Section 1: Introduction and Scope

This Privacy Policy (“Policy”) explains how Cyber Hoplite, Inc., (“Company,” “we,” “us,” or “our”) collects, uses, and safeguards information in connection with the services, platforms, and solutions we provide (collectively, the “Services”). This Policy applies to information provided to us by clients, authorized users, or automatically collected through use of our Services. This Policy applies to:

• Organizations and individuals that engage with our Services;

• Authorized users of our digital tools or platforms;

• Any information transmitted to us during the course of service delivery or client interaction.

We are committed to handling all information responsibly and in accordance with applicable data protection laws. This Policy supplements any agreements or contractual terms entered into between you and the Company. By accessing or using our Services, you acknowledge and accept the practices described in this Policy.

We may update this Policy periodically to reflect changes in legal requirements or business practices. Continued use of the Services after such updates constitutes acceptance of the revised terms.

2. Information We Collect

We collect only the information necessary to deliver our Services, fulfill contractual obligations, enhance security operations, and comply with applicable legal and regulatory requirements. This information may be provided directly by clients, generated through the course of service delivery, or collected automatically via our platform or systems. The general categories of information we may collect include:

• Organizational and Business Information: Basic information about client entities such as name, industry, and general business context.

• Service-Related Operational Data: Data required to assess, support, and implement cybersecurity or compliance solutions in accordance with client needs.

• User Access and Interaction Data: Information related to authorized users’ roles, engagement with our platform or services, and associated metadata.

• Technical and Diagnostic Information: Automatically collected data including device identifiers, system logs, access information, and platform performance metrics.

• Client Communications and Submissions: Content voluntarily shared with us during onboarding, support, or project execution.

• Information from External Sources: Public, regulatory, or third-party data relevant to the delivery or context of the Services.

• Payment and Transaction Information: When you purchase Services through our platform, payment information is collected and processed by a secure third-party provider. We do not store full payment card numbers or sensitive payment details on our systems. We may retain limited transaction-related metadata (such as date, amount, status, or transaction ID) for purposes including fraud detection, invoicing, compliance, and service fulfillment.

The specific nature and extent of data collected depends on the services selected and the scope of engagement as defined by the client. Clients are responsible for ensuring that any information provided to the Company is lawfully obtained and shared. We do not collect or use personal data beyond what is necessary to fulfill our professional obligations.

2.1 App-Specific Information Collection

When users access our mobile or platform-based applications, we collect limited personal information to facilitate account creation and app usage. This includes:

• Full name

• Email address

• Phone number (if provided)

• Password (encrypted and stored securely)

• App interaction metrics (e.g., likes, content engagement)

This information is used solely to authenticate users, operate the platform, monitor security, and improve user experience. No data is used for profiling, marketing, or behavioral targeting.

3. How We Use the Information

We use the information we collect solely for purposes that are necessary, proportionate, and consistent with the delivery of our Services, client requirements, and applicable legal obligations. Our uses include:

• Service Provision and Delivery

  To perform contracted services, support platform functionality, and fulfill our obligations to clients and authorized users.

• Security and Risk Management

  To detect, prevent, and respond to security incidents, monitor system integrity, and assess cybersecurity-related risk factors within the scope of authorized engagements.

• Client Communication

  To communicate with clients and users regarding service delivery, updates, technical notices, and administrative matters.

• Compliance and Legal Obligations

  To comply with applicable laws, regulatory requirements, legal processes, or enforceable governmental requests, and to assert or defend legal claims where applicable.

• Improvement and Operational Integrity

  To maintain and improve the performance, security, and reliability of our Services, and to support internal governance and compliance programs.

• Service Improvement Based on Feedback

  To evaluate and enhance our Services based on client or user input, including anonymized or de-identified feedback provided through support interactions, evaluations, or surveys. Feedback is used solely for internal improvement and never published, marketed, or attributed without consent.

We do not use information for purposes unrelated to our Services. We do not sell, lease, or license any information to third parties. Use of information is limited to the scope authorized by the client and governed by applicable agreements and data protection laws.

