1.1 This Privacy Policy describes how we, RasMal, its affiliates, and subsidiaries (“RasMal” or the “We”), collect, use, disclose, share, and protect your Personal Information. Your registration or usage of our Platforms and use of our Services in any way mean You approve of this Privacy Policy.

1.2 By you, We mean any entity, individual, user, or any person interacting with RasMal Platform (“You”).

1.3 Privacy of your Personal Information is important to us, and if You do not agree to the terms of this Privacy Policy, please stop using the platform.

1.4 This Privacy Policy applies to our platform(s) and online tools including mobile and desktop applications and websites (the “Platforms”). Our Platforms offer multiple channels of services including without limitation scenario modelling for investment rounds and exits, loan calculator, cap table management, virtual data room (VDR), loan repayment calculator, minutes of meeting management, cash-burn analysis and runway, and financial analysis (collectively the “Services”) which you may have access to while using the Platforms.

1.5 We care about your privacy, and as such, We will always try and mask your information when it needs to be handled by contractors using APIs for email forwards and email notifications; thus, reducing the amount of details and number of times your information is passed on or exposed.

Our Privacy Policy reflects our current practices and is subject to change and update from time to time. If We change our Privacy Policy, We will inform You through a notice on our Platforms or otherwise. Your consent to such change will not be required to continue using RasMal Services. Your continue to use our Services after changes are posted constitutes your implicit approval of such updates or change.

3.1 We do not collect information about You unless we need it.

3.2 We do not share your Personal Information with anyone without your prior explicit consent unless We are required to do so in accordance with the applicable laws and regulations of the Kingdom of Saudi Arabia, or any other applicable laws as case may be.

3.3 To enjoy our Services, We will need to collect Personal Information from You. Personal Information means any identifiable information to You, including for example: full name, ID number, Passport, address, age, and payment card details. We may also collect Other Information to use any of our Services. Other information may include uploaded documents on the VDR, capital and shareholding information, information related to your business plan and module, financial information, employee share option plan, and any other information required to complete the Service (the “Other Information”). We will store and keep your Personal Information and other Information secured at all times. We use WAF and reverse proxy to assure high level of protection over the provided information.

3.4 By uploading such information on our Platforms, You do that at your own free will. You must click (I Agree) to this Privacy Policy for full access to the Platforms and Services.

3.5 You consent that all information collected and made available to us by You are correct. We are not responsible for any analytic errors or miscalculation provided in our Services based on the information You have provided us with. In the occurrence of any such errors, we encourage You to revisit the uploaded information, and if You need any technical assistance, please contact us at info@rasmal.io.

We collect the following types of information:

First: The Information You Provide Us Directly

4.1 We collect Personal Information or Other Information that You provide when accessing or participating in any of our Services, such as when creating any VDR, use our financial analytic services, or generate cap tables.

4.2 The information You provide may specifically identify You, your partners, shareholders, third party providers, subsidiaries, and investors (the “Other Party Information”). You share Other Party Information on our Platform at your own risk and responsibility. This information is required to only conduct the Services on our Platforms. RasMal does not claim ownership or have any responsibility in relation to third party consent of the provided Other Party Information by You.

4.3 The amount and type of information You provide depends on the nature of the Service. If You refuse to provide Personal Information, the system may prevent You from using our corresponding Services.

4.4 In the case You provide us with information concerning a third party, or anyone You wish us to interact with; We assume that You have acquired, and You have, the authority or permission to do so on their behalf.

Second: Third Party Information

4.5 We may collect information about You from other sources, such as in the event if your employer will issue You employee stock options or shares. We may add this to information You provide us through our Platforms.

4.6 We may receive data about organizations, industries, website visitors, marketing campaigns, and other matters related to your business from affiliates, subsidiaries, partners, or others that we use to make our own information better or more useful. This data may be combined with other information we collect and might include aggregate level data. Third: Information Automatically Collected When You Use or Access Our Services

4.7 Cookies. Like most online services, We may use cookies, tokens, OTP, and other technologies and methodologies, such as BLE beacons, web storage, and unique advertising identifiers, to collect information about your activity, browser, and device. A browser cookie or an access token is a small portion of data stored on your device to help websites remember things about You. Other technologies, including web storage and identifiers associated with your device, may be used for similar purposes. This type of technology will be referred to as cookies (“Cookies”) in this Privacy Policy.

