1. Introduction

Ivyron Inc. ("Ivyron," "we," "us," or "our") operates the website ivyron.com and provides audit infrastructure for autonomous robot operations.

This Privacy Policy explains how we collect, use, store, and protect personal information when you:

Visit our website Submit a Continuous Evidence Capture Evaluation request Communicate with us by email or other business channels

We process personal data in accordance with applicable data protection law, including the General Data Protection Regulation (GDPR). Under GDPR Article 13, where personal data is collected from the data subject, the controller must provide information including its identity, contact details, purposes of processing, legal basis, retention information, and data subject rights.

2. Controller Information

The controller for the personal data described in this Privacy Policy is:

Ivyron Inc.

251 Little Falls Drive

Wilmington, DE 19808, USA

Email: privacy@ivyron.com

If you have questions about this Privacy Policy or our handling of personal data, contact us at privacy@ivyron.com.

3. Personal Information We Collect

Information you provide directly

When you submit a Continuous Evidence Capture Evaluation request or otherwise contact us, we may collect:

Contact information: name, business email address, role, and company name Operational context: primary country of operations, approximate autonomous fleet size, and number of robot vendors

You may choose not to provide optional information, but that may limit how much context we have when reviewing your request.

Information processed through website infrastructure

We do not intentionally use analytics or advertising trackers on ivyron.com at this time.

However, our hosting and service providers may process limited technical data, such as server, security, or delivery logs, as part of operating, securing, and maintaining the website and related services. Framer's published guidance explains that data protection obligations depend on site setup and whether third-party apps or non-essential cookies are used.

4. How We Use Personal Information

We use personal information to:

Review and respond to Continuous Evidence Capture Evaluation requests Communicate with you about your inquiry Assess whether Ivyron Audit may be a fit for a paid pilot Prepare for follow-up discussions and possible pre-contractual steps Maintain records of business communications Operate, secure, and administer the website and inquiry process

We do not sell or rent personal information to third parties.

We do not use your information for marketing communications unless we have an appropriate legal basis to do so.

5. Legal Bases for Processing

Where the GDPR applies, we rely on one or more of the following legal bases:

Pre-contractual steps at your request (GDPR Article 6(1)(b)): We process inquiry information to review your evaluation request and respond to you before any pilot or other agreement is entered into. GDPR Article 6(1)(b) expressly permits processing necessary to take steps at the request of the data subject prior to entering into a contract.

Legitimate interests (GDPR Article 6(1)(f)): We may process personal data where necessary for our legitimate interests in operating and securing the website, managing business communications, preventing abuse, and maintaining internal records, provided those interests are not overridden by your rights and freedoms.

Legal obligation (GDPR Article 6(1)(c)): We may process or retain personal data where required by applicable law.

Consent (GDPR Article 6(1)(a)): We will rely on consent only where we specifically ask for it for a particular processing activity.

6. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including handling inquiries, maintaining business records, and complying with legal obligations.

Unless a longer period is required by law or justified by an active business relationship, we generally expect to retain:

Evaluation request submissions: up to 24 months from submission Related business communications: up to 24 months from the last substantive communication Pilot-related contact and commercial records: for the duration of the pilot relationship and a reasonable period afterward for legal, contractual, and recordkeeping purposes

We may delete or anonymize information sooner where appropriate.

7. Data Sharing

We do not sell personal information.

We may share personal information only as needed with:

Service providers that support website hosting, email, form handling, spreadsheet storage, document storage, or related business operations Professional advisers where reasonably necessary Authorities or counterparties where disclosure is required by law, regulation, legal process, or to protect our legal rights A successor entity in connection with a merger, acquisition, restructuring, or sale of assets

Where service providers process personal data on our behalf, we expect them to do so under appropriate contractual and data protection terms. Framer provides a Data Processing Addendum for customers using its services.

8. International Data Transfers

Ivyron may process personal data in the United States or other countries outside the European Economic Area.

Where required by law, we use appropriate safeguards for international data transfers, such as Standard Contractual Clauses or another lawful transfer mechanism recognized under applicable data protection law. The GDPR requires appropriate safeguards for restricted international transfers unless another lawful basis applies.

9. Your Rights

If the GDPR applies to your personal data, you may have the right to:

Request access to the personal data we hold about you Request correction of inaccurate or incomplete personal data Request deletion of personal data in certain circumstances Request restriction of processing in certain circumstances Object to certain processing, including processing based on legitimate interests Request portability of personal data where applicable Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact privacy@ivyron.com.

Under EDPB guidance, controllers should respond without undue delay and at the latest within one month after receipt of a request. That period may be extended by up to two additional months for complex requests if the individual is informed within the first month.

You may also have the right to lodge a complaint with your local data protection authority.

10. Data Security

We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction.

These measures may include:

HTTPS for data in transit Access controls for business systems Security controls provided by our hosting and service providers Password-protected or access-restricted business tools

Framer states that its hosting infrastructure includes security features such as web application firewall protections, anti-spam controls, and encryption at rest.

No internet transmission or storage system can be guaranteed to be completely secure.

11. Cookies and Similar Technologies

We do not intentionally use analytics or advertising cookies on ivyron.com at this time.

However, website infrastructure or third-party services may use cookies or similar technologies where necessary for site operation, security, embedded content, or other service functionality. Framer's guidance notes that non-essential cookies may require consent and that third-party apps can introduce cookies that require a cookie banner depending on implementation.

If we later add analytics, marketing tags, or other non-essential technologies, we will update this Privacy Policy and implement any required consent mechanisms.

12. Children's Privacy

Ivyron Audit is a business-to-business service and is not directed to children.

We do not knowingly collect personal data from children.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations.

When we update this Privacy Policy, we will revise the "Last updated" date below. Where required by law, we will provide additional notice of material changes.

Last updated: March 2026