4. Sharing and Disclosure of Information

We do not disclose information collected through our Services except as necessary to deliver those Services, comply with applicable legal obligations, or fulfill contractual responsibilities. We limit sharing to the following circumstances:

• Authorized Third-Party Service Providers

  We may engage vetted third-party vendors to assist in operating or securing our Services. These providers are contractually obligated to handle information solely for the purposes specified by us and in accordance with applicable data protection requirements.

• Client-Directed Disclosures

  We may share information with external parties as explicitly authorized or directed by the client in the course of service execution, including integration with client-approved tools or platforms.

• Legal and Regulatory Requirements

  We may disclose information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of our company, clients, users, or others.

• Corporate Transactions

  In connection with a merger, acquisition, reorganization, or sale of assets, information may be transferred as part of the transaction, provided that the recipient agrees to uphold protections materially consistent with this Policy.

We do not sell, rent, or license client or user information to any third party. We do not use information for advertising or commercial resale. All disclosures are governed by strict access controls and confidentiality obligations. When required by law or contract, we enter into written agreements with third parties that include appropriate data protection clauses.

5. Data Security and Safeguards

We implement reasonable and appropriate technical, administrative, and organizational measures to protect information from unauthorized access, disclosure, alteration, and destruction. Our security framework is designed to reflect the sensitivity of the data we handle and the risks associated with its processing. Safeguards include, but are not limited to:

• Access controls based on role and least privilege principles;

• Encryption of data in transit and at rest where appropriate;

• Network and system monitoring for intrusion detection and anomaly recognition;

• Regular vulnerability assessments and internal security audits;

• Incident response protocols and business continuity procedures;

• Security awareness training for personnel with data access responsibilities.

While we take all reasonable precautions to protect information, no method of transmission or storage is completely secure. We therefore disclaim absolute security guarantees and recommend that clients also implement appropriate controls within their environments. Security responsibilities may be further detailed in specific agreements or service-level arrangements with individual clients.

6. Data Retention and Storage

We retain information only for as long as is necessary to fulfill the purposes outlined in this Policy, to meet our contractual or legal obligations, or as otherwise permitted under applicable law. Retention periods may vary depending on the nature of the information, the type of Services provided, and client-specific requirements. Data may be retained for purposes including:

• Service performance and delivery;

• Internal analysis, audit, or compliance obligations;

• Enforcement of agreements or resolution of disputes;

• As required under applicable laws or regulatory frameworks.

Information is securely stored in environments with access controls, monitoring, and safeguards appropriate to its sensitivity. Upon expiration of a defined retention period or a client’s valid request, we either securely delete or anonymize the information in accordance with our internal policies and applicable regulations.

Clients may request deletion or return of data in accordance with the terms of the applicable service agreement or subject to legal exceptions.

7. Your Rights and Choices

Subject to applicable laws and contractual terms, individuals whose information may be processed through our Services may have certain rights regarding their personal data. These rights may include:

• Access and Portability

  The right to request access to the information we hold about you and, where applicable, receive a copy in a portable format.

• Correction and Update

  The right to request correction of inaccurate or incomplete information that we maintain.

• Deletion

  The right to request deletion of your information, subject to legal or contractual retention obligations.

• Restriction or Objection to Processing

  Where legally applicable, the right to object to or restrict the processing of your information.

• Withdraw Consent

  If processing is based on consent, the right to withdraw that consent at any time, without affecting the lawfulness of prior processing.

We respond to all valid requests in accordance with applicable laws and within required time-frames. To exercise these rights, or for questions about your data, please contact us using the details provided in Section 14 of this Policy. We may request verification of your identity and relationship to a client organization before processing any request.

Please note that some rights may not apply in all jurisdictions or to all data, particularly where we process information as a service provider on behalf of a client.

8. International Data Transfers

As a U.S.-based company, we may store or process information in jurisdictions outside of the location where it was originally collected. This may include transferring information to the United States or to other jurisdictions where we or our service providers operate.

