Privacy Policy

ArkRace Technologies, Inc. ("ArkRace", "we", "us") operates the ArkRace Cloud platform. This Privacy Policy explains how we collect, use, and protect information when you use our platform. We are committed to protecting your privacy and handling your data responsibly, in compliance with applicable data protection laws including PIPEDA (Canada), GDPR (EU/UK), and PDPA (applicable regions).

We collect: Account & business data: name, email, phone number, business registration details, VAT/GST numbers KYC documents: government-issued IDs, business licences, proof of address — collected for verification purposes only Usage data: pages visited, features used, session duration, device type, IP address Lead & customer data: inquiries, chat messages, and booking details submitted through your portal Payment data: billing address and last 4 digits of card (full card numbers are handled by PCI-compliant payment processors only) Communications: support tickets, emails, and chat sessions with our team

We use your data to: • Operate and improve the Platform • Process payments and manage subscriptions • Perform KYC verification and fraud detection • Generate AI insights (lead scoring, sentiment, recommendations) • Send transactional emails and service notifications • Provide customer support • Comply with legal obligations We do not sell your personal data or business data to third parties.

We may share data with: Sub-processors: cloud infrastructure (AWS), payment gateways (Razorpay, Stripe, Square, Moyasar), AI services (OpenAI) — each under strict data processing agreements Legal authorities: when required by law, court order, or to protect safety Business transfers: in the event of a merger or acquisition, with appropriate notice We do not share your customer lead data with other businesses on the platform.

We retain data for as long as your account is active and as required by law: • Account data: retained for the life of your account + 90 days post-termination • KYC documents: retained per applicable regulatory requirements (typically 5–7 years) • Payment records: retained for 7 years for accounting compliance • Usage logs: retained for 90 days for security monitoring You may request deletion of your data by contacting privacy@arkrace.com, subject to legal retention obligations.

We implement industry-standard security measures: • Encryption at rest (AES-256) and in transit (TLS 1.3) • JWT-based authentication with short-lived tokens • Per-tenant data isolation • KYC document vaults with role-based access controls • Regular penetration testing and security reviews • Audit logging for all sensitive operations No system is 100% secure. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by applicable law.

Depending on your jurisdiction, you may have the right to: • Access the personal data we hold about you • Correct inaccurate data • Request deletion ("right to be forgotten") • Object to or restrict processing • Data portability (receive a copy in machine-readable format) • Withdraw consent at any time To exercise any of these rights, email privacy@arkrace.com. We will respond within 30 days.

We use essential cookies to operate the Platform (authentication, session state) and analytics cookies to understand usage patterns. You can manage non-essential cookies via our Cookie Settings or your browser preferences. Note that disabling essential cookies may impair Platform functionality. See our full Cookie Policy for details.

ArkRace is headquartered in Canada. If you use the Platform from the EU, UK, or other jurisdictions with data transfer restrictions, your data may be transferred internationally. For EU/UK users: transfers are made under Standard Contractual Clauses (SCCs) approved by the European Commission. For other regions, we apply equivalent safeguards.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-platform notice at least 14 days before they take effect. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

For privacy inquiries, to exercise your rights, or to contact our Data Protection Officer: ArkRace Technologies, Inc. Privacy Team: privacy@arkrace.com Data Protection Officer: dpo@arkrace.com Response time: within 30 days of receipt.