that backup data is not accessible for extraction or restoration except as necessary for disaster recovery and business continuity purposes and will be deleted/overwritten in accordance with Edgefolio’s then-current backup retention schedule.
(v)Edgefolio does not guarantee storage of Personal Data except as required to provide the Services and may delete or archive data in accordance with its standard retention schedules.
(h)Information and audits:
(i)Edgefolio will make available to Customer information reasonably necessary to demonstrate compliance with the DPA, including (where available) summaries of security controls and independent third-party audit reports (such as SOC 2 Type II and/or ISO 27001 certificates or equivalent).
(ii)Customer may audit Edgefolio as set out in Clause 9 (Audit) of this DPA.
(i)Records of processing: To the extent required by Applicable Data Protection Laws, Edgefolio will maintain records of Processing activities carried out on behalf of Customer under this DPA.
4.Sub-processors
(a)General authorisation: Customer grants Edgefolio a general authorisation to appoint Sub-processors to Process Personal Data.
(b)Authorised Sub-processors list: Edgefolio maintains a list of current Sub-processors on its website.
(c)Changes: Edgefolio may update its Sub-processors from time to time. Edgefolio will notify Customer of any new Sub-processor that will Process Personal Data by email, through the Services, or on its website.
(d)Objection process: If Customer objects to a new Sub-processor on reasonable data protection grounds within ten (10) days of notice, the Parties will negotiate in good faith to resolve the objection. If no resolution is reached, Customer may discontinue use of the affected feature (if reasonably separable) without penalty. This is Customer’s sole and exclusive remedy for any Sub-processor objection.
(e)Flow-down obligations: Edgefolio will ensure that any Sub-processor is bound by written terms imposing obligations no less protective than those set out in this DPA, including obligations relating to confidentiality and security. Edgefolio remains responsible for the Sub-processor’s performance of its obligations under such terms.
5.Security
(a)Annex B: Edgefolio will implement and maintain the technical and organisational measures described in Annex B hereto (which Edgefolio may update from time to time) or other measures that provide an overall level of protection appropriate to the risk.
(b)Security changes: Edgefolio may update its security measures from time to time provided that such updates do not materially reduce the overall security of the Services. Edgefolio is not required to implement or maintain security measures other than those made available to its customers generally.
6.International transfers
(a)Transfer restrictions: Edgefolio will Transfer Personal Data only in accordance with Applicable Data Protection Laws and this Clause 6. Nothing in this DPA requires Edgefolio to implement data localisation, regional hosting, or bespoke transfer arrangements unless expressly agreed in writing. Customer is responsible for ensuring that its use of the Services, and its instructions to Edgefolio, comply with Applicable Data Protection Laws governing its own Transfers of Personal Data.
(b)Adequacy: Where a Transfer is to a country recognised under Applicable Data Protection Laws as providing an adequate level of protection (including, where applicable, certification under an approved data transfer framework), the Transfer may take place on that basis without additional measures.
(c)UK Transfers-UK Addendum and/or UK IDTA: Where a Transfer is subject to the UK GDPR:
(i)if EU SCCs apply under Sub-Clause 6(d) of this DPA, the UK Addendum is incorporated by reference and deemed executed; and/or
(ii)where the Parties agree to use the UK IDTA instead, the UK IDTA is incorporated by reference and deemed executed, in each case as applicable.
(d)EU Transfer -EU SCCs: Where EU SCCs are required for a Transfer of Personal Data subject to the EU GDPR:
(i)the EU SCCs are incorporated into this DPA by reference and deemed executed between the relevant parties;
(ii)Module Two (Controller to Processor) or Module Three (Processor to Processor) applies as appropriate;
(iii)the Parties agree that: (aa) the optional Docking Clause applies; (bb) Clause 11 (optional) is not selected unless required by mandatory law; and (cc) for Clause 17 and Clause 18, the governing law and forum will be the law and courts of an EU Member State selected by Edgefolio (to the extent required for validity).
