Terms and Conditions

LOTLY SOFTWARE LLC ("Lotly") PROVIDES ACCESS TO ITS SERVICES (DEFINED BELOW) SOLELY UNDER THE TERMS SET FORTH IN THIS AGREEMENT (THE "AGREEMENT"), AND ON THE CONDITION THAT YOU ("YOU" OR "CUSTOMER") AGREE TO AND COMPLY WITH THESE TERMS. PLEASE REVIEW THIS AGREEMENT CAREFULLY. BY CLICKING "I ACCEPT," EXECUTING OR SUBMITTING AN ORDER FORM, OR BY ACCESSING OR USING ANY LOTLY SERVICES, YOU: (A) ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS AGREEMENT, INCLUDING ANY INCORPORATED DOCUMENTS, POLICIES, OR TERMS; (B) AFFIRM THAT YOU ARE AT LEAST 18 YEARS OLD (OR OF LEGAL AGE IN YOUR JURISDICTION); AND (C) IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF AN ORGANIZATION, REPRESENT THAT YOU HAVE AUTHORITY TO BIND THAT ENTITY TO THESE TERMS.

Definitions

  • Applicant A person applying to rent or currently renting a property using Lotly's services.
  • Applicant Data: Any information submitted by or about the Applicant through Lotly.
  • Applicant Screening Reports or Reports: Any reports provided via the Services for Applicant screening.
  • Documentation: User guides, manuals, and supporting materials provided by Lotly.
  • Effective Date: AThe date defined in the applicable Order Form.
  • Lotly Data: All data collected through Lotly’s services including but not limited to usage metrics, Applicant Data, and Reports.
  • Lotly's Recommendation: Lotly’s screening service and property manager interface, tailored to Customer’s provided screening criteria.
  • Lotly Fees: Charges due to Lotly as stated in an invoice or Order Form.
  • Property Manager Dashboard: Lotly’s online portal provided to Customers for application and workflow management.
  • Services: Lotly’s suite of services and technology supporting rental application processing, including Applicant Screening Reports, Lotly's Recommendation, the Property Manager Dashboard, Lotly's Full Suite, Pet Verification, and Termwise.
  • SOP: Screening criteria and rules set by the Customer used to customize Report output.
  • Authorized User: An individual authorized to access and use the Services under Customer’s account.

1. Services

This Agreement governs all Services provided under any mutually executed Order Form. Lotly grants the Customer a non-transferable, non-sublicensable, limited license to access and use the Services as specified in such Order Form for the duration of the Order Form and for Customer's internal business purposes only.

Customer Services Include (if applicable under an Order Form):

  • Lotly's Recommendation: If enabled via an applicable Order Form, Lotly shall provide its Recommendation service for the purpose of assisting Customer in determining an Applicant's housing eligibility, along with access to the Property Manager Dashboard ("Applicant Screening"). Lotly's Recommendation may include, if applicable and aligned with Customer's SOP, sending adverse action notices, performing individualized assessments, and handling any mitigating details or appeals submitted by or on behalf of an Applicant. All final application decisions remain the sole responsibility of the Customer.
  • Lotly's Full Suite: If enabled via an applicable Order Form, Lotly shall provide automated workflow tools and a screening recommendation center within the Property Manager Dashboard ("Recommendation Center"). Lotly's Full Suite includes, among other features, support for issuing adverse action notices, performing individualized assessments, and managing Applicant-submitted appeals or supporting information in accordance with the Customer's SOP. The Customer retains full responsibility for all final determinations on applications.
  • Pet Verification: If this service is enabled, Lotly will make reasonable efforts to gather and verify necessary information regarding an Applicant's pet(s), consistent with applicable law and Customer's SOP.
  • Enhanced Housing History: If enabled, Lotly will use reasonable efforts to verify an Applicant's past rental history, consistent with Customer-provided SOPs and applicable legal standards.
  • Reporting: Lotly includes standard analytics within its Services as outlined in its data feed. If Customer requests customized reports, the parties may agree on their scope and associated costs.
  • Renter Services: Lotly and Customer may jointly agree to provide certain services to Applicants via third-party providers ("Renter Services"). Any such services may carry their own terms and conditions. Lotly shall not be held liable for Renter Services provided by third parties.

2. Customer's Use of the Services

Account Creation. In addition to executing this Agreement and any related Order Form, each Authorized User must establish an account to access the Property Manager Dashboard. The applicable Order Form will set forth any associated fees and the Services provided.

