DATASENT PRIVACY POLICY

Last updated and effective as of: April 15th, 2024

This Datasent Privacy Policy (“Privacy Policy”) is effective as of the date shown above, and describes how Datasent, Inc. (“Datasent,” “we,” “our,” or “us”) collects, uses, stores, shares, and otherwise processes information collected about you when: (1) you access and/or use our website(s), mobile application(s), or other digital properties we own and operate (“Websites”); (2) you use our product(s) and services (“Services”); (3) you communicate with us in any manner, including by email, direct messaging, telephone, and/or in person (“Communications”); and (4) we interact with certain third parties.

1. BACKGROUND INFORMATION ABOUT DATASENT

   Datasent offers a consent control that fully takes advantage of distributed ledger technologies to provide a clear method for users to set consent controls that can be specifically tailored for retailers, brands, or other companies (referred to as our “Business Customers”), specific to the unique engagement and circumstances in connection with such Business Customer and its users. Where a Business Customer has contracted with us and is using our Services in connection with its website and interactions with you, we act as a service provider, providing such Services on the Business Customer’s behalf. However, with respect to your general use of our Services and creating an account with us that may be used with different Business Customers, we do not act as a service provider but are instead processing such limited information on our own behalf.

   
   

   With respect to information we process on our own behalf, your rights and choices are set forth below in the “Your Rights and Choices” section. However, where we process your information as a service provider, please contact the Business Customer directly with your inquiries, or to exercise your rights and choices per the Business Customer’s policies and procedures.

   
   

   If you have any questions or wish to exercise your rights and choices as described herein, please contact

   us as set forth in the “Contact Us” section.

   
   

2. INFORMATION WE COLLECT ABOUT YOU

   Depending on how you engage with our Websites and Services, the nature of our Communications, and how we may interact with certain third parties, we may collect the following pieces of your information:

   
   

   • Basic Identifying Information. This is information you provide when you sign up for an account for our Services or to receive updates through signing up for such Services through our Websites, such as your full name, e-mail address, and other similar identifiers.

   • Device Identifier and Other Unique Identifiers. This is information such as your device identifier, internet protocol (IP) address, cookies, beacons, pixel tags, mobile ad identifier, and other unique identifiers.

   • Internet or Other Network Activity. This is information such as your browsing or search history, and other information regarding your interactions with our Websites, Services, Communications, and advertisements.

   • Geolocation Data. This is information that permits us to determine your general (i.e., city or postal code level) location.

   • Commercial Information. This is information such as the products and samples you have purchased or considered, your preferences on various products and brands, photographs of your receipts containing purchases, and related information about your commercial activities.

   • User Content. This is information such as your Communications with us and any other content you voluntarily provide, including survey responses, comments, reviews, and testimonials.

   • Inferences. This is information drawn from or created based on the information identified above.

3. HOW WE COLLECT YOUR INFORMATION

   
   

   We collect your information in three ways: (1) directly from you when you engage with our Websites, Services, or Communications; (2) automatically using online technologies when you engage with our Websites, Services, or Communications; and (3) from certain third parties.

   
   

   • Directly From You. We collect information directly from you when you provide your information on or through our Websites, create an account for our Services, update your account profile, access our content, use our Websites or Services, engage in Communications with us, or sign up to receive emails, text messages, or certain other Communications from us. Directly collected information typically includes your name, age, gender, contact information (such as email address and phone number), account username and password, and the content provided by you in any Communication.

   • Automatically Using Online Technologies. When you visit our Websites, open or click on Communications we send you, or interact with our advertisements, we or other third parties may automatically collect certain information about you using online tracking technologies such as cookies, pixels, web beacons, software developer kits, and related technologies (for more information, see the section entitled “Cookies” below). Automatically collected information includes data related to Website features you use, pages you visit, emails and advertisements you view, products and services you view and purchase, the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and your IP address.

   • From Third Parties. We collect information from certain third parties, such as brands, data analytics providers, marketing or advertising providers, fraud prevention service providers, and vendors that provide services to us.

     
     

4. HOW WE USE YOUR INFORMATION

   We use your information for a variety of purposes, including:

   
   

   • Provision of Our Websites and Services to You. We use your information to provide our Websites and Services to you, which includes: (1) creating and managing your account when you sign up to use our Services; (2) facilitating your access to and use of our Websites and Services; (3) sending you notifications relating to your account and participation in our Services; (4) answering your Communications; and (5) performing other related business functions.