(e)Execution mechanics: For the UK Addendum, the UK IDTA and the EU SCCs (as applicable):
(i)the Parties’ signature of the Agreement (or acceptance of online terms) constitutes signature of the incorporated Transfer Mechanism(s);
(ii)the annexes to this DPA will serve as the relevant appendices/annexes to the incorporated Transfer Mechanism(s); and
(iii)the Parties will cooperate as reasonably required to complete any mandatory annex information.
(f)Transfer risk assessments and supplementary measures: Upon Customer’s reasonable request, Edgefolio will make available information that Edgefolio generally provides to its customers (such as security documentation, third party audit reports/certifications, and its Sub-processor list) to assist Customer in completing a transfer risk assessment. Customer remains solely responsible for conducting its own transfer risk assessment and determining whether the Transfer Mechanism and any supplementary measures are appropriate for its use of the Services. Any bespoke questionnaires, additional written responses, or meetings may be subject to Edgefolio’s then current professional services rates. Edgefolio may implement supplementary measures it considers appropriate, taking into account the nature of the Transfer and the state of the art.
(g)Change in law/invalidation: If a Transfer Mechanism becomes invalid or otherwise cannot lawfully support a Transfer:
(i)Edgefolio will use commercially reasonable efforts to implement an alternative lawful Transfer Mechanism and/or supplementary measures; and
(ii)if no lawful mechanism is available, Customer may discontinue that part of the Services affected. This termination right applies only to that part of the Services affected and is without prejudice to rights available under Applicable Data Protection Laws.
7.Usage Data
(a)Aggregation and de-identification: Edgefolio may Process Usage Data in aggregated and/or de-identified form provided that it does not identify an individual and will not attempt to re-identify such data except for security, fraud prevention, or misuse prevention purposes or otherwise than in accordance with Clause 4 (Data Ethics and Services Integrity) of the Terms and Conditions.
(b)Edgefolio as independent Controller – limited purposes: To the extent Usage Data constitutes Personal Data and Edgefolio Processes it as an independent Controller, Edgefolio will Process it only for the following purposes, consistent with Clause 4 (Data Ethics and Services Integrity) of the Terms and Conditions:
(i)maintaining and improving the security, integrity, availability, and performance of the Services (including monitoring, troubleshooting, incident detection and response);
(ii)preventing, detecting, and investigating fraud, abuse, or misuse of the Services;
(iii)providing interaction history transparency via audit trails and related functionality within the Services;
(iv)providing Services-based Insights and analytics to Services participants (including fund managers, investors and prime brokers) subject to the access controls and permissions configured in the Services;
(v)analytics and product improvement (including developing, testing, and improving features and user experience), capacity planning, benchmarking, and development of new features;
(vi)compliance with legal obligations applicable to Edgefolio; and
(vii)any other purpose that is compatible with the purposes above and disclosed in Edgefolio’s Privacy Policy.
For clarity, any use of Customer Data or Personal Data to train generalised AI or machine learning models requires Customer’s express opt in, as set out in Sub-Clause 4(a) (Data Ethics and Services Integrity) of the Terms and Conditions.
(c)Restrictions: When acting as an independent Controller under this Clause 7, Edgefolio will not:
(i)use Usage Data to market or advertise to Customer’s end users, provided that this does not restrict Edgefolio from using such data to deliver engagement insights and analytics to Services participants as described in Sub-Clause 7(b)(iv) of this DPA; or
(ii)disclose Usage Data except: (aa) to service providers acting on Edgefolio’s behalf subject to appropriate confidentiality and data‑protection obligations; (bb) where required by Applicable Laws; or (cc) as permitted by Clause 4 (Data Ethics and Services Integrity) of the Terms and Conditions.
Nothing in this Clause 7 prevents Edgefolio from communicating with Customer or Customer Personnel about new features, service updates, or other information relating to the Services.