Customer Responsibilities. Customer agrees to: (a) ensure all Authorized Users comply with this Agreement; (b) take reasonable steps to prevent unauthorized access to or use of the Services and promptly notify Lotly of any such incidents; (c) use the Services only in accordance with the Documentation and all relevant laws; and (d) maintain a website privacy policy compliant with applicable laws. Customer also represents and warrants that Applicant Data will be used solely for evaluating Applicants for tenancy at properties it owns or manages. Customer is fully responsible for activity conducted through its account or any Authorized User account.

Customer consents to provide Lotly with necessary records or documentation as required to meet the compliance needs of (a) upstream consumer reporting agencies, (b) Lotly, or (c) applicable legal obligations, within ten (10) business days of Lotly’s written request, unless an expedited timeline is specified. Customer may be subject to one annual remote or onsite review of its security and compliance practices by Lotly or its designee, provided that: (a) Lotly gives reasonable prior notice, (b) such reviews occur during standard business hours and are not unreasonably disruptive, and (c) the review is limited to information relevant to Lotly. Customer further acknowledges that access and compliance requirements may evolve, and agrees that adherence to such updated requirements may be necessary to maintain service continuity.

Lotly is not liable for: (i) Customer’s decision to accept or reject any Applicant, even where Lotly’s Full Suite is used in accordance with Customer's SOP; (ii) any resulting rental or non-rental of property; (iii) lease terms; or (iv) the results or accuracy of Pet Verification data.

Use Restrictions. Customer shall not, directly or indirectly, or through its agents or Authorized Users: (a) share or provide Services to any entity or individual other than the Customer, Applicants, or its Authorized Users; (b) resell, lease, or sublicense the Services or make them part of any third-party service; (c) use the Services to transmit unlawful, infringing, or harmful content; (d) transmit malicious software or code through the Services; (e) interfere with the functioning or integrity of the Services or any data therein; (f) attempt unauthorized access to the Services or related networks; (g) bypass any contractual usage limits; (h) copy or replicate any portion of the Services or their user interface; (i) frame or mirror any part of the Services, other than for internal business use; (j) use the Services to develop competing software or services; (k) reverse engineer, decompile, or disassemble the Services; (l) use or store the Services outside of the U.S.; or (m) permit access to the Services through systems outside of Customer operations.

Service Updates. Lotly may offer updates, fixes, or enhancements ("Updates") to the Services to its customers from time to time at no extra cost. These Updates become part of the Services and are governed by this Agreement. Lotly is not obligated to provide any such Updates and may enhance or modify the Services at its sole discretion.

Third-Party Data Providers. Customer acknowledges that the Services may rely on or interact with APIs, data sources, systems, and other offerings maintained by third parties ("Third Party Services"). In some cases, Customer may need to enter into separate agreements or provide credentials to these third parties. Customer is solely responsible for complying with any such terms. By directing Lotly to access or transmit data via Third Party Services, Customer authorizes Lotly to act as its agent. Lotly makes no warranties about, and disclaims any responsibility for, data or performance associated with Third Party Services. All such data exchanges are governed solely by Customer’s agreements with the third-party providers.

3. Customer Certifications and Acknowledgements

Use of Applicant Screening Reports. Customer represents and warrants that it has all required authorizations to access or transmit information through the Services, including through Third Party Services, and will use Applicant Screening Reports exclusively for evaluating rental applications for properties it owns or manages. Neither Customer nor its employees, agents, or Authorized Users may request Reports about themselves, family members, or acquaintances, or otherwise outside of lawful business need. Customer is responsible for initiating or overseeing any legally required adverse action notifications when Reports are used in application decisions.

All final decisions regarding whether to rent to an Applicant, evaluation of supporting information, identity matching, adverse action determinations, and application of Customer screening criteria are the sole responsibility of the Customer.

Legal Acknowledgements. Customer confirms it has received and understands the following required documents: "Notice to Users of Consumer Reports, Obligations of Users," the "Summary of Your Rights Under the Fair Credit Reporting Act," and the "Identity Theft Summary of Rights."

