This Policy Applies To:

Intriq AI Dashboard Application (app.intriq.ai) ONLY – This policy governs data processing in the authenticated dashboard application.

For App.Intriq.AI Users:

BY LOGGING INTO APP.INTRIQ.AI, YOU EXPLICITLY CONSENT TO:

• Processing of your personal data as described in this Policy
• Use of PostHog analytics, tracking cookies, and related monitoring technologies
• Session recording and feature usage analytics (where applicable)
• Error logging and debugging data collection
• Security monitoring and fraud prevention measures

YOUR LOGIN CONSTITUTES YOUR BINDING CONSENT IN ALL APPLICABLE JURISDICTIONS.

Data Usage Commitment:

We will NEVER: Sell your data to third parties; Use your data for advertising purposes; Share your data for third-party marketing.

We use your data ONLY for: Product improvement for registered users; Technical support and error resolution; Security and fraud prevention; System monitoring and performance.

You Can Opt Out At Any Time:

IF YOU DO NOT CONSENT OR WISH TO OPT OUT, contact us to request account closure and data deletion:

Email: dpo@intriq.ai or privacy@intriq.ai or gdpr@intriq.ai | Subject: "Account Deletion and Data Opt-Out Request"

Response time: Confirmation within 2 business days | Deletion timeframe: Complete within 14 days (except legally required data - see Section 9).

Service access and functionality can only be provided to users who provide this consent.

This Privacy Policy applies to the Dashboard Application operated by:

Transformation Diagnostics AI Ltd, trading as Intriq.AI

Company No.: 15358901

Registered Address: 20 Wenlock Road, London, N1 7GU, United Kingdom

For the purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, we act as a Data Controller in relation to personal data collected via the Dashboard Application.

Data Protection Officer (DPO): Shynggys Menglibay | DPO Contact: dpo@intriq.ai | gdpr@intriq.ai

This Policy explains how we collect, use, and protect personal data when you:

• Access or use the Dashboard Application features (app.intriq.ai)
• Submit enquiries through the application
• Interact with us via email or support channels

This Policy applies to authenticated users of the Dashboard Application (app.intriq.ai).

We may collect the following categories of personal data:

Identity & Contact Data

Name, email address, company name, job title, phone number, user ID, account credentials (hashed)

Communication Data

Messages sent via contact forms, email correspondence, support or sales enquiries, in-app communications

Marketing Data

Newsletter subscriptions (where opted in), event registrations, communication preferences

Technical & Usage Data

IP address, browser type, device information, pages visited, referral source, cookie identifiers

Platform Usage & Analytics Data (Dashboard Application Users - MANDATORY)

• Page views and navigation paths
• Feature usage and interaction patterns
• Session duration and frequency
• Click events and UI interactions
• Error messages and debugging information
• Performance metrics (load times, API response times)
• Session replay data (where enabled)
• Search queries and filters applied
• User journey and conversion funnels

Used ONLY for product improvement and user support, NEVER sold or used for advertising.

Security & Fraud Prevention Data (Dashboard Application Users - MANDATORY)

• Login attempts and authentication events
• Device fingerprinting
• Geolocation data (IP-based)
• Security alerts and anomaly detection
• Access patterns and behavioral analysis

Used ONLY for security and fraud prevention, NEVER sold or used for advertising.

Note: We do not intentionally collect special-category data (such as health or biometric data) via the Dashboard Application.

• Directly from you – when you fill in forms, register an account, or contact us
• Automatically – through cookies, analytics tools, server logs, and monitoring systems
• From your device – device information, browser data, session information
• Third parties – marketing or analytics providers (where permitted)
• PostHog Analytics (Dashboard Application Users - MANDATORY) – automatic collection of usage, error, and performance data. Used ONLY for product improvement and support, NOT for advertising. Data NOT sold.

Dashboard Application Users (app.intriq.ai)

Contractual necessity (Art. 6(1)(b)) – Mandatory tracking and analytics are necessary to perform our contract with you. We cannot deliver the service, provide technical support, monitor system health, or ensure security without processing usage and technical data. Data is used ONLY for product improvement and registered user support, NOT sold or used for advertising.

