prepared. The Companys certifying officers have evaluated the effectiveness of the Companys controls and procedures as of a date within 90 days prior to the filing date of the
Form 10-K for the fiscal year most recently ended (such date, the Evaluation Date). The Company presented in its Form 10-K for the fiscal year
most recently ended the conclusions of the certifying officers about the effectiveness of the disclosure controls and procedures based on their evaluations as of the Evaluation Date. Since the Evaluation Date, there have been no significant
changes in the Companys internal controls (as such term is defined in Item 307(b) of Regulation S-K under the Securities Act) or, to the Companys knowledge, in other factors that could
significantly adversely affect the Companys internal controls. To the knowledge of the Company, the Companys internal controls over financial reporting and disclosure controls and procedures are effective.
(gg) Open Source Software. (i) The Company uses and has used any and all software and other materials distributed under a
free, open source, or similar licensing model (including but not limited to the MIT License, Apache License, GNU General Public License, GNU Lesser General Public License and GNU Affero General Public License) (Open
Source Software) in material compliance with all license terms applicable to such Open Source Software; and (ii) except as would not reasonably be expected, individually or in the aggregate, to result in a Material Adverse Effect, the
Company has not used or distributed and does not use or distribute any Open Source Software in any manner that requires or has required (A) the Company to permit reverse engineering of any software code or other technology owned by the Company
or (B) any software code or other technology owned by the Company to be (1) disclosed or distributed in source code form, (2) licensed for the purpose of making derivative works or (3) redistributed at no charge.
(hh) Data Security. (i) The Company has complied in all material respects and is presently in compliance in all material respects
with all contractual obligations, industry standards, applicable laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authority and any other legal obligations, in each case,
relating to the collection, use, transfer, import, export, storage, protection, disposal and disclosure by the Company of personal, personally identifiable, household, sensitive, confidential or regulated data (Data Security
Obligations, and such data, Data); (ii) the Company has not received any notification of or complaint regarding and is unaware of any other facts that, individually or in the aggregate, would reasonably be expected to
have a Material Adverse Effect; and (iii) except as would not reasonably be expected, individually or in the aggregate, to result in a Material Adverse Effect, there is no action, suit or proceeding by or before any court or governmental
agency, authority or body pending or, to the Companys knowledge, threatened alleging non-compliance with any Data Security Obligation nor are there any incidents under internal review or investigations
relating to the same.
(ii) Data Protection; No Breaches. The Companys information technology assets and equipment,
computers, systems, networks, hardware, software, websites, applications, and databases are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company as currently
conducted, and, to the Companys knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company has taken commercially reasonably steps to protect the information
technology systems and Data used in connection with the operation of
16