PRIVACY NOTICE

Scope and Relation to Other Instruments. This Privacy Notice (“Notice”) supplements and is incorporated by reference into the applicable Terms of Service (“Terms”) governing the desktop software, ancillary services, and any derivative works made available by General Agents Company (“Company,” “we,” “us,” “our”). Capitalized expressions herein not otherwise defined shall carry the meaning ascribed in the Terms. Categories of Information. During installation, execution, update, or support of the Software, automated instrumentation may originate, ingest, derive, or otherwise process information comprising, by way of example and not limitation: unique and/or pseudonymous device or installation identifiers; coarse geolocation inferable from network endpoints; application-focus chronology, connection metadata, and similar session telemetry; screen-space pixel matrices (static or sequential), user-interface composites, cursor vectors, key-code sequences, modifier rhythms, gesture telemetry, and comparable electronic signals; diagnostic traces, error dumps, memory and stack metrics; and probabilistic or statistical inferences, embeddings, or heuristics reflective of user workflows (collectively, “Operational Data”). Sources. Operational Data is obtained (i) directly from the client runtime resident on the end-user device, (ii) through Company-controlled service endpoints that facilitate inference, synchronization, or diagnostic relay, or (iii) through user-initiated communications with Company personnel. Purposes of Processing. Operational Data may be collected, retained, used, combined, analyzed, or otherwise processed for (a) the provision, maintenance, safeguarding, troubleshooting, and enhancement of the Software and its features, including any AI-enabled device-control capabilities; (b) Company's and its Affiliates' internal research, development, training, tuning, evaluation, and benchmarking of models, algorithms, heuristics, analytics, or security measures (“Internal R&D"); (c) detection, investigation, and mitigation of fraud, abuse, or security threats; and (d) compliance with, or exercise of rights under, applicable laws, regulations, court orders, or contractual obligations, and the enforcement of the Terms. Disclosures. Operational Data may, subject to appropriate confidentiality and use-restriction undertakings, be disclosed to (i) Company's direct or indirect parents, subsidiaries, successors, assignees, and other affiliated entities solely for the purposes described in Section 4; (ii) service providers engaged by Company to perform storage, computational, analytical, or other processing functions on Company's behalf, provided such service providers are contractually bound to employ safeguards and data-use constraints materially consistent with this Notice; and (iii) competent governmental, regulatory, or judicial authorities, or other third parties, where Company in good faith believes such disclosure is required or permitted by applicable law or is reasonably necessary to protect rights, property, or safety. Operational Data is not "sold" or "shared" with unaffiliated third parties for their independent advertising or marketing. Storage and Retention. Operational Data is stored on infrastructure employing encryption in transit and at rest via cryptographic standards generally recognized as appropriate for industry-standard cloud environments (for example, symmetric encryption using a cipher of no less than a 256-bit key length while at rest). Company retains Operational Data for such duration as Company, acting in its reasonable discretion, deems necessary to accomplish the purposes enumerated in Section 4 or for such longer period as law may require or permit. Company may, at its election and without obligation to do so on a per-record basis, aggregate, pseudonymize, token-encode, vectorize, mask, blur, or otherwise transform any portion of Operational Data to mitigate re-identification risk or to facilitate Internal R&D. User Controls and Statutory Rights. End users may (i) pause or disable further capture of Operational Data by utilizing in-application controls or by uninstalling the Software (note that prior-collected data ordinarily remains subject to Company's retention policies); and (ii) submit authenticated requests to access, correct, delete, or otherwise exercise rights afforded by applicable U.S. privacy laws by contacting [email protected] or by using any self-service portal the Software may provide. Company will honor such requests to the extent required by law and subject to identity verification and permissible exemptions (including, without limitation, retention necessary for security, debugging, legal compliance, or solely internal uses reasonably aligned with consumer expectations). Aggregated or de-identified derivatives and model parameters that are not reasonably linkable to an individual are ordinarily not subject to alteration or purge. Security Measures. Company employs administrative, technical, and physical safeguards it deems appropriate to protect Operational Data against unauthorized access, exfiltration, or misuse; such safeguards include, at minimum, encryption of data in transit via modern transport-layer protocols, encryption of stored data via industry-standard symmetric ciphers, role-based logical access controls, and periodic vulnerability assessments. Absolute security cannot be guaranteed. Cross-Border Processing. Operational Data may be processed or stored in the United States or other jurisdictions in which Company or its service providers maintain operations. By installing or using the Software, you acknowledge and consent to any such cross-border transfers. Children's Information. The Software is directed to individuals aged thirteen (13) years or older. Company does not knowingly collect personal information from children under thirteen. If a parent or legal guardian believes that such information has been collected, they may contact Company to request deletion. Amendments. Company may revise this Notice at its discretion. Material revisions shall be signalled through an in-product banner, modal dialogue, or other reasonably conspicuous mechanism. Continued use of the Software following the effective date of a revised Notice constitutes acceptance of such revisions. Contact Information. Questions or concerns regarding this Notice may be directed to: Privacy Office, General Agents Company., 1261 Clay St, San Francisco, CA 94108-1407, United States; email: [email protected]; telephone: +1 650-334-8070