ALTSS LLC PRIVACY POLICY

Effective Date: March 16, 2025

1. INTRODUCTION

Altss LLC ("Altss," "we," "our," or "us"), located at 390 NE 191st St STE 8906, Miami, FL 33179, is a provider of business intelligence, market data, and financial analysis services. This Privacy Policy ("Policy") describes our practices regarding information we collect from and about you when you use our platform, website, and services (collectively, the "Services").

This Policy applies to information we collect when you:

• Visit or use our website or platform

• Register for an account or subscribe to our Services

• Communicate with us via any channel

• Interact with our marketing or promotional materials

• Are included in our business intelligence databases (whether as a direct user or not)

PLEASE READ THIS POLICY CAREFULLY. By accessing or using our Services, you acknowledge that you have read and understood this Policy and that you agree to the collection, use, and disclosure of your information as described herein. If you do not agree with our practices, you should not use our Services.

IMPORTANT NOTICE REGARDING DATA COLLECTION AND RETENTION: Our Services function as a business intelligence platform that collects, analyzes, and maintains comprehensive datasets about companies, investments, market trends, and industry participants. This business model generally requires the long-term retention of information, including information that may relate to individuals in their professional capacities. Due to the nature of our Services and the legitimate business purposes they serve, we typically maintain data for extended periods and may apply various exceptions to deletion requests as permitted by applicable law, particularly when the data has been incorporated into our business intelligence systems. If you object to this approach to data management, you should not use our Services or provide information to us.

2. INFORMATION WE COLLECT

Our business model requires comprehensive data collection to provide valuable business intelligence. We collect information from numerous sources, including:

2.1 Information You Provide to Us

• Account Information: Registration details including name, email, job title, company, phone number, and billing information.

• User Content: Information you provide through the Services, including search queries, notes, saved searches, watchlists, and custom reports.

• Communications: Records of correspondence with us, including email communications, support tickets, call recordings, and chat logs.

• Transaction Information: Details regarding your subscription, transaction history, and payment methods.

• Registration Information: Information provided when registering for events, webinars, or marketing materials.

• Feedback and Research: Information provided through surveys, interviews, usability studies, or feedback mechanisms.

2.2 Information We Collect Automatically

• Usage Data: Details of your visits to and actions on our Services, including traffic data, location data, logs, and resources accessed.

• Device Information: Information about devices used to access our Services, including IP address, device type, operating system, browser type, and network information.

• Cookies and Similar Technologies: Information collected through cookies, web beacons, and other tracking technologies.

• Location Information: General location information inferred from your IP address and other data sources.

• Behavioral Data: Information about how you use our Services, including pages visited, features used, search queries, and interaction patterns.

• Technical Data: Information about your internet connection, equipment, and usage details.

2.3 Information from Third Parties

We collect substantial information from third parties, which may include information about you even if you have never directly used our Services:

• Data Providers: We license and purchase information from data providers, public databases, and data aggregators, including comprehensive information about companies, investments, professionals, market transactions, and business relationships.

• Business and Affiliate Networks: Information from business partners, customers, and affiliate networks.

• Public Sources: Information from publicly available sources, including but not limited to:

  • Public records and government databases

  • News publications and media outlets

  • Company websites and marketing materials

  • Social media profiles and public posts

  • Regulatory filings and legal documents

  • Conference attendee lists and speaker biographies

  • Professional associations and industry groups

  • Academic publications and research papers

  • Patents, trademarks, and intellectual property registries

• Referrals and Partners: Information about you provided by other users or business partners.

• Industry Information Sources: Information from industry-specific sources and databases.

2.4 Business Intelligence Information

As a provider of business intelligence services, we actively collect and compile information about:

• Companies, organizations, and investment firms

• Investment transactions, financing rounds, and deals

• Investment professionals and executives

• Market trends and industry developments

• Business relationships and organizational structures

• Professional career movements and team compositions

• Company performance and growth metrics

• Investment strategies and portfolio compositions

This may include information about individuals in their professional capacities, even if they have not directly provided information to us or used our Services. We consider this business intelligence information to be a core asset of our business, and we maintain broad rights to collect, retain, process, analyze, and distribute this information.

2.5 Special Categories of Information

We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or criminal history. Our focus is on professional and business information, not private or sensitive personal details. However, we may process information related to professional backgrounds, business activities, and economic status as part of our business intelligence operations.

2.6 Open Source Intelligence (OSINT)

A significant portion of our business intelligence is derived through OSINT (Open Source Intelligence) methodologies - the collection and analysis of information from publicly available sources. Our OSINT collection includes, but is not limited to:

• Public Web Content: Information publicly available on the internet, including company websites, press releases, news articles, blogs, and public web pages

• Public Social Media Content: Information shared publicly on professional social networks, corporate social media accounts, and other public social platforms

• Public Records: Government filings, corporate registrations, regulatory submissions, court records, property records, and other publicly accessible official documents

• Academic and Research Publications: Published research papers, academic journals, dissertations, conference proceedings, and educational materials

• Public Business Information: Annual reports, investor presentations, earnings calls, shareholder communications, and other public business disclosures

• Conference and Event Information: Speaker biographies, presentation materials, attendee lists, and other publicly shared event information

• Public Databases and Registries: Information available in public databases, directories, professional registries, and public membership lists

• Industry Publications: Trade journals, industry reports, market analyses, and sector-specific publications

• Public Professional Profiles: Professional information shared on public professional networking sites, company directories, and professional association listings

We process, analyze, combine, and enhance OSINT data to develop comprehensive business intelligence. We consider our OSINT-derived datasets to be proprietary business assets created through our substantial investment in collection, processing, and analysis methodologies.