Consent (Art. 6(1)(a)) – Marketing communications (where opted in)

Legal obligation (Art. 6(1)(c)) – Where required by law

Legitimate interests (Art. 6(1)(f)) – We have legitimate interests in: Monitoring platform performance and identifying errors; Understanding feature usage to improve the product for registered users; Preventing fraud and ensuring security; Providing technical support; Ensuring compliance with our Terms of Service; Protecting our systems and other users.

We have assessed that these legitimate interests are not overridden by your rights and freedoms. You can opt out at any time by requesting account closure and data deletion (contact dpo@intriq.ai - processed within 14 days). Data is NEVER sold or used for advertising purposes.

You may withdraw consent at any time by requesting account closure and data deletion. Contact dpo@intriq.ai or privacy@intriq.ai - we will process your request within 14 days.

Dashboard Application Data (MANDATORY PROCESSING)

We use platform usage and analytics data to:

Service Delivery (Contractual Necessity):

• Authenticate and maintain user sessions
• Render application features and user interfaces
• Process user actions and requests
• Store user preferences and settings
• Enable collaboration and sharing features

Performance Monitoring (Contractual Necessity & Legitimate Interest):

• Track application performance and load times
• Identify slow queries or bottlenecks
• Monitor API response times
• Detect and resolve errors
• Optimize system resources

Error Detection & Debugging (Contractual Necessity):

• Capture error messages and stack traces
• Record conditions leading to errors
• Enable reproduction and resolution of bugs
• Prevent recurring issues

Feature Analytics (Legitimate Interest):

• Understand feature adoption and usage patterns
• Identify unused or confusing features
• Prioritize product roadmap decisions for registered users
• Measure user engagement and satisfaction
• Optimize user experience

Security & Fraud Prevention (Legitimate Interest & Legal Obligation):

• Detect unauthorized access attempts
• Identify suspicious behavior patterns
• Prevent abuse and policy violations
• Comply with security standards (SOC 2, ISO 27001)
• Respond to security incidents

Technical Support (Contractual Necessity & Legitimate Interest):

• Investigate reported issues
• Reproduce problems in user context
• Provide assistance and guidance
• Verify resolution of support tickets

THIS PROCESSING IS MANDATORY. Service cannot be provided without it.

IMPORTANT: Your data is used EXCLUSIVELY for the purposes above. We NEVER: Sell data to third parties; Use data for advertising purposes; Share data for third-party marketing. We do not sell personal data.

PostHog is our product analytics and error monitoring platform. It is essential for service delivery. This applies to authenticated users of the Dashboard Application (app.intriq.ai).

What PostHog Collects (Dashboard Application Users)

• Automatic events: Page views, clicks, form submissions, navigation
• Custom events: Feature-specific actions (e.g., document upload, report generation)
• User properties: User ID, account type, subscription tier, preferences
• Session data: Session duration, pages per session, user journey
• Technical data: Browser, OS, screen resolution, device type
• Performance data: Page load times, API latency
• Error data: JavaScript errors, failed requests, console warnings
• Session recordings: Visual replay of user sessions (where explicitly enabled)

Data Use: ONLY for product improvement, technical support, error resolution, and security. NEVER sold or used for advertising.

Legal Basis for PostHog Processing

Contractual necessity (Art. 6(1)(b)): Required for service delivery, error resolution, and support. Legitimate interests (Art. 6(1)(f)): Product improvement, security, fraud prevention.

Your Rights Regarding PostHog Data

For authenticated users (app.intriq.ai), you can opt out of PostHog tracking at any time by requesting account closure and data deletion.

Account Closure and Data Deletion: Email: dpo@intriq.ai or privacy@intriq.ai or gdpr@intriq.ai | Subject: "Account Deletion and PostHog Data Opt-Out" | Processing time: Confirmation within 2 business days, deletion within 14 days

Other Data Rights: Access – Request a copy of your PostHog data via dpo@intriq.ai; Rectification – Correct inaccurate data through your account settings; Objection – Object by requesting account closure.

