Privacy Policy

Table of Contents:

1. INTRODUCTION

2. WHAT PERSONAL DATA WE COLLECT AND HOW WE USE IT

3. HOW WE DISCLOSE YOUR PERSONAL DATA

4. HOW WE PROTECT AND STORE YOUR PERSONAL DATA

5. INTERNATIONAL DATA TRANSFERS

6. YOUR PRIVACY RIGHTS

7. USE BY CHILDREN

8. LINKS TO THIRD-PARTY WEBSITES

9. PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS

10. CONTACT US

1. INTRODUCTION

This Privacy Policy describes how DELINE8.AI LIMITED and our affiliates ("deline8", "we", "our" or "us") collect, use, and disclose Personal Data that we receive from or about you in connection with your use of our website, deline8.ai (the "Website"), and the deline8 predictive tech due diligence platform, including its user dashboard, reports, and related services (the "Platform"). The Website and the Platform are collectively referred to as the "deline8 Offerings".

Please read this Privacy Policy carefully so you can fully understand our practices in relation to your Personal Data.

"Personal Data" means any information that can be used, alone or in combination with other data, to uniquely identify a living person and any information defined as "personal data" or "personal information" under applicable Data Protection Laws.

This Privacy Policy forms part of our Website and Platform Terms of Service. Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Terms of Service or the applicable Master Subscription Agreement ("MSA").

Important Note on Our Role (Controller vs. Processor):

Our role in processing Personal Data depends on the context of our relationship with you. This is a critical distinction for understanding how your data is handled.

• deline8 as a Data Controller: We act as the data controller for the processing of Personal Data of our website visitors, marketing contacts, job candidates, and users of our Freemium tier. In these situations, we determine the purposes and means of the processing.

• deline8 as a Data Processor: When we provide our paid services (e.g., Scout, Deep Dive, Enterprise/PE Portfolio Tiers) to customers who have entered into an MSA with us, deline8 acts as the data processor (or "service provider" under certain laws). Our customer is the data controller (or "business"). In these cases, our processing of your Personal Data is governed by the MSA and our Data Processing Addendum (DPA).

2. WHAT PERSONAL DATA WE COLLECT AND HOW WE USE IT

Your relationship with deline8 determines what Personal Data we collect about you and how we use it. You are not legally required to provide us with any Personal Data. However, without it, we may be unable to provide you with the full range of deline8 Offerings or deliver the best user experience.

In all cases, we may use Personal Data to:

• Detect and prevent fraud or illegal activity, identify and fix errors, conduct audits, and for security purposes.

• Comply with applicable laws, assist authorities, and establish, exercise, or defend legal claims.

• Create Aggregated/Deidentified Data as defined in our DPA, which can no longer be used to identify you, for purposes such as improving our AI models and for research and development.

a) If you are a visitor to our Website or a user of the deline8 Platform:

Legal Basis (for GDPR): Where we act as a controller, our processing is based on our legitimate interest in providing and improving our Offerings and communicating with you (Art. 6(1)(f) GDPR), or on the performance of a contract with you for our Freemium services (Art. 6(1)(b) GDPR). Where we act as a processor, our legal basis is the performance of our contract with our Customer.

b) If you engage with our marketing, sales, or community initiatives:

Legal Basis (for GDPR): Our processing is based on your consent where you provide your details (Art. 6(1)(a) GDPR) or our legitimate interest in developing our business and marketing our services (Art. 6(1)(f) GDPR).

c) If you are applying for a job at deline8:

Legal Basis (for GDPR): Our processing is based on our legitimate interest in assessing your candidacy and taking steps prior to entering into an employment contract with you (Art. 6(1)(b) and (f) GDPR).

3. HOW WE DISCLOSE YOUR PERSONAL DATA

We may disclose your Personal Data to the following categories of third parties:

• Affiliates: To our corporate affiliates to the extent necessary to fulfill the purposes listed above.

