This Privacy Policy explains how Octabyte AI Private Limited ("8byte", "we", "our", or "us"), a company incorporated under the Companies Act, 2013, with CIN U62098KA2025PTC201620 and registered office in Bengaluru, Karnataka, India, collects, uses, shares, stores, and protects information when you access or use our website at www.8byte.ai and our AI-powered financial intelligence platform (collectively, the "Platform"). This Policy applies to all visitors, registered users, enterprise clients, and any individuals whose personal data is processed through the Platform. By accessing or using the Platform, you acknowledge that you have read and understood this Policy. This Policy is published in compliance with: - The Digital Personal Data Protection Act, 2023 ("DPDP Act") and rules made thereunder. - The Information Technology Act, 2000 ("IT Act") and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"). - The Bahrain Personal Data Protection Law, Decree-Law No. 30 of 2018 ("Bahrain PDPL"), where applicable. - The UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection ("UAE PDPL"), where applicable. - The Saudi Arabia Personal Data Protection Law, 2021 ("Saudi PDPL"), where applicable. - Other applicable data protection laws of jurisdictions in which we operate or process data.

8byte is a Data Fiduciary under the DPDP Act and a Data Controller or equivalent under applicable GCC data protection laws. We determine the purposes and means by which personal data is processed through our Platform. Where we process personal data on behalf of our enterprise clients (for example, when clients upload documents or data sets to the Platform), we act as a Data Processor or equivalent, and such processing is governed by our separate data processing agreements with those clients.

We collect the following categories of information: Information You Provide Directly - Contact information: name, job title, company name, business email address, and phone number, provided when you register, book a demo, contact us, or apply for a career opportunity. - Account credentials: username and password for Platform access. - Communications: messages, inquiries, and feedback you send to us. - Business information: company details, use-case requirements, and other information you submit during onboarding or the sales process. Information Collected Automatically When you access the Platform or our website, we may automatically collect: - Device and browser information: IP address, browser type and version, operating system, and device identifiers. - Usage data: pages visited, features accessed, session duration, click-through data, and referring URLs. - Log data: server logs and error reports. - Cookie and tracking data: as described in our Cookie Policy below. Information Processed Through the Platform (Enterprise Clients) If you are an enterprise client, your use of the Platform may involve uploading, submitting, or processing documents and data sets that contain personal information relating to third parties (for example, borrower data, employee records, or financial counterparty information). We process such data strictly in accordance with your instructions and our data processing agreement. We do not use client-uploaded data for any purpose beyond providing and improving the contracted service. Sensitive Personal Data We do not intentionally collect sensitive personal data or information ("SPDI") as defined under the SPDI Rules (including financial account information, passwords, health data, biometric data, or similar categories) from website visitors or demo registrants. To the extent SPDI is contained within documents or data sets uploaded by enterprise clients, it is processed solely as a Data Processor under the terms of the applicable client agreement.

We use personal data for the following purposes: - Platform delivery: To create and manage your account, provide access to the Platform, and deliver the services you have contracted for. - Customer support: To respond to your queries, resolve technical issues, and communicate with you about your account. - Sales and onboarding: To process demo requests, respond to inquiries, and manage the client onboarding process. - Product improvement: To understand how the Platform is used and to improve features, performance, and user experience. We use aggregated and de-identified data for this purpose wherever possible. - Security and compliance: To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity; to enforce our Terms of Use; and to comply with applicable legal and regulatory obligations. - Communications: To send transactional messages, product updates, security notices, and, where you have opted in, marketing communications. You may opt out of marketing communications at any time. - Legal obligations: To comply with applicable law, respond to lawful requests from regulatory or government authorities, and protect our legal rights. We process personal data on one or more of the following lawful bases: - Your consent, where required under applicable law. - The performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. - Compliance with a legal obligation to which we are subject. - Our legitimate interests, where such interests are not overridden by your rights and interests (for example, maintaining the security of the Platform and improving our services).

