Effective Date: May 28, 2026

Deep Vector Inc. dba Loss Scan | 3433 NW Conrad Dr., Bend, Oregon 97703 | info@lossscan.com

1. OVERVIEW AND SCOPE

Deep Vector Inc. dba Loss Scan ("Loss Scan," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy ("Policy") describes how we collect, use, disclose, and protect Personal Information in connection with:

• our websites, including without limitation www.deepvector.com, www.lossscan.com, app.lossscan.com, app.lossscan.io, and any successor URLs, mobile or localized versions, and related domains and subdomains (collectively, the "Website");
• our software platform, applications, APIs, and related services (the "Services") as described in the Loss Scan Terms of Service Agreement ("Agreement"); and
• our marketing, sales, and communications activities.

This Policy applies to Personal Information we collect through the Website and our marketing activities. For information about how we handle Customer Data submitted to the Services by enterprise customers under the Agreement, please refer to the Agreement and any applicable data processing addendum. This Policy does not govern the processing of Customer Data — that is addressed exclusively in the Agreement.

‍This Policy also serves as a notice to California residents under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA"). Capitalized terms used in the CCPA/CPRA context carry the meanings given to them under that statute.

Please read this Policy carefully. By visiting the Website or otherwise providing your contact information to us, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use the Website or provide us with your personal information.

2. KEY DEFINITIONS

"Personal Information" means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household or device. Personal Information does not include:

• publicly available information from government records;
• lawfully obtained, truthful information that is a matter of public concern;
• de-identified or aggregated information that cannot reasonably be used to identify an individual;
• health or medical information governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or comparable state regulations; or
• information governed by the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), the Driver's Privacy Protection Act of 1994, or comparable state regulations.

"Customer Data" means data, documents, and information submitted by enterprise customers and their authorized users to the Services under the Agreement. Customer Data is not subject to this Policy.

‍"Website Visitor" means any individual who accesses or browses the Website without necessarily entering into a subscription or contractual relationship with Loss Scan.

3. PERSONAL INFORMATION WE COLLECT

3.1 Information You Provide Directly

We collect Personal Information that you voluntarily provide to us, including when you:

• complete a contact form, request a demo, or submit a quote request on the Website;
• subscribe to marketing communications, newsletters, or product updates;
• register for or attend a Loss Scan webinar, event, or conference;
• correspond with us by email, phone, or other means;
• share a business card or contact information with us in person at conferences or industry events; or
• otherwise engage with us in a sales or marketing context.

The categories of Personal Information you may provide in these contexts include: name, job title, employer or company name, business email address, business phone number, business mailing address, and general business needs or interests.

3.2 Information Collected from Third-Party Sources

We may supplement the Personal Information we collect directly with information obtained from reputable third-party sources, including:

• commercially available business contact databases and data providers, used to complete or update business records already in our marketing database or for prospecting purposes;
• social media platforms including LinkedIn, Twitter/X, Facebook, and Instagram, where you interact with Loss Scan-owned or operated pages or content; and
• third-party advertising and analytics partners who provide aggregated or pseudonymized data about engagement with our advertising campaigns.

We only obtain Personal Information from third parties where we have a reasonable basis to believe such information was collected lawfully and in accordance with applicable privacy law.

3.3 Information Collected Automatically

When you visit the Website, we and our service providers may automatically collect certain technical and usage information, which may constitute Personal Information, including:

• details of your visits to the Website, including traffic data, referring URLs, pages viewed, time spent on pages, and navigation paths;
• device and connection information, including IP address, device type, operating system, browser type and version, and language settings;
• geographic location data at the city or regional level, derived from your IP address or, where applicable, through geo-fencing technology used in connection with specific marketing campaigns;
• search query data, where you have reached the Website through a specific search term, used to understand marketing effectiveness; and
• social media interaction data on pages owned or controlled by Loss Scan.

