Whadata Customer Data Privacy Policy

This General Privacy and Cookies Policy (the "Policy") describes how Whadata AI, Inc. ("Whadata," "we," "us," or "our") collects, uses, stores, and discloses certain personal data about you as a customer or user of our website, platform, and related online services (the "Services"). This Policy does not apply to any Protected Health Information ("PHI") or patient data that Whadata may process on your behalf as part of separate, healthcare-related services. For PHI-related privacy practices, please refer to our separate health data privacy policy.

PART A – WHADATA GENERAL PRIVACY POLICY

1. Purpose of this Privacy Policy

Whadata respects your privacy and is committed to protecting your personal data in accordance with applicable data protection laws. This Policy explains how we collect, use, and share personal data that you provide to us or that we collect from you when you subscribe to or use our Services. This Policy (together with our Terms of Service) applies only to personal data we collect and process to manage your account and relationship with us. It does not apply to personal data or PHI we process on your behalf.

2. Data Controller

Whadata AI, Inc., incorporated under the laws of the State of New York, is the data controller responsible for your personal data. In this Policy, "Whadata," "we," "us," or "our" refers to Whadata AI, Inc.

3. Contact Details

If you have questions about this Policy or our privacy practices, please contact us at: support@whadata.com

4. Changes to This Policy

We keep this Policy under regular review and may update it from time to time. Changes will be posted on this page and, where appropriate, notified to you by email or when you next log into the Services. It is important that the personal data we hold about you is accurate and current. Please inform us of any changes to your personal data during our relationship.

5. Third-Party Links

Our website may contain links to and from third-party websites, partner networks, and affiliates. These websites have their own privacy policies, and we do not accept any responsibility or liability for them. Please review these third-party policies before submitting any personal data to their websites or using their services.

6. Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you, including:

• Identity Data: First name, last name, username or similar identifier, position.
• Contact Data: Email address and other contact details needed to manage our contract with you.
• Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and related technology on the devices you use to access the Services.
• Usage Data: Details of how you use the Services, including traffic data, features accessed, and number of active users of our Services.

We may also collect, use, and share Aggregated Data (such as statistical or demographic data) for any purpose. Aggregated Data is not considered personal data under applicable law as it does not directly or indirectly reveal your identity. If we combine Aggregated Data with your personal data such that you can be identified, we treat the combined data as personal data in accordance with this Policy.

7. How Is Your Personal Data Collected?

We collect personal data from you directly, for example when you enter into a contract for our Services or communicate with us. We also automatically collect Technical and Usage Data via cookies and other tracking technologies when you use the Services. For more details, see our Cookies Policy in Part B below.

8. Cookies

We use cookies and similar technologies to distinguish you from other users and remember your preferences. This helps us provide a good user experience and improve our Services. For more information on cookies, see Part B (Cookies Policy) below.

9. How We Use Your Personal Data

We will only use your personal data where the law allows. Commonly, we use your personal data in the following circumstances:

• With your consent.
• Where we need to perform a contract with you.
• Where it is necessary for our legitimate interests and does not override your rights and freedoms.
• Where we need to comply with a legal or regulatory obligation.

Examples of uses include:

• Managing our relationship with you, responding to queries, and notifying you of changes to our Terms of Service or this Policy.
• Administering and protecting our business and Services, including troubleshooting and data analysis.
• Ensuring compliance with applicable legal and regulatory requirements.

10. Disclosures of Your Personal Data

We may share your personal data with:

• Service providers that support our business and IT infrastructure (e.g., hosting, analytics).
• Professional advisors (lawyers, bankers, auditors, insurers).
• Regulators, local authorities, or other public authorities as required by law.
• Subprocessors: We may use trusted third-party subprocessors (e.g., cloud service providers, analytics platforms, email tools) to support the Services. These subprocessors are contractually bound to protect your data and may only use it as instructed by us. A list of key subprocessors is available upon request.

We ensure that any service provider we engage is required to keep your personal data confidential and to use it only for the purposes for which we have instructed them.

11. Data Security

We maintain appropriate security measures to protect your personal data from accidental loss, unauthorized use, or unauthorized access. You are responsible for keeping any password for accessing certain parts of our Services confidential. While we employ reasonable security measures, we cannot guarantee absolute security. We maintain a list of technical and organizational security measures upon request and comply with industry standards for encryption, access control, and secure hosting environments.

12. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including satisfying any legal, regulatory, accounting, or reporting requirements. We may retain personal data longer if needed in the event of a complaint or if we reasonably believe there is a prospect of litigation relating to our relationship with you. In some cases, we may anonymize your personal data for research or statistical purposes, in which case we may use this information indefinitely.

Where applicable, we will comply with requests from enterprise clients or individual users to delete or anonymize personal data in accordance with law and contract terms.

13. Your Legal Rights

Depending on applicable data protection laws, you may have the right to:

• Request access to your personal data.
• Request correction or erasure of your personal data.
• Object to or request restriction of processing of your personal data.
• Request the transfer of your personal data to a third party.
• Withdraw consent where we rely on it.

To exercise your rights, please contact us at support@whadata.com. We will respond within 30 days or sooner, as required by applicable law. Verification of identity may be required. If your request relates to data managed by your employer or healthcare provider, we may refer your request to that organization.

14. Data Sales

We do not sell or rent your personal data to third parties for marketing purposes.

15. International Transfers

If you are located outside the United States, your data may be transferred to and processed in the United States or other jurisdictions where we or our subprocessors operate. Not all jurisdictions provide the same level of data protection as your country. If required by applicable law, we will implement appropriate safeguards—such as standard contractual clauses or regional hosting options—to ensure lawful transfer and processing of your data.

16. Enterprise Clients and Role of Whadata

If you access the Services as an employee or user of an enterprise customer (such as a clinic, healthcare provider, or organization), that enterprise acts as the data controller for your personal data. Whadata acts as a data processor on behalf of that enterprise, unless otherwise specified. The enterprise is responsible for managing user access, requests, and data deletion within their account.

17. How to Complain

If you have concerns about our handling of your personal data, contact us at support@whadata.com. If you remain dissatisfied, you may have the right to lodge a complaint with an applicable data protection authority. We encourage you to contact us first so we can address your concerns.

18. Changes to This Privacy Policy

We may update this Policy from time to time. Any changes will be posted here, and if significant, we will bring them to your attention as required by law.