Privacy Statement

Effective Date: January 1, 2026

Welcome! We are Redtoken LLC ("Redtoken LLC", "Company", "we", "us" or "our"). Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We view privacy as an integral part of delivering on that mission.

This Privacy Statement explains how Redtoken LLC (including our family of brands, subsidiaries, and related entities when they specifically reference this Privacy Statement) collects, uses, discloses, and otherwise processes personal information (as defined below) in connection with our websites (the "Sites") and other websites we own and operate that link to this Privacy Statement, and any other related content, platform, services, products, and functionality offered on or through our services (collectively, the "Services").

This Privacy Statement applies to personal information collected, used, retained, or disclosed by Redtoken LLC while acting in the capacity of a data controller, as that term is defined in the European Union's (EU) General Data Protection Regulation 2016/679 (the "GDPR"), the UK General Data Protection Regulation (the "UK GDPR"), and other applicable privacy laws.

Our services are intended for and provided to businesses and other organizations (our "Customers") for their professional use. We are not in the business of selling personal information to third parties.

What is Personal Information?

When we use the term "personal information" in this Privacy Statement, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual.

If you are located in the European Economic Area (EEA), the term "personal information" used in this Privacy Statement is equivalent to "personal data" as defined in the GDPR.

Our Collection of Personal Information

The personal data we collect depends on how you interact with us, the services you use, and the choices you make.

We collect personal information about you from different sources and in various ways when you use our services, including information you provide directly, information collected automatically, information from third-party data sources, and information we infer or generate from other data.

Information you submit directly may include: name, job title, company, email address, phone number, address, account credentials, billing and payment details, communication preferences, survey responses, event registration details, and information submitted through support tickets or forms.

We, and our third-party providers, automatically collect usage and device information through tracking technologies such as cookies, web beacons, pixels, and similar tools, including: IP address, browser type, operating system, device identifiers, page views, clickstream data, referring URLs, and interaction data with our Services.

We also infer new information from other data we collect, including using automated means to generate information about your likely preferences or characteristics.

When you are asked to provide personal information, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection.

We obtain personal information from other sources, which we may combine with personal information we collect. These include partners and resellers, data aggregators, publicly available sources, and social media platforms.

Our Use of Personal Information

We may use personal information we collect to:

• Provide, operate, maintain, improve, and promote our Services
• Process transactions and send related information, including purchase confirmations and invoices
• Send promotional communications, such as information about products, services, features, surveys, newsletters, offers, and events, subject to applicable law
• Respond to comments and questions and provide customer service
• Monitor and analyze trends, usage, and activities in connection with our Services
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Personalize our Services to your preferences and needs
• Comply with legal obligations
• Carry out any other purpose described to you at the time the information was collected

Where you choose to contact us, we may need additional information to fulfill the request or respond to inquiries. We may provide you with additional privacy-related information where the scope of the inquiry or request and/or personal information we require fall outside the scope of this Privacy Statement.

Our Disclosure of Personal Information

We may disclose, share, transmit, grant access to, make available, and provide personal information with and to internal and external recipients, as follows:

• Redtoken LLC Companies: We may share personal information with other companies owned or controlled by Redtoken LLC, and other companies under common ownership with Redtoken LLC.
• Service Providers: We may share your personal information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as IT and cloud service providers, marketing providers, data analytics providers, and payment processors.
• Business Partners: We may share personal information with business partners who offer complementary services, with your consent where required.
• Legal and Regulatory Disclosures: We may disclose personal information where required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Business Transfers: If Redtoken LLC is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction.
• With Your Consent: We may disclose your personal information for any other purpose with your consent.

Legal Bases for Processing

When we are processing personal information that is governed by the GDPR, we process your personal information under the following legal bases:

• Performance of a contract: Where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.
• Legitimate interests: Where processing is necessary for the purposes of our legitimate interests or those of a third party, provided those interests are not overridden by your interests or rights.
• Compliance with legal obligations: Where we need to comply with laws and regulations related to bookkeeping, accounting, taxation, employment, and other business activities.
• Consent: Where you have given us specific consent to process your personal information for a specific purpose.