Due to the public nature of OSINT sources, we maintain that:

1. Information collected through OSINT methodologies is exempt from many privacy restrictions since it was already publicly available

2. The processing of public information for business intelligence purposes represents a legitimate business interest

3. Individuals who make information publicly available have a reduced expectation of privacy regarding such information

4. Our transformation of publicly available information into structured intelligence creates new proprietary value exempt from certain data subject rights

5. Deletion of OSINT-derived information is generally unnecessary since the original source remains publicly accessible

Our collection and processing of OSINT is conducted in accordance with applicable laws and represents standard industry practice in the business intelligence sector.

3. HOW WE USE YOUR INFORMATION

We use information for multiple purposes essential to our business operations and Services:

3.1 Core Business Intelligence Functions

• Building, maintaining, and enhancing our comprehensive business intelligence databases

• Creating and updating company, investment, and professional profiles

• Tracking market transactions, investments, and business relationships

• Mapping corporate structures, professional networks, and market dynamics

• Analyzing industry trends, investment patterns, and market movements

• Generating competitive intelligence and market positioning insights

• Developing industry benchmarks, indices, and performance metrics

• Creating analytical models and predictive forecasts

• Supporting our fundamental business operations and commercial activities

3.2 Providing and Maintaining our Services

• Operating, maintaining, and providing features of our platform

• Processing subscriptions, transactions, and fulfilling service requests

• Personalizing user experiences and delivering relevant content

• Responding to inquiries, comments, and support requests

• Sending administrative information and service updates

• Facilitating interactive features and user-requested functions

• Maintaining security and operational integrity

3.3 Analytics and Service Improvement

• Analyzing usage patterns to improve our platform and Services

• Monitoring and measuring the effectiveness of our features

• Developing new data products, analytics, and intelligence offerings

• Conducting research to enhance our databases and algorithms

• Generating insights from aggregate data analysis

• Debugging technical issues and enhancing system performance

• Measuring advertising effectiveness and optimizing marketing

3.4 Communications and Marketing

• Communicating with you about your account and Services

• Delivering promotional communications and specialized offerings

• Providing information about products and services that may interest you

• Targeting advertisements based on user profiles and interests

• Facilitating events, webinars, and professional development opportunities

• Measuring campaign effectiveness and engagement metrics

• Managing customer relationships and business development activities

3.5 Aggregated and De-identified Information

We use aggregated, anonymized, or de-identified information derived from personal information for various commercial and non-commercial purposes, which may include:

• Creating and maintaining proprietary industry benchmarks and indices

• Developing and publishing market research, reports, and analysis

• Offering data products and analytics solutions

• Training machine learning models and algorithms

• Enhancing our databases and data services

• Developing new products and services

• Analyzing industry trends and market movements

• Providing market intelligence and competitive analysis

• Internal business planning and operations

• Sharing with third parties for their business purposes

• Other purposes consistent with our business model

Once information has been properly aggregated, anonymized, or de-identified in accordance with applicable law, it generally falls outside the scope of personal information protected by privacy regulations. For such information, we typically:

• Do not re-identify such information unless permitted by law

• Maintain it for analytical and business purposes

• Process it for legitimate business purposes

• May share it with third parties

Aggregated and de-identified data constitute important business assets that support our operations and Services. Our use of such information is consistent with standard industry practice and the approach recognized by most privacy regulations worldwide.

3.6 Legal and Security Purposes

• Complying with legal obligations and responding to governmental requests

• Enforcing our terms, conditions, and policies

• Protecting our rights, privacy, safety, or property

• Preventing, detecting, and addressing fraud, abuse, or security issues

• Responding to legal process and emergency situations

• Meeting contractual obligations and business requirements

• Evaluating or conducting corporate transactions and business transfers

3.7 OSINT Processing and Enhancement

Our use of OSINT (Open Source Intelligence) data includes sophisticated processing that creates additional proprietary value, including:

• Data Normalization: Converting varied public data formats into standardized, structured formats

• Entity Resolution: Identifying and reconciling information about the same entities across multiple sources

• Relationship Mapping: Identifying connections between companies, investments, and professionals

• Temporal Analysis: Tracking changes and developments in companies and markets over time

• Trend Identification: Recognizing patterns and trends across multiple data points

• Predictive Modeling: Developing forecast models based on historical public data

• Enrichment: Enhancing public data with additional context, categorization, and metadata

• Verification: Cross-checking information across multiple public sources

• Synthesis: Creating comprehensive profiles from fragmented public information

• Dataset Integration: Combining OSINT with proprietary data to create enhanced intelligence

This processing transforms raw public information into valuable business intelligence that constitutes a new proprietary asset. Our investment in these processing methodologies creates significant commercial value distinct from the original source material.

