COTES AI, INC. PRIVACY POLICY

Effective Date: June 7, 2026 Last Updated: June 7, 2026

OUR COMMITMENT TO YOUR PRIVACY

Cotes AI, Inc. ("Cotes AI," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.cotes.ai and use our spectral analysis screening services (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you consent to the practices described in this Privacy Policy.

1. INFORMATION WE COLLECT

Information You Provide Directly

When you register for an account or subscribe to our Services, we collect:

Account Information: Email address, username, and password
Billing Information: Billing address and transaction history. Your payment card details are processed directly by our PCI-compliant payment processor (Stripe) and are never stored on our servers. We only receive a secure token reference and the last four digits of your card for display purposes.
Communication Data: Information from your emails or support requests to us

Note: We do NOT collect sensitive financial information such as:

Your investment portfolio details
Trading account information
Net worth or income data
Social Security Numbers
Bank account numbers
Credit card numbers (these go directly to Stripe)

Information Collected Automatically

When you use our Services, we automatically collect:

Usage Data: Pages viewed, features used, patterns analyzed, time spent on site
Device Information: IP address, browser type, operating system, device identifiers
Log Data: Access times, referring URLs, clickstream data
Cookies and Similar Technologies: See Section 6 for details

Information We Do NOT Collect

As a publisher operating under the publisher's exclusion, we intentionally do NOT collect:

Personal investment objectives or strategies
Risk tolerance information
Financial situation details
Investment experience data
Any information that would be used to provide personalized investment advice

2. HOW WE USE YOUR INFORMATION

We use the collected information for the following purposes:

Service Delivery

Provide access to our spectral analysis tools
Process subscription payments
Send service-related communications
Provide customer support

Service Improvement

Analyze usage patterns to improve our algorithms
Develop new features and tools
Fix bugs and technical issues
Conduct research on pattern recognition effectiveness

Legal Compliance

Comply with applicable laws and regulations
Enforce our Terms of Service
Protect against fraud and unauthorized access
Respond to legal process

Marketing (with your consent)

Send newsletters about market patterns and technical analysis education
Inform you about new features or services
Provide educational content about spectral analysis

We will NEVER use your information to:

Provide personalized investment recommendations
Create individual investment profiles
Target you with specific investment opportunities
Sell or rent your personal information to third parties

3. HOW WE SHARE YOUR INFORMATION

We share your information only in the following limited circumstances:

Service Providers

We share information with trusted third-party service providers who assist us with:

Payment processing (Stripe) — Only receives payment data directly from you
Email delivery (SendGrid, Mailchimp, etc.)
Cloud storage (AWS, Google Cloud, etc.)
Analytics (Google Analytics, etc.)
Customer support tools

All service providers are contractually obligated to protect your information and use it only for providing services to us.

Legal Requirements

We may disclose information if required by:

Court order or subpoena
Government or regulatory request
Law enforcement investigation
To protect our rights or property
To prevent fraud or cybersecurity threats

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

Aggregated Data

We may share aggregated, anonymized data that cannot identify you personally for research or marketing purposes.

With Your Consent

We will share information for any other purpose with your explicit consent.

4. DATA SECURITY

We implement industry-standard security measures to protect your information:

Technical Safeguards

Encryption of data in transit (TLS/SSL)
Encryption of sensitive data at rest
Secure cloud infrastructure with regular security audits
Multi-factor authentication available
Regular security updates and patches

Payment Security

We never store your credit card information. All payment data is processed directly through Stripe, a PCI Service Provider Level 1 certified payment processor. This is the highest level of certification available in the payments industry. Your card details go directly to Stripe's secure servers and never touch our systems.

Administrative Safeguards

Limited employee access on a need-to-know basis
Confidentiality agreements with all employees
Regular security training
Incident response procedures

Physical Safeguards

Secure data center facilities
Access controls and monitoring
Redundant backup systems

Important: While we use reasonable efforts to protect your information, no security system is impenetrable. We cannot guarantee absolute security of your data.

5. YOUR DATA RIGHTS AND CHOICES

Access and Portability

You have the right to:

Request a copy of your personal information
Download your data in a portable format
Access your account information at any time

Correction and Update

You can:

Update your account information through your profile
Contact us to correct any inaccurate data
Manage your communication preferences

Deletion

You may request deletion of your account and personal information, subject to:

Legal retention requirements
Completion of pending transactions
Legitimate business purposes

Opt-Out Rights

You can opt out of:

Marketing emails (via unsubscribe link)
Non-essential cookies
Analytics tracking
Third-party information sharing (where applicable)

Do Not Sell

We do NOT sell your personal information. You have the right to confirm this at any time.

6. COOKIES AND TRACKING TECHNOLOGIES

What We Use

We use the following types of cookies and similar technologies:

Essential Cookies

Required for basic site functionality
Cannot be disabled

Analytics Cookies

Help us understand how you use our Services
Google Analytics with IP anonymization

Preference Cookies

Remember your settings and preferences
Enhance your user experience

Your Cookie Choices

Most browsers allow you to manage cookie preferences
You can delete cookies at any time
Disabling cookies may limit functionality

Do Not Track

We currently do not respond to "Do Not Track" browser signals, as there is no industry standard.

7. THIRD-PARTY LINKS

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

8. CHILDREN'S PRIVACY

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

9. INTERNATIONAL USERS

Our Services are operated from the United States. If you access our Services from outside the U.S.:

Your information will be transferred to and processed in the U.S.
U.S. privacy laws may differ from your jurisdiction
By using our Services, you consent to this transfer

10. STATE-SPECIFIC RIGHTS

California Residents (CCPA)

You have additional rights including:

Right to know what personal information we collect, use, and share
Right to delete your personal information
Right to opt-out of the "sale" of personal information (we do not sell data)
Right to non-discrimination for exercising your rights

European Users (GDPR)

If GDPR applies, you have rights including:

Right to access, correct, and delete your data
Right to data portability
Right to object to processing
Right to lodge a complaint with supervisory authorities

Other States

Residents of Virginia, Colorado, Connecticut, and other states with privacy laws may have similar rights.

11. DATA RETENTION

We retain your information for as long as necessary to:

Provide our Services
Comply with legal obligations
Resolve disputes
Enforce our agreements

Generally:

Account information: Duration of account plus 3 years
Transaction records: 7 years (tax requirements)
Usage data: 2 years
Marketing data: Until opt-out plus 90 days

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in:

Our data practices
Legal requirements
Our Services

We will notify you of material changes by:

Email notification
Prominent notice on our website
Requiring acknowledgment for continued use

13. HOW TO CONTACT US

For privacy-related questions, requests, or concerns:

Data Protection Officer Cotes AI, Inc. 16192 Coastal Hwy Lewes, DE 19958 Email: privacy@cotes.ai

Response Time: We will respond to your request within 30 days, or as required by applicable law.

14. PRIVACY NOTICE SUMMARY

Quick Reference:

✅ We collect minimal information needed to provide our Services
✅ We do NOT store credit card information (processed by Stripe)
✅ We do NOT collect investment portfolio information
✅ We do NOT sell your personal information
✅ We do NOT provide personalized investment advice
✅ You can request access, correction, or deletion of your data
✅ We use industry-standard security measures
✅ You can opt-out of marketing communications

BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO ITS TERMS.

Document Version: 1.0 Effective Date: June 7, 2026 Last Updated: June 7, 2026