Control Over Your Information

You may control your information in the following ways:

• Browser or Platform Controls: Your browser or device may have controls that determine what information we and other websites collect. Please see our Cookie Notice for more information on how to manage your cookie preferences.
• Communication Preferences: You may opt out of receiving promotional communications from us by following the instructions in those messages or by contacting us directly.
• Account Information: If you have an account with us, you may review and update certain personal information in your account profile.

Your Rights in Respect of Your Personal Information

In accordance with applicable privacy law, you may have the following rights in respect of your personal information:

• Right of access — the right to be informed of, and request access to, the personal information we process about you.
• Right to rectification — the right to request that we amend or update your personal information where it is inaccurate or incomplete.
• Right to erasure — the right to request that we delete your personal information.
• Right to restrict — the right to request that we temporarily or permanently stop processing all or some of your personal information.
• Right to object — the right, at any time, to object to us processing your personal information on grounds relating to your particular situation.
• Right to data portability — the right to request a copy of your personal information in a machine-readable format and the right to transmit that personal information for use in another party's service.
• Right not to be subject to automated decision-making — the right to not be subject to a decision based solely on automated decision-making, including profiling, where the decision would have a legal or similarly significant effect on you.

Under the GDPR, you also have the right to object to any processing based on our legitimate interests, unless our interests override your rights and freedoms.

You also have the right to lodge a complaint with your local data protection authority.

If you wish to exercise any of these rights, please contact us using the details in the Contact Us section below.

Data Retention

We store the personal information we collect about you for no longer than necessary for the purposes set out in this Privacy Statement, in accordance with our legal obligations and legitimate business interests.

We also consider the volume, nature, and sensitivity of your personal data, as well as any potential risk of harm from unauthorized use or disclosure, when determining appropriate retention periods.

Storing and Transferring Your Personal Information

Security. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful access, destruction, loss, change, or damage. We will never contact you requesting your account ID, password, credit or debit card information, or national identification numbers. Please note that email sent over the Internet may not be secure and should not be used to communicate confidential and/or sensitive personal information to us.

International Transfers. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in, to locations where we and our third-party service providers have operations, including in the United States of America. In the event of such a transfer, we ensure that: (i) the personal information is transferred to countries recognized as offering an adequate level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard contractual clauses adopted by the European Commission.

Data Privacy Framework Statement. Redtoken LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. If there is any conflict between the terms in this statement and the DPF Principles, the DPF Principles shall govern.

Redtoken LLC has committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism. Redtoken LLC is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

DPF-certified organizations must respond within 45 days of receiving a complaint.

Children's Personal Information

Our Sites and Services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 13. If you are under the age of 13, please do not use our Services or otherwise provide us with any personal information. If you believe we have inadvertently collected personal information from a child under the age of 13, please contact us.

Links to Third-Party Websites or Services

Our Services may include links to third-party websites, plug-ins, and applications. Except where we post, link to, or expressly adopt or refer to this Privacy Statement, this Privacy Statement does not apply to, and we are not responsible for, any personal information practices of third-party websites and online services or the practices of other third parties.

Updates to This Privacy Statement

We will update this Privacy Statement from time to time. When we make changes, we will update the "Effective Date" at the beginning of this Privacy Statement. If we make material changes, we will notify you by email or by posting a notice on our website prior to or on the effective date of the changes. By continuing to use our Services after any changes become effective, you agree to be bound by the revised Privacy Statement.

Contact Us

If you have any questions or requests in connection with this Privacy Statement or other privacy-related matters, please contact us at:

Email: privacy@redtoken.com
Phone: (305) 761-5147

Attention: Privacy
Redtoken LLC
520 SW 5th St
Miami, FL 33130
United States of America

© 2026 Redtoken LLC. All Rights Reserved.