Privacy Statement Arkham Technologies INC.

I.PURPOSE

This Privacy Statement has been prepared by ARKHAM TECHNOLOGIES INC., (hereinafter referred to as "Arkham”) with registered address at 5966 S Dixie Hwy STE 300, South Miami, FL 33143, with the aim of setting out the manner, means, and purposes applied within its organization to collect, use, and/or share information and/or personal data of its customers, in its capacity as controller, processor, and/or authorized third party: the foregoing at the time customers visit its website, purchase its products and/or services, or simply request information.

The purpose of this Privacy Statement is to ensure that the processing of personal information and/or data carried out by Arkham is in full compliance with the General Data Protection Regulation (EU Regulation 2016/679, the "GDPR"), the California Consumer Privacy Act of 2018 (the "CCPA"), the California Privacy Rights Act of 2020 (the "CPRA"), as well as best practices in the field of personal data protection and privacy, seeking at all times to demonstrate the following (proactive responsibility):

(1) Compliance with the principles of lawfulness, transparency, security, purpose limitation, use limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, control by the data subject, and non-discrimination for exercising privacy rights.

II.SCOPE AND FIELD OF APPLICATION.

Arkham is committed to respecting the privacy of its customers and therefore undertakes to protect it through effective compliance with this Privacy Statement. 

This Privacy Statement is mandatory in all processes involving the processing of information and/or personal data by the organization, from the moment it is obtained, used, and exploited, until it is deleted or retained, as applicable, ensuring at all times the legitimate and informed processing by Arkham.

It is important to note that this Privacy Statement does not apply to any information that may be obtained by third-party websites and/or applications (including advertising) that may be accessible from the Arkham website, for which Arkham is not responsible for the policies and practices of third parties, so it is recommended that you review the privacy policies of each website and/or application you visit.

It is essential that customers of Arkham read this Privacy Statement before visiting its website, purchasing its products and/or services, or simply requesting information from, so that they understand how Arkham will treat their information. This includes what personal information and/or data will be collected, how it will be used and/or transferred, etc.

If the customer visits the website, purchases its products and/or services, or simply requests information (regardless of the means of contact) from Arkham, they will be deemed to have agreed to this Privacy Statement and accepted its terms and conditions.

Arkham reserves the right to make changes and/or modifications to this Privacy Statement, in which case customers are advised to review it periodically.

III. INFORMATION COLLECTED BY ARKHAM.

The information and/or personal data that Arkham has processed in the last 12 months comes from one of the following sources:

(1). Directly from customers who purchase any of the products and/or services offered by Arkham, exclusively in the interest and/or benefit of the customers themselves and/or the organization they represent; these are as follows:

A). Identifiers: full names, email addresses, home addresses, phone numbers, dates of birth, IP addresses, and official identifications.

B). Confidential information: Payment and billing information ("invoice number, date of service rendered, date of sending invoice, contact, name and tax ID of seller, name, contact, tax ID of buyer, description of each product or service, cost per unit of product, tax rates, total amount owed with currency"), account numbers, credit or debit card numbers. 

Legal Basis for Processing: The processing of this data is essential for (i) the execution and/or fulfillment of the contractual and/or legal obligations that Arkham acquires with its customers, as well as to provide them with the contracted services and/or products, (ii) the fulfillment of legal obligations by Arkham, and (iii) the satisfaction of legitimate interests pursued by Arkham, provided that the rights and freedoms of its customers are not affected.

(2). From browsing websites that customers and/or persons interested in the products and/or services offered by Arkham may carry out; through the use of standard automated collection tools such as "cookies, web beacons, tracking pixels, tags" and other tools; such information shows how our website is used and how users interact with Arkham.

Legal Basis for Processing: The processing of this data is essential for the satisfaction of the legitimate interests pursued by Arkham as long as it does not affect the rights and freedoms of its customers.

Arkham does not process special categories of personal data of its customers.

Arkham does not process personal data of children under the age of 18 under any circumstances. In the event that Arkham mistakenly collects personal data from minors under the age of 18, it will immediately take the necessary measures to delete it. If anyone becomes aware that a minor under the age of 18 has sent information to Arkham, they are requested to contact Arkham through its Data Protection Officer, whose details are specified in section VIII of this Privacy Statement, for its immediate deletion.

IV. HOW ARKHAM USES ITS CUSTOMERS' INFORMATION.

Arkham uses the information it collects from its customers for the following purposes:

- To develop, improve, and enhance its products and/or services.
- To issue results, samples, and statistics to the customer, aimed at showing their current financial status.
- To show growth projections based on the information provided by the customer.
- Design products at the customer's request.
- Invoice the products and/or services purchased by the customer.
- File tax returns.
- Respond promptly to comments, complaints, suggestions, questions, and/or requests for the purchase of products and/or services.
- Communicate products, services, and/or offers.
- Monitor and analyze trends, usage, and activities related to our products and/or services.
- Detect and prevent fraud, malicious activities, and other illegal activities.
- Maintain the integrity and security of the products and/or services marketed.

