Unless otherwise stated in this ISA, undefined, capitalized terms in this ISA will have the meanings set forth in the MSA. In the event of a conflict between this ISA and the MSA, the terms of this ISA will control with respect to the specific subject matter hereof.
1.1 Information Security Policy. Teragonia will maintain a written information security policy that: (i) defines the administrative, physical, and technological controls to protect the confidentiality, integrity, and availability of Customer Data; (ii) encompasses secure access, retention, and transport of Customer Data; (iii) provides for disciplinary or legal action in the event of violation of policy by Teragonia employees or subcontractors; and (iv) employs assessment, monitoring, and auditing procedures and systems to ensure Teragonia is compliant with its information security policy.
2.1 Encryption. Teragonia will encrypt all Customer Data in its possession, custody, or control while at rest. Teragonia will use AES 256-bit encryption or other industry best practice for key-based encryption protocol. Customer Data in transit will be encrypted using SSL/TLS.
2.2 Security Patches. Teragonia will deploy all applicable and necessary system security patches to all software and systems that process, store, or otherwise support the Services, including operating system, application software, database software, and web server software in accordance with industry best practices and in accordance with its own information security policies.
2.3 Malicious Code Scanning. Teragonia will utilize the Malicious Code scanning and protection software and features provided by its third-party data hosting providers to identify and protect against Malicious Code.
2.4 IT Systems. To the extent Services are provided to Customer by Teragonia utilizing Teragonia-owned hardware and software, Teragonia will protect its own information technology systems against Malicious Code and ensure that its connection to the Internet (including, without limitation, any platform or network used to provide the Services) is secure.
2.5 Access Control and Limiting Remote Access. Teragonia will secure computer systems used to provide Customer with the relevant Services or to store Customer data using white listing of IP addresses, access controls to protect against unauthorized access, and other relevant security controls. Teragonia will secure access to and from Customer’s version of Teragonia’s systems by disabling remote communications at the operating system level if no business need exists or by restricting access through management approvals, robust controls, logging, and monitoring access. Teragonia will identify computer systems and applications that reasonably warrant security event monitoring and logging, and reasonably maintain and analyze log files.
2.6 Audit Logs. Teragonia will record and keep Audit Logs for any access to Customer Data. Teragonia will retain such Audit Logs for 30 days. “Audit Log” means a time-based record of system activities to enable the reconstruction and examination of the sequence of events or changes in an event, including without limitation, who accessed a system and what operations the person has performed during a given period of time.
2.7 Data Segregation. If Customer selects dedicated hosting or a secure private cloud, Teragonia will not merge or combine Customer Data with any other data set and will maintain all Customer Data in segregated logical access restricted folders or systems. Notwithstanding the foregoing, Customer acknowledges that Teragonia’s email processing subcontractor may comingle Customer Data with other data for processing email requests and that any comingled data is temporarily stored in SOC 2 and GDPR-compliant data centers for the sole purpose of data retention policy compliance.
2.8 Labeling. Teragonia will use commercially reasonable efforts to limit the appearance of Customer Data on physical media, including paper documents. In any event, Teragonia will control and protect access to such physical media to avoid loss or damage thereof. Teragonia will ensure safe and secure storage, transfer, exchange, and disposal of all such physical media. If Customer Data is stored on media off-site for back-up purposes, such media will not include any visible label identifying or listing Customer’s name.
2.9 Server Location. Teragonia acknowledges and agrees that if it is necessary to host Customer Data in any other location, Teragonia must still comply with all applicable data protection laws, including without limitation those of the country to which and from which Teragonia may transfer Customer Data.
3.1 Access Limitations. Teragonia will restrict access to Customer Data only to those Teragonia personnel (employee, contractors, consultants, etc.) who have a need to know or otherwise access the data to enable Teragonia to perform its obligations under the Agreement, provided that (a) Teragonia has conducted reasonable security screening on such personnel with access to Customer Data; and (b) those personnel are bound by confidentiality obligations sufficient to protect Customer Data. Teragonia will be responsible at all times for its personnel’s compliance with Teragonia’s obligations under this ISA.
3.2 Security Training. Teragonia will provide regular training to relevant Teragonia personnel on security and privacy requirements applicable to Teragonia. Such training will occur at least annually and upon initial employment.
4.1 Subcontractor Management. Teragonia will require all subcontractors who have access to Customer Data to be bound by necessary and appropriate contractual obligations to protect the confidentiality and security of Customer Data. Teragonia will remain fully liable to Customer for the acts or omissions of Teragonia’s subcontractors for any breach of obligations hereunder.
5.1 Response. In the event of a Data Breach related to the Agreement or this ISA involving Teragonia or a Teragonia subcontractor, Teragonia will, without undue delay:
5.1.1 notify Customer of the Data Breach; and
5.1.2 provide Customer with such details as Customer reasonably requires regarding:
(a) the nature of the Data Breach, including the categories and approximate numbers of data records concerned;
(b) any investigations into such Data Breach; and
(c) any measures Teragonia has taken to prevent the re-occurrence of the Data Breach.
