PRIVACY POLICY

1. Scope and Applicability

Vira AI is a business-to-business (“B2B”) platform. Our Customer Organizations include banks, credit unions, investment firms, private equity firms, and other financial services entities. In some cases, a Customer Organization (such as a private equity or investment firm) may procure Platform access on behalf of financial institutions within its portfolio (“Portfolio Entities”). This Policy covers all data processing activities related to the Platform, regardless of whether the user's access was provisioned directly by the Company or through a Customer Organization.

This Policy does not cover the processing of competitive intelligence data displayed within the Platform (i.e., publicly available information about financial products, rates, fees, and features offered by financial institutions), which is sourced from publicly available sources and does not constitute personal information.

2. Information We Collect

2.1 Business Contact Information

When a Customer Organization registers for the Platform or when individual authorized users create accounts, we collect business contact information including name, business email address, job title or role, business phone number, and organizational affiliation.

2.2 Account and Authentication Data

We collect login credentials (encrypted), authentication tokens, single sign-on (SSO) integration data where applicable, and multi-factor authentication details.

2.3 Usage and Analytics Data

We automatically collect information about how users interact with the Platform, including:

• Search queries, competitor selections, product categories analyzed, and report types generated
• Feature usage patterns, frequency of access, time spent on specific analyses, and dashboard configurations
• Device and browser information, IP address, operating system, and general geographic location (city/state level based on IP)
• Error logs, performance metrics, and crash reports

2.4 Customer-Provided Data

Customer Organizations may provide us with data to enable Platform functionality, such as their own product and rate information for competitive benchmarking, internal pricing data for comparison analysis, and custom competitor lists or market definitions.

2.5 Communication Data

We collect information from communications with us, including support tickets, feature requests, feedback, and sales and onboarding correspondence.

3. How We Use Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Platform, including generating competitive intelligence reports, rate comparisons, fee analyses, and battle cards
• To manage accounts, authenticate users, and enforce access controls within and across Customer Organizations
• To personalize the Platform experience, including saving dashboard configurations, alert preferences, and frequently analyzed competitors
• To generate aggregated, de-identified usage analytics for internal purposes, including product development, feature prioritization, and capacity planning
• To provide customer support and respond to inquiries
• To communicate with users about Platform updates, new features, maintenance windows, and service-related notices
• To detect, prevent, and address security threats, fraud, and technical issues
• To comply with legal obligations and respond to lawful requests from public authorities
• To improve and develop the Platform, including training and improving our AI models using aggregated, de-identified data (individual user queries are not used to train AI models without explicit consent)

4. Data Segregation and Access Controls

We maintain strict logical segregation between Customer Organizations on the Platform. This means:

4.1 Customer-Level Segregation

Each Customer Organization's usage data, query history, analytical activity, custom configurations, and customer-provided data are logically segregated and not accessible to any other Customer Organization or third party. One customer cannot view, access, or infer the activities of another customer on the Platform.

4.2 Enterprise and Portfolio Access

Where a Customer Organization (such as a private equity or investment firm) procures Platform access on behalf of Portfolio Entities, the following data access principles apply:

• Usage data, query history, and analytical activity of each Portfolio Entity account is logically segregated from all other accounts, including the procuring Customer Organization's account
• The procuring Customer Organization does not receive access to individual Portfolio Entity account activity, usage patterns, query data, or analytical results, unless explicitly authorized in writing by the applicable Portfolio Entity
• The procuring Customer Organization may receive aggregated, non-identifying usage metrics (such as total active users and license utilization) for administrative and billing purposes only
• Each Portfolio Entity's data is treated as a separate customer's data for all purposes under this Policy

4.3 Internal Access Controls

Access to customer data within Audare AI Inc. is restricted to authorized personnel on a need- to-know basis for purposes of providing the Service, customer support, and Platform maintenance. All Company personnel with access to customer data are subject to confidentiality obligations. We maintain audit logs of internal access to customer data.

5. How We Share Information

5.1 With Customer Organization Administrators

We may share individual user account information (such as name, email, role, and login activity) with designated administrators within the user's Customer Organization for account management, license administration, and security monitoring purposes. This does not include substantive query data or analytical activity.