(d)Retention: Edgefolio will retain identifiable Usage Data only for as long as reasonably necessary for the purposes described in Sub-Clause 7(b) of this DPA, subject to legal requirements and legitimate security needs. Edgefolio may retain Usage Data in aggregated and/or de‑identified form for longer periods and may retain identifiable Usage Data for longer periods where necessary to investigate or remediate security incidents, enforce the Agreement, prevent fraud/abuse, or comply with legal obligations.
(e)Transparency and allocation of responsibilities:
(i)Each Party is responsible for its own notice and transparency obligations under Applicable Data Protection Laws. Edgefolio will fulfil its transparency obligations as an independent Controller of Usage Data via its Privacy Policy or equivalent disclosures made available within the Services.
(ii)The Parties intend this Clause 7 to clearly allocate distinct purposes and responsibilities and to avoid any inference of joint controllership. Nothing in this DPA creates a partnership, agency, or joint‑controller arrangement. For clarity: (aa) Edgefolio’s independent‑Controller Processing under this Clause 7 is strictly limited to Usage Data; (bb) such Processing does not extend to Customer Data or any other Personal Data Processed by Edgefolio on Customer’s behalf; and (cc) Edgefolio does not determine the purposes or means of Customer’s Processing of Personal Data.
(f)Usage Data as Edgefolio Confidential Information: As between the Parties, Usage Data (including aggregated and/or de-identified derivatives) constitutes Edgefolio’s Confidential Information. This Sub-Clause 7(f):
(i)does not alter the Parties’ respective roles with respect to Personal Data;
(ii)does not grant Edgefolio any right to Process Personal Data beyond what is expressly permitted under this DPA and the Agreement; and
(iii)does not limit Customer’s rights in Customer Data under the Agreement.
For clarity, nothing in this Sub-Clause 7(f) restricts Edgefolio’s ability to Process Usage Data for the purposes set out in Sub-Clause 7(b) of this DPA or to surface interaction records and engagement analytics in accordance with Clause 4 (Data Ethics and Services Integrity) of the Terms and Conditions.
8.Assistance, fees, and baseline included support
(a)Baseline included assistance: The following assistance is included at no additional charge (except as otherwise agreed in the Agreement), and represents the full extent of Edgefolio’s included assistance under this DPA:
(i)directing Data Subject requests to Customer under Sub-Clause 3(c) (Assistance – Data Subject Rights) of this DPA;
(ii)providing Customer with Edgefolio’s standard security documentation and third party audit reports/certifications made available under Sub-Clause 3(h)(i) (Information and audits) of this DPA; and
(iii)providing Breach Notices under Sub-Clause 3(e) (Notification) of this DPA.
(b)Additional assistance: Any assistance beyond that described in Sub-Clause 8(a) of this DPA (including support requiring substantial engineering effort, bespoke DPIA materials, transfer risk assessment support, responses to customer specific questionnaires, or on site or bespoke audit support) may be provided by Edgefolio at its discretion and may be subject to fees at Edgefolio’s then current professional services rates. Edgefolio may require written confirmation or a purchase order before commencing such assistance.
(c)Self‑service first: Customer will use available self‑service features, controls, documentation, and export functionality of the Services before requesting Edgefolio assistance. Edgefolio’s obligations to assist under the DPA apply only to the extent Customer cannot reasonably fulfil its obligations through such self‑service functionality or through its own systems, personnel, or advisors.
(d)Scope limitations: Edgefolio is not required to:
(i)create new tools, features, reports, or functionality;
(ii)provide legal advice or complete Customer’s legal assessments;
(iii)respond to duplicative, excessive, or unreasonable requests; or
(iv)provide assistance that would compromise the security, confidentiality, or performance of the Services.
