Privacy Policy

Effective Date: January 1, 2026

Last updated: March 19, 2026

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Site. “Personal Data” means any information that identifies or relates to a particular individual, and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations. This Privacy Policy does not cover the practices of companies we do not own or control, or people we do not manage.

2.1 Categories of Personal Data We Collect The table below details the categories of Personal Data that we collect and have collected over the past 12 months:

2.2 Categories of Sources of Personal Data We collect Personal Data about you from the following categories of sources:

You Directly — when you: • Provide information directly to us. • Use our interactive tools and Site features. • Voluntarily provide information in free-form text boxes or through surveys. • Send us an email or otherwise contact us.

Automatically — when you use our Site: • Certain information is collected automatically, such as your IP address, browser type, and pages visited. • If you use a location-enabled browser, we may receive information about your location.

2.3 Our Business Purposes for Collecting Personal Data

Providing, Customizing, and Improving the Site • Providing you with information, products, or services you request. • Providing support and assistance for the Site. • Improving the Site through testing, research, and internal analytics. • Personalizing Site content and communications based on your preferences. • Performing fraud protection, security monitoring, and debugging. • Carrying out other business purposes stated when collecting your Personal Data or as required by applicable law.

Marketing • Marketing and promoting our services to you.

Corresponding with You • Responding to correspondence from you, contacting you when necessary or requested, and sending you information about Company or our services.

Meeting Legal Requirements and Enforcing Legal Terms • Fulfilling our legal obligations under applicable law, regulation, or court order. • Preventing, detecting, and investigating security incidents and potentially illegal activities. • Protecting the rights, property, or safety of you, Company, or another party. • Enforcing any agreements with you. • Resolving disputes.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.

2.4 Recruitment When you apply for a role at Nuasecurity, Inc., we collect and process personal data as part of our recruitment process. This may include your name, contact details, resume or CV, employment history, and any other information you provide. We use this data to evaluate your application, communicate with you throughout the hiring process, and comply with applicable legal and regulatory requirements.

Your application data may be shared with relevant internal team members and trusted third-party service providers who assist with recruitment operations. We retain recruitment-related personal data only as long as necessary for hiring decisions and compliance purposes. If you wish to access, update, or request deletion of your application data, please contact us at security@nuasecurity.com.

We disclose your Personal Data to the categories of service providers and other parties listed in this section.

Service Providers — these parties help us provide the Site or perform business functions on our behalf. They include: • Hosting, technology, and communication providers. • Support and customer service vendors. • Product and service delivery providers.

Analytics Partners — these parties provide analytics on web traffic or usage of our Site. They include: • Companies that track how users found or were referred to our Site. • Companies that track how users interact with our Site.

3.1 Legal Obligations We may share any Personal Data we collect with third parties where required to comply with applicable laws, regulations, court orders, or legal processes, or to prevent, detect, or investigate security incidents and potentially illegal activities.

3.2 Business Transfers All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security practices.

3.3 Aggregated or De-Identified Data We may create aggregated, de-identified, or anonymized data from the Personal Data we collect. We may use and share such data with third parties for lawful business purposes, including to analyze and improve the Site and to promote our business, provided that we will not share such data in a manner that could identify you personally.

We seek to protect your Personal Data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational, and administrative security measures based on the type of Personal Data and how we are processing that data. As a cybersecurity company, we hold ourselves to a high standard of security practice. However, please be aware that no method of transmitting data over the internet or storing data is completely secure.

We retain Personal Data about you for as long as necessary to provide you with access to the Site and to fulfill the purposes described in this Privacy Policy. In some cases, we retain Personal Data for longer if doing so is necessary to comply with our legal obligations, resolve disputes, collect fees owed, or as otherwise permitted or required by applicable law. We may further retain information in anonymous or aggregated form where that information would not identify you personally.

As noted in our Terms of Use, the Site is intended for users 18 years of age or older. We do not knowingly collect or solicit Personal Data from individuals under the age of 18. If you are under 18, please do not use the Site or submit any Personal Data to us. If we learn that we have collected Personal Data from a child under 18 years of age, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided Personal Data to us, please contact us at security@nuasecurity.com.

6.1 California Resident Rights Under California Civil Code Sections 1798.83–1798.84, California residents are entitled to contact us to prevent disclosure of their Personal Data to third parties for those third parties’ direct marketing purposes. To submit such a request, please contact us at security@nuasecurity.com.