• Service Providers (Sub-processors): To our trusted third-party service providers who act as our data processors to perform services on our behalf, such as cloud hosting, CRM, and marketing automation. A list of our sub-processors is maintained as described in our DPA.

• Business Partners: To our business partners, such as M&A advisory firms, where we have a co-marketing or referral relationship, but only with your consent where required.

• Legal and Regulatory Bodies: To regulators, courts, or other competent authorities to comply with applicable laws or in response to a lawful request.

• Corporate Transactions: In the event of a merger, acquisition, or sale of all or a portion of our assets, your Personal Data may be transferred to the acquiring entity.

4. HOW WE PROTECT AND STORE YOUR PERSONAL DATA

• Security: We have implemented a comprehensive security program with appropriate technical, organizational, and security measures designed to protect your Personal Data, in line with our "fortress of trust" commitment. This includes encryption of data in transit (TLS 1.3+) and at rest (AES-256), strict access controls, and our proactive pursuit of industry-standard certifications like SOC 2 and ISO 27001. More details can be found in our DPA.

• Retention: We will store your Personal Data for as long as necessary to fulfill the purpose for which we collected it, or until we receive a valid deletion request from you. We may retain your Personal Data for longer periods if required by law or for our legitimate business needs, such as for record-keeping or to defend against legal claims. For Customer Data processed on our Platform, the retention period is governed by our DPA and is typically 90 days post-contract termination.

5. INTERNATIONAL DATA TRANSFERS

As an Irish company, deline8 primarily processes and stores data within the European Union. In line with our DPA, we offer regional data residency, meaning Customer Data from our EU, UK, and US customers will be primarily stored in their respective regions.

Where we transfer Personal Data outside of the European Economic Area (EEA), the UK, or Switzerland to a country not deemed to provide an adequate level of data protection, we will ensure that such transfers are governed by a lawful transfer mechanism, such as the Standard Contractual Clauses (SCCs) adopted by the European Commission.

6. YOUR PRIVACY RIGHTS

Under the GDPR and other applicable data protection laws, you may have the following rights in relation to your Personal Data:

• Right to Access: You have the right to access the Personal Data we hold about you.

• Right to Rectification: You have the right to request that we correct any inaccurate Personal Data.

• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your Personal Data.

• Right to Restrict Processing: You have the right to request that we restrict the processing of your Personal Data.

• Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format.

• Right to Object: You have the right to object to the processing of your Personal Data where it is based on our legitimate interests.

• Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at privacy@deline8.ai. We will respond to your request in accordance with applicable law.

You also have the right to lodge a complaint with your local data protection supervisory authority. As an Irish company, our lead supervisory authority is the Irish Data Protection Commission (DPC).

7. USE BY CHILDREN

The deline8 Offerings are not intended for or directed at children under the age of 18. We do not knowingly collect Personal Data from children under 18. If we become aware that we have collected such data, we will take steps to delete it.

8. LINKS TO THIRD-PARTY WEBSITES

Our Website may contain links to third-party websites that are not owned or controlled by us. We are not responsible for the privacy practices of such other websites.

9. PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS

If you are a California resident, the California Privacy Rights Act ("CPRA") provides you with specific rights regarding your personal information. This section describes your CPRA rights and explains how to exercise them.

• Our Role as a Service Provider: For our paying customers, deline8 acts as a "Service Provider" under the CPRA. We process personal information on behalf of our customers for the business purposes specified in our DPA and MSA.

• No Sale or Sharing: deline8 does not "sell" or "share" your personal information for cross-context behavioral advertising, as those terms are defined under the CPRA.

• Your Rights: You have the right to request that we disclose what personal information we collect, use, and disclose. You also have the right to request the deletion of your personal information and the right to correct inaccurate information. To exercise these rights, please contact us at privacy@deline8.ai.

10. CONTACT US

If you have any questions or concerns regarding this Privacy Policy, please contact us at:

DELINE8.AI LIMITED

Troyswood,

Kilkenny,

R95 H7Y0,

Ireland

Email: privacy@deline8.ai