We collect this information using the following technologies:

• Cookies. Small data files placed on your device by your browser. You may configure your browser to refuse cookies, though doing so may affect your ability to access certain features of the Website. Our system will issue cookies when you direct your browser to the Website unless you have adjusted your browser settings to refuse them.
• Flash Cookies. Local shared objects used by certain Website features to store preference and navigation data. Flash cookies are managed separately from browser cookies and are not affected by standard browser cookie settings.
• Web Beacons. Small electronic image files (also known as clear GIFs, pixel tags, or single-pixel GIFs) embedded in Website pages or emails that allow us to count page visits, measure email open rates, and collect related analytics.
• Geo-Fencing Technologies. Location-based technologies used in connection with specific marketing efforts to understand whether visitors are accessing the Website from targeted geographic areas.
• Search Tracking. Technologies that identify the search terms or referral sources that directed a visitor to the Website, used to measure the effectiveness of search marketing campaigns.

Automatically collected information may be linked to Personal Information we hold from other sources. We use this information to improve the Website, personalize your experience, and optimize our marketing activities.

4. HOW WE USE PERSONAL INFORMATION

We use the Personal Information we collect for the following purposes, relying on the legal bases indicated where applicable under privacy law:

• To fulfill or meet the reason for which you provided the information, including responding to inquiries, processing demo requests, and providing requested materials.
• To operate, maintain, and improve the Website, including debugging, testing, analytics, and product development.
• To send you marketing communications, including product updates, news, promotional materials, event invitations, and customized service offerings, where you have provided consent or where we have a legitimate interest in doing so, and in each case subject to your right to opt out.
• To personalize the Website experience and deliver content, offers, and advertisements relevant to your interests, including through third-party advertising platforms and social media, consistent with applicable law and your preferences.
• To maintain the security, integrity, and functionality of the Website and related systems, including detecting and preventing fraud, unauthorized access, and other malicious activity.
• To comply with applicable legal obligations, including responding to valid law enforcement requests, court orders, or governmental regulations.
• To evaluate or facilitate a merger, acquisition, financing, reorganization, dissolution, or sale of assets, in which case Personal Information may be transferred as part of the transaction, subject to customary confidentiality protections.
• For research, analytics, and internal reporting to improve our marketing effectiveness, Website usability, and business operations.

‍We will not use Personal Information collected through the Website for purposes that are materially different from, unrelated to, or incompatible with those described in this Policy without providing you with prior notice and, where required, obtaining your consent.

Note on Marketing Communications: All marketing emails include an unsubscribe link. You may opt out of marketing communications at any time by clicking "unsubscribe" in any email or by contacting us at info@lossscan.com. Opting out of marketing communications does not affect transactional or service-related communications, where applicable.

5. AI SYSTEMS AND CUSTOMER DATA ISOLATION

Loss Scan's Services incorporate artificial intelligence and machine learning technologies that are privately operated and controlled exclusively within Loss Scan's closed infrastructure. For the avoidance of doubt:

• Personal Information collected through the Website is not submitted to or processed by the Services' AI systems for model training, inference, or any other purpose.
• Customer Data submitted by enterprise customers to the Services is not used for Website personalization, marketing analytics, or any purpose governed by this Policy.
• Loss Scan does not submit any Personal Information or Customer Data to publicly available consumer AI platforms or external AI model providers for any purpose.

These commitments are consistent with and complementary to the data isolation and AI infrastructure provisions set forth in Sections 3.4 and 4.1 of the Agreement.

6. DISCLOSURE OF PERSONAL INFORMATION

6.1 Service Providers and Business Partners

We may share Personal Information with third-party service providers who assist us in operating the Website, conducting marketing activities, and running our business, including:

• email marketing and CRM platforms;
• web analytics and advertising technology providers;
• event management and webinar platforms;
• cloud hosting and IT infrastructure providers; and
• professional advisors, including attorneys and accountants, under applicable confidentiality obligations.

We require all third-party service providers to maintain appropriate confidentiality and security measures and to use Personal Information only for the purposes for which it was disclosed.

