Email Security and Acceptable Use Policy

1.0 Overview

Electronic Mail (aka email) is now used in all industry verticals as a major communication, awareness and promotional method. At the same time, misuse of email can post many legal, privacy and security risks, thus it’s important for users to understand the appropriate use of email communications.

2.0 Purpose

The purpose of this email security policy is to ensure the proper use of Waybetter Marketing, Inc (Waybetter) email system by employees, customers and business associates, and make users aware of what Waybetter deems as acceptable and unacceptable use of its email system. In addition, this policy includes a discussion on Waybetter email platform and transmission security.

3.0 Scope

This policy covers appropriate and secure use of any email sent from a Waybetter email marketing infrastructure and applies to all employees, customers vendors, and agents operating on behalf of Waybetter.

4.0 Policy

1. All use of email must be consistent with Waybetter policies and procedures of ethical conduct and safety and be in compliance with applicable laws and proper business practices.

2. Waybetter email infrastructure should be used primarily business-related purposes associated with Waybetter or its customers. Any personal communication or communication promoting any competitor of Waybetter are prohibited.

3. All Waybetter data contained within an email message or an attachment must be secured according to Waybetter Data Encryption Policy. Details of security and encryption are addressed in Section 5 titled Security and Encryption below.

4. The Waybetter email system shall not to be used for the creation or distribution of any disruptive or offensive messages, including offensive comments about race, gender, hair color, disabilities, age, sexual orientation, pornography, religious beliefs and practice, political beliefs, or national origin. Employees, vendors, agents of Waybetter who come across any emails with this type of content from any Waybetter email infrastructure must report the matter to Waybetter operations team immediately. A complete list of prohibited content is detailed in the section 5 titled Compliance below.

5. Waybetter employees shall have no expectation of privacy in anything they store, send or receive using the company’s email system.

6. Waybetter may monitor messages without prior notice, and contact individuals for compliance related discussions. However, Waybetter is not obliged to monitor every email message sent through its systems.

5.0 Security and Encryption

1. All email must claim to originate from an address at a domain that is currently registered to the user, under the users’ control, or the users have permission to transmit on behalf-of the owners of the domain.

2. In order to secure the domain associated with the “From Email Address” of the emails, the domain(s) must be identified by using a Sender Policy Framework (SPF) record in the Domain Name Service (DNS) of the particular domain. Waybetter operations team will provide instructions for SPF record setup if necessary.

3. Waybetter recommends digitally signing every email being sent from their system using Domain Key Identification (DKIM). This allows the emails to be securely delivered to their destination email addresses. Waybetter operations team will provide instructions for DKIM record set up if necessary.

4. Waybetter email service sends all the emails using TLS encryption if the receiving mail server supports it.

6.0 Compliance

1. NO MISSION CRITICAL OR HIGH RISK USE. The service is not designed, intended, or authorized for use in any mission critical, emergency, life-saving or life sustaining systems, or for any other application in which the failure of the service could lead to personal injury or death, or to physical or environmental damage.

2. ABUSE. You may not use Waybetter network or services to engage in, foster, or promote illegal, abusive, or irresponsible behavior, including but not limited to:

   1. Interference with service to any user of the Waybetter (or any other) network including, without limitation, mail bombing, flooding, deliberate attempts to overload a system, and transmitting computer viruses and Trojan horses.

   2. Collecting or using email addresses, screen names or other personal identifiers and related information without the consent of the person identified or the owner of the information.

   3. Probing, scanning, penetrating, reverse-engineering or testing the vulnerabilities of a Waybetter network, service, system or device to breach, attempt to breach or collect information about security or authentication measures, or any similar or related activity, without Waybetter's express written consent.

   4. Any conduct that causes or is likely to result in retaliation against the Waybetter network or website, or employees, officers or other agents, including but not limited to engaging in behavior that results in any server being the target of a Distributed Denial of Service (DDoS) attack.

   5. Any conduct that is deemed abusive or malicious as determined by the sole discretion of Waybetter.

3. PROHIBITED CONTENT. Waybetter network or email distribution systems may not be used to publish, transmit or store any content or links associated with the following:

   1. Constitutes, depicts, fosters, promotes or relates in any manner to adult oriented material or activity including but not limited to pornography.