   • Provision of Our Services to Business Customers. When a Business Customer enters into an agreement with us to use our Services for the Business Customer’s website and related interactions with you, we will use your information as necessary to provide both you and the Business Customer the respective services on the Business Customer’s behalf.

   • Communications With You. We use your information to engage in Communications with you for various purposes, including responding to your requests, inquiries, or feedback, and providing customer care and support.

   • Marketing and Advertising. We use your information for marketing and advertising purposes, including sending marketing, advertising, and promotional communications to you by email, text message, or postal mail. We also use your information to show you advertisements for our Services.

   • Analytics and Personalization. We use your information to conduct research and analytics for various purposes, including improving our Websites and Services; understanding your interaction with our Websites, advertisements, Services, and our Communications with you; personalizing your experience as a user of our Websites or Services; better understanding your needs as a user of our Websites or Services; and providing personalized recommendations for our Services.

   • Security and Fraud Prevention. We use your information to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions. We also use your information to enforce our terms and procedures, prevent security incidents, and prevent harm to other users of our Websites or Services.

   • Legal Obligations. We use your information to comply with our legal and regulatory obligations, to establish and exercise our rights, and to defend against legal claims.

   • Business Functions. We use your information to support our core business functions, including maintaining records related to business management, loss prevention, and collection of amounts owed, and identifying and repairing errors or problems in our Websites or Services.

     
     

     For information on your rights and choices regarding how we use your information, please see the section

     entitled “Your Rights and Choices” below.

5. HOW WE DISCLOSE YOUR INFORMATION

   
   

   We may disclose or share your information with affiliated and non-affiliated third-parties, including in the following scenarios:

   • Consent. We may disclose or share your information with your consent, which may be obtained in writing; online, through “click-through” agreements; when you accept the terms of use on our Websites or Services; orally, either in person or on the phone; or by other means.

   • Business Transfer. We may disclose or share your information: (1) in connection with, or during negotiations of, any proposed or actual corporate business transaction, such as a merger or acquisition, joint venture, corporate reorganization, financing, or sale of Datasent assets; (2) in the event of insolvency, bankruptcy, or receivership; or (3) any other transaction in which your information could be transferred to third parties as a business asset of Datasent.

   • Business Partners and Service Providers. We may disclose or share your information with certain non-affiliated third parties to facilitate your access and use of our Websites or Services, and to provide us with certain business functions. Such third parties may include brand partners, internet service providers, advertising networks, data analytics providers, governmental entities, operating systems and platforms, payment processors, and service providers who provide us with a required service (e.g., customer service, auditing, marketing, debugging to identify and repair errors that impair existing intended functionality on our Websites or Services and/or to protect against malicious, deceptive, fraudulent, or illegal activity).

   • Blockchain Platform. Your information may be accessed by certain non-affiliated third parties when, in the course of using certain Services, you engage in a transaction that is recorded on a

     blockchain. In such cases, certain personal information related to the transaction will be published on the blockchain, such that it may be accessible to third parties not controlled by us, and will be recorded on the blockchain permanently across a wide network of computer systems, such that it will be incapable of deletion. Moreover, many blockchains are open to forensic analysis which can lead to de-anonymization and the inadvertent revelation of personal information, especially when blockchain data is combined with other types of data.

   • Legal Process and Protection. We may disclose or share your information to satisfy any applicable law, regulation, legal process, or governmental request. We may also disclose or share your information where we have a good faith belief that disclosure of such information is reasonably necessary: (1) to enforce or apply our agreements; (2) to protect or defend our rights, interests, or property; (3) to protect our Websites or Services; (4) to investigate any violation or potential violation of the law, this Privacy Policy, the terms of use for our Websites and Services, or any other obligation related to your use of our Websites or Services; (5) to protect the safety of other users of our Websites or Services; and (6) in connection with any applicable claim, dispute, or litigation.

     Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated and/or de-identified), except as prohibited by applicable law. For information about your rights and choices regarding how we share information about you, please see the section entitled “Your Rights and Choices” below.