We do not sell, rent, or trade personal data. We may share personal data in the following limited circumstances: Service Providers We engage trusted third-party service providers who process data on our behalf to support the operation of the Platform, including cloud infrastructure providers, analytics vendors, customer support tools, and security monitoring services. All such providers are bound by contractual obligations consistent with applicable data protection law. Professional Advisors We may share information with our legal, financial, and compliance advisors where reasonably necessary, subject to confidentiality obligations. Business Transfers In the event of a merger, acquisition, restructuring, sale of assets, or similar transaction, personal data may be transferred as part of that transaction. We will notify affected individuals where required by law. Legal and Regulatory Disclosure We may disclose personal data to courts, regulators, law enforcement agencies, or other government authorities where required or permitted by applicable law, including but not limited to the RBI, SEBI, the Central Bank of Bahrain (CBB), and other financial regulators in relevant jurisdictions. With Your Consent We may share personal data with third parties where you have provided specific consent for such sharing.

8byte operates from India and serves clients in India and the GCC. Personal data may be transferred to, stored in, or processed in countries other than the country in which it was originally collected. Where we transfer personal data across borders, we do so in accordance with applicable law, including any requirements under the DPDP Act regarding cross-border transfers and any adequacy, contractual, or safeguard mechanisms required under applicable GCC data protection laws.

We retain personal data for as long as is necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, to resolve disputes, and to enforce our agreements. The specific retention period depends on the nature of the data and the applicable legal requirements. When personal data is no longer required, we delete or anonymise it in a secure manner.

We implement and maintain appropriate technical and organisational security measures designed to protect personal data against unauthorised access, disclosure, alteration, or destruction. Our security practices include, but are not limited to, encryption in transit and at rest, access controls, audit logging, and periodic security reviews. We are pursuing SOC 2 Type II certification as part of our ongoing commitment to enterprise-grade security. No method of transmission over the internet or electronic storage is completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at privacy@8byte.ai.

Depending on your jurisdiction, you may have the following rights with respect to your personal data: Under the DPDP Act (India): - The right to access a summary of the personal data we hold about you and the purposes for which it is being processed. - The right to correction and erasure of inaccurate, incomplete, or outdated personal data. - The right to grievance redressal through our Grievance Officer (see Section 12). - The right to nominate a person to exercise rights on your behalf in the event of your death or incapacity. Under GCC Data Protection Laws: - The right to access your personal data. - The right to correct inaccurate personal data. - The right to request erasure of personal data, subject to applicable legal exceptions. - The right to restrict or object to processing, where applicable. - The right to data portability, where applicable. - The right to withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal. To exercise any of these rights, please submit a request to privacy@8byte.ai. We will respond within the timeframes required by applicable law. We may need to verify your identity before processing your request.

The Platform is intended for use by business professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a minor, we will take steps to delete such data promptly.

Our website may contain links to third-party websites or services. This Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

In accordance with the IT Act, 2000 and the DPDP Act, we have designated a Grievance Officer to address concerns relating to your personal data: Grievance Officer: Octabyte AI Private Limited [Insert Name and Designation] Bengaluru, Karnataka, India Email: privacy@8byte.ai We will acknowledge grievances within 48 hours and resolve them within 30 days of receipt, or such other period as may be prescribed by law.

We use cookies and similar tracking technologies on our website. Please refer to our Cookie Policy below for detailed information on how we use cookies, what types we deploy, and how you can manage your preferences.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. We will notify you of material changes by updating the "Last Updated" date at the top of this page and, where required, by providing more prominent notice (for example, by email or a notice on the Platform). Your continued use of the Platform following any update constitutes your acceptance of the revised Policy.

For questions, concerns, or requests relating to this Privacy Policy, please contact: Octabyte AI Private Limited Bengaluru, Karnataka, India CIN: U62098KA2025PTC201620 Email: privacy@8byte.ai Website: www.8byte.ai