CYBERTITAN, INC.

1. INTRODUCTION

CyberTitan Inc. ("CyberTitan", "we," "us," or "our") respects the privacy of its Users ("User," "your," or "you"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the CyberTitan's platform by the name Matters (the "Platform"), which includes our websites located at www.matters.ai or www.optiq.ai (the "Website"), and our connected services to automate, analyze, and optimize operations through AI-driven workflows and integrations (collectively, the "Services").

CyberTitan is a technology company that provides a software as a service cybersecurity and AI engineering platform to business and enterprise customers. Our Platform enables Users to optimize their operations by detecting data security risks, respond and prevent data loss and provides mitigation.

CyberTitan is committed to protecting the privacy of its Users whose information is collected and stored while using the CyberTitan Platform, including our website, mobile applications, and any connected or cloud-based services. This Privacy Policy applies to the Website, Platform, and all applications offered for public use or sale.

The capitalized terms have the same meaning as ascribed in our Terms of Use or Terms of Service as applicable, unless otherwise noted here.

2. TERRITORIAL APPLICABILITY

Our Website, App, Services, and Platform are intended for use globally, including by individuals in the European Union (EU), the United States, and other jurisdictions, subject to applicable law. If you are located in the EU/EEA, we process your personal data in accordance with the General Data Protection Regulation (GDPR), including by implementing appropriate safeguards for international data transfers (see Section 12, "Cross-Border Data Transfers").

If you are a resident of the United States, the laws of the State of Delaware, United States shall govern your use of the Website, App, Services, and Platform, in accordance with our Terms of Service. If you are a resident of another jurisdiction, you are responsible for ensuring that your use of our Services complies with all applicable local laws and regulations.

By using our Services, you agree to be bound by this Privacy Policy, our Terms of Use, and our Terms of Service, as applicable.

If you have any questions regarding this section or your rights under applicable law, please contact us atprivacy@matters.ai

3. WHAT INFORMATION DO WE COLLECT?

When you register to use our Website, Services, or Platform, we collect personal information (also referred to as personally identifiable information or "PII") which may include your name, address, online contact information such as your email address or username, phone number, and other personal information. The information so collected will be stored on our servers. You are able to change your personal information via email by contacting us at privacy@matters.ai or through your profile or account settings on our Website, App, Services, or Platform.

a. Geolocation and Equipment Information

We may collect information that does not personally identify you, such as (i) your geolocation, (ii) technical and diagnostic data about your internet connection and hardware (iii) information about your internet connection, the equipment you use to access our Website, Services, or Platform, and usage details. We use this information to improve system performance, deliver localized content, and enhance the user experience.

b. Financial Information

We currently do not collect or store any credit cards or bank information, as we are using a third-party payment processor. However, we will update this Privacy Policy when we start using and storing such information. We will also inform you via reasonable means if we start collecting such information from you.

4. HOW DO WE COLLECT INFORMATION?

We collect personal information from you in the following ways:

1. At registration on our Website, Services, or Platform;
2. In email, text, and other electronic messages between you and our Website, App, Services, or Platform;
3. Through mobile and desktop applications your downloads from our Website, App, Services, or Platform, which provides dedicated non-browser based interaction between you and our Website, App, Services, or Platform;
4. From you placing an order, which includes details of transactions you carry out on our Website, App, Services, or Platform;
5. When you subscribe to a newsletter;
6. From your responses to a survey;
7. From forms filled out by you;
8. From records or copies of correspondences (including email addresses) if you contact us;
9. When you use or access CyberTitan's APIs or authorize a third party to do so on your behalf;
10. From search queries on our Website, Services, or Platform; and

We collect information from you automatically when you navigate through our Website, Services, or Platform in the following ways:

1. Information obtained through browser cookies;
2. Information obtained through flash cookies;
3. Web beacons on our Website;
4. Device type, operating system, browser type, language preferences, and time zone;
5. Unique device identifiers (such as UUID, MAC address, or advertising ID, where applicable);
6. Geolocation data, either approximate (e.g., city or region) or precise, if you enable location features on the App;
7. Web beacons on emails sent by us; and
8. Other tracking technologies.