Arkham may create encrypted and/or pseudonymized information for the purpose of developing, improving, and enhancing its products and/or services.

Arkham will apply the best approved and accepted technological, technical, and organizational measures in terms of privacy to ensure that the information used cannot be attributed to any customer.

V. HOW ARKHAM SHARES ITS CUSTOMERS' INFORMATION.

Arkham under no circumstances rents and/or sells personal data and/or information belonging to its customers.

The circumstances in which Arkham may share its customers' information are as follows:

- With suppliers, business partners, and/or service providers, when it is essential for the fulfillment of legal obligations contracted as a result of entering into a contract.
- With authorities when it is essential for compliance with legal requirements and/or obligations.
- With authorities when it is essential for the satisfaction of legitimate interests and/or protection of rights owned by Arkham.
- With business partners, acquirers, and/or sellers in cases where Arkham merges, spins off, and/or restructures.
- With possible affiliates and/or subsidiaries of Arkham.
- When Arkham obtains your consent.

VI. INTERNATIONAL DATA TRANSFERS.

Arkham may transfer customer information to countries other than those of residence for processing and/or storage. In particular, Arkham may transfer information to Mexico and/or other countries where it has a presence and/or where its affiliates, business partners, and service providers are located. These countries may not have data protection laws equivalent to those of the country in which you reside.

Regardless of where Arkham processes its customers' information, Arkham guarantees that it will take the necessary measures to protect the information in accordance with the provisions of this Privacy Statement and applicable local data protection laws.

The measures that Arkham will implement include the European Commission's Standard Contractual Clauses for transfers of personal information from the European Economic Area (EEA) or Switzerland between us and equivalent measures for transfers of personal information from the United Kingdom.

Arkham also offers our customers the option of entering into a data processing addendum (DPA) containing the Standard Contractual Clauses for transfers between Arkham and its customers. We also use additional measures to ensure that your information is adequately protected.

VII. RIGHTS AND OPTIONS REGARDING DATA PROTECTION FOR ARKHAM CUSTOMERS.

Arkham retains its customers' personal data and/or information solely and exclusively for the time necessary to provide the services and/or products that customers have contracted, except for those that must be retained for a longer period for legal reasons.

The rights and/or options that Arkham customers have in relation to their personal information and/or data may vary depending on their place of residence.

Customers residing in California, United States of America, may review the specific section corresponding to their jurisdiction in this Privacy Statement.

Regardless of the above, Arkham customers have the following rights:

- Right to information and access to personal data.
- Right to transparency.
- Right to rectification and erasure.
- Right to portability.
- Right to object and automated individual decisions.
- Right to restriction of processing.

Arkham guarantees that customers may exercise the aforementioned rights independently and free of charge.

Customers of Arkham may exercise the aforementioned rights by sending an email to privacy@arkham.finance specifying the following:

- Full name.
- Email address for receiving notifications.
- Official identification or any official document to validate the customer's identification.
- If the right to exercise on behalf of the client is exercised through a legal representative, the appropriate documentation must be provided to prove the representation conferred.
- Description and/or indication of the right to be exercised, specifying the desired request in detail and attaching, where applicable, the documents supporting the request.
- Date and signature.

Arkham will resolve requests to exercise any right as quickly as possible and will respond to them within a period of no more than 30 days from the moment Arkham receives the request; the response time will depend on the complexity of the request, which may be extended for an equal period of time provided there is a justified cause and depending on the complexity of the request.

Regardless of the above, Arkham invites its customers to communicate any concerns, questions, or suggestions regarding this Privacy Statement by contacting us via email at: privacy@arkham.finance

Data subjects and/or interested parties have the right to file a complaint and/or report with the competent data protection authority in their jurisdiction of residence for any disagreement regarding the processing of their information and/or personal data.

Arkham uses and implements industry-accepted and approved security tools, as well as strict internal procedures and guidelines to prevent the misuse and/or unlawful disclosure of personal information and/or data.

Arkham employees are subject to confidentiality obligations.

The fact that Arkham implements adequate and appropriate security measures in relation to the personal data and/or information it processes, thereby significantly reducing the risks inherent in its processing, does not imply that there is no probability of any impact, in which case Arkham requests that if you become aware of any possible data breach or security vulnerability, you contact Arkham immediately through its Data Protection Officer, whose contact information is provided above.

In the event that Arkham becomes aware of any breach of the security of its systems that compromises in any way the information and/or personal data it processes, it will immediately apply corrective measures and notify the competent supervisory authority no later than 72 hours after the incident.

The notification to the competent authority shall include at least:

- A description of the nature of the personal data breach, including, where possible, the categories and approximate number of data subjects concerned, and the categories and approximate number of personal data records concerned.
- The name and contact details of the data protection officer or other contact point where further information can be obtained.
- A description of the possible consequences of the personal data breach.
- A description of the measures taken or proposed by Arkham to address the personal data breach, including, where appropriate, measures taken to mitigate its possible adverse effects

VIII. CHANGES TO THE ARKHAM PRIVACY STATEMENT.

Arkham reserves the right to change this Privacy Statement. If the changes are material, Arkham will post a prominent notice on its website. Interested parties can check the date on which the latest version of this Privacy Statement was published at the end of the statement. If you do not agree with any changes to this Privacy Statement, you should stop using the services and/or products provided by Arkham.