State-Specific Requirements:

  • California: Customer certifies compliance with the California Credit Reporting Agencies Act and the California Investigative Consumer Reporting Agencies Act, including obtaining proper consumer consent and delivering compliant adverse action notices.
  • Massachusetts: For Massachusetts iCORI requests, Customer certifies it obtained written consumer authorization, complies with all applicable federal and state credit reporting laws, and will not misuse iCORI data.
  • Vermont: For Vermont applicants, Customer certifies it complies with the Vermont Fair Credit Reporting Statute, including obtaining prior consumer consent per VFCRA §2480e.

Workflow Design Certification. Customer acknowledges that it is solely responsible for ensuring that its use of the Services, Reports, and data complies with all applicable state and federal laws, including the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act (FCRA), and that Lotly makes no representation as to compliance.

Criminal and Eviction Data Accuracy. Customer understands that, due to the limitations of public record data, some matches may be inaccurate. Customer agrees to verify any Report results before taking adverse action.

Adjudication Messaging. Customer acknowledges that any Report messages relating to criminal history (e.g., “arrest found, does not meet criteria”) are based solely on Customer’s SOP and screening policy. Customer assumes full responsibility for decisions made based on such messages and for communicating adverse decisions to Applicants. Communications must clarify that decisions are based on internal policy and must not attribute decision-making to Lotly.

One-Time Use and Confidentiality. Reports may only be used once, must be held in strict confidence, and may not be shared outside the application process except as required by law. If Reports are shared with a third party for legal or audit purposes, Customer must first obtain the third party’s agreement to maintain compliance with applicable laws and the confidentiality of the data.

Document Retention. Customer agrees to retain all required consumer authorizations, adverse action letters, government-issued IDs, and application forms for at least five (5) years and to make these documents available to Lotly, its vendors, or designees upon request.

Security and Incident Notification. Customer must implement and maintain a written information security program with appropriate administrative, technical, and physical safeguards. These safeguards must align with the requirements of 16 C.F.R. § 314.4. In the event of a suspected or reportable breach involving Lotly data due to Customer’s systems or personnel, Customer agrees to notify Lotly immediately, take all legally required steps, notify affected consumers and regulators, and offer free credit monitoring. Lotly reserves the right to take over these obligations and to seek indemnification.

FCRA Compliance. Knowingly obtaining consumer data under false pretenses or without a valid purpose may result in criminal penalties under the FCRA and Title 18 of the U.S. Code.

Ownership. Lotly and its licensors retain all ownership and intellectual property rights in the Services, including Applicant accounts and any system enhancements. If Customer submits feedback or suggestions about Lotly’s Services, Customer grants Lotly a perpetual, royalty-free, global license to use such feedback in any manner.

4. Term and Termination

Term. This Agreement becomes effective as of the Effective Date outlined in the applicable Order Form and shall remain in effect for an initial term of twelve (12) months ("Initial Term"), unless a different term is stated in the Order Form. Thereafter, the Agreement will automatically renew for successive twelve (12) month periods (each a "Renewal Term"), unless properly terminated under this section.

Termination.

Termination for Convenience. Either party may terminate this Agreement, including any active Order Forms, by delivering written notice to the other at least sixty (60) days prior to the intended termination date (the "Transition Period").

Termination for Breach. Either party may immediately terminate this Agreement if the other materially breaches any provision, provided that if the breach is curable, written notice must be given and the breach must not be cured within twenty (20) days.

Effect of Termination. Upon termination or expiration: (a) all Order Form Terms and Service rights granted to Customer will cease; (b) Customer may export its data and Applicant Screening Reports from the Property Manager Dashboard during the Transition Period; (c) Lotly will disable access to the Services and may delete Customer Data and Applicant Screening Reports after the end of the Transition or Export Period; (d) any ongoing post-termination support requested by Customer may incur additional fees and be subject to new terms. Customer will have sixty (60) days from the date of termination (the “Export Period”) to retrieve its data. If Customer has not accessed the Services for ninety (90) consecutive days (“Inactive Period”), Lotly may deem the account inactive and data may not be available after sixty (60) days post-Inactive Period. Any provision of this Agreement that, by nature or context, should survive termination will remain in effect, including Sections 1, 3–13.

Change of Address or Ownership. Customer agrees to notify Lotly within ten (10) business days of any change in business address or location. In the event of any change in ownership or control, Customer shall provide written notice to Lotly thirty (30) days in advance. Customer remains liable for all activity and fees incurred under its account until Lotly acknowledges the change. Any new owner or control entity may be subject to credentialing and Lotly is not obligated to extend Services to successors.