6.2 Legal and Regulatory Disclosures

We may disclose Personal Information to law enforcement agencies, regulatory bodies, courts, or other governmental authorities where we are legally required to do so or where we have a good-faith belief that such disclosure is necessary to: (a) comply with a valid legal obligation or process; (b) enforce our rights under this Policy or the Agreement; (c) protect the safety, rights, or property of Loss Scan, our customers, or the public; or (d) detect, prevent, or address fraud, security, or technical issues.

6.3 Business Transfers

In connection with a merger, acquisition, financing, reorganization, bankruptcy, dissolution, or sale of all or a portion of Loss Scan's assets, Personal Information held by us about Website Visitors may be among the assets transferred. We will provide notice before Personal Information is transferred and becomes subject to a materially different privacy policy, to the extent practicable.

6.4 No Sale of Personal Information

Loss Scan does not sell, rent, or trade Personal Information to third parties for monetary compensation. We do not sell Personal Information as that term is defined under the CCPA/CPRA or any other applicable privacy statute. We may share de-identified or aggregated information that cannot reasonably identify any individual with third parties for marketing, analytics, or research purposes.

7. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies as described in Section 3.3. You have the following options with respect to cookies:

• Browser Settings. Most browsers allow you to refuse, delete, or be notified before accepting cookies. Consult your browser's help documentation for instructions. Note that disabling cookies may affect certain Website functionality.
• Flash Cookies. Flash cookies must be managed through your Adobe Flash Player settings, not through your browser. Visit the Adobe website for instructions on managing Flash cookie preferences.
• Do Not Track. Some browsers transmit "Do Not Track" signals to websites. Our Website does not currently respond to Do Not Track signals, as there is no industry-wide standard for how such signals should be honored. We will revisit this position as standards evolve.
• Third-Party Analytics. We use Google Analytics and similar services to understand Website traffic and user behavior. These services may set their own cookies and collect information in accordance with their own privacy policies. You may opt out of Google Analytics data collection by installing the Google Analytics Opt-out Browser Add-on.

Information collected through cookies and similar technologies may be transmitted to and processed by third-party analytics and advertising providers. Such information is used in aggregated or pseudonymized form and is not used by Loss Scan to identify individual Website Visitors without their consent, except as necessary for security or fraud prevention purposes.

8. DATA RETENTION

We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, as described in this Policy, and to comply with applicable legal obligations. The specific retention period for any category of Personal Information depends on the nature of the information and the purpose for which it is used. In general:

• Marketing contact information is retained for as long as you remain an active prospect or contact in our marketing database, subject to your right to opt out or request deletion.
• Website usage and analytics data is retained in identifiable form for up to twenty-four (24) months, after which it is aggregated or deleted.
• Business contact information collected at events or conferences is retained until the relevant sales or marketing relationship concludes or you request deletion.

When Personal Information is no longer required for the purposes described herein, we will delete or anonymize it in accordance with our data retention and destruction procedures, subject to any applicable legal hold obligations.

9. SECURITY

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, loss, or destruction. Our security measures include, without limitation, access controls, encryption of data in transit, and vendor security assessments for service providers who handle Personal Information on our behalf.

‍Loss Scan endeavors to maintain SOC 2 Type I or II certification for its platform infrastructure, which reflects our commitment to industry-standard security controls. No internet-based system or electronic transmission method can be guaranteed to be completely secure. In the event of a security incident affecting Personal Information, we will notify affected individuals and regulatory authorities as required by applicable law.

You are responsible for maintaining the confidentiality of any login credentials associated with your use of the Website and for promptly notifying us at info@lossscan.com if you become aware of any unauthorized access to or use of your account.

10. YOUR PRIVACY RIGHTS

10.1 General Rights

Depending on your jurisdiction, you may have the following rights with respect to Personal Information we hold about you:

• Right to Know / Access. You may request that we disclose the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Deletion. You may request that we delete Personal Information we have collected from you, subject to certain exceptions (such as information we are required to retain by law or need to complete a transaction).
• Right to Correction. You may request that we correct inaccurate Personal Information we hold about you.
• Right to Opt Out of Sale or Sharing. As noted in Section 6.4, we do not sell Personal Information. If this changes, we will provide a clear mechanism for you to opt out.
• Right to Limit Use of Sensitive Personal Information. Where we collect sensitive Personal Information (as defined under applicable law), you may have the right to limit our use and disclosure to those purposes permitted by law.
• Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights.
• Right to Withdraw Consent. Where processing is based on your consent, you may withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal.

