Security Exhibit

Security Measures (Summary)

Version: 1.0

Effective date: February 13th, 2026

Nevorth maintains reasonable measures appropriate for a startup SaaS and relies on established third-party providers for core infrastructure. We do not claim certifications unless stated in an Order Form.

• Encryption in transit: TLS/HTTPS for external communications with Slack, Cloudflare, Make, OpenAI, Stripe, and our website.

• Encryption at rest: Provided by subprocessors where available and as configured in their platforms.

• Access restrictions: Administrative access to service configuration is restricted to authorized personnel.

• Logging: Operational logs are maintained to support reliability and troubleshooting.

• Vulnerability management: Periodic updates to configurations and dependencies where applicable; prioritization of critical issues.

• Backups/restore testing: Resiliency and backups are primarily provided by subprocessors; Nevorth does not promise a specific backup/restore testing schedule unless agreed in an enterprise Order Form.

• Incident handling: Nevorth will notify customers without undue delay of confirmed personal data breaches affecting Customer Data as described in the DPA.