5. Fees

Application Fee. Customer appoints Lotly as its agent for accepting Application Fees paid by or on behalf of Applicants in connection with Services. The Application Fee amount is set by the Customer through the Lotly Portal. Lotly will retain its agreed fee (as specified in the Order Form) and remit the remaining balance to the Customer (the "Customer Fee"). If the Application Fee is less than Lotly’s agreed fee, Lotly will invoice the Customer for the shortfall, to be paid per Section 5(e).

Additional Applicant Screening Reports. If Customer exceeds the subscribed number of Reports stated in the Order Form, Lotly will invoice the Customer for the overage. Payment is due in accordance with Section 5(e).

Implementation Fee. If included in the Order Form, Customer will pay Lotly a one-time setup fee. This fee will be invoiced and must be paid per the payment terms in Section 5(e).

Pet Verification Fee. For accounts utilizing Pet Verification, Lotly may charge Applicants a Pet Verification fee as specified in the Order Form. Lotly reserves the right to adjust this fee at any time.

Customer Payment Obligations. Customer agrees to remit payment for all invoiced Lotly Fees in accordance with terms in the applicable Order Form or invoice. Payment is due within thirty (30) days of the invoice date. If a payment attempt fails for any reason (e.g., expired card or insufficient funds), Customer remains responsible for the outstanding balance. Overdue payments accrue interest at 1.5% monthly or the highest lawful rate, whichever is lower, and Lotly may suspend Services until the account is current. Customer shall reimburse Lotly for any reasonable collection-related costs, including legal fees.

6. Confidentiality

Definition. "Confidential Information" means all non-public business, technical, or financial data disclosed by one party to the other, regardless of format or method of disclosure, that should reasonably be understood to be confidential based on its nature or the context of disclosure.

Obligations. Both parties agree to: (a) protect the other’s Confidential Information with the same degree of care as they use for their own, but at least with reasonable care; (b) use Confidential Information only as permitted by this Agreement; and (c) restrict disclosure to employees, contractors, consultants, or advisors ("Representatives") on a need-to-know basis, provided those Representatives are under obligations to maintain confidentiality.

Each party remains liable for any misuse by its Representatives. These confidentiality obligations continue throughout the Term and for five (5) years thereafter.

Exclusions. Confidentiality obligations do not apply to information that: (i) becomes public through no fault of the receiving party; (ii) was lawfully known to the receiving party without obligation of confidentiality; (iii) is independently developed without use of the other party’s Confidential Information; or (iv) is disclosed under legal order, provided the disclosing party is given an opportunity to contest such disclosure.

7. Data

Lotly Data. As between Lotly and Customer, Lotly retains all ownership rights in any data generated through operation of the Services, including performance metrics, usage analytics, Applicant Data, and Screening Reports ("Lotly Data").

Customer Data. “Customer Data” refers to data submitted by Customer through the Services. Customer grants Lotly a license to use, modify, process, and reproduce Customer Data as needed to provide the Services and operate its business. Customer affirms that it has all necessary rights to provide such data, and Lotly disclaims all responsibility for its accuracy or legality.

Lotly will not share Customer Data in a way that identifies Customer unless: (i) with Customer’s consent; (ii) to Lotly’s subcontractors or service providers assisting in service delivery; or (iii) required by law.

Customer is responsible for maintaining data confidentiality and for all activity performed under its access credentials. Lotly may use de-identified, aggregated data derived from Customer Data (“Aggregated De-Identified Data”) for lawful business purposes, including improving or marketing its Services. Aggregated De-Identified Data will not identify Customer or its Applicants.

8. Indemnification

Mutual Indemnification. Each party (the “Indemnifying Party”) agrees to defend, indemnify, and hold harmless the other party and its affiliated entities, officers, directors, employees, agents, and representatives (the “Indemnified Parties”) against any third-party claims, damages, losses, liabilities, costs, or expenses (including reasonable attorney’s fees) that arise out of or relate to the Indemnifying Party’s breach of this Agreement or its negligence or willful misconduct. These obligations do not extend to Services provided under Lotly's Full Suite unless Lotly clearly violated the Customer’s documented SOP.

Customer Indemnity. Customer agrees to indemnify and defend Lotly and its affiliated Indemnified Parties against any third-party losses resulting from: (a) Customer’s breach of this Agreement; (b) Customer’s failure to comply with applicable law, including housing and screening regulations such as the FCRA, ADA, or FHA; (c) any use or misuse of Customer Data or Applicant Data by Customer or its agents; or (d) any decisions made by Customer regarding leasing, including whether to approve, deny, or set the terms of a lease.