5. HOW DO WE USE YOUR INFORMATION?

We use the information that you provide to:

1. Personalize your experience in using our Platform;
2. Provide you with information, products, or services requested from us;
3. Present our Website, Services, and Platform and their contents to you;
4. Provide you with notices about account and/or subscription, including expiration and renewal notices;
5. Carry out obligations and enforce rights arising from contracts entered into between you and us, including billing and collection;
6. Notify you about changes to our Website, App, Services, and Platform and any products or services;
7. Allow you to participate in interactive features on our Website, App, Services, and Platform;
8. Improve the Website, Services, and Platform;
9. Improve our customer service;
10. Administer contests, promotions, and surveys or other Website, Services, and Platform features;
11. Process transactions;
12. Anonymize data and aggregate data for statistics;
13. Contact you for other purposes with your consent;
14. Contact you about our products and services that may be of interest;
15. Contact you about third parties' goods and services;
16. Ensure compliance with legal obligations under applicable laws such as GDPR, CCPA, and PIPA, including data retention, access requests, and security measures.
17. Enable the display of advertisements to our advertisers' target audiences, although personal information is not shared with advertisers without your consent; and
18. Send you periodic emails, in accordance with the CAN-SPAM Act of 2003 as detailed in Section 18, via the email address provided by you to (i) send information, respond to inquiries, and/or other requests or questions; (ii) process orders and send information and updates pertaining to such orders; (iii) send additional information related to your product and/or service; and (iv) market to our mailing list or continue to send email to you after the original transaction has occurred.

6. OUR COOKIE POLICY

Cookies are small pieces of text used to store information on web browsers. Cookies are used to store and receive identifiers and other information on computers, phones, and other devices. Other technologies, including data we store on your web browser or device, identifiers associated with your device, and other software, are used for similar purposes. In this Privacy Policy, we refer to all of these technologies as "Cookies."

We use Cookies on our Website and Platform to (a) help remember and process items in the shopping cart, (b) understand and save your preferences for future visits, (c) keep track of advertisements, (d) compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future, (e) enable secure logins and account authentication, (f) detect and prevent fraudulent activity, (g) measure the effectiveness of email campaigns, push notifications, and other communications, (h) analyze engagement and usage patterns across our Platform and connected devices, and (i) allow trusted third-party services that track this information on our behalf. You can set your browser to refuse all or some browser Cookies, but it may affect your user experience. We honor Do Not Track signals and, if one is in place, we will not track, plant cookies, or use advertising. Where required by applicable law (such as in the EU/EEA), we will request your consent before placing or accessing non-essential Cookies, including those used for analytics or advertising.

We allow third party behavioral tracking and links to third-party web pages. Occasionally, at our discretion, we may include or offer third-party products or services on our Website, Services, or Platform. These third- party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Website, Services, or Platform and welcome any feedback at about these sites. Please contact us atprivacy@matters.ai.

If you are an EU resident, please reach out to us at privacy@matters.ai for more information about specific cookies we use, their purpose, and how you can manage or withdraw your consent.

7. HOW DO WE PROTECT INFORMATION WE COLLECT?

CyberTitan is committed to safeguarding the personal information you entrust to us. We have implemented a combination of technical, organizational, and administrative security measures to protect your data from unauthorized access, disclosure, alteration, and destruction.

Our Website and App are reasonably scanned to meet or exceed PCI Compliance. Our Website receives regular security scans and penetration tests. Our Website also receives regular malware scans. In addition, our Website use an SSL certificate as an added security measure. We require username and passwords for our employees who can access your personal information that we store and/or process on our Platform and servers. In addition, we actively prevent third parties from getting access to your personal information that we store and/or process on our Platform and servers. We accept payment by credit card through a third party credit card processor on our behalf. We will implement reasonable security measures every time you (a) place an order, or (b) enter, submit, or access your information, (c) register, or (d) access our Platform, on our Website.

