PROBAT AI INC. PRIVACY POLICY

Effective Date: February 14, 2026

Last Updated: February 18, 2026

This Privacy Policy explains how Probat AI Inc. ("Probat AI," "we," "us," or "our") collects, uses, discloses, and otherwise processes information in connection with our websites, applications, APIs, SDKs, NPM packages, dashboards, and related services (collectively, the "Services").

1. Company Information

2. Scope and Roles (Controller vs Processor)

2.1 When we act as a Controller

We act as a "controller" (or equivalent) for information we process for our own purposes, such as:

• Account creation and administration
• Billing and subscription management
• Marketing and communications
• Website analytics and product usage analytics for operating the Services
• Security, fraud prevention, and compliance

2.2 When we act as a Processor / Service Provider

When Customers use the Services to collect, analyze, or process information about their end users (for example, experimentation event data, conversion metrics, user interaction signals, or analytics events), we act as a "processor" or "service provider" (or equivalent) on behalf of the Customer.

In those cases, the Customer controls what data is collected and how it is used, and Customer is responsible for providing notices and obtaining any required consents.

3. Information We Collect

We may collect the following categories of information:

3.1 Account and Contact Information

Name, email address, company name, role/title, login credentials (stored in hashed form when applicable), and account settings.

3.2 Billing and Transaction Information

Billing contact information, billing address, invoices, subscription status, and transaction records. Payment card data is typically processed by payment processors; we generally receive limited payment tokens and metadata.

3.3 Customer Data Submitted Through the Services

Customers may provide information to the Services such as:

• Experiment definitions, variants, feature flags, rules, and configurations
• Events, metrics, conversions, and performance measurements
• Repository metadata and code artifacts needed to generate suggested changes or pull requests
• Prompts, inputs, and outputs generated through the Services
• Logs or diagnostics submitted for troubleshooting

3.4 End User Data (Collected Through Customer Implementations)

Depending on Customer configuration, the Services may process information about end users of Customer's products, such as:

• Event and interaction data (page views, clicks, sessions, exposures)
• Device and browser information
• Identifiers used by the Customer (for example user IDs, session IDs)
• Conversion and funnel metrics
• Experiment exposure and performance results

3.5 Usage and Device Data

Information about how the Services are accessed and used, such as:

• IP address
• Device type, OS, and browser type
• Approximate location derived from IP
• Feature usage, logs, timestamps, performance data, errors, and crash reports

3.6 Cookies and Similar Technologies

We use cookies, local storage, and similar technologies for:

• Authentication
• Preferences
• Security
• Basic usage analytics

You can control cookies through your browser settings. Some features may not function properly without them.

4. How We Use Information

We use information to:

4.1 Provide and Operate the Services

• Create and manage Accounts
• Authenticate users
• Provide requested functionality
• Maintain and support platform operations

4.2 Improve and Develop the Services (Including Model Training)

We may use Customer Data and data processed through the Services, including experimentation data, metrics, and outputs, to:

• Improve and develop the Services
• Train, fine-tune, validate, and evaluate models and automation systems
• Build new features and product capabilities
• Troubleshoot, test, and debug systems

We may also create aggregated or de-identified data for analytics, benchmarking, research, and product improvement.

4.3 Security and Fraud Prevention

• Protect accounts and prevent abuse
• Monitor for suspicious activity
• Maintain system integrity and safety

4.4 Billing and Account Management

• Process payments
• Manage subscriptions and plans
• Send receipts, billing notices, and service communications

4.5 Communications

• Respond to support requests
• Send product updates and administrative messages
• Send marketing messages where permitted by law (you can opt out)

4.6 Legal Compliance

• Comply with legal obligations
• Enforce our Terms
• Resolve disputes
• Protect rights and safety

5. How We Disclose Information

We may disclose information to:

5.1 Service Providers and Subprocessors

We use vendors to help operate the Services (for example hosting, analytics, logging, email delivery, customer support tools, payments). These providers may process information under contractual obligations consistent with this Privacy Policy.

5.2 Integrations You Enable

If you connect third-party services (for example Git providers, deployment platforms, analytics tools), we may share information necessary to enable those integrations as directed by you.

5.3 Legal and Safety Reasons

We may disclose information if we believe in good faith it is necessary to:

• Comply with law or legal process
• Protect our rights, property, and safety
• Investigate fraud, security incidents, or misuse
• Enforce these Terms or prevent harm

5.4 Business Transfers

We may disclose information in connection with a merger, acquisition, financing, reorganization, or sale of assets.

5.5 Aggregated / De-Identified Information

We may disclose aggregated or de-identified information that cannot reasonably be used to identify an individual.

6. Data Retention

We retain information for as long as necessary for the purposes described in this Policy, including:

• While your Account is active
• To provide the Services and comply with legal obligations
• For security, fraud prevention, dispute resolution, auditing, and enforcing agreements
• In backups and logs for limited periods consistent with business operations

We may retain aggregated or de-identified data indefinitely.

7. Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information. No system is completely secure. You are responsible for maintaining the security of your credentials and integrations.

8. International Data Transfers

Information may be processed in the United States and other locations where we or our service providers operate. When required by law, we use appropriate safeguards for cross-border transfers.

9. Your Choices and Rights

Depending on your location, you may have rights to:

• Access, correct, or delete personal information
• Object to or restrict certain processing
• Opt out of marketing communications
• Receive a copy of certain information

If we process End User Data on behalf of a Customer, requests should generally be directed to the Customer (the controller). We may assist Customers as required.

To make a request, contact privacy@probat.ai.

10. Marketing Communications

You may opt out of marketing emails by using the unsubscribe link or by contacting privacy@probat.ai. You may still receive essential service and administrative communications.

11. Children

The Services are not intended for children, and we do not knowingly collect personal information from children under 13 (or under 16 in certain jurisdictions).

12. Third-Party Links and Services

The Services may contain links to third-party websites or services. This Policy does not apply to third-party practices. Your use of third-party services is governed by their terms and privacy policies.

13. Changes to This Privacy Policy

We may update this Policy from time to time. The "Last Updated" date reflects the most recent revision. Continued use of the Services after an update constitutes acceptance of the updated Policy.

14. Contact Us

If you have questions or requests, contact us:

Email: privacy@probat.ai

Mail: Probat AI Inc., 1908 Thomes Avenue, STE 12612, Cheyenne, Wyoming 82001