Lotly Indemnity. Lotly will indemnify and hold harmless Customer and its Indemnified Parties against claims that Customer’s permitted use of the Services infringes on a third party’s intellectual property rights, including patents, copyrights, trademarks, or trade secrets (each an “Infringement Claim”).

Lotly’s Right to Remedy. If an Infringement Claim arises or is likely to arise, Lotly may, at its option and at no cost to Customer: (a) secure Customer’s continued right to use the Services; (b) replace or modify the Services so that they are non-infringing and materially similar; or (c) if neither option is commercially reasonable, terminate the Agreement and refund any prepaid fees for the remaining term.

Exclusive Remedy. This Section 8 states Lotly’s complete and exclusive obligation and Customer’s sole remedy for any claim of intellectual property infringement.

Indemnification Procedures. The Indemnifying Party may not settle any claim without the Indemnified Party’s prior written consent unless the settlement unconditionally releases the Indemnified Parties. If the Indemnifying Party does not fulfill its defense obligations, the Indemnified Party may assume control of the defense at the Indemnifying Party’s cost. Indemnification requires that the Indemnified Party promptly notifies the Indemnifying Party of any claims, allows full control of the defense, and cooperates as reasonably requested.

9. Representations and Warranties; Disclaimers

Lotly Warranties. Lotly represents and warrants that the Services will be delivered in a professional and competent manner in accordance with industry standards. If Lotly fails to meet this standard, Customer's sole remedy is for Lotly to either re-perform the deficient Services or refund fees paid for the affected Services.

Mutual Warranties. Each party represents that: (a) it has the legal authority to enter into and perform under this Agreement; and (b) it will comply with all applicable laws and regulations in performing (Lotly) or using (Customer) the Services.

Disclaimer. EXCEPT AS EXPRESSLY STATED HEREIN, AND TO THE MAXIMUM EXTENT PERMITTED BY LAW, LOTLY PROVIDES THE SERVICES “AS IS” AND “AS AVAILABLE,” WITHOUT ANY WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, OR ACCURACY. LOTLY DOES NOT GUARANTEE THAT THE SERVICES WILL OPERATE ERROR-FREE OR BE AVAILABLE AT ALL TIMES, NOR THAT ERRORS WILL BE FIXED. CUSTOMER ASSUMES ALL RISK FROM THE USE OF THE SERVICES.

10. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY NOR THEIR AFFILIATES OR SUPPLIERS SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR DATA) ARISING FROM OR RELATED TO THIS AGREEMENT OR THE SERVICES, EVEN IF ADVISED OF THE POSSIBILITY. LOTLY’S TOTAL AGGREGATE LIABILITY FOR ANY CLAIM SHALL NOT EXCEED THE LESSER OF (I) THE FEES PAID OR PAYABLE BY CUSTOMER TO LOTLY IN THE TWO (2) MONTHS PRIOR TO THE CLAIM OR (II) FIVE THOUSAND DOLLARS ($5,000). THIS SECTION REFLECTS A FAIR ALLOCATION OF RISK.

11. Marketing

Customer grants Lotly a limited license to display Customer's name and logo in customer lists, on Lotly's website, and in marketing materials. Customer may also be asked to participate in case studies, and agrees to reasonably cooperate when requested.

12. Governing Law and Arbitration

This Agreement is governed by the laws of the State of California, excluding conflict of law rules. Any disputes shall be resolved by binding arbitration conducted in English in Placer County, CA, under the JAMS Streamlined Arbitration Rules. One arbitrator with experience in commercial and IP disputes will be selected. Judgment on the arbitration award may be entered in any competent court. Notwithstanding the foregoing, Lotly may seek injunctive or equitable relief in court as needed.

13. Miscellaneous

Relationship of the Parties. The parties are independent contractors. This Agreement does not establish any joint venture, partnership, agency, employment, or fiduciary relationship. Neither party has authority to bind or act on behalf of the other.

Assignment. Neither party may assign its rights or obligations without written consent of the other, except in connection with a merger, acquisition, or sale of substantially all assets. This Agreement binds and benefits each party and its successors.

Amendments and Waivers. Changes to this Agreement must be in writing and signed by both parties. A failure to enforce any provision does not constitute a waiver of future enforcement.