8. DATA SECURITY MEASURES

a. Security Measures

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers protected by industry-standard encryption protocols and firewalls. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, Services, or Platform, you are responsible for keeping this password confidential. We recommend that you use a unique, strong password and avoid sharing your login credentials with others. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. While we actively monitor and maintain the integrity of our security systems, please note that no method of transmission over the internet or electronic storage is entirely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website, Services, or Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Website, Services, or Platform. If you believe your account has been compromised, please contact us immediately atprivacy@matters.ai

b. Fair Information Practice Principles

In the event of a personal data breach, we will notify you within seventy-two (72) hours via (i) email and/or (ii) our Platform notification system on our Website. We agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle ensures that individuals have: (i) access to legal remedies against companies that fail to protect personal data or violate privacy laws; (ii) recourse through regulatory authorities, such as data protection agencies or supervisory bodies; (iii) the right to lodge complaints with a relevant data protection authority; and (iv) the ability to seek damages, where applicable, for any unlawful processing or breaches of personal data. We are committed to upholding your rights under applicable privacy laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant legal frameworks.

9. DISCLOSURE OF PERSONAL INFORMATION

There are times when we may share Personal Information that you have shared with us may be shared by CyberTitan with others to enable us to provide you our Services, including contractors, service providers, and third parties ("Partners"). This section discusses only how CyberTitan may share such information with Partners. We will ensure that our Partners protect your Personal Information. The following describe how and with whom we may share your Personal Information:

Disclosure of Personal Information

1. We may disclose aggregated, de-personalized information about you that does not identify any individual to other parties without restriction, such as for marketing, advertising, or other uses.
2. We may disclose personal information to our subsidiaries and affiliates.
3. We may disclose personal information to contractors, services providers, and other third parties.
4. We require all contractors, service providers, and other third parties to whom we disclose your personal information to be under contractual obligations to keep personal information confidential and to use it only for the purposes for which we disclose them.
5. We may disclose personal information in the event of a merger, sale of business, etc.
6. We may disclose to third parties to market their products and services to you if you have either consented or not opted out of these disclosures.
7. We may disclose personal information to third parties to market their products and services if you have either consented or not opted out of these disclosures.
8. We require all other Partners, to whom we disclose your personal information, to enter into contracts with us to keep personal information confidential and use it only for the purposes for which we disclose it to such Partners.

10. DATA RETENTION, MINIMIZATION, AND AUTOMATED PROCESSING

a. Data Retention

We retain Personal Information only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, and regulatory obligations. The specific retention periods include: (i) Account Information: Retained while your account remains active and for twelve (12) months after account closure; (ii) Platform Performance Metrics: Retained for twenty-four (24) months to assist with product performance monitoring and enhancement; and (iii) Transaction Records: Retained for seven (7) years to comply with applicable financial and tax regulations.

We may retain Personal Information for longer periods when: (i) required by applicable law or regulation; (ii) necessary for the establishment, exercise, or defense of legal claims; (iii) requested by a User with respect to their own Personal Information; or (iv) retained in an anonymized or aggregated form that does not reasonably identify the User.

b. Data Minimization

We are committed to the principle of data minimization. CyberTitan collects only the Personal Information necessary to provide and improve our Services. We implement technical and organizational safeguards to ensure that data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We conduct quarterly data minimization audits to identify and eliminate any unnecessary or excessive data in our systems.

c. Secure Deletion

Upon expiration of the applicable retention period, we securely delete Personal Information using industry-standard methods designed to render the data permanently unrecoverable. We maintain internal documentation of all secure deletion activities in compliance with applicable laws and internal data governance protocols.

11. GOOGLE ADSENSE AND GOOGLE ANALYTICS

Google, as a third-party vendor, uses Cookies to serve advertisements to Users on our Website, Services, and Platform. Google uses first-party Cookies, such as Google Analytics Cookies, to compile data regarding User interactions with ad impressions and other ad service functions as they relate to our Platform. We currently use Google Analytics to collect and process certain Website and App usage data. To learn more about Google Analytics and how to opt-out, please visit https://policies.google.com/privacy/google-partners.

