Privacy Policy

Aracor Inc. (“Aracor”, “we”) respects your privacy and are strongly committed to keeping  secure any information we obtain from you or about you. This Privacy Policy describes our  practices with respect to personal data we collect from or about you when you use our website,  applications, and Aracor AI services (collectively, “Services”).

This Policy applies to visitors of our website, Aracor’s prospective clients, clients (“individuals”  or “you”) as applicable in the course of using our Services or visiting our websites, where  Aracor is the data controller responsible for the processing your Personal Data. This Policy applies to personal data, as defined below in Section 1, we collect to provide you with Services.

If you do not agree with our policies and practices described in this Policy, please do not use  our Services, do not visit our website, and do not provide your information to us.

1. WHAT PERSONAL DATA WE PROCESS AND HOW

Personal data is information that relates to an identified or identifiable natural person. An  identifiable natural person is one who can be identified, directly or indirectly, in particular by  reference to an identifier such as a name, an identification number, location data, an online  identifier or to one or more factors specific to the physical, physiological, genetic, mental,  economic, cultural or social identity of that natural person. Personal data does not include any  anonymized and depersonalized data where an identity is absent or has been removed and  cannot be recovered.

Below are the categories of information, including personal data that we may collect or share  for a business purpose as permitted by law and depending on the Services you receive:

(a) Information provided voluntarily by you:

Contact information, such as name, email address, phone number, billing information,  physical address, Zoom / WhatsApp / Skype and similar services information, call recordings,  information you input in open text fields in help/contact us forms.

Content information, such the information you may choose to post, send, receive and share  in our Services. You can interact with the Services in a variety of formats (“Prompts” or  "Inputs"), which generate responses (“Outputs”) based on your Inputs. This includes where  you choose to integrate third-party applications with our Services. If you include personal data  or reference external content in your Inputs, we will collect that information, and this  information may be reproduced in your Outputs. Customer support information, such a  summary of the problem you are experiencing, and any other documentation or information  that would be helpful in resolving an issue submitted to us.

Social Media Information: We have pages on social media sites like Instagram, Facebook,  Medium, X, YouTube and LinkedIn. When you interact with our social media pages, we collect  Personal Data that you choose to provide to us, such as your contact details (collectively,  “Social Media Information”). In addition, the companies that host our social media pages may  provide us with aggregate information and analytics about our social media activity.

Other Information You Provide: We collect other information that you may provide to us,  such as when you participate in our events or surveys or provide us with information to  establish your age or identity (collectively, “Other Information You Provide”).

(b) Information we collect automatically from you:

Analytics information, such as when you visit and interact with any of our Services. This  information includes the features you use; the links you click on; the type, size and filenames  of attachments you upload to the Services; frequently used search terms; and your interaction  with third-party integrations and others on the Services.

Device information, your connection type and settings, information about your operating  system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash  activity, collected through cookies, web beacons and similar technologies.

Cookies and Similar Technologies: We use cookies and similar technologies to operate and  administer our Services, and improve your experience.

(c) Personal Data we Receive from Other Sources: We collect information from other sources, like information that is publicly available on the internet, in particular to develop the models that power our Services. We also receive information from our trusted partners, such as security partners to protect against fraud, abuse, and other security threats to our Services or marketing vendors who provide us with information about potential customers of our business services.

2. HOW WE USE YOUR PERSONAL DATA AND WHICH LEGAL BASIS WE RELY ON

We may use Personal Data for the following purposes:

• To provide and maintain our Services;

• To improve and develop our Services and new features and conduct research; • To personalize your use of our Services, applications, or platforms;

• To provide customer support and resolve bugs, issues, or customer queries; • To facilitate payments for products and services provided by Aracor;

• To communicate with you, including to send you information or marketing about our  Services and events;

• To prevent fraud, criminal activity, or misuses of our Services, and to protect the  security of our systems and Services; and

• To comply with legal obligations and to protect the rights, privacy, safety, or property  of our users, us, our affiliates, or any third party.

