180 netPros operates the SpamTrap service for all clients according to the following strict Confidentiality Agreement (NDA) which also states that the service follows the requirements of the United States "Health Insurance Portability and Accountability Act" (HIPAA).

Clients that would prefer a signed copy of this Confidentiality Agreement are welcome to request one by contacting our sales department.

CONFIDENTIALITY (NON-DISCLOSURE) AGREEMENT

This is a Confidentiality (Non-Disclosure) Agreement between SpamTrap, an anti-spam service owned and operated by 180 netPros (180 netPros) with offices at 5631 Palmer Way, Suite C, Carlsbad, CA 92010, USA and all clients (Client) that use the SpamTrap service.

This agreement assumes that the Client is using the SpamTrap anti-spam service (Service) in which all Client email passes through the spam filter servers for the purpose of anti-spam filtering.

180 netPros hereby agrees to treat all Client email and other information supplied by or on behalf of the Client as Confidential Information. As detailed in this agreement:

* 180 netPros will not log or archive the contents (body) of email messages.

* 180 netPros will not disclose Confidential Information, including email information or email contents, to any third party, unless required to do so by court order.

* If Client is a "covered entity" under the United States "Health Insurance Portability and Accountability Act" (HIPAA), the "HIPAA Addendum" is incorporated by reference as part of this agreement.

* Outside of special situations (testing, debugging, spam review) detailed below, 180 netPros staff do not view Client email. Additionally, 180 netPros staff have been trained to treat Client email with utmost confidentiality and understand that disclosing or using information in Client email may be a felony, and each staff member has agreed in writing to the terms hereof.

Confidentiality - 180 netPros agrees to treat all Client email as Confidential Information, unless the email is beyond a reasonable doubt an Unsolicited Commercial Email (UCE), i.e. "Spam". 180 netPros also agrees to treat any information the Client shares with 180 netPros with regard to business plans, employee numbers, IT security, IT configuration, and similar "sensitive" business information as Confidential Information.

The term Confidential Information does not include information which (i) is already in 180 netPros's possession, provided that such information is not known by 180 netPros to be subject to another confidentiality agreement with the Client, or (ii) becomes generally available to the public other than as a result of a disclosure by 180 netPros or its directors, officers or employees, or (iii) becomes available to 180 netPros on a non-confidential basis from a source other than the Client or its advisors, provided that such source is not known by 180 netPros to be bound by a confidentiality agreement with or other obligation of secrecy to the Client or another party.

180 netPros will always treat all legitimate (non-UCE) Client email as Confidential Information.

Non-Disclosure - Only 180 netPros's directors, officers and employees have (limited) access to Client email and information. 180 netPros will not disclose Confidential Information, email information or email contents to any third party, unless required to do so by court order. In particular, 180 netPros does not allow subcontractors, affiliates, partners, resellers or any other third party to access Client email.

The directors, officers and employees of 180 netPros have been trained to take all reasonable steps to ensure that Client email remains confidential, and is not deliberately or accidentally divulged to any other party.

Access to Confidential Information - 180 netPros limits access to Client email to the absolute minimum necessary to operate a reliable Service. Outside of occasional testing and debugging of the Service, no Client email (body) content is seen by any staff, unless the Client explicitly permits 180 netPros to review only those email messages filtered by the Service. (This is detailed below.) Only officers and senior employees of 180 netPros's upstream providers perform testing and debugg and have access to the computers that contain or process (filter) Client email.

The upstream provider agrees to use reasonable, industry-standard security measures to prevent unauthorized access to its computer systems. All computers that contain Confidential Information or process (filter) Client email are protected by hardware and/or software firewalls to restrict access to only authorized personal and from authorized locations.

Logging/Archiving - 180 netPros certifies that this Service does not log or archive the content (body) of email messages, unless the Client explicitly permits 180 netPros to do so for spam review purposes. In the event a Client's legitimate (non-UCE) email is captured during the course of testing, debugging, or spam review, any copy/capture of the email will be immediately deleted.

While the Service logs each email message, the log consists of only sender's email address, IP address and the Subject line of the email. This limited log is also treated as Confidential information and will be deleted after 31 days.

Spam Review - Many Clients give 180 netPros explicit permission to monitor and review the spam which is filtered for their domain(s). When permitted, only those emails which are filtered by the Service are logged and reviewed by 180 netPros staff. Since unfiltered emails are not logged or reviewed, 180 netPros staff will only view UCE (spam) emails and an occasional (typically less than 1 in 10,000) legitimate email which was incorrectly filtered by the Service. In the event a legitimate email is reviewed, all copies of it are immediately deleted. 180 netPros and its staff will maintain the confidentiality of these and all legitimate emails.

HIPAA - The United States "Health Insurance Portability and Accountability Act (HIPAA) requires that medical and patient information be treated with a high level of confidentiality, and imposes severe penalties for the disclosure of such information. 180 netPros and its upstream providers agree to comply with the confidentiality requirements of HIPAA, pursuant to the terms hereof and the HIPAA Addendum.

It is 180 netPros's and its upstream providers' opinion that this Confidentiality Agreement exceeds the requirements of HIPAA, especially since no Client email information is stored or used by 180 netPros, no designated client record sets are maintained, and email not shared with any third party.

Binding Effect - This agreement is binding upon, and inures to the benefit of, the successors and assigns of the parties.

Remedies - 180 netPros and its upstream providers acknowledge that failure to comply with the terms of this Agreement may cause irreparable damage to the Client. Therefore, 180 netPros and its upstream providers agree that in addition to any other remedies at law or in equity available to the Client for 180 netPros's breach or threatened breach of this Agreement, the Client is entitled to specific performance or injunctive relief against 180 netPros and its upstream providers to prevent such damage or breach, and the existence of any claim or cause of action 180 netPros may have against the Client will not constitute a defense thereto. Client understands that each party will be responsible for its own legal fees and the 180 netPros will not pay attorney fees incurred by the Client in any proceeding relating to the enforcement part of the agreement or to any alleged breach thereof in which the Client will prevail in whole or in part.

Confirmed and Agreed to:

For: 180 netPros

By: Daniel Reid

Title: CEO

Date: June 14, 2004