     
     

6. COOKIES

   What are cookies? A cookie is a small file containing a string of characters that is sent to your device when you visit a website or use an online service. When you visit the website or use the service again, the cookie allows that website or online service to recognize your browser or device. Cookies may store unique identifiers, user preferences, and other information.

   
   

   What is the duration of cookies? How long a cookie remains on your device depends on whether it is a “session cookie” or “persistent cookie.” Session cookies are temporary and expire once you close your browser or once your session ends. Persistent cookies remain on your device for much longer, and their durations vary depending on their expiration date. Prior to expiration, a persistent cookie can be removed from your device if deleted by you or your browser.

   Why do we use cookies? Cookies help us improve our Websites and Services by providing us with information about which aspects are most popular, enabling us to analyze technical and navigational information about the Websites and Services, and helping us detect and prevent fraud. We also use cookies and other data collection tools (such as web beacons and server logs) to help improve your experience with the Websites and Services. Such data collection tools use cookies to collect standard internet log and visitor behavior information in an anonymous form. The information generated by the cookie about your use of a Website or Service is transmitted to our data collection tool service providers. This information is then used by us to evaluate visitors’ use of our Websites and Services, and to compile statistical reports regarding activity on our Websites and Services for Datasent.

   
   

   For more information with respect to your rights and choices related to cookies, please see the section

   entitled “Your Rights and Choices – Cookies and Other Tracking Technologies” below.

7. ANALYTICS

   We use analytics services, such as Google Analytics, to help us understand how you and other users access and use our Websites or Services, as well as help us understand market trends and popularity of our Services. As part of this process, we may incorporate tracking technologies into our Websites, Services, and/or Communications. For further information on the types of tracking technologies we use and your rights and choices regarding analytics, please see the “How We Collect Your Information – Automatically Using Online Technologies” and “Your Rights and Choices – Analytics” sections.

   
   

8. YOUR RIGHTS AND CHOICES

   
   

   1. Accounts

      You may access, update, or remove certain information that you have provided to us through your account by visiting the account’s settings, or by sending an email to the email address set out in the “Contact Us” section below. We may require additional information from you to verify your identity. Please note that we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

      
      

   2. Communications

      You may opt out of receiving promotional emails from us at any time by following the removal instructions in the specific Communication that you receive, or by emailing us at the email address set out in the “Contact Us” below with the word “UNSUBSCRIBE” in the subject field of the email. Please note that your opt-out is only effective for the email address used to send the opt-out email.

   3. Cookies and Other Tracking Technologies

      
      

      Cookies. Most browsers accepx cookies by default. By changing your browser settings, you can instruct your browser to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser’s settings and limitations.

      Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Please note, however, that there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.

      
      

      Please be aware that if you disable or remove tracking technologies, some parts of our Websites or Services may not function correctly.

      
      

   4. Analytics

      Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout and by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb/.

   5. Rights Under Specific Laws

   If you are a data subject in the United Kingdom (“UK”) or any part of the European Economic Area (“EEA”), please see the “Additional Disclosures for People in Europe” section below.

   
   

9. DATA SECURITY

   We implement and use reasonable security measures designed to prevent unauthorized intrusion to our Websites and Services, and unauthorized alteration, acquisition, or misuse of users’ personal information. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you, collected from you, or submitted by you. We will not be responsible for loss, corruption, or unauthorized acquisition or misuse of information that you provide or that we collect through our Websites or Services that is stored by us, our business partners, or our service providers, or for any damages resulting from such loss, corruption, or unauthorized acquisition or misuse.

   
   

10. CHILDREN’S PRIVACY

    Our Websites and Services are not directed towards, nor were they designed to attract the attention of, any children, and we do not knowingly collect or maintain personal information from any person under the age of thirteen.

    
    

11. CHANGES TO THIS PRIVACY POLICY

    We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of or engagement with our Websites, Services, or Communications indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide additional notice by informing you about such changes by email, through our Website, and/or via other channels we may use to communicate with you.

    
    

12. CONTACT US

    Please contact us at info@datasent.conm if you have any questions or concerns about this Privacy Policy, or wish to exercise your rights and choices as described herein.

    
    

13. ADDITIONAL DISCLOSURES FOR PEOPLE IN EUROPE

1. Roles and Data Controller’s Contact Details

   The General Data Protection Regulation (“GDPR”) and data protection laws in Europe distinguish between organizations that process personal information for their own purposes (known as “controllers”) and organizations that process personal information on behalf of other organizations (known as “processors”).