5.2 Updates. Teragonia may give Customer phased updates as additional information regarding the Data Breach becomes available to Teragonia and will provide reasonable cooperation and assistance to Customer in relation to any remedial action to be taken in response to a Data Breach
5.3 Notification. Teragonia will not notify any affected individuals of the Data Breach, absent Customer’s explicit instruction or as required by any law, rule, regulation, or binding court order to which Teragonia is subject.
6.1 Disaster Recovery Management. As a part of the Services, Teragonia will maintain a standard backup process for an orderly and timely recovery of the Technology Services and, to the extent controlled by Teragonia, Customer Data, in the event that the Services may be interrupted. Teragonia will maintain a backups on a four hour interval for at least the prior 72 hours that can be recovered upon reasonable notice and lead time at any point. Teragonia’s disaster recovery plan will be implemented with a recovery time objective of eight hours and a recovery point objective of four hours. Teragonia will perform a disaster recovery test on at least an annual basis.
7.1 Data Retention. Teragonia will retain Customer Data only so long as necessary to provide the Services or carry out obligations under the Agreement. Upon termination or expiration of the Agreement, Teragonia will (a) make available Customer Data to Customer for download upon request; and (b) dispose of all Customer Data in accordance with Section 7.2.
7.2 Data Disposal and Destruction. Following termination or expiration of the Agreement, and upon Customer’s written request, Teragonia will return or delete any Customer Data in its possession or control, unless further processing of Customer Data is required by Teragonia’s retention policies or applicable laws. To the extent that the return or destruction of Customer Data is impracticable or prohibited by applicable laws, Teragonia will take reasonable measures to prevent any further processing of Customer Data except to the extent necessary to comply with applicable laws or Teragonia retention policies, and Teragonia will continue to protect the security of Customer Data in accordance with the Agreement.
8.1 Regulatory Investigations and Requests. Teragonia will provide Customer with reasonable assistance and support in the event of an investigation by a data protection regulator or other governmental authority, if and to the extent that such investigation relates to the collection, maintenance, use, processing, or transfer of Customer Data by or on behalf of Teragonia. Should any regulatory body require or request a security audit or review, Teragonia will, with Customer’s involvement (including Customer’s attendance at any related meetings with federal, state, or other government officials) cooperate with any such audit or review. Without limiting the foregoing, Teragonia will provide to any such data protection regulator or other governmental authority, following reasonable notice, (a) access to Teragonia’s information processing premises and records; and (b) reasonable assistance and cooperation of relevant individuals for the purpose of complying with such audit or review.
8.2 Government or Law Enforcement Access Request. If Teragonia receives a request from any government, court, or law enforcement investigation or proceeding that Teragonia believes would require it to produce or disclose any Customer Data, then Teragonia will promptly and, to the extent legally feasible, prior to producing or disclosing such information, notify Customer in writing of such request, and reasonably cooperate with Customer if Customer wants to limit, challenge, or protect against the requested production or disclosure, to the extent permitted by applicable law or regulation.
8.3 Other Third-Party Access Request. Teragonia will, without undue delay, refer to Customer full details of all non-government and non-law enforcement third-party requests for access to Customer Data. Teragonia will not respond to any such third-party request unless required to do so under any law, rule, or regulation applicable to Teragonia or a subpoena or court order. To the extent Customer is unable to respond to a third-party request for access to Customer Data using information available through the Services, Teragonia will provide reasonable assistance to Customer (and procure that any relevant subcontractor does the same) in responding to a third-party request for access to Customer Data.
9.1 Auditing. Customer may request, and Teragonia will promptly provide, the most recent copy of the report on controls within Teragonia’s third-party data center’s systems under standards established by an authorized or recognized standard setting organization (such as the International Auditing and Assurance Standards Board, Statement on Standards for Attestation Engagements (SSAE) No. 16 (SOC 1, 2, or 3)).
10.1 Term & Survival. The term of this ISA commences on the Effective Date and will remain in effect until the later of (i) the termination or expiration of the MSA; or (ii) when all Customer Data is deleted from Teragonia’s systems.
“Data Breach” means, in connection with the Services, a breach of security leading to the unauthorized acquisition of Customer Data that compromises the security, confidentiality, or integrity of such Customer Data.
“Malicious Code” means any type of software, application, or program that is designed to cause unauthorized access to or intrusion upon, or otherwise disrupt, lock, or damage, computer equipment, software, or data (commonly referred to as a virus, worm, time bomb, Trojan horse, or spyware).
“Services” means those services that Teragonia provisions to Customer pursuant to the MSA, including but not limited to the Technology Services.