We maintain that our transformation of public information through these processes creates new intellectual property that is not subject to the same restrictions as the original data. The substantial resources we invest in collecting, processing, analyzing, and organizing OSINT data establishes our legitimate interest in maintaining and utilizing these datasets indefinitely.

4. HOW WE SHARE YOUR INFORMATION

As a business intelligence provider, information sharing is integral to our operations. We may share information in the following circumstances:

4.1 Through Our Core Business Services

• To Subscribers and Customers: Our primary business function is to provide business intelligence to our subscribers and customers. This includes sharing professional information, company data, investment information, and market intelligence through our platform and services.

• In Published Reports and Analytics: We may include information in published reports, market analyses, benchmarks, and other business intelligence products that we distribute or sell to customers.

• For Business Intelligence Purposes: We may share information with business partners, data providers, and others to enhance, verify, or supplement our business intelligence databases.

4.2 With Service Providers and Partners

• Service Providers: We share information with vendors, consultants, and other service providers who need access to such information to perform services on our behalf, including:

  • Data storage and cloud infrastructure providers

  • Payment processors and financial service providers

  • CRM and marketing automation platforms

  • Analytics and data processing services

  • Customer support and communication tools

  • Security and fraud prevention services

  • Professional service providers (legal, accounting, etc.)

• Business Partners: We may share information with business partners for joint marketing, co-sponsored events, or collaborative offerings.

• Data Enhancement Partners: We exchange, purchase, or sell information with data providers and aggregators to enhance and expand our business intelligence databases.

4.3 For Business Transfers and Corporate Purposes

• Business Transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, information may be one of the transferred assets. We maintain all rights to transfer all business intelligence datasets and databases without restriction.

• Corporate Affiliates: We may share information with our parent company, subsidiaries, joint ventures, or other companies under common control with us.

• Investors and Advisors: We may share information with our investors, financial advisors, and consultants to facilitate corporate governance and business operations.

4.4 Legal and Safety Purposes

• Legal Requirements: We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

• Protection of Rights: We may disclose information when we believe in good faith that disclosure is necessary to protect our rights, enforce our terms and policies, investigate fraud, or protect the safety of others.

4.5 With Your Consent or At Your Direction

• We may share information with third parties when you direct us to do so or provide your consent.

4.6 Aggregated and De-identified Information

• Unlimited Rights: We have unrestricted rights to share aggregated, de-identified, or anonymized information that does not identify you personally for any business purpose, including:

  • Publishing market insights and industry reports

  • Selling data products derived from aggregated information

  • Providing analytics and benchmarking to customers

  • Sharing with marketing and research partners

  • Creating industry indices and performance metrics

  • Any other commercial or non-commercial purpose

We obtain significant value from aggregated and de-identified information and consider our databases, analytics, and derivative works to be key business assets that we may commercialize freely without restriction.

5. DATA RETENTION AND STORAGE

5.1 Retention Period

We retain your personal information for as long as reasonably necessary to fulfill our legitimate business purposes or as required by law, whichever is longer. Our data retention practices are based on criteria including:

• The ongoing necessity of the information for providing our Services

• Our legitimate business interests, including maintaining comprehensive market intelligence

• Legal and contractual requirements to retain data

• Industry standards and practices

• Historical, statistical, and research purposes

• Data integrity and continuity of our databases and business intelligence services

• System backup requirements and disaster recovery protocols

We determine the appropriate retention period for personal information on a case-by-case basis, depending on the nature of the data and its purpose. In many cases, especially for our business intelligence information, retention periods may be extended to support our legitimate business functions.

5.2 Retention After Account Closure

When you close your account or cease using our Services:

• We typically retain your information as part of our comprehensive databases and market intelligence assets for legitimate business purposes

• Your data typically continues to support the value and accuracy of our datasets and business intelligence

• In many cases, removal of individual records could compromise the integrity and historical value of our databases

• We generally maintain the ability to continue processing your information for purposes disclosed in this Policy and as permitted by applicable law

• We may continue to include your information in aggregate analyses and market research where permitted by law

• We may retain your information to comply with legal obligations, resolve disputes, and enforce agreements

In many instances, the selective removal of individual records once they have been incorporated into our databases, analytics systems, or research datasets could be technically complex or impractical. However, we will consider such requests and comply with legal requirements applicable to your jurisdiction.

5.3 Research and Analytics Data

For information that has been aggregated, anonymized, or de-identified, we generally maintain the right to retain and use:

• Aggregated, anonymized, or de-identified data derived from personal information

• Historical datasets used for market trend analysis and industry benchmarking

• Research datasets that incorporate your information alongside other data points

• Analytical outputs derived from or informed by your information

• Statistical models trained or enhanced using your information

• Market intelligence that may incorporate elements of your information

These datasets and derivative analyses are essential to our business operations and constitute important business assets that, in most cases, would not be subject to the same deletion requirements as identifiable personal information. This position is consistent with the approach taken by many data protection regulations worldwide, which recognize that anonymized and aggregated data fall outside the scope of personal information.