Aggregated or De-Identified Information. We aggregate or de-identify Personal Data so that it  can no longer be used to identify you and use this information to analyze the effectiveness of  our Services, to improve and add features to our Services, to conduct research and for other  similar purposes. In addition, from time to time, we may share or publish aggregated  information like general user statistics with third parties. We collect this information through  the Services, through cookies, and through other means described in this Privacy Policy. We  will maintain and use de-identified information in anonymous or de-identified form and we will  not attempt to re-identify the information, unless required by law.

Type of personal dataPurposesLegal basis• Contact information
• Content information
• Customer support information • Other information you provide• To provide and maintain our  ServicesPerformance  of a contract  with you• Analytics information
• Device information
• Cookies and Similar  Technologies• Contact information
• Content information
• Customer support information • Other information you provide • Analytics information
• Device information
• Personal Data We Receive  From Other Sources
• Cookies and Similar  Technologies• To improve and develop our  Services and new features and  conduct researchOur legitimate  interests• Contact information
• Customer support information • Social Media Information • Other information you provide • Analytics information
• Device information
• Personal Data We Receive  From Other Sources
• Cookies and Similar  Technologies• To communicate with you, including  to send you information or  marketing about our Services and  eventsPerformance  of a contract  with you, or, if  required  
under  
applicable  
law, to the  extent you  have provided  your consent• Contact information
• Content information
• Customer support information • Social Media Information • Other information you provide • Analytics information
• Device information
• Personal Data We Receive  From Other Sources
• Cookies and Similar  Technologies• To prevent fraud, criminal activity,  or misuses of our Services, and to  protect the security of our systems  and ServicesTo comply  with a legal  obligation• Contact information
• Content information
• Customer support information • Social Media Information • Other information you provide • Analytics information
• Device information
• Personal Data We Receive  From Other Sources• To comply with legal obligations and  to protect the rights, privacy, safety,  or property of our users, us, our  affiliates, or any third partyTo comply  with a legal  obligation• Cookies and Similar  Technologies

3. CHILDREN’S PRIVACY

We do not knowingly provide Services and collect or ask for information from minors. The use  of Services is not intended for the use of minors.

4. RETENTION

We retain personal data about you necessary to fulfil the purpose for which that information  was collected, consistent with applicable laws.

How long we retain Personal Data will depend on a number of factors, such as:

• Our purpose for processing the data (such as whether we need to retain the data to  provide our Services);

• The amount, nature, and sensitivity of the data;

• The potential risk of harm from unauthorized use or disclosure of the data; • Any tax, accounting, audit or legal requirements that we are subject to.

When the personal data collected is no longer required by us, we and our service providers  will perform the necessary procedures for destroying, deleting, erasing, or converting it into  an anonymous form as permitted or required under applicable laws.

When we destroy your personal data, we do so in a way that prevents that information from  being restored or reconstructed.

5. DISCLOSURE OF PERSONAL DATA

In certain circumstances we may disclose your Personal Data to:

Vendors and Service Providers: To assist us in meeting business operations needs  and to perform certain services and functions, we may disclose Personal Data to  vendors and service providers, including providers of hosting services, customer  service vendors, cloud services, content delivery services, data warehouse services,  support and safety monitoring services, email communication software, web analytics  services, payment and transaction providers, and other information technology  services providers. Pursuant to our instructions, these parties will access, process, or  store Personal Data only in the course of performing their duties to us. These third  parties have limited access to your information, may use your information only to  perform agreed tasks, and are prohibited from disclosing or using your information for  other purposes.

Third-Party Websites and Services: Our Services may involve integrations with, or may  direct you to, websites, apps, and services managed by third parties. By interacting  with these third parties, you are providing information directly to the third party and not  Aracor and subject to the third party’s privacy policy. If you access third-party services,

such as social media sites or other sites linked through the Services (e.g., if you follow  a link to our Linkedin or X account), these third-party services will be able to collect  personal data about you, including information about your activity on the Services. If  we link to a site or service via our Services, you should read their data usage policies  or other documentation. Government Authorities or Other Third Parties: We may share  your Personal Data, including information about your interaction with our Services, with  government authorities, industry peers, or other third parties in compliance with the  law (i) if required to do so by law or in the good faith belief that such action is necessary  to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if  we determine, in our sole discretion, that there is a violation of our terms, policies, or  the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety,  security, and integrity of our products, employees, or users, or the public, or (vi) to  protect against legal liability.

