Privacy Policy

This Privacy Policy applies to our websites, applications, services, and other offerings that link to this policy (collectively, the "Services"). It explains how Hadrius Inc. ("Hadrius," "we," "our," or "us") collects, uses, stores, and protects your personal data. Please review it carefully to understand your rights and our commitments regarding your information.

Important Notice Regarding Business Customer Data

This Privacy Policy does not apply to information we process on behalf of our business customers (such as financial services firms, broker-dealers, investment advisers, and other organizations) while providing the Services to them. That data, which may include communications content, trading activity, employee information, and other compliance-related data, is processed by Hadrius solely on behalf of and at the direction of our business customers, who act as the controllers of such data. Our use of that data is governed by our Data Processing Agreement and customer agreements with those business customers.

If you are an employee or associated person of a Hadrius business customer and have questions about how your data is handled, please contact your employer's compliance or legal department, as they control how your information is processed through our Services.

What this Privacy Policy Covers

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services as a prospect, website visitor, or account administrator. "Personal Data" means any information that identifies or relates to a particular individual and includes information referred to as "personally identifiable information" or "personal information" under applicable data privacy laws, rules, or regulations.

Personal Data

Categories of Personal Data We Collect

Identity and Profile Information First and last name, email address, phone number, name of employer or company, job title. Shared with: Service Providers, Parties You Authorize, Your Employer (if you submit a company email).

Account and Authentication Data Login credentials, account preferences, role and permissions settings. Shared with: Service Providers.

Financial Services Integration Data Information about connected brokerage accounts, custodians, or data feeds. Shared with: Service Providers, Financial Data Providers (e.g., Plaid).

Marketing Data Lead information, information related to marketing campaigns, engagement metrics. Shared with: Service Providers, Marketing Automation Platforms.

Web Analytics Usage statistics, performance metrics, user behavior on our websites. Shared with: Service Providers (e.g., Analytics Providers).

Device/IP Data Device ID, IP address, type of device/operating system/browser used to access the Services, geolocation data. Shared with: Service Providers.

Cookies Cookie ID, cookie types (e.g., session, persistent). Shared with: Service Providers, Content Delivery Networks.

Support Data Support inquiries, correspondence with our team, feedback. Shared with: Service Providers.

Other Information You Provide Information submitted by you in emails, messages, survey responses, or other content you share with us. Shared with: Service Providers, Parties You Authorize.

Categories of Sources of Personal Data

We collect Personal Data about you from the following categories of sources:

• When you fill out a form to request a demo or more information about our Services.
• When you provide such information directly to us.
• When you create an account or use our Services.
• When you voluntarily provide information in free-form text boxes through the Services.
• When you send us an email or otherwise contact us.
• When you use the Services and such information is collected automatically, including through Cookies (defined in the "Tracking Tools, Advertising and Opt-Out" section below).
• From vendors and marketing automation platforms that help us analyze how you interact with the Services or manage our campaigns and outreach.

Our Commercial or Business Purposes for Collecting Personal Data

Providing, Customizing and Improving the Services Creating and managing your account. Processing orders and billing. Providing you with the products, services, or information you request. Meeting or fulfilling the reason you provided the information to us. Providing support and assistance for the Services. Personalizing the Services, website content, and communications based on your preferences. Doing fraud protection, security, and debugging. Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws.

Advertising and Marketing the Services Advertising, marketing, and selling the Services.

Corresponding with You Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Hadrius or the Services. Sending emails and other communications according to your preferences.

Meeting Legal Requirements and Enforcing Legal Terms Fulfilling our legal obligations under applicable law, regulation, court order, or other legal process, such as preventing, detecting, and investigating security incidents and potentially illegal or prohibited activities. Protecting the rights, property, or safety of you, Hadrius, or another party. Enforcing any agreements with you. Responding to claims that any posting or other content violates third-party rights. Resolving disputes.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.

How We Share Your Personal Data

We disclose your Personal Data to the categories of service providers and other parties listed in this section. Depending on state laws that may be applicable to you, some of these disclosures may constitute a "sale" of your Personal Data. For more information, please refer to the state-specific sections below.

Service Providers These parties help us provide the Services or perform business functions on our behalf. They include:

• Hosting, technology, and communication providers
• AI & machine learning providers
• Security and fraud prevention consultants
• Support and customer service vendors

Marketing and Advertising Partners We may share your Personal Data with marketing and advertising partners that assist us in promoting our Services, delivering targeted advertisements, and analyzing campaign effectiveness.

Analytics Partners These parties provide analytics on web traffic or usage of the Services. They include companies that track how users found or were referred to the Services and companies that track how users interact with the Services.

Parties You Authorize, Access, or Authenticate

Legal Obligations We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under "Meeting Legal Requirements and Enforcing Legal Terms" above.

Government and Law Enforcement Requests We may disclose Personal Data to government authorities or law enforcement officials in response to a valid legal process such as a subpoena, court order, or search warrant. Where legally permitted, we will notify affected business customers before disclosing their data, giving them an opportunity to seek protective measures. We do not voluntarily provide customer data to government agencies outside of valid legal process. For business customers subject to specific regulatory requirements, data disclosure procedures may be further addressed in your customer agreement or Data Processing Agreement.

Business Transfers All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

Data that is Not Personal Data We may create aggregated, de-identified, or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified, or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build, and improve the Services (including to improve our AI models) and promote our business, provided that we will not share such data in a manner that could identify you.

Scope for UK and EU Individuals

Hadrius processes personal data relating to individuals located in the United Kingdom and European Union. Where applicable, Hadrius complies with the UK GDPR and EU GDPR.