We have implemented advertising features on our Website, Services, and Platform including: (a) remarketing with Google AdSense; and (b) Google Display Network Impression Reporting;

We use these Cookies to compile data regarding User interactions with ad impressions and other ad service functions as they relate to our Website

This data may include page views, time spent on site, browser type, operating system, referring URLs, and interactions with specific features or content. We do not combine the information collected through the use of Google Analytics with personally identifiable information (PII) unless you have affirmatively provided that information to us.

12. FOR OUR EUROPEAN CUSTOMERS AND VISITORS

We are headquartered in the United States, and most of our operations are located in the United States and India. Your Personal Information, which you give to us during registration or use of our Website, App, or Platform, may be accessed by or transferred to us in the United States or India. If you are visiting our Website or registering for our Services from outside these countries, be aware that your Personal Information may be transferred to, stored, and processed in the United States or India.. Our servers or our third-party hosting service providers are located in the United States and India. By using our site, you consent to the transfer of your Personal Information out of Europe, the UK, or Switzerland for processing in the US, India, or other countries where we or our subprocessors operate.

14. YOUR CALIFORNIA PRIVACY RIGHTS

CyberTitan does not sell, trade, or otherwise transfer to outside third parties your "Personal Information" as the term is defined under the California Civil Code Section § 1798.82(h). Additionally, California Civil Code Section § 1798.83 permits Users of our Website, App, Services, or Platform that are California residents to request certain information regarding our disclosure of their Personal Information to third parties for their direct marketing purposes. To make a request for such disclosure, or identification and/or deletion of Personal Information in all our systems that we store on you, please send an email toprivacy@matters.ai or write us at CyberTitan, Inc.

16. COPPA COMPLIANCE (FOR CHILDREN UNDER 13 USERS ONLY)

The Children's Online Privacy Protection Act ("COPPA") is a federal legislation that applies to entities that collect and store "Personal Information," as the term is defined under COPPA, from children under the age of 13. We are committed to ensure compliance with COPPA. Our Website, Services, and Platform are not meant for use by children under the age of 13. Our Website, Services, and Platform do not target children under the age of 13, but we do not age-screen or otherwise prevent the collection, use, and personal disclosure of persons identified as under 13. If you would like to know more about our practices and specifically our practices in relation to COPPA compliance, please email us at privacy@matters.ai.

We do not conduct age verification, and as a result, may unintentionally collect Personal Information from individuals under the age of 13 without our knowledge. If we learn that we have collected Personal Information from a child under the age of 13 without verification of parental consent, we will delete such information promptly.

IF YOU ARE UNDER 13, PLEASE DO NOT ACCESS OR USE OUR Website, Services, or Platform.

19. LIST OF THIRD-PARTY SERVICE PROVIDERS

CyberTitan uses the following third-party service providers for the provision of services as detailed under the Terms of Use or Terms of Service, as applicable:

Additionally, if you have any questions or concerns about our third-party service providers, please email us at privacy@matters.ai.

20. ANTI-BRIBERY COMPLIANCE

CyberTitan represents and warrants that it is fully aware of and will comply with, and in the performance of its obligations hereunder will not take any action or omit to take any action that would cause it or its customers to be in violation of, (i) U.S. Foreign Corrupt Practices Act, (ii) U.K. Anti-Bribery Act, (iii) India Prevention of Corruption Act of 1988, or (iv) any other applicable anti-bribery statutes and regulations, and (v) any regulations promulgated under any such laws. Company represents and warrants that neither it nor any of its employees, officers, or directors is an official or employee of any government (or any department, agency or instrumentality of any government), political party, state owned enterprise or a public international organization such as the United Nations, or a representative or any such person (each, an "Official"). CyberTitan further represents and warrants that it has instituted and will maintain policies and procedures reasonably designed to ensure compliance with such anti-bribery laws.

21. CONTACT US

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at:

• Privacy Officer
• Email: privacy@matters.ai