6.2 Nevada Resident Rights If you are a resident of Nevada, you have the right to opt out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us at security@nuasecurity.com with the subject line “Nevada Do Not Sell Request” and providing us with your name.

This section applies to users located in the Kingdom of Saudi Arabia, the United Arab Emirates, and other Gulf Cooperation Council (“GCC”) member states.

7.1 Saudi Arabia — Personal Data Protection Law (PDPL) If you are a resident of the Kingdom of Saudi Arabia, your Personal Data is processed in accordance with the Saudi Arabian Personal Data Protection Law (PDPL) and its Implementing Regulations, as supervised by the Saudi Data and Artificial Intelligence Authority (SDAIA). You have the following rights with respect to your Personal Data: • Right of Access: You may request information about the Personal Data we hold about you and receive a copy. • Right to Correction: You may request that we correct any inaccurate or incomplete Personal Data. • Right to Erasure: You may request that we delete your Personal Data, subject to applicable legal retention requirements. • Right to Withdraw Consent: Where we process your data based on your consent, you may withdraw that consent at any time.

Where required by Saudi law or by SDAIA, Personal Data of Saudi residents will be stored within the Kingdom of Saudi Arabia or in jurisdictions that provide an adequate level of data protection as recognized by SDAIA.

7.2 United Arab Emirates — Federal Decree-Law No. 45 of 2021 If you are a resident of the United Arab Emirates, your Personal Data is processed in accordance with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection and its implementing regulations. You have the following rights with respect to your Personal Data: • Right of Access: You may request details about the Personal Data we hold about you. • Right to Rectification: You may request correction of inaccurate Personal Data. • Right to Erasure: You may request deletion of your Personal Data where permitted by law. • Right to Object: You may object to the processing of your Personal Data for certain purposes.

7.3 Cross-Border Data Transfers (GCC) Any transfer of Personal Data from GCC member states to other jurisdictions will be conducted in accordance with the applicable data transfer requirements of the relevant GCC data protection laws, including through the use of appropriate contractual safeguards or other approved transfer mechanisms.

To exercise any of your GCC data subject rights, please contact us at security@nuasecurity.com with the subject line “GCC Privacy Request” and we will respond within the timeframes required under applicable law.

If you are a resident of the European Union (“EU”), United Kingdom (“UK”), Liechtenstein, Norway, or Iceland, you may have additional rights under the EU or UK General Data Protection Regulation (“GDPR”) with respect to your Personal Data.

We process your Personal Data on the following lawful bases: (i) “contractual necessity” where processing is required to perform our Terms of Use with you; (ii) “legitimate interests” where processing furthers our or a third party’s legitimate business interests; or (iii) your “consent” where expressly indicated at the time of collection.

You have the following rights under the GDPR: • Access: Request a copy of the Personal Data we hold about you. • Rectification: Request correction of inaccurate or incomplete Personal Data. • Erasure: Request deletion of some or all of your Personal Data. • Withdrawal of Consent: Withdraw consent at any time where processing is consent-based. • Portability: Request a machine-readable copy of your Personal Data, or ask us to transmit it to another controller where technically feasible. • Objection: Object to processing of your Personal Data for certain purposes, including direct marketing. • Restriction: Request that we restrict further processing of your Personal Data. • Right to Lodge a Complaint: Lodge a complaint with the supervisory authority of your country or EU Member State.

The Site is hosted and operated in the United States. By using the Site, you acknowledge that your Personal Data may be transferred to and processed in the United States or other countries whose data protection laws may differ from those in your country of residence. We will take appropriate safeguards to ensure such transfers comply with applicable law.

To exercise your EU or UK data subject rights, please contact us at security@nuasecurity.com.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. If we make material changes, we will place a notice on the Site and/or notify you by email or other reasonable means. If you use the Site after any changes to this Privacy Policy have been posted, that constitutes your agreement to the updated terms. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data, or your choices and rights regarding such use, please contact us at:

Nuasecurity, Inc. Email: security@nuasecurity.com Website: www.nuasecurity.com

For EU and UK residents who wish to exercise GDPR rights or contact a Data Protection representative, please use the same email address above with the subject line “GDPR Request”.