   2. Excessively violent, incites violence, threatens violence, or contains harassing content or hate speech.

   3. Creates a risk to a person’s safety or health, creates a risk to public safety or health, compromises national security, or interferes with an investigation by law enforcement.

   4. Activities associated with terrorism.

   5. Exposes trade secrets or other confidential or proprietary information of another person without explicit permission.

   6. Infringes on another's copyright, trade or service mark, patent, or other property right.

   7. Promotes illegal drugs, violates export control laws, or illegal arms trafficking.

   8. Is otherwise illegal or solicits conduct that is illegal under laws applicable to Waybetter, its customers and business partners.

   9. Is otherwise malicious or fraudulent, as determined by the sole discretion of Waybetter.

   10. In addition, Waybetter, in conjunction with their services infrastructure partners, have determined that certain types of Emails generate higher than normal abuse and feedback loop complaints, and in order to protect the reputation of our network and to achieve the highest rates of deliverability for all of our customers, we are unable to allow emails being sent with the following contents:

       1. Payday loans (short term unsecured loans)

       2. Debt collection

       3. Debt consolidation and reduction

       4. Credit repair

       5. Tax relief programs

       6. Online Gambling

       7. Get rich quick, Ponzi, or pyramid schemes, investment opportunities

       8. Work from home or make money online opportunities

       9. Day trading or penny stocks

7.0 Classification

1. ALL EMAILS

   1. Must comply with all applicable laws and regulations including but not limited to CAN-SPAM (Controlling the Assault of Non-Solicited Pornography And Marketing). In addition, your email must meet the following requirements:

      1. May not contain any false, misleading or deceptive information in its content or header, and you may not attempt to obscure or hide the source of the email.

      2. Must not be characteristic of spam as determined by the sole discretion of Waybetter.

2. TRANSACTIONAL EMAIL. An email message is considered transactional if its primary purpose meets one or more of the following requirements:

   1. Facilitates or confirms a commercial transaction that the recipient already has initiated and/or agreed to.

   2. Provides warranty, recall, safety, or security information about a product or service.

   3. Provides information about a change in terms or features or account balance information regarding a membership, subscription, account, loan or other ongoing commercial relationship.

   4. Provides information about an employment relationship or employee benefits.

   5. Delivers goods or services as part of a transaction that the recipient already has agreed to.

   6. For all recipients that you have a transactional relationship with, you must retain:

      1. Evidence of the details each recipient’s transactional relationship in a form that can be promptly produced on request, and you honor the recipient’s and Waybetter's requests to produce this evidence within 48 hours of receipt of the request.

      2. Details of the transactional relationship including the names of the parties in the relationship, a description of the relationship, the date the relationship started, how the email address was obtained, and if possible, the dates of the first and most recent transaction.

3. BULK OR COMMERCIAL EMAIL. Bulk or Commercial email is defined as any email message for which the primary purpose is the commercial advertisement or promotion of a commercial product, website, or service. Waybetter requires that for all Bulk or Commercial Emails the sender must adhere to the following:

   1. Must not send email to addresses or lists that have been purchased from a third party.

   2. Intended recipients must have given their consent to receive email specifically from the sender.

   3. Procedures for seeking consent include reasonable means to ensure that the person giving consent is the owner of the email address for which consent is given.

   4. Evidence of each recipient’s consent in retained in a form that can be promptly produced on request, and recipients’ and Waybetter requests to produce consent evidence are honored within 10 days of receipt of the request. Evidence should contain at a minimum the date, time and place and method of obtaining the consent.

   5. Procedures are in place that allow a recipient to revoke their consent – such as an unsubscribe link in the body of the email. The sender must honor revocations of consent and notify the recipient within 10 days.

   6. Sender must have a Privacy Policy posted for each domain associated with the mailing.

   7. Must include the recipient’s email address in the body of the message or in the “TO” line of the e-mail.

   8. Emails must not generate excessive blacklistings or any critical blacklisting as determined at the sole discretion of Waybetter.

   9. Email must not generate excessive SPAM complaints as determined at the sole discretion of Waybetter.

   10. Email list must contain valid email addresses and must not generate excessive failures or hard bounces as determined at the sole discretion of Waybetter.