What will be deleted:

• Your PostHog analytics data associated with your account
• Session recordings
• Usage logs and events
• Personal identifiers

What may be retained:

• Anonymized aggregate statistics (no longer personally identifiable)
• Legal compliance data (audit logs, financial records per statutory requirements)

PostHog data is retained as specified in Section 9 (Data Retention).

PostHog Data Location

All PostHog data is hosted within the European Union (EU). No transfers to the United States occur. Provider: PostHog, Inc. | Hosting: EU region (Frankfurt, Germany) | Data Processing Agreement: In place | Sub-processors: AWS EU (infrastructure)

We use cookies and similar technologies for:

• Essential application functionality
• Analytics and performance measurement (MANDATORY for Dashboard Application users - used ONLY for product improvement and support, NOT advertising)
• Marketing (where consent is given for email communications)

Full details are available in our Cookie Policy.

Dashboard Application Cookie Requirements (app.intriq.ai)

• All cookies mandatory (strictly necessary, analytics, functional, security)
• Used ONLY for product improvement, support, and security
• NEVER sold or used for advertising

To opt out of Dashboard Application cookies, request account closure: dpo@intriq.ai or privacy@intriq.ai (processed within 14 days)

We retain personal data only as long as necessary:

Dashboard Application Data (app.intriq.ai)

• Account data: duration of account plus 30 days (for account recovery)
• PostHog analytics: up to 12 months rolling window
• Session recordings: up to 30 days (where enabled)
• Error logs: up to 90 days
• Security logs: up to 24 months (compliance requirement)
• Audit trails: up to 7 years (legal obligation)

Upon account closure request, personal data is deleted within 14 days, except: Data required for legal/regulatory compliance (retained per legal requirements - up to 7 years); Anonymized analytics data (no longer personally identifiable); Data subject to backup retention policies (deleted within 90 days).

To request account closure and data deletion: Email: dpo@intriq.ai or privacy@intriq.ai or gdpr@intriq.ai | Processing time: Confirmation within 2 business days, deletion within 14 days

Data is securely deleted or anonymised when no longer required.

We implement appropriate technical and organisational measures, including:

• HTTPS/TLS encryption for all data in transit
• Encryption at rest for sensitive data
• Access controls and least-privilege principles
• Multi-factor authentication (MFA) where available
• Secure hosting environments (AWS, SOC 2 Type II compliant)
• Regular security monitoring and logging
• Incident response procedures
• Annual penetration testing
• Employee security training
• Data backup and disaster recovery

Security monitoring and logging are mandatory and cannot be disabled.

We may share personal data only:

Service Providers (Data Processors)

• PostHog (product analytics) - EU-hosted - used ONLY for product improvement and support, NOT advertising, data NOT sold
• AWS (infrastructure hosting) - EU region
• Email service providers (transactional and marketing emails)
• Customer support platforms
• Security and fraud prevention services

All processors are bound by Data Processing Agreements (DPAs) and contractual confidentiality. Important: We do NOT permit processors to use your data for their own purposes, sell your data, or use it for advertising.

Legal Obligations

• Where required by law, court order, or regulatory authorities
• To enforce our Terms of Service or other agreements
• To protect our rights, property, or safety, or that of others

Corporate Transactions

In connection with a merger, acquisition, or sale of assets (with safeguards).

We do not permit third parties to use your data for their own marketing purposes. We do not sell personal data to third parties.

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards, such as:

• UK International Data Transfer Agreement (IDTA)
• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions (where applicable)

Current Transfers

• PostHog: EU-hosted, no international transfer - data used ONLY for product improvement and support
• AWS: EU region (Frankfurt), no data transfer outside EU for platform data
• Email providers: May involve transfers to US under SCCs + UK IDTA

You consent to these transfers as a condition of Dashboard Application access. To withdraw consent, request account closure: dpo@intriq.ai (processed within 14 days)

For All Users

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Request erasure ("right to be forgotten") (Art. 17)
• Restrict processing (Art. 18)
• Object to processing (Art. 21)
• Data portability (Art. 20)
• Withdraw consent (Art. 7)
• Lodge a complaint with the UK ICO or other supervisory authority

Important Notes for Dashboard Application Users (app.intriq.ai)

Right to Object (Art. 21): You may object to processing based on legitimate interests. However, we may demonstrate compelling legitimate grounds. Practical effect: To object to mandatory tracking, request account closure and data deletion - contact dpo@intriq.ai or privacy@intriq.ai. We will process your request within 14 days.