5.4 Data Storage Location

Your information may be transferred to, stored, and processed in the United States and other countries where we or our service providers maintain operations. These locations may have different data protection laws than your country of residence. By using our Services, you expressly consent to such cross-border transfers of your information, and acknowledge that different jurisdictions may provide different levels of protection for personal information.

6. YOUR PRIVACY RIGHTS AND CHOICES

6.1 General Rights and Choices

The rights described below are not absolute and are subject to important limitations and exceptions:

• Access and Portability: You may request information about the personal data we hold about you. We may fulfill this by providing a general description of categories of data rather than specific data elements, particularly when fulfilling such requests would be unreasonably burdensome.

• Correction: You may request correction of your personal information if it is inaccurate. We reserve the right to verify the accuracy of the new data you provide and may decline to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

• Account Information: You may update certain account information through your account settings. However, we may retain prior versions of your information in our backup systems or for historical purposes.

• Marketing Communications: You may opt out of marketing communications by using the unsubscribe link in our emails or updating your communication preferences. Even if you opt out, we will continue to send you service-related communications.

• Cookies and Tracking Technologies: You can set your browser to refuse cookies, but this may limit your ability to use our Services. We do not respond to Do Not Track signals.

6.2 Limitations on Deletion Rights

Our Services rely on maintaining comprehensive, historical datasets for market intelligence, industry analysis, and business intelligence purposes. While we respect data subject rights, there are instances where our ability to fully delete information may be limited by legitimate business needs and applicable legal exemptions.

We may limit or deny deletion requests in accordance with applicable law where:

• Deletion would significantly impair the integrity or value of our databases

• Information has been incorporated into aggregated datasets

• Information contributes to historical trend analyses or industry benchmarking

• Data is used for research, analysis, market intelligence, or product development

• Technical limitations make selective deletion particularly complex or impractical

• Retention is reasonably aligned with user expectations of our Services

• Retention is necessary for our legitimate business interests

• Retention is required for legal, compliance, security, or fraud prevention purposes

• We have another legitimate business, legal, or security reason for retaining the data

• The information has been properly de-identified, anonymized, or aggregated

• The request is vexatious, repetitive, or would be extremely burdensome to fulfill

• We are obligated to maintain the information under applicable laws

• The data is part of ongoing business transactions or relationships

When we cannot fully delete data due to the above reasons, we may instead:

• Limit further active processing of the data for purposes unrelated to those excepted above

• Further de-identify or aggregate the data while retaining it in our systems

• Restrict access to the data while maintaining it in our databases

• Archive the data while maintaining it within our data storage systems

We make a good faith effort to balance your privacy rights with our legitimate business needs and legal obligations. Even where exceptions apply, we will comply with deletion requirements that are mandatory under applicable law.

6.3 Submitting Requests

You may submit a request to exercise your rights through:

• Your account settings

• Email to: privacy@altss.com

• Mail to: Altss LLC, 390 NE 191st St STE 8906, Miami, FL 33179

For your protection, we may need to verify your identity before processing your request. We may deny your request if we cannot verify your identity, if the request is excessive or repetitive, or if we have a legal basis to retain the information.

We will respond to verified requests within timeframes required by applicable law. However, we may take up to 90 days to respond if necessary, particularly for complex requests.

6.4 Special Provisions for OSINT-Derived Data

Information derived from OSINT (Open Source Intelligence) sources is subject to special considerations regarding privacy rights requests, consistent with industry practice and applicable law:

Deletion Requests for OSINT Data: We may limit deletion of information properly collected from public sources for several legitimate reasons, including:

• The information was already publicly available prior to our collection

• Removing such information from our systems would not remove it from the original public source

• Our legitimate interest in maintaining comprehensive business intelligence may, in many cases, provide a legal basis for continued processing of already-public information

• The journalistic, research, and historical archiving purposes of our business intelligence operation may qualify for exemptions under many privacy regulations

• The effort required to selectively identify and remove specific public information from our databases could, in many cases, be disproportionate to any privacy benefit

Access and Correction Requests for OSINT Data: When responding to access or correction requests involving OSINT-derived data:

• We may provide general categories of public sources rather than specific sources when appropriate

• We may direct you to the original public sources of information rather than providing copies

• We may limit modifications to information that accurately reflects publicly available content

• We may continue to process public information despite objections when supported by our legitimate interests and permitted by applicable law

Alternative Measures: Rather than completely deleting OSINT-derived information upon request, we may, where permitted by law:

• Annotate the information to reflect a data subject's concerns or objections

• Implement internal restrictions on certain uses of the information

• Further de-identify or anonymize the information while retaining it in our systems

• Archive the information while maintaining it for historical and research purposes

Legal Basis for Processing: Our processing of OSINT data is based on:

• Legitimate interests in providing business intelligence services

• Public interest in maintaining accurate market and company information

• Historical and research purposes that benefit the business and investment community

• The reduced privacy expectation for information already made public

We evaluate each request concerning OSINT-derived data individually and in good faith, balancing privacy interests against our legitimate business purposes and the public nature of the original information, while complying with applicable legal requirements.

