Privacy Policy

This Privacy Policy applies to information collected about you by or on behalf of Diopter AI Inc. and its affiliates and subsidiaries (collectively, "Diopter", "we", "us", "our"), including, but not limited to, Personal Information (as defined below) collected through our website(s) at https://diopter.ai/, mobile versions of those website(s), our mobile application, (collectively, the "Site"), by phone, and anywhere else we display this Privacy Policy (collectively with the Site, the "Platforms"). This Privacy Policy applies to information we collect about you if you reside in the United States. This Privacy Policy outlines the information we collect, how we use, share, and protect that information, and your rights and choices with regard to your Personal Information. Please be sure to read this entire Privacy Policy and our Terms and Conditions before using or submitting information via the Platforms or otherwise in connection with our Services in any manner (as defined below).

1Collection of Information

"Personal Information" means information that directly identifies, relates to, or can be used to identify, you as an individual. When you visit or use any of the Platforms or services offered by us, or any other services offered by us in connection with our business (collectively, "Services"), we may collect your Personal Information. Some of this Personal Information is required in order to allow you to use certain features of the Platforms. Other information is submitted by you voluntarily. Some information is collected automatically. The type of information we collect may vary depending on how or why you interact with the Platforms and Services.

Diopter offers its Services to clients to allow them to detect, identify and defend against social engineering threats by gathering and analyzing data collected in relation to communications and social media sources. Additional Services can be used to help detect wire fraud. Diopter's clients and partners are referred to as our "Clients". This Privacy Policy explains how we may collect, use, store, and disclose Personal Information. Such Personal Information could include information about our Clients, the end users of Clients and other users of the Services who use or interact with our Services (collectively, "End Users"). This Privacy Policy generally describes our processing of Personal Information that we gather when you are accessing or using our Services and/or in the course of providing our Services, but not to the practices of companies we don't own or control, or people that we don't manage.

This Privacy Policy also applies to Personal Information collected from website visitors and other individuals, including information collected through the use of our non-subscription website features, such as our Deepfake Detector.

Types of Personal Information we collect:

• Contact information such as your name, job title, address, email address, telephone number, including mobile number and fax number
• Payment information such as your billing address and payment methods
• Communications information that you share with us or that is otherwise collected when you contact customer service
• Feedback such as survey responses and comments that you submit to us
• Account information such as username and other login credentials
• Social media data such as interactions on social media
• Transaction history such as purchase information, order history, and product interests
• Video, audio, and image files , including through your use of the Deepfake Detector
• Geolocation information
• Identification or verification information such as driver's license, signature, date of birth and federal tax identification number, banking and financial information, Social Security number, employment information, and similar, for identity verification purposes
• Communications information (Services-related) such as email messages, voice recordings, call transcripts, contents of calls, meetings/teleconferences, messages, documents, including message content and information that is gathered during the course of providing social engineering detection services, as well as related context and usage data (collectively "Communications Data")
• Employment related information
• Browsing and device information such as the URL you just visited, the browser version your computer is operating, the date and time you visited, the pages you visited on the Site and your IP address, device IDs and settings, and other browsing data. This may also include information about the computers, phones, and other devices used when interacting with our Platforms and Services, which may include information about the speakers, microphone, camera, OS version, hard disk ID, PC name, MAC address, IP address (which may be used to infer general location at a city or country level), device attributes (such as operating system version and battery level), WiFi information, and other device information (such as Bluetooth signals).
• Inferences (e.g., verdicts and scores) made on the basis of the foregoing information to provide our detection Services, including whether certain data is considered likely to be AI-generated, a social engineering attempt, threat, synthetic, or similar, including evidence regarding such inferences. We also have the ability to derive information or draw inferences about you based on collected information. For example, we could make inferences about your approximate location based on your IP address.

The Personal Information we collect about you depends on how you interact with us or use the Platforms. In general : for most website visitors, we collect Usage Data (as defined below), social media data, and occasionally your contact information and/or customer service-related data, depending on how you interact with us. For website visitors that use our Deepfake Detector feature, we also collect the video and audio files that you choose to upload, and your account registration information if you choose to create an account, and we generate inferences about the content that is uploaded. If you are an End User using our fraud detection services, we may receive your email address and financial account information belonging to you or a third party. If you are a Client or End User, we may also collect additional information in providing the Services, including Communications Data, identification or verification information, financial account information and employment-related information. We may also use such information to generate inferences. These descriptions are not exclusive.