Data Controller Hadrius Inc.123 William St, New York, NY 10038, United StatesEmail: hello@hadrius.com

EU Representative (Article 27 GDPR) Instant EU GDPR Representative Ltd.Office 2, 12A Lower Main Street, Lucan, Co. Dublin, IrelandEmail: contact@gdprlocal.com

UK Representative (UK GDPR Article 27) GDPR Local Ltd.27-29 North Street, Brighton, EnglandEmail: contact@gdprlocal.com

Purposes of Processing and Lawful Basis

Account administration — Name, email, role — Art. 6(1)(b) Contract

Security monitoring — Logs, IP addresses — Art. 6(1)(f) Legitimate Interests

Legal compliance — Business contact data — Art. 6(1)(c) Legal obligation

Marketing — Name, email — Art. 6(1)(a) Consent

Rights of UK and EU Data Subjects

Individuals located in the UK or EU have the right to:

• Access their personal data
• Rectify inaccurate data
• Request erasure
• Restrict or object to processing
• Data portability

Requests may be submitted to hello@hadrius.com.

Tracking Tools, Advertising and Opt-Out

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, "Cookies") to enable our servers to recognize your web browser, tell us how and when you visit and use our Services, analyze trends, learn about our user base, and operate and improve our Services. Cookies are small pieces of data — usually text files — placed on your computer, tablet, phone, or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that because of our use of Cookies, the Services do not support "Do Not Track" requests sent from a browser at this time.

Essential Cookies Required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.

Functional Cookies Used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).

Performance/Analytical Cookies Allow us to understand how visitors use our Services. They do this by collecting information about the number of visitors to the Services, what pages visitors view, and how long visitors are viewing pages. They also help us measure the performance of our advertising campaigns to help us improve our campaigns and the Services' content for those who engage with our advertising.

You can decide whether to accept Cookies through your internet browser's settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some Services and functionalities may not work.

To explore what Cookie settings are available to you, look in the "preferences" or "options" section of your browser's menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/.

AI and Machine Learning

Our AI-powered compliance platform uses machine learning to analyze communications, marketing materials, and transaction patterns to identify potential compliance issues, flag items for supervisory review, and help compliance teams prioritize their oversight activities. Our AI processes data on behalf of our business customers to provide the Services and in accordance with the applicable customer agreement.

Usage Data Hadrius may collect and use Usage Data (which includes usage patterns, performance metrics, and technical logs relating to how customers use the Services) for purposes of operating, maintaining, and improving the Services; developing new products and features; generating aggregated benchmarks and analytics; and ensuring security. Usage Data is only disclosed in aggregated or anonymized form that cannot identify any customer or individual.

Third-Party AI Providers We use third-party AI and machine learning providers, including OpenAI, to deliver certain features of our Services. A current list of our Sub-processors, including AI providers, is available at https://trust.hadrius.com/subprocessors. These providers process data in accordance with our contractual data processing agreements, which prohibit them from using customer data for their own training purposes.

AI Limitations Our AI-powered Services may produce results that are incomplete, inaccurate, or require human review. Customers are responsible for reviewing AI-generated results and making final compliance decisions. For additional limitations, please refer to our Terms of Service.

Data Retention

Business Customer Data For data processed on behalf of business customers (including communications, trading data, and employee information), retention periods are governed by our Data Processing Agreement (DPA) and customer agreements with each customer. Customers configure retention periods based on their regulatory requirements (such as SEC, FINRA, or other applicable rules), and Hadrius retains such data in accordance with customer instructions.

Account and Marketing Data For Personal Data we collect directly (such as account information and marketing data), we retain it only for as long as necessary to fulfill the purposes for which it was collected, provide our Services, comply with legal obligations, and enforce our agreements.

Deletion Requests To request deletion of your Personal Data, contact us at hello@hadrius.com. Note that for data processed on behalf of business customers, deletion requests should be directed to the business customer, who controls that data.

Data Security

We implement comprehensive security measures to protect Personal Data from unauthorized access, use, disclosure, alteration, and destruction, including:

• Encryption: TLS 1.2+ for data in transit; AES-256 encryption for data at rest
• Access Controls: Role-based access control, multi-factor authentication, single sign-on support
• Network Security: Firewalls, intrusion detection, vulnerability scanning
• Organizational Measures: Employee training, confidentiality obligations, background checks

For more information about our security practices and certifications, visit https://trust.hadrius.com or contact hello@hadrius.com.

In the event of a data breach affecting your Personal Data, we will notify affected parties as required by applicable law.

Age Requirements

The Services are intended for business users and are not directed to individuals under the age of 18. We do not knowingly collect Personal Data from anyone under 18 years of age. If you are under 18, please do not use the Services or provide any information to us.

State Law Privacy Rights

California Residents Under California Civil Code Sections 1798.83–1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties' direct marketing purposes. To submit such a request, contact us at hello@hadrius.com.

Nevada Residents Nevada residents have the right to opt-out of the sale of certain Personal Data. To exercise this right, contact us at hello@hadrius.com with the subject line "Nevada Do Not Sell Request."

Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia Residents To the extent Hadrius processes Personal Data subject to the privacy laws of these states, we will comply with applicable requirements regarding confidentiality, data subject rights, and Sub-processor obligations. For business customer employees, rights requests should be directed to your employer.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on https://www.hadrius.com or by other appropriate means. Your continued use of the Services after any changes indicates your acceptance of the updated Privacy Policy.

Contact Information

If you have any questions or comments about this Privacy Policy, please contact us at:

Quantbase Investments, Inc.123 William St, New York, NY 10038, United States

Email: hello@hadrius.com