When we transfer personal data across borders, we take appropriate measures to ensure the protection of that data in accordance with applicable laws. These safeguards may include:

• Contractual clauses approved by regulatory authorities (e.g., EU Standard Contractual Clauses or UK Addendum);

• Transfer Impact Assessments to evaluate local legal risks;

• Data minimization and encryption to reduce sensitivity during transmission;

• Limiting transfers to jurisdictions with recognized data protection adequacy, where applicable.

By using our Services or submitting information to us, you acknowledge that your data may be transferred to and processed in countries that may not offer the same level of data protection as your jurisdiction. Where required, we rely on legal mechanisms to legitimize such transfers.

9. Children’s Privacy

Our Services are intended for use by business organizations and individuals who are at least 16 years of age. We do not knowingly collect or solicit personal information from anyone under the age of 16. If we learn that we have inadvertently collected personal data from an individual under 16 without verified parental or legal guardian consent, we will take steps to delete such information as soon as possible.

Clients and users are responsible for ensuring that all authorized users of our Services meet the applicable age requirements. If you believe that we may have collected information from a child in violation of this Policy or applicable law, please contact us immediately using the details provided in Section 14.

9.1 Age Verification and Access Restriction

Access to our mobile application and related Services is restricted to users aged 16 and older. We implement age verification at the point of account registration. By creating an account, users affirm that they meet the minimum age requirement. We do not knowingly collect information from anyone under the age of 16.

If we become aware that information has been collected in violation of this policy, we will take steps to delete the data promptly and may suspend the associated account. Clients and organizations authorizing user access are responsible for ensuring compliance with applicable age restrictions.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will revise the “Effective Date” at the top of the Policy and, where legally required, provide prominent notice or obtain consent.

We encourage you to review this Policy periodically to stay informed about how we protect your information. Continued use of our Services after any changes to this Policy constitutes your acknowledgment and acceptance of the updated terms.

If you do not agree with any updates to this Policy, you should discontinue use of the Services and contact us to exercise any applicable rights.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to support the functionality, security, and performance of our digital Services. These technologies may collect device identifiers, browser type, system logs, and user activity data to help us monitor system integrity, improve service delivery, and ensure user authentication.

Where required by law, we will obtain your consent before placing non-essential cookies (e.g., analytics or performance cookies). You may manage or disable cookies through your browser settings or our cookie consent interface, if applicable. Disabling cookies may affect certain functionalities of the Services.

For more detailed information on the types of cookies we use and your choices, please refer to our Cookie Policy.

12. Data Processing on Behalf of Clients

In certain service engagements, we may act as a data processor or service provider, processing information solely on behalf of and under the instructions of our clients. In these cases, the client is the data controller, and we operate pursuant to a written agreement that governs the nature, scope, and purpose of data processing.

We do not determine the means or purposes of processing client-controlled data in such scenarios. All processing activities are subject to contractual limitations, confidentiality obligations, and applicable data protection laws.

12.1 Mobile and In-App Technologies

In our mobile and web-based platforms, we use minimal tracking technologies solely to support functionality, maintain security, and optimize user experience. These may include session tokens, authentication identifiers, and performance logs. No cross-site or third-party behavioral tracking is used. Where applicable, user consent will be obtained prior to placing non-essential app-related trackers.

13. Supervisory Authority and Complaints

If you are a resident of a jurisdiction that grants you rights to escalate privacy concerns (such as the European Union, United Kingdom, or Canada), you may have the right to lodge a complaint with your local data protection authority. We encourage users to contact us first so we can address any concerns directly and efficiently.

13.1 Future Client Integration and Tailored Content

As we expand our Services, certain features may allow the delivery of client-specific or risk-contextualized content to authorized users. These features may display data or insights generated through authorized client engagements. Such content will remain governed by client agreements and internal access controls. No client-sensitive data will be shared with unauthorized parties or used for cross-client profiling.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below:

Cyber Hoplite

Attn: Privacy Officer

8 The Green, #8699

Dover, Delaware,

Email: privacy@cyberhoplite.com

We respond to privacy-related inquiries in accordance with applicable law and within required time-frames.