7. SPECIAL NOTICE FOR CALIFORNIA RESIDENTS

This section provides additional disclosures required under California law, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). We respect the privacy rights of California residents while also applying the exceptions and exemptions that California law permits for certain business operations.

7.1 California Privacy Rights

California residents may have the following rights, subject to exceptions and limitations provided by law:

• Right to Know: You may request information about the categories of personal information we collect. We strive to provide specific information where feasible, though in some cases we may provide general descriptions to protect our proprietary business systems and operations.

• Right to Delete: California residents may request deletion of their personal information. While we respect this right, California law provides numerous exceptions, including but not limited to:

  • Information used for internal purposes that are reasonably aligned with consumer expectations

  • Information where deletion could significantly impact the integrity of our databases or business intelligence systems

  • Data that forms part of valuable datasets used for market analysis or research

  • Information that we have legitimate business reasons to retain as permitted by law

  • Information where deletion would be technically impractical or require disproportionate effort

  • Information required for security, fraud prevention, debugging, or legal purposes

  • Information that has been properly de-identified or aggregated

  • Other scenarios where exceptions apply under the CCPA/CPRA

We evaluate each deletion request individually and apply exceptions only as permitted by California law.

• Right to Correct: You may request correction of inaccurate information, subject to verification requirements.

• Right to Opt-Out of Sales/Sharing: You may request to opt out of certain data sharing activities that constitute a "sale" or "sharing" under California law.

• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

7.2 Extensive Exemptions to CCPA Requests

California law provides numerous exemptions that allow us to decline deletion and other requests, including:

• Business Purpose Exemption: We may retain any information necessary for our internal business purposes.

• Research Exemption: We may retain and continue processing your information for research purposes if the deletion would impair our research. This is particularly applicable to our market intelligence and business intelligence operations.

• Legal Compliance Exemption: We may retain any information necessary to comply with a legal obligation.

• Aggregate Information Exemption: Information that has been aggregated, de-identified, or anonymized in accordance with the CCPA and its regulations is exempt from consumer rights requests.

• Disproportionate Effort Exemption: We may decline requests that would require disproportionate effort or technical impossibility.

• Security and Integrity Exemption: We may retain information to protect against security threats, ensure system integrity, or prevent fraud.

• Prior Transaction Exemption: We may retain information related to prior transactions or ongoing business relationships.

• First Amendment Protection: We may retain information protected by the First Amendment.

• Commercial Speech Exemption: Business-to-business communications and information may be exempt.

We evaluate all consumer requests in light of these extensive exemptions and reserve the right to deny any request that qualifies for an exemption.

7.3 Deletion Request Process for California Residents

For deletion requests from California residents, we follow this process:

1. Verify the requestor's identity

2. Evaluate all applicable exemptions

3. If all information is subject to exemptions, deny the request with explanation

4. If some information must be deleted under law, we may:

   • De-identify or aggregate the information rather than delete it

   • Restrict active processing while maintaining the data

   • Archive the data while maintaining it in our systems

   • Delete only the specific elements legally required to be deleted

7.4 Categories of Personal Information Collected

In the last 12 months, we have collected the categories of personal information listed in Section 2 of this Policy.

7.5 How We Collect, Use, and Disclose Personal Information

For each category of personal information we collect, our Policy describes:

• The sources from which we collect the information (Section 2)

• Our business and commercial purposes for collecting the information (Section 3)

• The categories of third parties with whom we share the information (Section 4)

7.6 Special Research and Business Intelligence Provisions

California law specifically exempts research data from many privacy requirements. As a provider of business intelligence and market data services, we maintain strong research exemptions for:

• Market analysis and industry trend research

• Company and investment performance analysis

• Competitive intelligence and market mapping

• Investment and fundraising analytics

• Sector and industry performance metrics

• Aggregate economic and financial analyses

These research purposes constitute a core component of our business operations and provide legal basis for maintaining data despite deletion or other consumer rights requests.

7.7 Authorized Agent

California residents may designate an authorized agent to make requests on their behalf. When using an authorized agent, we require extensive verification, including: (i) written permission from the consumer; (ii) verification of both the agent and consumer's identity; and (iii) direct confirmation from the consumer.

7.8 Data Retention Practices

As detailed in Section 5, we maintain data for as long as necessary for our business purposes, which for certain datasets may be indefinitely. The CCPA/CPRA does not require specific data deletion or data retention periods, and we maintain discretion over our retention practices subject to our business needs.

7.9 Limit Use of Sensitive Personal Information

We generally do not use sensitive personal information for purposes that would trigger the right to limit use under the CPRA. To the extent any such processing occurs, it falls within the exemptions provided by the CPRA, such as providing services requested by the consumer or performing services reasonably expected by an average consumer.

7.10 Aggregated Consumer Data

If we derive aggregate consumer information from personal information, we maintain and use such aggregated data indefinitely without restriction, as such data is explicitly excluded from CCPA/CPRA consumer rights.

7.11 California Exemptions for OSINT and Business Intelligence

California residents should be aware of specific CCPA/CPRA exemptions that may apply to our business intelligence operations, particularly regarding OSINT (Open Source Intelligence):

Public Information Exemption: The CCPA/CPRA provides that "publicly available information" is excluded from the definition of "personal information" subject to certain consumer rights. Information is considered "publicly available" when it is lawfully made available from federal, state, or local government records or when a business has a reasonable basis to believe it is lawfully made available to the general public by the consumer or from widely distributed media.