9.Audit
(a)Audit by reports first: Customer agrees that any of Edgefolio’s then current SOC 2 Type II report, ISO 27001 certification, or equivalent independent third-party audit report (together with Edgefolio’s responses to reasonable follow up questions) will satisfy Customer’s audit rights under this DPA unless:
(i)Customer identifies a reasonable, good faith basis to believe there has been a material breach of this DPA by Edgefolio;
(ii)there has been a confirmed security incident affecting Customer Personal Data; or
(iii)a competent Supervisory Authority requires an on-site audit or inspection.
Customer must first review and reasonably assess the materials referred to in this Clause 9(a) before requesting any additional audit activity.
(b)Customer audit rights: Subject to Sub-Clause 9(c) of this DPA, Customer may conduct an audit of Edgefolio’s compliance with this DPA:
(i)no more than once in any rolling 12-month period (across Customer and its Affiliates collectively);
(ii)upon at least 30 days’ prior written notice;
(iii)during normal business hours and in a manner designed to minimise disruption; and
(iv)by an independent, qualified auditor bound by written confidentiality obligations at least as protective as those in the Agreement.
Customer will provide Edgefolio with a detailed written audit plan at least 20 days before the audit, including scope, methodology, and proposed timelines, and the audit may proceed only once the Parties agree on the plan.
(c)Scope and safeguards: Any audit under Sub-Clause 9(b) of this DPA will:
(i)be strictly limited to information and systems relevant to Personal Data and Edgefolio’s obligations under this DPA;
(ii)not involve penetration testing, vulnerability scanning, or any intrusive technical testing;
(iii)not unreasonably interfere with Edgefolio’s business operations;
(iv)exclude access to information that could compromise Edgefolio’s security, the privacy of other customers, or Edgefolio’s trade secrets (provided Edgefolio will use reasonable measures to provide alternative evidence); and
(v)be subject to Customer paying its own costs and Edgefolio’s reasonable time and expenses at Edgefolio’s then current professional services rates for any on site audit support or significant additional support beyond providing the materials described in Sub-Clause 8(a) (Assistance, Fees and Baseline Included Support) of this DPA and answering reasonable follow up questions.
Auditors may not remove or retain copies of Edgefolio Confidential Information except as strictly necessary to complete the audit.
(d)On-site audit as last resort: On-site inspections may be conducted only where:
(i)one of the triggers in Sub-Clause 9(a) of this DPA applies and Customer cannot reasonably satisfy its audit requirements through the materials referred to in Sub-Clause 9(a) of this DPA and remote review; or
(ii)required by a competent Supervisory Authority.
Any on-site audit will be limited to one Business Day unless otherwise agreed.
(e)Regulatory audits: Where a Supervisory Authority requires an audit or inspection relating to Personal Data Processed by Edgefolio, the Parties will reasonably cooperate. To the extent permitted by Applicable Laws, Edgefolio will provide Customer prompt notice of such request.
10.Notices
Notices: Notices under this DPA must be given in accordance with the notice provisions in the Terms and Conditions. In addition, Edgefolio may provide Sub-processor change notices under Clause 4 (Sub-processors) of this DPA via email and/or the Services.
Annex A — Description of the Processing
(a)Subject Matter: The Processing concerns Edgefolio’s provision, operation and delivery of the Services, including: (i) the hosting, storage, Processing, transmission, retrieval, and display of Personal Data within the Services; (ii) the maintenance and operation of secure digital infrastructure and functionality to support investment research and due diligence activities; (iii) the provision of transparent interaction history, activity records and related engagement insights through integrated audit trails and other in-product reporting features; (iv) the secure upload, access, sharing and exchange of information, documents and communications between participating fund managers, investors and prime brokers through the Services; and (v) support, troubleshooting, maintenance, updates, monitoring and security and integrity operations relating to the Services, including access management, logging, fraud/abuse prevention, vulnerability management, incident detection and response, and business continuity activities.
