What is the impact on Acumera's liability if the Acumera-provided firewall is disconnected at a Dq Treat location?

According to Dq Treat's 2025 Franchise Disclosure Document, Acumera bears no liability to a participating Dq Treat location for any data breach that occurs during any period in which the Acumera-provided or Acumera-approved firewall or SD-WAN device has yet to be initially connected, is disconnected, or has been circumvented. This means that if a franchisee disconnects or bypasses the firewall provided by Acumera, Acumera is not responsible for any resulting data breaches.

This exclusion of liability also applies if a security measure recommended by PCI-DSS Standards is not implemented, or if POS system data traffic is not configured to be on an isolated network segment through the Acumera firewall. Similarly, if the participating location requests access to any system or service not directly related to processing POS transactions on the isolated network segment containing POS data traffic, Acumera is not liable, unless the Participating Location received a Configuration Exception from Dairy Queen.

Furthermore, Acumera is not liable if Dairy Queen mandates a configuration, policy, or procedure that Acumera recommends against, provided Dairy Queen has been notified of the recommendation. Acumera also has no liability for breaches occurring through any firewall that has not passed its most recent Approved Scanning Vendor's scan, unless the issue has been remediated, or in a manner that industry-standard firewall technology employed at the time of the breach is unable to prevent.

This limitation of liability underscores the importance of maintaining the Acumera-provided firewall and adhering to recommended security configurations. Dq Treat franchisees should ensure that their systems are properly configured and that they follow all security protocols to minimize the risk of data breaches and to ensure Acumera's liability exclusion does not apply.