2How We Collect Your Personal Information

We may collect your Personal Information directly from you, automatically via your use of the Platforms or interaction with the Services on behalf of our Clients, or from third-party sources.

You may provide Personal Information directly to us when you: use a Platform or request Services and products through a Platform (such as through our Contact Us page), including use of the Deepfake Detector; register an account with us; fill out a form through the Site; complete a survey; contact customer service; participate in our marketing campaigns; or otherwise communicate with us (including by phone, email, text or online live chat).

We collect Personal Information automatically when you interact with the Services , such as Communications Data, which is generally collected on behalf of our Clients. We may also receive and process such Personal Information from third parties.

We collect Personal Information automatically when you visit the Platforms. We may collect information via cookies, analytics tools, and other online tracking technologies, as further described in Section 6: Cookies and Other Online Tracking Technologies. We may also receive and process such Personal Information from third parties. The Personal Information we may automatically collect includes the below categories of information (collectively, "Usage Data"):

• Device and Browsing Information. When you visit the Site, we may collect IP address, browser type, domain names, access times, date/time stamps, operating system, language, device type, unique ID, Internet service provider, referring and exiting URLs, clickstream data, and similar device and browsing information.
• Activities and Usage. We also collect activity information related to your use of the Site, such as information about the links clicked, searches, features used, items viewed, time spent within the Site, your interactions with us within the Site, and other activity and usage information.
• Location Information. We may also collect or derive location information about you, such as through your IP address. If you choose to enable location-based sharing with us through your device settings, we may collect precise location information to provide content that is more relevant to your location and to otherwise improve your interactions with the Site. You may turn off location data sharing through your device settings.

We may collect information from other sources, including public/open sources, service providers, affiliates, or data brokers. For example, we may collect information from identity verification services, bank/wire verification services, and data analytics providers.

3How We Use Your Personal Information

We may use the Personal Information we collect from you to accomplish our business purposes including to:

• Provide the Platforms and Services;
• Provide you with customer support;
• For security purposes;
• Market our products and Services to you, including to provide notifications of, or evaluate your eligibility for, products or Services offered by us and/or our affiliates and subsidiaries;
• Personalize your experience with the Services and Platforms;
• Communicate with you and otherwise notify you about your account or changes to the Platforms or Services;
• Protect you, us, or others from security threats by enhancing the security of our network and information systems;
• Identify and prevent fraud;
• Maintain your account with us;
• Enable or administer our business (e.g., to service our equipment, secure or make improvements to the Platforms, prevent fraud, issue invoices, etc.);
• Comply with applicable laws and industry regulations or respond to valid legal process;
• Create de-identified, anonymized, or aggregated information; and
• Improve, evaluate, and develop new Platforms, Services and products of Diopter and/or our affiliates and subsidiaries, including by aggregating information to understand how our products and Services are being used, including browsing and device information. We may use IP addresses or other browsing and device information to analyze trends, administer the Platforms, track customer navigation on a Platform and gather aggregated demographic information.

We may also use your Personal Information to carry out any other purpose described to you at the time that the information was collected, including with your consent.

4How We Share Your Personal Information

In some cases, we may share your Personal Information with affiliates, subsidiaries, business partners, or service providers including vendors or analytics and marketing partners, as more particularly described in the following list:

• Service Providers. We engage companies and individuals (e.g., vendors, contractors, attorneys, auditors and accountants) to perform certain services on our behalf (such as conducting audits; performing legal services; processing credit card payment and billing services; providing customer service; providing customer database management services, email services, marketing, cybersecurity services, identity and financial information verification services). These third-party service providers may have access to Personal Information in order to perform the services for which they are engaged.
• Business Transfers. In connection with or in the case of a merger or combination with, or acquisition of a portion of our business by, another company or entity, including during negotiations regarding the same.
• Compliance with Law and Policy. We may release Personal Information about you if we believe such a release is necessary to comply with the law or in response to a subpoena or subject to other legal process or as needed to protect our rights. For example, we may disclose Personal Information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Diopter, our users, the public, or others.
• Related Corporate Companies. We may share your Personal Information with companies related to us by common ownership or control for the business purposes described in this Privacy Policy.
• Other Third Parties. We may also share your Personal Information with third parties with whom we have joint marketing arrangements to market other products and Services to you.
• As necessary in connection with other lawful business purposes; and
• As otherwise necessary when required or permitted by law.
• Note: In general (apart from our Site), we collect Personal Information pursuant to providing our Services on behalf of our Clients. Our Clients may have access to certain Personal Information, including inferences, findings and determinations generated on the basis of such Personal Information, e.g., whether an image or voice is likely synthetic. Once such Personal Information, inferences, findings, or determinations are made available to our Clients, we have no control over, and are not responsible for, how our Clients may use, disclose, store, or otherwise process such information. The Client's own privacy policy and practices will govern its handling of that information.