Right to Erasure (Art. 17): You have the right to erasure, but this right does not apply where processing is necessary for performance of a contract, compliance with legal obligations, or establishment/exercise/defense of legal claims. Practical effect: To exercise erasure, contact us to request account closure. We will delete data within 14 days, subject to legal retention requirements (see Section 9).

Withdrawal of Consent (Art. 7(3)): You may withdraw consent at any time. To withdraw consent, request account closure and data deletion. Contact dpo@intriq.ai or privacy@intriq.ai with subject "Account Closure and Consent Withdrawal". We will confirm within 2 business days and complete deletion within 14 days.

How to Exercise Your Rights

Contact: Email: dpo@intriq.ai or gdpr@intriq.ai or privacy@intriq.ai | Postal: Data Protection Officer, Transformation Diagnostics AI Ltd, 20 Wenlock Road, London, N1 7GU, UK

Response Time: We respond within one month.

What to Include: Full name and registered email address; Specific right you wish to exercise; Any relevant details or documentation.

Complaints: UK ICO: https://ico.org.uk | Tel: 0303 123 1113 | Email: casework@ico.org.uk | Your local data protection supervisory authority

We do not use fully automated decision-making with legal or similarly significant effects.

We may use automated tools for: Fraud detection and security monitoring (reviewed by humans); Personalization and feature recommendations (not legally significant); Error prioritization (support triage, not user-affecting decisions).

You have the right to human review of any decision that significantly affects you.

The Dashboard Application is not intended for individuals under 18.

While UK GDPR sets the age of consent at 13, we apply a higher standard of 18 given the professional B2B nature of our services. We do not knowingly collect personal data from minors.

If we become aware that a user is under 18, we will delete their data and terminate their account.

We may update this Policy from time to time to reflect: Changes in data processing activities; Legal or regulatory changes; Changes to service providers or technologies.

For material changes:

• 14-day advance notice: We will notify you at least 14 days before material changes take effect
• Notification methods: Email notification to registered users; Prominent banner on Dashboard Application; Update to "Last Updated" date; Posted at https://app.intriq.ai/privacy
• Review period: You have 14 days to review changes and decide whether to continue

If you do not accept the updated Policy: 1) Cease using the Dashboard Application before changes take effect, OR 2) Request account closure and data deletion by contacting dpo@intriq.ai or privacy@intriq.ai or gdpr@intriq.ai (Confirmation within 2 business days, deletion within 14 days).

For authenticated users, continued use of the Dashboard Application after the 14-day notice period constitutes acceptance of the updated Policy.

Contact for questions about policy changes: dpo@intriq.ai or privacy@intriq.ai

We comply with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR) 2003
• California Consumer Privacy Act (CCPA) - where applicable
• SOC 2 Type II (in progress)
• ISO 27001 (in progress)

Compliance documentation available upon request for enterprise customers.

For questions or concerns about this Privacy Policy, or to exercise your data protection rights:

Policy Owner: CISO - Serdar Senay | Data Protection Officer: Shynggys Menglibay

Transformation Diagnostics AI Ltd (Intriq.AI) | 20 Wenlock Road, London, N1 7GU, United Kingdom

Email: DPO: dpo@intriq.ai (primary contact for data rights) | GDPR requests: gdpr@intriq.ai | General privacy: privacy@intriq.ai

Response Time: We respond to all data protection inquiries within one month (or two months for complex requests, with explanation).

For Account Closure and Data Deletion Requests:

• Email dpo@intriq.ai with subject "Account Deletion Request"
• Include your registered email address and account details
• We will confirm receipt within 2 business days
• Deletion will be completed within 14 days