Many of our OSINT collection activities involve this category of publicly available information, including:

• Information from government records

• Information lawfully available in widely distributed media

• Information intentionally made public by the individual

• Professional information lawfully made available to the general public

Business-to-Business Exemption: Much of our business intelligence focuses on business-to-business transactions and commercial information, which may be subject to different treatment under California law, including:

• Professional contact information

• Employment-related information

• Business relationship information

• Corporate transaction details

Research Exemption: Our business intelligence operations may qualify for research-related exemptions under the CCPA/CPRA, which can apply to:

• Collection, use, and retention of personal information for research purposes

• Maintenance of information when deletion would render impossible or seriously impair research

• Processing necessary for research purposes compatible with the context in which the information was provided

Disproportionate Effort Consideration: In some cases, identifying and selectively deleting specific items of personal information from comprehensive business intelligence databases could require significant technical effort, particularly when:

• Information is integrated across multiple datasets

• Information has been transformed through proprietary analysis

• Information has been incorporated into aggregated intelligence products

• Information contributes to historical trend analysis

We evaluate all California consumer requests on a case-by-case basis in accordance with applicable law, applying exemptions only as permitted.

8. DATA SECURITY

We have implemented reasonable technical, administrative, and physical safeguards designed to protect your information from unauthorized access, use, or disclosure. However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

Our security measures include:

• Encryption of sensitive data in transit and at rest

• Access controls and authentication requirements

• Regular security assessments

• Network monitoring and intrusion detection

• Employee training on data protection

• Incident response planning

You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us at security@altss.com.

9. THIRD-PARTY LINKS AND FEATURES

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Altss. This Policy applies only to our Services. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third parties before providing them with information.

10. CHILDREN'S PRIVACY

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information. If you believe we might have any information from or about a child under 16, please contact us at privacy@altss.com.

11. UPDATES TO THIS PRIVACY POLICY

We reserve the right to modify this Policy at any time at our sole discretion without notice to you. Any changes are effective immediately upon posting on our website or through the Services. Your continued use of our Services after we make changes constitutes your acceptance of such changes.

We are not obligated to notify you personally about changes, although we may choose to do so for material changes by:

• Posting a notice on our website

• Displaying an alert within our platform

• Sending an email to the address associated with your account (if available)

It is your responsibility to periodically review this Policy to stay informed about our information practices. The "Last Updated" date at the top of this Policy indicates when it was last revised. By using the Services after any changes to the Policy, you are agreeing to the revised terms.

We are not required to preserve former versions of this Policy for your reference, though we may choose to do so. The current version of the Policy supersedes all previous versions.

11. DISCLAIMERS

11.1 General Disclaimers

EXCEPT AS EXPRESSLY PROVIDED IN THESE TERMS, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ALTSS EXPRESSLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

11.2 Fund Performance Data Disclaimers

WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, ALTSS SPECIFICALLY DISCLAIMS ALL WARRANTIES REGARDING FUND PERFORMANCE DATA. ALTSS MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE ACCURACY, COMPLETENESS, TIMELINESS, OR RELIABILITY OF ANY FUND PERFORMANCE DATA PROVIDED THROUGH THE SERVICES. FUND PERFORMANCE DATA MAY BE SUBJECT TO VARIOUS INHERENT LIMITATIONS, INCLUDING BUT NOT LIMITED TO:

• SURVIVORSHIP BIAS (EXCLUSION OF DEFUNCT OR LIQUIDATED FUNDS)

• SELECTION BIAS (NON-RANDOM SAMPLING OF FUNDS)

• BACKFILL BIAS (RETROACTIVE ADDITION OF SUCCESSFUL FUNDS)

• SELF-REPORTING BIAS (SELECTIVE DISCLOSURE BY FUND MANAGERS)

• TIMING DIFFERENCES AND REPORTING DELAYS

• INCONSISTENT VALUATION METHODOLOGIES

• LIMITED SAMPLE SIZES FOR CERTAIN FUND CATEGORIES

• INHERENT LIMITATIONS IN PERFORMANCE METRICS

• VARYING CALCULATION METHODOLOGIES

• TIMING AND CASH FLOW ASSUMPTIONS

• BENCHMARK CONSTRUCTION LIMITATIONS

• DATA COLLECTION AND AGGREGATION COMPLEXITIES

YOU ACKNOWLEDGE THAT PAST PERFORMANCE IS NOT INDICATIVE OF FUTURE RESULTS, AND THAT ANY INVESTMENT DECISIONS MADE BASED ON FUND PERFORMANCE DATA ARE MADE AT YOUR OWN RISK. ALTSS IS NOT AN INVESTMENT ADVISER AND DOES NOT PROVIDE INVESTMENT ADVICE OR RECOMMENDATIONS. FUND PERFORMANCE DATA SHOULD NOT BE CONSTRUED AS INVESTMENT ADVICE OR AS A RECOMMENDATION TO INVEST IN ANY PARTICULAR FUND OR INVESTMENT VEHICLE.

12. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL ALTSS, ITS AFFILIATES, OR THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES (EVEN IF ALTSS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), ARISING OUT OF OR RELATED TO YOUR USE OF, OR INABILITY TO USE, THE SERVICES.

IN NO EVENT SHALL THE AGGREGATE LIABILITY OF ALTSS, ITS AFFILIATES, AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, AND LICENSORS ARISING OUT OF OR RELATED TO THESE TERMS OR YOUR USE OF (OR INABILITY TO USE) THE SERVICES EXCEED THE TOTAL AMOUNT PAID BY YOU TO ALTSS FOR THE SERVICES DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

THE LIMITATIONS OF LIABILITY IN THIS SECTION SHALL APPLY TO ANY THEORY OF LIABILITY, INCLUDING THOSE BASED ON WARRANTY, CONTRACT, STATUTE, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EVEN IF ALTSS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND EVEN IF A REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR CERTAIN TYPES OF DAMAGES. ACCORDINGLY, SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.

13. ADDITIONAL LEGAL INFORMATION

13.1 Legal Bases for Processing

We process personal information in accordance with applicable law. Depending on your jurisdiction, the legal bases for our processing activities may include:

Legitimate Interests: We primarily rely on legitimate interests as our legal basis for processing personal information, including:

• Operating our business and providing our Services

• Developing and improving our business intelligence platform

• Creating valuable market analysis and research

• Protecting the security and integrity of our Services

• Marketing our products and services

• Managing our customer relationships

We conduct balancing tests to ensure our legitimate interests do not unduly impact your privacy rights.

Contractual Necessity: We process personal information as necessary to fulfill our contractual obligations to you, including:

• Providing access to our Services

• Processing payments and managing subscriptions

• Responding to customer service inquiries

• Delivering requested information or services

Consent: Where required by law, we may rely on your consent to process certain types of personal information or for specific purposes. You have the right to withdraw consent at any time, though this will not affect the lawfulness of processing based on your consent before withdrawal.

Legal Obligations: We process personal information as necessary to comply with our legal obligations, including:

• Responding to valid legal process

• Complying with recordkeeping requirements

• Addressing security incidents

• Verifying identity when required by law

Public Interest: In some cases, we may process personal information for tasks carried out in the public interest or for archiving, scientific, historical research, or statistical purposes.

The specific legal basis for processing depends on the type of personal information, the purpose of processing, and applicable law in your jurisdiction.

13.2 Business Transfers and Data Assets

Altss considers its databases, including business intelligence information, market data, aggregated data, and derivative analytics, to be valuable business assets that may be transferred or sold as part of a business transaction, in accordance with applicable law.

If Altss, or substantially all of its assets, is acquired, merged, reorganized, or undergoes a similar corporate transaction, information assets will typically be included in the transferred assets. This may include:

• Business intelligence databases and datasets

• Customer and user information

• Market intelligence and analytics

• Compiled and aggregated information

• Research outputs and industry analyses

• Data models and algorithms

• Other information collected or maintained by Altss

Following any such transaction, information will continue to be governed by the applicable privacy policy then in effect, which may be modified by the new entity in accordance with Section 11 of this Policy and applicable law. You acknowledge that such transfers may occur and are permitted by this Policy.

We may commercially utilize our data assets through sale, licensing, or other business arrangements in accordance with applicable law, and such activities are important aspects of our business model. Our ability to provide valuable business intelligence depends on our capacity to collect, maintain, analyze, and transfer information assets to deliver services to our customers.

14. CONTACT US

If you have questions, concerns, or complaints about this Policy or our privacy practices, please contact us at:

Email: privacy@altss.com

Mail:
Altss LLC
Attn: Privacy Officer
390 NE 191st St STE 8906
Miami, FL 33179

We will respond to your inquiry as soon as reasonably possible, though we note that certain privacy rights requests may take longer to process as described in Section 6.3.

15. INFORMATION FOR DATA SUBJECTS OUTSIDE THE UNITED STATES

15.1 Business Intelligence and Commercial Interests

Altss is a U.S.-based business intelligence provider with legitimate commercial interests in collecting, processing, and maintaining comprehensive business information, including professional information about individuals worldwide.

Our collection and processing of information is based primarily on our legitimate business interests, which include:

• Providing business intelligence and market analysis services

• Developing and maintaining comprehensive data assets

• Creating valuable analytics and information products

• Operating our platform and business efficiently

• Fulfilling contractual obligations to customers

These legitimate interests represent the legal basis for our data processing activities, including for data subjects in jurisdictions with comprehensive privacy laws.

15.2 International Data Transfers

Altss is headquartered in the United States, and our primary data processing occurs in the United States. Information provided to or collected by us may be transferred to, stored, and processed in the United States or other countries where we or our service providers maintain operations.

By using our Services or providing us with any information, you consent to the transfer, processing, and storage of your information in countries outside your country of residence, including the United States, which may have different data protection rules than those in your country.