We may also disclose Personal Information with your consent or at your direction.

5Protection of Your Personal Information

We have implemented and maintain an information security program consisting of physical, electronic and managerial procedures designed to safeguard and maintain the privacy, security, and integrity of your Personal Information. Please be aware, however, that no method of data transmission or storage is completely secure.

6Cookies and Other Online Tracking Technologies; Third Party Tracking Disclosures

We and our third-party providers use cookies, pixel tags, and other technologies to collect Usage Data. We may allow third parties to collect this Usage Data on our behalf and to retain and use this Usage Data themselves. We use this Usage Data to, for example, analyze and understand how you access, use, and interact with us through the Services, to identify and resolve bugs and errors in the Services, to assess, secure, protect, optimize, and improve the performance of the Services, for marketing and advertising purposes, analytics purposes, and to personalize content in the Services. We may also aggregate such information to analyze trends, administer the Services, and gather broad demographic information.

• Third Party Analytics and Advertising. We use third party tools, which are operated by third-party companies such as Google and Amplitude, to analyze ad traffic and usage of the Services. These tools collect data about your interaction with the Services via the cookies and through the standard implementation. This data may be used for purposes including delivering banner advertisements and other advertising tailored to your interests when you visit certain websites.
• Google Analytics. We use Google Analytics on the Services to help us analyze traffic and improve our Services. For more information on Google Analytics' processing of Personal Information, please see https://www.google.com/policies/privacy/partners/. You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Preferences Manager at https://myadcenter.google.com/. You can find out more about how Google uses cookies in advertising and opt-out via the following links: Google Display Network (DoubleClick) at https://policies.google.com/technologies/ads , https://g.co/privacytools & Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout.
• Cross-Device Tracking. We and our providers may use the information we collect about you within the Services and on other third-party websites and services to help us and these third parties identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.) to interact or engage with us or the Services, for example, if you put something in a checkout cart on one device, it will remain in the cart on another device.
• Third-Party Profiling. We work with third-party ad networks, analytics, marketing partners, and others (collectively, "third-party ad companies") to personalize content and display advertising within the Services, as well as to manage our advertising on third-party sites. We work with these third-party ad companies that collect information across various channels, including offline and online, for the purposes of delivering more relevant advertising to you. We and these third-party ad companies may use cookies and other tools to collect browsing and activity information within the Site (as well as on third-party sites and services), as well as IP addresses, unique IDs, cookie and advertising IDs, and other online identifiers. Our advertising providers may place or recognize a cookie on your computer, device, or directly in our emails and communications, and we may share Personal Information with them if you have submitted such information to us. These service providers may link the information we share with them to the cookie stored on your browser or device and collect information such as your IP address, browser or operating system type and version, and demographic or purchase information. We and these third-party ad companies use this information to provide you with more relevant ads and content within the Services and on third-party sites, and to evaluate the success of such ads and content. To learn more about your choices regarding this type of data collection or to opt-out of interest-based advertising, please visit https://www.aboutads.info/choices or the EU-based Your Online Choices at https://www.youronlinechoices.com/uk/your-ad-choices.