   
   

   We act as a controller with respect to personal information collected from you as you engage with our Websites, Services, or Communications that is for our own behalf, or that we use with all of our Business Customers (e.g., your username and account credentials to use our Services). However, for information we process solely on a Business Customer’s behalf in connection with such Business Customer’s website, we act as a processor and such Business Customer is the controller.

   If you have questions with respect to our processing of your information as a controller, you can contact

   us by email at the email address set forth in the section entitled “Contact Us” above.

   
   

2. Lawful Basis For Processing

   The GDPR and data protection laws in Europe require a “lawful basis” for processing personal information.

   Our lawful bases include the following:

   • To fulfill obligations in the agreement between you and Datasent. To use our Websites or Services, you and Datasent entered into an agreement under the applicable terms of use, and in order for us to fulfill our obligations with respect to providing our Websites or Services under such agreement, we must collect your personal information to provide the necessary functionality. In addition, Datasent has entered into agreements with our Business Customers for such Business Customers to implement our Services on their own websites. In such situations, we are processing information in accordance with our agreement with the specific Business Customer, based on either your consent with such Business Customer, or for some other legal basis established by the Business Customer. The information we collect and how it is used by us is further detailed in the sections entitled “Information We Collect About You” and “How We Use Your Information” above.

   • To pursue our legitimate interests. Our legitimate interests include, among others, understanding how our Websites or Services are functioning, improving our Websites or Services, developing new products and services, and preventing fraud. To pursue the foregoing, we process personal information. Where we rely on a legitimate interest to process personal information, we carry out a balancing test to weigh the legitimate interest against your right to protection of your personal information; however, our processing of your personal information will never override your fundamental rights and freedoms, and you can always exercise your right to object to such processing.

   • Consent. In certain situations where you provide us with consent, we may process your personal information.

   • To comply with law. In limited circumstances, we may process personal information in order to comply with legal obligations. To the extent we have received such information from third parties with whom we have agreed to certain contractual requirements or obligations (e.g., standard contractual clauses), we will use our reasonable efforts to dispute the disclosure of personal information, unless legally required to do so.

3. Retention Of Information

   
   

   Once the purpose of processing is fulfilled, we retain personal information for no longer than the applicable statutory limitation period. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which we process the personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. We will delete or anonymize personal information once the applicable retention period has expired.

   
   

4. Data Transfer

   If the GDPR applies and your data is transferred outside the UK or the EEA to the United States or any other country, we will transfer your personal information subject to appropriate safeguards, such as an adequacy decision by the European Commission on the basis of Article 45 of Regulation (EU) 2016/679 or

   Standard Contractual Clauses, as provided from time to time by the European Commission. You can receive additional information about where your personal information is transferred and the appropriate safeguards by contacting us.

   
   

5. Your Data Subject Rights

   Your Rights. If you are a data subject under the GDPR, subject to certain conditions, you have the right to:

   • Access, rectify, or erase any personal information we process about you;

   • Data portability – that is, asking us to transfer your personal information to any third party of your choice;

   • Restrict or object to our processing of your personal information; and

   • Where applicable, withdraw your consent at any time for any processing of your personal information.

   How to Exercise Your Rights. Where we are acting as a controller with respect to your information, you may exercise your rights by submitting a written request to us at the email address set out in the section entitled “Contact Us” above. We will respond to your request within thirty (30) days. We may request certain information from you to help us verify your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will provide you with an explanation, subject to legal restrictions.

   
   

   All requests related to information we process as a processor should be directed to the Business Customer that is the controller of the information. If we receive a request from you and determine that your request relates to our acting as a processor and not a controller, we may direct you to contact the respective Business Customer to have your request addressed.

6. Complaints

If you have a complaint about our use of your personal information or our response to your request(s) regarding your personal information, you may submit a complaint to the Data Protection Supervisory Authority in your jurisdiction. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator and welcome you to first direct an inquiry to us.

In addition to our contact details set out above, you can also contact our Designated Individual Overseeing Compliance of this Privacy Policy by emailing info@datasent.com or writing us at:

Datasent, Inc.

5900 Balcones Drive

Suite 8043

Austin, TX 78731 USA