Affiliates, Business Transfers: We may disclose Personal Data to our affiliates,  meaning an entity that controls, is controlled by, or is under common control with  Aracor. Our affiliates may use the Personal Data we share only in a manner consistent  with this Privacy Policy. If we are involved in strategic transactions, reorganization,  bankruptcy, receivership, or transition of service to another provider (collectively, a  “Transaction”), your Personal Data and other information may be disclosed in the  diligence process with counterparties and others assisting with the Transaction and  transferred to a successor or affiliate as part of that Transaction along with other  assets.

With Your consent: Aracor will otherwise disclose personal data when you give us  permission or direct us to disclose this information, including as a part of our Services. Certain features allow you to display or share information with other users. For  example, you may share Aracor conversations with other users via shared links or  send information to third-party applications via custom actions.

6. DATA SECURITY

The security of your personal information is important to us. We protect your Personal Data  through generally accepted security standards and technical and organizational measures  designed to mitigate the risk of unlawful or unauthorized access, destruction, loss, alteration,  disclosure, or use of your Personal Data. The measures are designed to provide a level of  security appropriate to the risk of processing.

We will never request your account credentials. You should never share your Aracor account  information, including your username and password, with anyone else. We recommend that  you use a unique password for your Aracor account that is not associated with other websites.  You should check your Aracor account regularly to ensure that your personal data has not  been tampered with or altered. You should only use the Services within a secure environment.

Overall, if you have any reason to believe that your interactions with the Services are no longer  secure, please notify us immediately at privacy@aracor.ai.

7. DATA TRANSFERS

When you access our website, or use our Services, your Personal Data will primarily be stored  on servers located in the US. Where Personal Data described in Section 2 is transferred  outside of the EEA, Switzerland, or the UK, we ensure it benefits from an adequate level of  data protection by relying on:

• Adequacy decisions of the European Commission under Article 45 GDPR (or  equivalent decisions under other laws)

• Standard Contractual Clauses as issued on 4 June 2021, under Article 46(2)  GDPR, Article 46(2) of the UK equivalent GDPR, and the revised Federal Act on  Data Protection for the transfer of personal data originating in Switzerland

• implementation of organisational, contractual and technical security measures  with our third-party service providers;

• establishment of an intra-group data transfer agreement for internal transfers of  personal data within our group of companies around the world.

By using our Services, you understand and acknowledge that your Personal Data will be  processed and stored in our facilities and servers in the United States and may be disclosed  to our service providers and affiliates in other jurisdictions.

8. YOUR PRIVACY RIGHTS

You may make certain choices regarding your personal data as permitted under applicable  privacy laws. You may make these choices free of charge except as otherwise permitted under  applicable law. We may ask you to further confirm your identity and limit Our response to your  requests as permitted under applicable law.

Individual Privacy Rights

Your privacy rights include:

• Right to be Informed: You have the right to be informed about the collection and use  of your personal data.

• Right to Access: You have the right to view and request copies of your personal data.  If you have an online account or profile with us, you may access your personal data via  your account through the website or mobile app.

• Right to Rectify or Correct: You have the right to update the personal data that we have collected about your directly or indirectly, including personal data collected by a service provider or contractor on our behalf. If you have an online account or profile with us, you may update your personal data by accessing your account through the website and mobile app.

• Right to Request Erasure (Right to be Forgotten): You may request that we delete  your personal data, subject to certain limited exceptions. For example, we may retain an  archived copy of your records consistent with applicable law, to comply with legal  obligations, or for other legitimate business purposes. We will use commercially  reasonable efforts to honour your requests.

• Right to Data Portability: You have the right to request that we transfer data that we have collected to another organization, or directly to you under certain conditions. • Right to Restrict Processing: You have the right to request that we restrict the  processing of your personal data under certain conditions.

• Right to Withdraw Consent: You have the right to withdraw previously granted  consent to process your personal data.

• Right to Object to Processing: You have the right to object to our processing of your  personal data, under certain conditions.

• Right to Object to Automated Processing: You have the right to object to decisions being made with your information solely based on automated decision making or profiling. We do not currently engage in automated decision-making or profiling.