(b)Duration of Processing: For the term of the Agreement, plus the period from termination/expiration until deletion/return of Personal Data in accordance with Sub-Clause 3(g) (Deletion or return at end of Services period) of this DPA (including limited backup retention consistent with Edgefolio’s backup policies).
(c)Personal Data storage: Edgefolio does not guarantee storage of Personal Data except as required to provide the Services. Edgefolio may delete or archive Personal Data in accordance with its standard retention schedules and data‑management policies, and is not required to retain Personal Data (or make it available for export or retrieval) beyond such periods unless expressly agreed in writing.
(d)Nature and purposes of Processing: The nature and purposes of Processing comprise:
(i)service delivery: provision of the Services, including hosting, document exchange, and core platform functionality;
(ii)user management: administration, authentication, and secure access management;
(iii)engagement & transparency: delivery of interaction history, integrated audit trails, and engagement insights (processed by Edgefolio as an independent Controller);
(iv)security & integrity: monitoring, performance optimisation, and fraud prevention (processed by Edgefolio as a Processor for Customer Data and as an independent Controller for Usage Data);
(v)support & compliance: Customer support, troubleshooting, and adherence to applicable legal and regulatory obligations.
(e)Categories of Data Subjects: The categories of Data Subjects comprise:
(i)Customer’s employees, contractors, agents, and other personnel;
(ii)Customer’s authorised Users;
(iii)individuals whose Personal Data Customer uploads to or processes via the Services (as determined by Customer’s use of the Services).
(f)Types of Personal Data: The types of Personal Data are as determined and controlled by Customer, and may include:
(i)identity and contact information (name, business email address, telephone number, job title, employer);
(ii)account and authentication data (usernames, user IDs, access credentials tokens, login timestamps);
(iii)service interaction data (documents accessed, actions taken within the Services, audit trail entries) to the extent submitted by Customer or generated on Customer’s behalf as part of providing the Services;
(iv)communications and support content (support tickets, feedback, message content submitted through the Services);
(v)any other categories of Personal Data uploaded to the Services by or at the direction of Customer.
(g)Special Categories and Criminal Offence Data: Customer will not provide (and the Services are not intended for) special category data or criminal offence data. Edgefolio has no obligation to detect, monitor, or block the upload of prohibited data categories and will not be liable for Customer’s breach of this restriction.
(h)Processing operations: Processing operations comprise collection, recording, organisation, structuring, storage, adaptation/alteration, retrieval, consultation, use, disclosure by transmission, alignment/combination (as required for service delivery), restriction, erasure, and destruction of Personal Data.
Annex B – Technical and Organisational Security Measures
Edgefolio will maintain appropriate technical and organisational security measures,, which may include:
(i)access control & authentication: strong password policy, multi-factor authentication for administrative access and, where supported, user access; role-based access control, least privilege access;
(j)encryption:
(i)in transit: TLS 1.2 or higher;
(ii)at rest: encryption using industry-standard algorithms (e.g., AES-256) for data stored in cloud infrastructure;
(k)network security: firewalls, network segmentation/virtual networks, access control lists, and monitoring to prevent unauthorised access;
(l)physical security: hosting in reputable data centres (e.g., Microsoft Azure and/or Amazon Web Services) with industry standard security controls and certifications (e.g., ISO 27001 and/or SOC 2 or equivalent), as applicable to the hosting provider and services used;
(m)vulnerability management: regular vulnerability scanning and periodic penetration testing and remediation tracking;
(n)logging & monitoring: centralised logging and monitoring for security events and operational anomalies, with alerting and incident response procedures;
(o)business continuity & disaster recovery: regular backups and disaster recovery planning/testing designed to support service resilience and availability;
(p)personnel security: confidentiality agreements for personnel, background checks where appropriate and regular security and privacy training;
(q)incident response: documented incident response plan, including escalation, containment, investigation, remediation, and communications procedures.
For clarity, Edgefolio is not required to implement customer‑specific security controls, reports, or configurations unless expressly agreed in writing and subject to additional fees.