4.8 We may also use these Cookies to collect information when You interact with our Services. Most web browsers are set to accept Cookies by default. If You prefer otherwise, You can remove or reject browser cookies through settings on your browser or device. However, You should bear in mind that removing or rejecting Cookies can affect the availability and functionality of our Services.

4.9 We may use Cookies for several reasons, such as; to protect your personal data and account, helping us know which features are most popular, counting visitors to a page, improving our users’ experience, keeping our services secure, and generally to providing You with a better, more intuitive, and satisfying experience. Cookies are also available on mobile devices to verify You at signing in and to keep You signed in.

4.10 Cookies we generally use fall into one of the following categories: (1) preferences: We use these Cookies to remember your settings and preferences. (e.g.: language, etc.); (2) security: We use these Cookies to help identify You and give You access and prevent security risks; (3) performance: We use these cookies to collect information about how You interact with our Services and to help us improve them. (e.g.: to determine if You have interacted with a certain page).

4.11 Additionally, for the purpose of providing You with our high-quality Services, We might ask for your permission to send notifications for status updates and alerts for actions required by You.

4.12 We may automatically log information about You and your computer, subject, where necessary, to your consent. For example, like most services when visiting our Platform, we log your computer operating system type, browser type, browser language, pages you viewed, how long you spent on a page, location (your IP address), access times, and information about your use of and actions on our website. This is information we collect from every visitor to the Platform, whether they have an account or not with us. This information may include Personal Information.

Fourth: How We Use the Information

In addition to some of the specific uses of information this Privacy Policy covers, we may use information that we receive in order to:

i. To operate, maintain, and improve the Services or Platforms. This includes use of other information to support delivery of our Services under contract, assist with service request, monitor for errors, remedy security or technical issues, analyze website, and application performances.

ii. To respond to comments and questions, verify permission access, and provide customer service.

iii. To send information including confirmations, invoices and billing, technical notices, updates, security alerts, and administrative messages.

iv. We may contact You to inform You about important services-related notices, such as privacy and policy update notices or changes in our terms of service. These communications are strictly necessary, and You may not opt out of them.

v. We may send You system updates, upcoming events, promotional offers, and other news about Services offered by us. You may unsubscribe to such newsletters and offers.

vi. To link or combine user information with other personal information. An example is when we combine the information a company has provided about their shareholders with the information entered by shareholders in their personal portfolios to improve the user experience.

vii. To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.

viii. To provide and deliver the Services at Your requests. An example is when an employee exercises their stock options, and we may provide a tax form to the company for their IRS reporting requirements.

ix. To monitor and analyze trends and usage.

x. To verify your identity and prevent fraud or other unauthorized or illegal activity.

Fifth: Share Your Information

4.13 We may share personal information as follows:

i. To fulfill our customers’ instructions.

ii. To comply with any applicable law.

iii. For legal protection, information security, and safety purposes. Examples include enforcing contracts or policies, reporting on security breaches, or assisting with investigating and preventing fraud or security issues.

iv. We may share customer and user access on the customer’s account. Equity administrators for the customer, authorized users, and other designated representatives may be able to add, modify, or restrict access, for example if the company administrator designates a legal administrator to issue new securities on behalf of the company.

v. In order to comply with laws and regulatory requests. Examples include responding to lawful requests and legal or regulatory processes.

vi. To the extent permitted by applicable law to protect the rights and property of RasMal, our agents, customers, and others. This includes enforcing our agreements, policies, and terms of use.

vii. RasMal discloses your information to its employees, contractors, and affiliated organizations that (1) need that information in connection with the Services and (2) that have agreed not to disclose it to others.

viii. We may share aggregated or anonymized data. We may disclose or use aggregated or anonymized data for any purpose unless otherwise prevented by applicable laws. An example would be for marketing, analytics, or research purposes.

ix. We will not share Personal Information with investors of the company beyond any Personal Information that such investors are entitled to for customary legitimate business purposes and as permitted by You under this Privacy Policy.

x. If we engage in or negotiate a merger, acquisition, or bankruptcy transaction or proceeding of some or all of RasMal’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Personal Information and Other Information may be shared or transferred subject to reasonable confidentiality restrictions with respect to such information.

xi. We may share information with third parties when we have consent to do so. We may engage third party companies or individuals as service providers to process information and support our services. An example would be cloud services for data center colocation and storage services. These third parties service providers are obligated to protect your information and may be located anywhere the company operates. Personal information will not be shared other than to provide or improve our Services, ads and communications with companies; it will not be shared with third parties for their own marketing purposes.

xii. When You authorize access to your data to third parties. An example is when a company grants their financial auditors’ access for annual audits.

xiii. To help the government fight the funding of terrorism and money laundering activities as provided by applicable law or government authorities. This may result in sharing your Personal Information with the competent authority.

