Security, Data Privacy and Nonpublic Personal Information Overview

Document Systems, Inc. ("DSI") has implemented the most current industry security and data privacy "best practices." DSI applies a multi-layered approach to protecting data while it resides on DSI's network that fall into three major categories:

1. Data Transmission
   When data is transmitted from the DocMagic website it is encrypted using 128-bit RSA keys over an SSL channel. Examples of this includes: Webdocs, DocMagic Online, DocMagic Direct, LoanMagic Synchronization, Account Setup, and User Administration. When using the DocMagic for Windows, users have the option to send data in an encrypted format. The encryption scheme is the same as used on the DocMagic website; 128-bit RSA keys over an SSL channel. If credit card information is transmitted, DSI reveals only the last four digits when confirming an order (of course, the entire credit card number is transmitted to the appropriate credit card company during order processing).

2. Network Security
   DSI employs multiple firewalls to keep out unwanted traffic and intruders. DSI employs an intrusion detection system to log and alert DSI network security personnel of suspicious activity. DSI has a patch management system that ensures that all servers are up to date with the most current security updates.

3. Data Privacy
   Each account is treated as a separate entity. Data from different accounts cannot be co-mingled, and there is a logical separation between data maintained in different accounts. Any and all "nonpublic personal information" of your "customers" or "consumers" that DSI collects or that you disclose to DSI is used by DSI and its employees and agents only as necessary in connection with DSI's provision of its loan document preparation, delivery, imaging, annotation and other related ancillary and complementary services provided from time to time by DSI and to which you have access through utilization of any of DSI's document preparation software or systems. DSI will not disclose any such nonpublic personal information to any other person, except as necessary in the provision of its services or as may be otherwise required by applicable law, unless you authorize DSI to do so in writing. DSI limits access to such nonpublic personal information to those of its employees or agents who reasonably need such information in order to allow DSI to provide its services, and requires such persons to maintain the confidentiality of such information. The terms "nonpublic personal information," "customers," and "consumers" have the meanings set forth in Section 509 of the Gramm-Leach-Bliley Act (P.L. 106-102) and/or any federal regulations that implement that Act. DSI has implemented appropriate measures that are designed to meet the objectives of the "Interagency Guidelines Establishing Standards for Safekeeping Customer Information" issued jointly by the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision effective July 1, 2001.

Remember, to protect your computer accounts and passwords, you should never share them with anyone. It is your responsibility to protect the integrity of your computer accounts and passwords. To protect against unauthorized access to your DSI account, be sure to log out of when you have completed using DSI's services.