Arkham recommends that you periodically review this Privacy Statement or when you otherwise interact with Arkham.

IX. SPECIAL PROVISIONS FOR DATA SUBJECTS RESIDING IN CALIFORNIA, UNITED STATES OF AMERICA.

This section of the Privacy Statement addresses the requirements set forth in the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100-1798.199) ("CCPA") and the California Privacy Rights Act of 2020 (the "CPRA").

The provisions of this section supplement the provisions of this Privacy Statement. Therefore, if you require a description of our data collection, use, and disclosure practices, you should read this Privacy Statement in its entirety.

Categories of Personal Information.

The categories of personal information as defined by the CCPA and CPRA that Arkham may collect are as follows:

- Identifiers.
- Categories of personal information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (e.g., name, address, email address).
- Characteristics of classifications protected under federal or California law.
- Commercial information (e.g., transaction data).
- Internet or other similar network activity.
- Geolocation data (e.g., general location derived from an IP address).
- Professional or employment-related information.
- Inferences drawn from the above categories of personal information.

Arkham may process personal data that is considered Sensitive Personal Information ("SPI") under the CPRA, however Arkham informs that it will only process such data for purposes permitted by law and to the extent strictly necessary to operate its services. The personal data that Arkham collects in this category is as follows:

- IP address, official identifications, tax ID, account numbers, credit or debit card numbers.

Categories of recipients of personal information.

The categories of personal information (including confidential information) specified above may be disclosed in the cases and to the persons indicated in Section V "HOW ARKHAM SHARES ITS CUSTOMERS' INFORMATION" of this Privacy Statement.

Sources of personal information.

The ways in which Arkham obtains the categories of personal information listed above are specified in Section III "INFORMATION THAT ARKHAM COLLECTS" of this Privacy Statement.

Purposes of processing personal information.

Arkham uses personal information for the purposes described in Section IV, "HOW ARKHAM USES ITS CUSTOMERS' INFORMATION," of this Privacy Statement.Likewise, and in accordance with the CPRA, Arkham informs that it will only process its customers' "SPI" exclusively for the following purposes (essential purposes) and never for secondary purposes or purposes not expressly listed below:

- Verify customer identity.
- Prevent fraud.To comply with legal and/or regulatory obligations.
- Perform limited and proportionate internal activities consistent with the customer's reasonable expectations and the purposes disclosed in this Notice.

Arkham does not use "SPI" for purposes other than those expressly specified in this policy and/or those expressly permitted by the CCPA and CPRA considered secondary and/or outside the scope of the business, in which case it does not require a "Limit the Use of My Sensitive Personal Information" link.

Arkham does not transfer, sell, and/or share its customers' "SPI" for any purpose or for cross-context behavioral advertising.

Retention period criteria.

Arkham retains its customers' personal data and/or information solely and exclusively for the time necessary to provide the services and/or products that customers have contracted, except for those that must be retained for a longer period for legal reasons (e.g., to comply with applicable tax or accounting requirements).

CCPA and CPRA rights and requests.

The rights that can be exercised under the CCPA and CPRA with respect to the personal information that Arkham processes, in addition to those outlined in Section VII, "RIGHTS AND OPTIONS REGARDING THE PROTECTION OF CUSTOMER DATA OF Arkham," are as follows: 

- Right to Know/Access.
- Right to Delete.
- Right to Correct.
- Right to Opt-Out of Sale.
- Right to Opt-Out of Sharing.
- Right to Limit Use of Sensitive Personal Information.
- Right to Data Portability.
- Right to Non-Discrimination / Non-Retaliation.

Arkham will review and respond to the request in accordance with the CCPA and CPRA, and will also verify that no exceptions under the CCPA and/or CPRA apply. Arkham may need to request additional personal information, such as your email address, state of residence, or mailing address, to verify your identity and protect against fraudulent requests.

It should be noted that Arkham does not sell personal information as defined by the exchange of such information for monetary payment. However, because the definitions of "sale" and "share" under the CCPA and CPRA may encompass the sharing of your information with certain types of advertising and marketing partners, Arkham offers California residents the right to opt out of any sale or exchange of such personal information.

The rights specified above under the CCPA and CPRA may be exercised in accordance with the procedure set forth in Section VII, "RIGHTS AND OPTIONS REGARDING THE PROTECTION OF CUSTOMER DATA BY ARKHAM".

Arkham guarantees data subjects their right to be treated free from any type of discrimination for exercising any of the rights enshrined in the CCPA, CPRA, and/or any other applicable legal system.

Last updated: January 2026.

Book a demo
Explore our product

DATA & AI

Product

Industries

Services

GET TO KNOW US

Join the team

Contact

Whitepaper

Startupeable

Tech Hub

Documentation

Blog

FOLLOW US

© 2026 Arkham Technologies Inc.

Terms and conditionsPrivacy Notice