Last Updated: October 24, 2025

This document is incorporated by reference into the YouNegotiate® Creditor Member Terms & Conditions.

1. Scope

This document provides a high-level overview of data handling and security practices applicable to the YouNegotiate® platform.

It does not constitute a security guarantee, certification, or warranty.

2. Data Processing Role

H2H Technologies acts as a technology service provider processing data solely on behalf of the Member for the purpose of operating the platform.

Members control:

• Data submitted to the platform
• Account configurations
• Consumer communications

3. Payment Data

YouNegotiate® does not store raw payment card data.

Payment data is:

• Tokenized using secure third-party infrastructure (including Basis Theory)
• Transmitted directly to the Member’s merchant processor

H2H Technologies does not have access to full payment credentials.

4. Security Measures (High Level)

YouNegotiate® employs commercially reasonable security measures, which may include:

• Encrypted data transmission
• Access controls and authentication
• Audit logging
• Infrastructure monitoring

Specific security configurations may change over time.

5. Data Retention

Data retention is governed by:

• Member configurations
• Legal, audit, and compliance requirements

Limited data may be retained following termination as permitted by law.

6. No Certification Claims

Nothing in this document represents:

• PCI certification
• SOC certification
• Regulatory approval

Members remain responsible for their own compliance obligations.