10.2 California Residents (CCPA/CPRA)

California residents have the rights described in Section 10.1 under the CCPA/CPRA. To exercise these rights, please submit a verifiable consumer request using the contact information in Section 13. We will respond to verified requests within the timeframe required by applicable law (generally 45 days, with one 45-day extension where reasonably necessary). We will not charge a fee for processing a reasonable request unless it is excessive, repetitive, or manifestly unfounded.

‍In the preceding twelve (12) months, Loss Scan has collected the following categories of Personal Information from Website Visitors: identifiers (name, email address, IP address); commercial information (product interests, engagement history); internet or other electronic network activity information (browsing behavior on the Website); and geolocation data (at the city or regional level). We have not sold or shared Personal Information with third parties for cross-context behavioral advertising purposes, as those terms are defined under CCPA/CPRA.

10.3 Nevada Residents

Nevada residents may have the right to opt out of the sale of certain Personal Information to third parties. Loss Scan does not sell Personal Information as that term is defined under Nevada law. If you have questions, please contact us using the information in Section 13.

10.4 Marketing Opt-Out

You may opt out of receiving marketing communications from us at any time by: (a) clicking the "unsubscribe" link in any marketing email; (b) contacting us at info@lossscan.com with your request; or (c) updating your communication preferences through your account settings, if applicable. Please note that opting out of marketing communications does not opt you out of all communications from Loss Scan, and we may continue to send you service-related or transactional communications where relevant.

11. THIRD-PARTY WEBSITES AND SOCIAL MEDIA

The Website may contain links to third-party websites, applications, or social media platforms. This Policy does not apply to any third-party website or service, and we are not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of any third-party website you visit before providing Personal Information.

Our Website and marketing activities may involve integrations with social media platforms including LinkedIn, Twitter/X, Facebook, and Instagram. Your interactions with Loss Scan-owned pages or content on those platforms are subject to both this Policy and the applicable platform's own privacy policy. We receive limited data from social media platforms about engagement with our content and use such data solely for marketing analytics purposes.

12. CHILDREN’S PRIVACY

The Website and Services are intended for business use by adults and are not directed at children under the age of sixteen (16). We do not knowingly collect Personal Information from children under 16. If we become aware that we have inadvertently collected Personal Information from a child under 16 without appropriate consent, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 16, please contact us at info@lossscan.com.

13. CONTACT US AND SUBMITTING REQUESTS

To exercise your privacy rights, ask questions about this Policy, report a privacy concern, or submit a data subject request, please contact us using any of the following methods:

Deep Vector Inc. dba Loss Scan

Attn: Privacy / Legal Department

3433 NW Conrad Dr., Bend, Oregon 97703

Email: info@lossscan.com

To submit a verifiable consumer request under the CCPA/CPRA or other applicable privacy law, please email us with the subject line "Privacy Rights Request" and include sufficient information for us to verify your identity and the nature of your request. We will confirm receipt of your request within ten (10) business days and respond within the timeframe required by applicable law.

14. CHANGES TO THIS POLICY

We may update this Policy from time to time to reflect changes in our data practices, applicable law, or business operations. We will post any revised Policy on this page with an updated effective date. For material changes, we will provide more prominent notice, such as a notification on the Website or a direct communication to known contacts, where practicable. Your continued use of the Website following the effective date of any updated Policy constitutes your acceptance of the revised terms. We encourage you to review this Policy periodically.

The previous version of this Policy was effective March 1, 2023. This version supersedes and replaces all prior versions.

‍This Privacy Policy governs the collection and use of Personal Information through the Loss Scan Website and marketing activities only. Processing of Customer Data submitted to the Services by enterprise customers is governed exclusively by the Loss Scan Terms of Service Agreement. Last Updated: May 28, 2026.