We take steps to ensure that any international transfer of personal information is managed in accordance with applicable data protection laws. When required by applicable law and for transfers from certain jurisdictions, we implement appropriate safeguards, which may include:

• Standard contractual clauses approved by relevant authorities

• Binding corporate rules

• Adequacy decisions where available

• Other legally approved transfer mechanisms

We acknowledge that different jurisdictions have different requirements for international data transfers, and we strive to comply with applicable requirements while balancing our legitimate business needs to operate a global business intelligence platform.

15.3 Limited Privacy Rights

While various jurisdictions provide certain rights regarding personal information, our status as a business intelligence provider allows us to assert significant exceptions and exemptions to these rights.

For information processed as part of our business intelligence operations, we maintain the following positions:

• Limited Deletion Rights: Business intelligence data may be exempt from deletion based on legitimate business interests, research purposes, and disproportionate effort exceptions

• Limited Access Rights: Access requests may be fulfilled through general descriptions rather than specific data points when providing specific data would reveal trade secrets or proprietary methods

• Record-Keeping Exemptions: We may claim exemptions from certain record-keeping requirements when they would impose disproportionate burdens

• Anonymization Alternative: We may choose to anonymize rather than delete data in response to deletion requests

• Automated Processing: Our business intelligence services necessarily involve automated processing and profiling of professional information, which we consider essential to our services

15.4 Territorial Scope and Enforcement

Our primary regulatory compliance focus is on U.S. law. While we endeavor to consider the requirements of other jurisdictions, we maintain that:

• Our primary regulatory authority is in the United States

• Extraterritorial application of foreign privacy laws to our U.S.-based operations may be limited

• Enforcement challenges create practical limitations on certain foreign privacy requirements

• The commercial nature of our business intelligence services creates significant exceptions to many data subject rights

15.5 Communication Regarding Cross-Border Requests

If you are located outside the United States and submit a data rights request, we will evaluate it under applicable U.S. law first, then consider our obligations under your local law, subject to the exceptions, exemptions, and limitations described in this Policy and available under law.

Any privacy rights requests from non-U.S. persons should be directed to privacy@altss.com with a subject line clearly indicating your country of residence and the specific right being requested.

15.6 International Considerations for OSINT

Different jurisdictions treat OSINT (Open Source Intelligence) collection and processing differently. Our position regarding international regulatory frameworks as they apply to OSINT is as follows:

European Union/EEA (GDPR):

• We maintain that our OSINT activities may qualify for journalistic, academic, artistic, or literary expression exemptions under Article 85

• Our business intelligence research functions may qualify for scientific, historical, or statistical research exemptions under Article 89

• For publicly available information, the legitimate interest basis for processing is strengthened by the prior public nature of the information

• The Court of Justice of the European Union has recognized reduced privacy expectations for information already made public

United Kingdom:

• Similar to the EU position, with additional recognition of the importance of data processing for economic well-being

• The UK Information Commissioner's Office recognizes exemptions for corporate information and publicly available data

Canada (PIPEDA):

• PIPEDA includes exemptions for information that is publicly available, particularly in prescribed registers

• Business contact information is subject to reduced protection

• Journalistic, artistic, and literary purposes may be exempt

Australia:

• The Privacy Act includes exemptions for publicly available information

• Small business exemptions may apply to certain operations

• Employee records exemptions may cover professional information

Brazil (LGPD):

• Contains research exemptions similar to GDPR

• Recognizes legitimate interest as a lawful basis for processing

• Includes provisions for processing publicly available information

We assert that our OSINT operations conform to international standards for the ethical collection and processing of publicly available information. While we consider the requirements of these international frameworks, our primary position is that:

1. Information properly collected from public sources is subject to reduced privacy protections

2. Our substantial transformation of public information creates new proprietary value

3. The business intelligence and research nature of our operations triggers important exemptions

4. International enforcement limitations create practical boundaries on extraterritorial application

When processing OSINT data related to individuals in these jurisdictions, we balance regulatory considerations against our legitimate business interests in maintaining comprehensive business intelligence.

16. ACKNOWLEDGMENT

By using our Services, you acknowledge that:

1. Altss operates as a business intelligence provider whose services rely on comprehensive datasets and analytics capabilities.

2. The collection, retention, analysis, and distribution of business information, including professional information about individuals, constitutes a core aspect of our business model.

3. We generally maintain information for extended periods to support our legitimate business purposes, as permitted by applicable law.

4. We may apply various exceptions and limitations to data subject rights requests as permitted by applicable law, particularly when complete compliance would impair our ability to provide our business intelligence services.

5. Once information is incorporated into our business intelligence systems and databases, complete deletion or modification may sometimes be technically complex, commercially challenging, or inconsistent with legitimate business operations.

6. Properly aggregated, anonymized, and de-identified data generally falls outside the scope of personal information under most privacy laws.

7. Our information assets, including business intelligence databases, represent valuable commercial assets that may be transferred as part of business transactions, consistent with applicable law.

8. Your privacy rights are important, and we will honor them as required by applicable law, balancing those rights with legitimate business needs and appropriate legal exceptions.

9. This Policy establishes the framework for our information practices, and we encourage you to contact us with any questions or concerns.

If you have questions about any aspect of this Policy, please contact us using the information provided in Section 14.

Last Updated: March 16, 2025