• Google Ads. The Site uses the Google Ads remarketing service to advertise on third-party websites (including Google) to previous visitors to the Site. That could mean that we advertise to previous visitors who haven't completed a task on our Site. This could be in the form of an advertisement on the Google search results page or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone's past visits to our Site. Any data we collect will be used in accordance with this Privacy Policy, and Google is responsible for abiding by its own privacy policy. You can set your preferences for how Google advertises to you using the Google Ad Preferences page: https://adssettings.google.com/.
• Microsoft Advertising. We use Microsoft Advertising on the Services, including Bing ads and the Universal Event Tracking (UET) feature, which means that Microsoft collects Personal Information on our behalf to provide Microsoft Advertising, including remarketing. You can find out more about Microsoft's privacy practices in the Microsoft Privacy Statement here: https://www.microsoft.com/en-us/privacy/privacystatement.
• Social Media & Search Pixels. We use social media, search pixels, and other similar technologies to better measure, optimize, and retarget our marketing campaigns. This allows user-specific behavior to be tracked after they have been redirected to the advertiser's website by clicking on a social media or search ad. This enables us to measure the effectiveness of social media and search ads for statistical and market research purposes. The data collected in this way is anonymous to us, in other words, we do not see the Personal Information of individual users. This data is stored and processed by the social media and search providers. The social media and search providers may link this information to your social media or search account and also use it for its own promotional purposes, in accordance with their data privacy and usage policies.

• Session Replay Technology. We may use session replay technology in order to identify and resolve customer issues, to monitor and analyze how you use our Services, including to understand how users interact with our Site, to better understand user behavior, and to improve our Services. By continuing to use the Services, you consent to the use of session replay technology.

See "Your Privacy Rights and Choices" for additional options regarding cookies and other tracking technologies.

7. Third-Party Links : We may provide links on the Platforms to third-party websites we think may be of interest to you, including plug-ins that link to social media sites. These websites are independent from Diopter, are not under our control, and have their own separate privacy policies. Diopter is not responsible for the privacy practices or content of such third-party websites and this Privacy Policy does not apply to the privacy practices of those sites or of any companies that Diopter does not own or control. Whenever you click on links on the Platforms that take you to a third-party website, you will be subject to the third party's privacy policies. We recommend that you review the third parties' privacy polices before you use such websites.
8. Children's Privacy : The Platforms are not intended for use by children under the age of 18. We do not knowingly collect or solicit any Personal Information from children under the age of 18 or knowingly allow such persons to register for an online account. Should we learn that someone under the age of 18 has provided any Personal Information to or on the Platforms, we will remove that information as soon as possible.
9. Opting Out of Promotional E-mails : If you decide for any reason that you no longer wish to receive promotional e-mail information from us, you can unsubscribe from the Site's e-mail distribution list by clicking the "unsubscribe" link located at the bottom of each promotional e-mail. You can also opt out of receiving promotional materials by notifying us by mail, telephone or e-mail at the address and number listed below:

+1 (312) 637-6052

10Your Privacy Rights and Choices

• Residents in U.S. States with Privacy Laws : This section describes state-specific consumer rights afforded to residents of those states who have enacted comprehensive privacy laws ("State Privacy Laws"). Depending on where you reside in the United States, certain State Privacy Laws may apply to the processing of your Personal Information. Please note that not all State Privacy Laws are currently in force, and not all State Privacy Laws may apply to Diopter. Any terms defined in the applicable State Privacy Laws that we use here have the same meaning as the applicable State Privacy Law. The following rights may apply to the processing of your Personal Information if you reside in a state with an applicable State Privacy Law (including, without limitation, California, Colorado, Virginia, Connecticut, Delaware, Maryland, and Oregon):

• The right to confirm whether we are processing your Personal Information and to access such Personal Information, including the right to know certain information about the third parties with whom Personal Information is shared.
• The right to correct inaccuracies in your Personal Information, taking into account the nature of the Personal Information, and our purposes of the processing of such Personal Information.
• The right to delete Personal Information provided by or obtained about you.
• The right to obtain a copy of your Personal Information that you previously provided to us in a portable and if technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance.
• The right to opt out of the processing of your Personal Information for purposes of targeted advertising and the sale and sharing of Personal Information as described in the "Notice of Right to Opt-Out of Interest-Based Advertising" Section of this Privacy Policy.
• The right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
• The right not to be discriminated against for exercising such rights.

