Privacy Policy

We collect the following types of information: • Contact information: name, email address, company name, and job title when you register or contact us • Service data: information necessary to perform security audits and other services • Usage data: how you interact with our website and services • Technical data: IP address, browser type, device information, and cookies • Marketing preferences: your choices regarding receiving communications from us We collect this information when you: • Register on our website or for our services • Submit security audit requests • Contact our support team • Participate in surveys or marketing activities • Visit our website (through cookies and similar technologies)

We use your information for the following purposes: • Providing and improving our security audit services • Managing your account and relationship with us • Processing transactions and sending related information • Responding to inquiries and providing customer support • Sending service notifications and updates • With your consent, sending marketing communications about our products and services • Analyzing usage patterns to improve our website and services • Preventing fraud and ensuring the security of our platform • Complying with legal obligations We process your information based on: • Performance of our contract with you • Our legitimate business interests • Your consent • Compliance with legal obligations

We may share your information with: • Service providers who help us operate our business • Professional advisors, such as lawyers, auditors, and insurers • Regulatory authorities, law enforcement, and other governmental agencies when required by law • Business partners with your consent • Other third parties in connection with corporate transactions such as a merger or sale We implement appropriate safeguards when sharing your information and only share what is necessary for the specific purpose. We do not sell your personal information to third parties.

We implement robust security measures to protect your information: • Encryption of sensitive data both in transit and at rest • Access controls and authentication mechanisms • Regular security assessments and penetration testing • Employee training on data protection • Secure development practices • Regular backups and disaster recovery procedures Despite these measures, no internet transmission is 100% secure. We strive to protect your information but cannot guarantee absolute security.

We retain your information for as long as necessary to: • Provide our services • Comply with legal obligations • Resolve disputes • Enforce our agreements Specific retention periods depend on the type of information and purpose of processing. When information is no longer needed, we securely delete or anonymize it.

Depending on your location, you may have the following rights: • Access: Request what personal information we have about you • Correction: Request correction of inaccurate information • Deletion: Request deletion of your information • Restriction: Request that we limit how we use your information • Portability: Request a copy of your information in a structured, machine-readable format • Objection: Object to our processing of your information • Withdraw consent: Withdraw previously given consent To exercise these rights, please contact us at privacy@odinaudit.com. We will respond to your request within the timeframe required by applicable law.

We operate globally and may transfer your information to countries with different data protection laws than your own. When transferring data internationally, we implement appropriate safeguards such as: • Standard contractual clauses approved by relevant data protection authorities • Privacy Shield certification (where applicable) • Binding corporate rules • Derogations allowed by law We ensure that any international data transfer complies with applicable data protection laws.

Our services are not intended for children under 16 years of age, and we do not knowingly collect personal information from children. If you are a parent or guardian and believe we may have collected information from your child, please contact us at privacy@odinaudit.com.

We use cookies and similar tracking technologies to: • Ensure the website functions properly • Analyze website traffic and usage patterns • Remember your preferences • Personalize your experience • Measure the effectiveness of our marketing campaigns You can manage cookies through your browser settings. For more information about the cookies we use, please see our Cookie Policy.

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by: • Posting the updated policy on our website • Sending an email notification • Displaying a notice on our website We encourage you to review this policy periodically for the latest information on our privacy practices.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: privacy@odinaudit.com ODIN Audit Itäkatu 1-5 3rd and 4th Floor, 00930 Helsinki, Finland If you are not satisfied with our response, you may have the right to complain to your local data protection authority.