1. Scope

This policy applies to all data processed by Moneyball.win on behalf of Member Organizations.

2. Detection and Assessment

We maintain internal processes to detect and respond to security incidents. Upon discovery of potential unauthorized access to or acquisition of Member Organization data, Moneyball will immediately initiate a forensic assessment to determine the nature and scope of the incident.

3. Notification Timeline

In the event of a confirmed data breach that affects the security or confidentiality of a Member Organization’s CRM opportunity data, Moneyball will:

• Notify the Member Administrator via the email address on file.
• Provide notification within 72 hours of confirming the breach.

4. Content of Notification

The notification will include, to the extent known:

• A description of the nature of the breach.
• The types of data affected.
• Steps Moneyball is taking to mitigate the incident and prevent future occurrences.

5. Remediation

Moneyball will work in good faith with the Member Organization to provide information necessary for them to meet their own regulatory or internal reporting obligations.