To exercise any of your above rights you may submit your request at privacy@aracor.ai. Aracor Service-related Communications

We may send a welcome email to clients for billing purposes, and at times may send Service related announcements. A client may not opt out of service-related emails, as this is part of  our Services.

Marketing Communications. You may choose to stop receiving our newsletter or marketing  emails or texts by following the unsubscribe instructions included in each of these emails or  texts, or you can contact us.

Privacy Questions and Concerns

To speak with us or file a complaint, please contact us at privacy@aracor.ai.

9. JURISDICTION SPECIFIC TERMS

EEA, UK, and Switzerland

We rely on several legal bases in accordance with applicable data protection laws, such as  the General Data Protection Regulation (“GDPR”) or United Kingdom Data Protection  Regulation (“UK GDPR”) to process Personal Data for the purposes set out in this Privacy  Policy. These legal bases are as follows:

a) Performance of contract - where we need to engage in this processing as is necessary in  order to conclude and perform a contract with you. For example, we require certain Personal  Data in order to provide and support the Services we provide.

b) Legal obligation – where we must process and retain your Personal Data in order to comply  with law or to fulfil certain legal obligations. For example, to retain and disclose certain  information if there is a valid legal request from a government authority, law enforcement, or  others.

c) Consent – in certain circumstances, we may ask for your consent before we collect, use, or  disclose your Personal Data. In such circumstances you can voluntarily choose to give or deny  your consent without any negative consequences being suffered by you. Where you opt to  provide your consent, you can easily withdraw it at any given time.

d) Legitimate interests – where the processing is necessary for our legitimate interests, such  as operating, providing, and improving our business, including our online platform and  services; improving our products and services, or use the insights to improve or develop  marketing activities and promoting our products and services.

For a comprehensive overview, see Section 2.

United States

If you are a consumer located in the United States (“US”), we process your Personal Data in  accordance with US privacy laws, including the California Consumer Privacy Act of 2018 as  amended by the California Privacy Rights Act of 2020 (“CCPA”).

Aracor does not sell or share personal data with third parties in exchange for payment.  However, we may provide the personal data of individuals who visit our website to third party  partners, such as advertising partners, analytics providers, and social networks, who assist us  in advertising our products and services to you. This may be considered a data “sale” or  “sharing” as those terms are defined under the CCPA and other applicable US privacy laws.  To our knowledge, Aracor does not sell personal information of minors under 18 years of age.

As a U.S. consumer and subject to certain limitations under U.S. privacy laws, you may have  choices regarding our use and disclosure of your Personal Data. In addition to the rights  outlined in Section 8, other rights include:

Exercising the right to know: You have a right to request additional information including the  categories and purposes for which your Personal Data is collected and the third parties with  whom your Person Data is disclosed to.

Exercising the right to opt-out from a sale or sharing: We do not sell or share your Personal  Data in exchange for payment. As noted above, we may share the personal information of  individuals who visit harvey.ai for targeted advertising. Where legally required, we provide you  with the option to opt out of targeted advertising.

To submit a request to exercise any of the rights described above, please contact us at  privacy@aracor.ai.

10. CHANGES TO OUR PRIVACY POLICY

We reserve the right to amend this Policy at our discretion and at any time. We will do so by  updating this Policy. Amended terms take effect upon being incorporated into this Policy, and  your continued use of the website constitutes acceptance of any updated terms.

11.RELATED DOCUMENTS

For a comprehensive understanding of our policies and practices, please also review  our Terms of Service and Data Processing Agreement. These documents outline the  terms and conditions of using our services and detail how we handle and process  personal data in accordance with applicable laws. By using our services, you  acknowledge that you have read and understood our Terms of Service and agree to  be bound by them. If your engagement with us involves data processing activities, our  Data Processing Agreement will govern the specific terms of those activities.

Terms of Service: https://app.aracor.ai/legal/terms-of-service

Data Protection Addendum: https://app.aracor.ai/legal/data-processing-agreement

12. CONTACT INFORMATION

If you have questions or comments about this Policy, our other privacy notices, the ways in  which we collect and use your information, your choices, and rights regarding such use, wish  to exercise your rights, or want to message us please contact us at privacy@aracor.ai.