4.14 The information We receive about You may be accessed, processed, and kept for a long period of time when this is a systemic requirement, governmental obligation, investigation, or investigation regarding possible violations of our terms or policies, or to prevent any imminent harm.

Sixth: Protection of Information

4.15 RasMal understands that the information collected and shared with us may contain sensitive data. Therefore, you should be assured that we take our role to protect your information very seriously. We also provide high-quality security programs on our Platforms based on high industry standards and provide best practices. In addition, We take a strong defensive approach to countering cyber- attacks and securing information from unauthorized access or misuse.

4.16 Passwords. You should never share your password with anyone. Your password is unknown to any employee within RasMal or any third party, and we will never ask for your password via phone or email. If you receive any communication claiming to be from RasMal asking for your password, you must report it immediately by contacting us at info@rasmal.io.

4.17 We also periodically review and adjust security measures to ensure the highest quality. Ultimately, there is no non-hackable security system, thus, We cannot guarantee the security of our systems 100%. In the event that any information subject to our control is attacked by a cyber-attack as a result of a security breach, our policy is to take reasonable steps to investigate the situation, and we have the discretion to communicate with and compensate the affected individuals.

Seventh: Data Storage and Transmission

4.18 The information collected through our website will be stored and processed in the Kingdom of Saudi Arabia or any other country where We, our subsidiaries, or service providers own servers provided adequate measures of data privacy protection is adhered to. If You are located in the European Union or in other regions with laws governing data collection and use that may differ from the Saudi Arabia laws, please note that We may transfer your information, including Personal Information, to a country that does not have the same data protection laws as your country, and You authorize us and agree that We transfer such information to the Kingdom of Saudi Arabia or any other country in which We, our subsidiaries, or our service providers own servers and storage locations, as described in this Privacy Policy.

5.1 Our marketing emails tell you how to “opt-out.” If you opt-out, we may still send you non- marketing emails. Non-marketing emails include emails about your accounts and our business dealings with You that are necessary for fulfilling our obligations to our customers.

5.2 You may send requests about personal information to our Contact Information below. You can request to change contact choices, opt-out of our sharing with others, and update your Personal Information.

5.3 We strive to provide You the tools to update your Personal Information. If You are unable to correct inaccurate information on your own, You may request our assistance to update such information by contacting info@rasmal.io.

5.4 You may opt to delete your account with us. This will result in deletion of your Personal Information and any Other Information uploaded to our Platform. Once deleted, We will no longer have access to such information and You may not request a copy of any Personal Information or Other Information. If You wish to access the Services, You will need to create a new account.

5.5 We will keep your Personal Information and Other Information for a limited period as long as necessary to conduct the Services and per your use. If You stopped accessing the account for over than twelve (12) months1, or any other period under applicable laws, We may delete your account and your Personal Information and Other Information will be lost.

Certain third-party’s links may appear on the Platforms. Please note that RasMal is not responsible of any third-party materials that appear on its Platforms. Your access to these third-party sites and adds is on your own discretion and responsibility.

7.1 PLEASE NOTE THAT YOUR CONSENT FORMS A LEGAL GROUND FOR RASMAL TO USE, COLLECT, AND PROCESS YOUR PERSONAL INFORMATION FAIRLY AND LAWFAWLLY SUBJECT TO THIS PRIVACY POLICY AND APPLICABLE LAW. YOUR AGREEMENT TO THIS PRIVACY POLICY CONSTITUTES AN INFORMED CONSENT TO YOUR PERSONAL INFORMATION.

7.2 If you do not agree to this Privacy Policy, you will not be able to access and benefit from the Service.

We welcome your comments or questions about this Privacy Policy. You may also contact us at info@rasmal.io