Our core analytics and AI platform drives informed decision-making with enhanced clarity and focus, and rapidly unlocks enterprise value
Core Features:
Integrate data from multiple source systems effortlessly
Critical for breaking down silos and creating a unified view
A secure, centralized cloud hub for all your data insights
Foundational for reliable decision-making and enterprise-wide alignment
Visualize complex data through easy-to-understand dashboards
Empowers leaders with actionable insights
Reverse ETL capabilities enriches your data and ensures your data flows exactly where it is needed for function teams to act on
Enables real-time, action-oriented data flow
BS International Business | American University of Paris
BS Computer Science | American University of Paris
Seasoned DevOps and infrastructure engineer with expertise in AWS, Kubernetes, and Terraform; led cloud migrations and scalable infrastructure projects at Sfara, FanDuel, and Kickstarter.
With over 15 years of experience in small and medium-sized startups, Scott is a seasoned expert in designing, optimizing, and maintaining robust, scalable, and secure infrastructure. He specializes in automation and embedding security from the ground up, consistently delivering reliable systems tailored to meet dynamic business requirements.
Prior to joining Teragonia, Scott made a significant impact at Sfara, where he built the company’s entire infrastructure from scratch. He engineered systems capable of supporting hundreds of thousands of users with seamless scalability, implemented automated development pipelines, and introduced observability tools to monitor and manage resources effectively. Additionally, Scott led the infrastructure team in achieving ISO27001 security certification, ensuring security was integrated into every aspect of the system and transforming it into a critical asset for business-to-business operations.
Beyond his technical expertise, Scott has a proven track record of managing and mentoring high-performing teams. As a Senior DevOps Engineer at FanDuel, he gained invaluable experience in scaling infrastructure and optimizing resources to support millions of daily users, aligning technological capabilities with organizational goals.
Master’s in Human Resources | University of Illinois
Bachelor’s in Management | Loyola University
Former Financial and Operations Manager at Houlihan Lokey, Golin Harris, and MSL Group.
Jack is a highly driven, cross functional professional with extensive experience in operations and administration.
Prior to joining Teragonia, Jack held financial and facilities management roles for Houlihan Lokey, MSL Group/Publicis, and Golin Harris in which managed and created processes and trainings for multiple functional areas ensuring operational and administrative procedures were well planned, efficient, cost-effective, and aligned with business objectives while ensuring initiatives, internal events as well as client events propelled employee and client engagement.
Jack holds undergraduate degrees from University of Illinois and Loyola University Chicago and has completed graduate certificates in Business Administration, Strategic Human Resources, and Operations at Cornell, CUNY-Buffalo, and University of Illinois and is in the process of completing a Master’s in Human Resources at Loyola University Chicago’s Quinlan School of Business.
MS Analytics | Georgia Institute of Technology
BS Management Information Systems | Oklahoma State University
Former analytics engineer at Cyderes and ConocoPhillips with a Master’s in Analytics from Georgia Institute of Technology and a Bachelor’s in Management Information Systems from Oklahoma State University
Mason is an Analytics Engineer with deep experience in data analytics, business intelligence, machine learning, and cybersecurity. He brings a proven track record of leading analytics engagements spanning architecture, insights, visualizations, and delivery.
Before joining Teragonia, Mason was a Senior Analytics Engineer at Cybersecurity MSSP CYDERES where he built a scalable, standardized, and secure analytics architecture for over 300 clients across many industries and consulted with them to deliver insights through bespoke data driven solutions. In addition, he managed the data delivery of the insight platform leveraged by the Security Operations Center to respond to incidents in a timely and effective manner.
Prior to joining CYDERES, Mason worked in ConocoPhillips’ Analytics and Innovation Center of Excellence holding varied roles within the Data Analytics organization from Data Engineering, to Business Intelligence, and Data Science. He delivered robust data solutions in all operating units for various functions including Engineering and Production, Finance, IT, and more. Including projects to standardize cost and production data across operating units.
Mason started his career at The Williams Companies in cybersecurity and transitioned to cybersecurity at ConocoPhillips where he found his passion for Data Analytics through SIEM management, detection engineering, and threat intelligence.
Bachelor’s in Finance & Accounting | Georgetown University
Former analytics engineer at Houlihan Lokey and financial analytics at JP Morgan Chase with a Bachelor’s in Finance & Accounting at Georgetown University
Grace is a seasoned analytics engineer with specialized expertise in crafting and implementing analytics solutions that drive agile, informed executive decisions in M&A and value creation for private equity-backed companies.
Before joining Teragonia, Grace was a part of the data science and business analytics team at Houlihan Lokey. She has excelled in harmonizing, enriching, and analyzing data from diverse sources, providing key insights that enabled private equity investors and portfolio company executives to make rapid, data-driven decisions across the investment lifecycle. She has developed novel analytics solutions, including deal sourcing and evaluation tools for platform investments that employ a buy-and-build or de novo growth strategy, as well as post-close value creation and KPI reporting tools for operators and management teams.
Grace has also worked at JPMorgan Chase & Co. in the Global Finance and Business Management rotational program, where she built analytics solutions to evaluate banker attrition and KPI reporting within the Global Private Bank.