• Residents in the European Economic Area ("EEA")(which includes the EU, Norway, Iceland and Liechtenstein), the United Kingdom (UK) and Switzerland (collectively, "Europe"): The following rights may apply to the processing of your Personal Information if you reside in Europe:

• The right to confirm whether we are processing your Personal Information and to access such Personal Information, including the right to know certain information about the third parties with whom Personal Information is shared (right to access).
• The right to correct inaccuracies in your Personal Information, taking into account the nature of the Personal Information, and our purposes for the processing of such Personal Information (right to rectification).
• The right to object to the processing of your Personal Information (right to object).
• The right to delete Personal Information provided by or obtained about you (right to erasure).
• The right to obtain a copy of your Personal Information that you previously provided to us in a portable and if technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance (right to data portability).
• The right to request the restriction of processing of your Personal Information if the accuracy of your Personal Information is contested, the controller no longer needs the Personal Information, the processing is unlawful, or you have otherwise objected to the processing.
• The right to withdraw your consent.
• The right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
• The right to raise a claim before the relevant data protection supervisory authority (please find here the contact details of EEA supervisory authorities: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en , UK: https://ico.org.uk/ and Switzerland: https://www.edoeb.admin.ch/en).

• Exercising Your Privacy Rights: To exercise these rights, please contact us using the following information and submit the required verifying information, as further described below:

• By email to legal@diopter.ai
• To opt out of the processing of your Personal Information for purposes of targeted advertising and the sale and sharing of Personal Information, if applicable, see the "Notice of Right to Opt-Out of Interest-Based Advertising" section below.

We may need to collect additional information about your previous interactions with us to verify your identity. You may designate an authorized agent to submit requests on your behalf. To submit a request as an authorized agent on behalf of a consumer, please contact us at legal@diopter.ai. If we refuse to act upon your request, you may appeal such refusal by contacting us after your receipt of the refusal at legal@diopter.ai.

• Notice of Right to Opt-Out of Interest-Based Advertising: We use cookies and similar tracking technologies on our Platforms (as described in Section 6, Cookies and Other Online Tracking Technologies) to deliver advertisements tailored to your interests. Our use of such technologies to collect information for interest-based advertising has been deemed by applicable state laws as "targeted advertising, "or a" sale" or" sharing" of Personal Information.

• You may opt out of interest-based advertising by opening Cookie Preferences in the footer of our Site.
• You may also submit an opt-out request directly to us in accordance with the "Exercising Your Privacy Rights" Section of this Privacy Policy above.
• Please contact us at legal@diopter.ai if you have any questions or concerns regarding the opt out methods above.

11Privacy Notice for European Economic Area (EEA), United Kingdom (UK), and Switzerland

Definition of Personal Information

For purposes of this Privacy Policy:

1. (i)if applicable data protection legislation defines Personal Information more broadly than it is defined in this Privacy Policy, then the term "Personal Information" shall be deemed to be defined as indicated in such applicable data protection legislation
2. (ii)the term" Personal Information" shall be considered to include any equivalent term that may be used in applicable data protection legislation, including, without limitation, "personal data" as defined in the EU General Data Protection Regulation ("GDPR") or UK GDPR (as supplemented or amended or superseded); and
3. (iii)Personal Information shall not include data that is excluded from the scope of applicable data protection legislation.

Identity of the data controller

The data controller is Diopter AI Inc. 1 Trans Am Plaza Drive, Suite 440, Oakbrook Terrace, IL 60181 USA. For data protection purposes, you may contact Diopter by email at legal@diopter.ai.

Legal bases for processing

Retention periods are as described below.

12Changes to this Privacy Policy

We may change this Privacy Policy from time to time. You should check this Privacy Policy frequently to review the latest version of the Privacy Policy. If we make changes to this Privacy Policy, we will post the amended version on our Platforms and the effective date will be indicated by the last updated date. This Privacy Policy is not intended to and does not create any contractual or other legal right in or on behalf of any party.

13Retention

We retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected, including to provide our products and Services, comply with legal obligations, resolve disputes, enforce our agreements, and protect our legal rights.

14Transfer of Personal Information from Outside of the United States

If you use our Platforms or Services from outside of the United States, please be aware that your information may be transferred to, stored or processed in the United States, where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country, but adequate safeguards will be adopted in compliance with applicable data protection laws and regulations.

15California and Delaware Do Not Track Disclosures

Diopter adheres to the standards set out in this Privacy Policy and does not monitor or follow any Do Not Track browser requests.

16How to Contact Us : If you have any questions, requests or concerns related to this Privacy Policy, please email us at legal@diopter.ai. You can also write to us at the following address