Force Majeure. Neither party is liable for delays or failures caused by events beyond its reasonable control, such as natural disasters, war, labor strikes, or utility outages.

Notices. All notices must be in writing and may be delivered by personal service, certified mail, or email to the receiving party’s last known address. Notices are effective upon delivery.

Severability. If any term is found unenforceable, it will be modified to reflect the parties’ intent, and all other terms will remain in effect.

Entire Agreement. This Agreement, including all incorporated Order Forms and Documentation, represents the complete understanding between the parties and overrides all prior discussions or agreements.

Electronic Signature. Digital signatures included with this Agreement are valid and carry the same legal weight as handwritten signatures.

EXHIBIT A: Passthrough Terms

Customer understands and acknowledges that reports may contain data from the Death Master File as distributed by the Social Security Administration. Because the use of deceased indicators or flags is limited to legitimate fraud prevention or bona fide business reasons, Customer agrees not to take any adverse action against any consumer based solely on such indicators without performing further investigation to confirm the accuracy of the deceased status.

Customer acknowledges that Lotly will only permit access to the Services if Customer completes and meets all applicable credentialing requirements.

The parties agree that Incode will process Applicant Data solely for the purpose of providing Services under this Agreement. However, Customer understands and consents that Incode may also use the Applicant Data to (i) provide the Services and (ii) generate aggregated, anonymized data ("Incode Aggregated Anonymous Data") for its internal business use, including improvement, testing, and operation of its services. "Incode Aggregated Anonymous Data" refers to data collected or generated by Incode that is anonymized and aggregated such that it cannot reasonably be linked to any individual. Customer is solely responsible for obtaining proper end-user consent for these purposes.

EXHIBIT B: Information Security Addendum

General. Lotly ("Company," "we," or "our") values the protection of sensitive information and has implemented an Information Security Program ("Program") as described in this Addendum. The goal of the Program is to ensure the secure handling of personally identifiable and sensitive information associated with Company's operations, customers, and partners ("Sensitive Information").

Definitions.

  • "Data Incident" means any unauthorized access to or acquisition, disclosure, use, or loss of Sensitive Information due to a breach or compromise of Company Systems.
  • "Privacy and Security Requirements" include all applicable laws and regulations, as well as industry standards relating to the confidentiality, integrity, and security of Sensitive Information.
  • "Security Coordinator" is a designated manager responsible for implementing, maintaining, and coordinating the Program.
  • "Company Systems" are the Company's technology infrastructure and devices that store, process, or transmit Sensitive Information.

Sensitive Information Includes:

  • Personally identifiable data (e.g., name, address, SSN, DOB, government ID numbers, account information).
  • Confidential financial, business, legal, and technical information obtained or developed by Lotly.

Security Program Overview. Lotly shall maintain an administrative, physical, and technical safeguards framework to protect Sensitive Information. This includes:

  • Secure credential management and access control.
  • Limiting access to authorized personnel with a legitimate business need.
  • Continuous monitoring for threats and unauthorized access.
  • Firewalls, antivirus, and security patching.
  • Ongoing employee training and awareness programs.
  • Annual and event-based risk assessments and Program updates.

Access Control.

  • Access to Company Systems is based on a need-to-know basis.
  • All systems and data resources are protected with role-based controls.
  • Physical access to storage locations is limited to authorized personnel.

Monitoring and Protection.

  • Systems are monitored for unauthorized access and usage.
  • Support technicians maintain systems and respond to incidents.
  • Malware protection is applied to all systems, including remote work devices.
  • Systems are regularly backed up.

Program Evaluation.

  • Lotly conducts regular assessments to ensure compliance with evolving risks, technologies, and business changes.
  • Changes to the Program are communicated to personnel.

Personnel and Vendors.

  • Lotly ensures proper oversight of personnel and vendors handling Sensitive Information.
  • Vendors are assessed for adequate security capabilities.
  • Terminated personnel lose access promptly and must return all Company property.

Data Incidents.

  • Lotly's Security Coordinator investigates incidents and coordinates responses.
  • Incident response may include adjustments to business practices and system protections.
  • Incident reviews and mitigation actions are documented and reported to management.

Secure Return or Disposal.

  • Sensitive Information is returned or securely destroyed when no longer needed, in compliance with applicable laws and standards.

Sign up for our mailing list

Stay posted on new products, discounts, and news.

mail
Disclaimer: By submitting your email you agree to our privacy policy and agree to receive emails from Lotly.