Trulioo Secure File Transfer Policy – External Policy Overview This policy covers the storage and transmission of data moving from Trulioo to external partners, and data coming from external partners into Trulioo systems.Trulioo utilizes Citrix ShareFile to facilitate the sharing of data with business partners. This system allows Trulioo and its partners to share large volumes of data in a convenient, reliable, and secure manner. Policy Due to the sensitivity of the information handled by Trulioo, Trulioo adheres to the highest standards of information security, and information classified ‘Restricted’ should never be entrusted to email. Non-secure transfer mechanisms The following channels are not adequately secured and should never be used to transfer Restricted or Confidential information: Slack (external channels to facilitate communication with partners should be reserved for day-to-day discussion and should not be used to share contracts, data partner information, PII, business strategic plans, or any details related to Trulioo’s technical architecture. Other ‘social media’ forms of communication, such as Telegram, LinkedIn – these are likewise not secure and should not be used to share contracts, data partner information, PII, business strategic plans, or any details related to Trulioo’s technical architecture. Access to secure file sharing software Trulioo provisions accounts for clients in an approved secure file-sharing system (Citrix Sharefile) on an as-needed basis, providing credentials and support via normal support channels.All data uploaded to ShareFile resides in SSAE 16 type 2 certified data centres with strong physical, logical, and administrative access controls. Where personal information from EU residents must be transferred outside the EU, Sharefile relies on Standard Contractual Clauses as their transfer mechanism. Encryption requirement Files are encrypted in transit using TLS 1.2 with 128-bit encryption or stronger depending on end user browser configuration.Files are encrypted at rest using AES 256-bit encryption. All files are also stored redundantly. Transmission of Personally Identifiable Information (PII) PII may only be transmitted via ShareFile; it may never be transmitted via email. If you are unsure if the information that you wish to transfer includes PII, please see some common examples of PII below, or direct your inquiry to your Technical Account Manager.Examples of PII include: A person’s name and photograph Mobile device ID A person’s email A person’s IP address A person’s name and address If a partner is unable to access Sharefile due to filesharing services being blocked by their company, PII must be sent in an encrypted ZIP file. Securely sharing data with Trulioo – user verification Before beginning this process, we require the following information from the person who will be sending the data to Trulioo: First and last name Company name Email address Securely sharing data with Trulioo – user set-up Users will receive two emails from ShareFile Email #1 will contain new account creation information and a link to set up the user Trulioo ShareFile account Email #2 will contain a link to the secure folder where the user can place the data being shared with Trulioo. This link will only be active for 1 week The first time you log into ShareFile the user will be required to set up a new password Follow the link in the second email, log in using the password set, and upload the files to the secure folder If additional time is needed to upload the files, contact your Technical Account Manager to have a new folder access link generated for you Who to contact Please direct any questions regarding this activity, or requests for assistance in carrying it out, to your Technical Account Manager or to [email protected]. References Acceptable Use Policy Copyright © 2021 Trulioo Information Services Inc. All rights reservedTrulioo believes the information in this publication is accurate as of its publication date. The information contained in this publication is subject to change without notice.THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” TRULIOO INFORMATION SERVICES MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.No part of this document may be reproduced without the express written consent of Trulioo Information Services Inc.