5.2 With Service Providers

We share information with third-party service providers who perform services on our behalf, including cloud infrastructure providers, analytics tools, customer support platforms, and email delivery services. All service providers are contractually obligated to process data only as instructed by us and to maintain appropriate security measures.

5.3 For Legal and Compliance Reasons

We may disclose information if required by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or respond to a government request.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, customer data may be transferred as part of that transaction. We will provide notice to Customer Organizations prior to any such transfer and will ensure that the acquiring entity is bound by terms no less protective than this Policy.

5.5 Aggregated and De-Identified Data

We may use and share aggregated or de-identified data that cannot reasonably be used to identify any individual user or Customer Organization for purposes including industry benchmarking, product development, and marketing.

6. Competitive Intelligence Data Sources

The competitive intelligence provided through the Platform — including financial product details, rates, fees, features, and publicly available marketing content of financial institutions — is collected from publicly available sources, including financial institution websites, regulatory filings, and public databases. This data does not constitute personal information. We employ automated data collection methods, supplemented by manual verification, to gather and maintain this information. The Company makes reasonable efforts to ensure accuracy but does not guarantee the completeness or timeliness of competitive intelligence data.

7. Data Retention

We retain business contact information and account data for the duration of the Customer Organization's active subscription and for a reasonable period thereafter (typically twelve (12) months) to facilitate reactivation and fulfill contractual obligations. Usage and analytics data is retained in identifiable form for up to twenty-four (24) months and may be retained in aggregated, de-identified form indefinitely. Customer-provided data (such as proprietary rate or product information) is deleted or returned within sixty (60) days of contract termination upon request. Communication records are retained in accordance with applicable legal and regulatory requirements.

8. Data Security

We implement commercially reasonable administrative, technical, and physical security measures to protect information processed through the Platform, including encryption of data in transit (TLS 1.2+) and at rest (AES-256 or equivalent), role-based access controls and multi- factor authentication, regular security assessments and penetration testing, SOC 2 Type II compliance efforts (or equivalent), employee security awareness training, and incident response procedures. While we take extensive measures to protect data, no system is completely secure, and we cannot guarantee absolute security.

9. AI and Automated Processing

Vira AI uses artificial intelligence and machine learning technologies to aggregate, analyze, and present competitive intelligence data, generate insights and recommendations, personalize dashboard views and alert configurations, and identify trends and anomalies in market data.

These AI systems process publicly available competitive data and are not used to make decisions about individuals. We do not use individual user query data to train AI models without explicit consent. Aggregated, de-identified usage patterns may be used to improve Platform algorithms and features.

10. Your Rights and Choices

Depending on your jurisdiction and the nature of your relationship with us, you may have certain rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you
• Correction: You may request correction of inaccurate or incomplete personal information
• Deletion: You may request deletion of your personal information, subject to our legal retention obligations
• Data Portability: You may request a copy of your personal information in a structured, machine-readable format
• Objection: You may object to certain processing activities

To exercise these rights, contact us at privacy@audareai.com. If you are an authorized user accessing the Platform through a Customer Organization, please note that certain requests (such as account deletion) may need to be coordinated with your organization's administrator, as they control your account provisioning.

11. State Privacy Law Compliance

We comply with applicable state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act, Colorado Privacy Act, and other state privacy regulations as applicable. Where these laws apply to the personal information of individuals associated with our Customer Organizations, we provide the rights described in Section 10 above. We do not sell personal information as defined under any state privacy law.

12. International Data Transfers

Your information may be transferred to, stored, and processed in the United States. If you access the Platform from outside the United States, you acknowledge that your information will be transferred to and processed in the United States, which may have different data protection standards. We take reasonable steps to ensure that your information is treated securely and in accordance with this Policy.

13. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify Customer Organizations by email to the primary contact on file and by posting the updated Policy on our website. Material changes will take effect thirty (30) days after notification. Non- material changes take effect upon posting.

14. Trademark Notice

AudareAI™ (also used as Audare AI) is a trademark of Audare AI Inc., filed with the United States Patent and Trademark Office (Classes 9, 35, 36, and 42). Remi AI and Vira AI are product names of Audare AI Inc. All other trademarks, service marks, trade names, and logos referenced herein are the property of their respective owners.

15. Contact Information

If you have questions or concerns about this Policy or our data practices, please contact us at: