Archeota Privacy Policy

Effective Date: March 19, 2026

Archeota (“Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information collected through our website, applications, portals, APIs, and related services (collectively, the “Site” and “Services”).

This Privacy Policy (“Policy”) describes how we collect, use, disclose, retain, and protect information when you visit the Site, request information from us, create or use an account, upload or submit information through the Services, or otherwise interact with us.

By using the Site or Services, you acknowledge the practices described in this Policy.

Scope

This Policy applies to: - https://www.archeota.com/ and its subdomains; - customer-facing applications, portals, and related interfaces we make available; - APIs and integrations we operate or make available; and - communications and interactions related to the Site or Services.

This Policy does not apply to third-party websites, services, or platforms that we do not control, even if they are linked from the Site or integrated with the Services.

Customer Role and Service Provider Role

In many cases, Archeota receives and processes information on behalf of customers in connection with providing the Services. In those situations, the customer determines what information is submitted to the Services and how the Services are used in its business, and Archeota processes such information as a service provider or processor for the purpose of delivering the Services, subject to customer instructions, applicable agreements, and applicable law.

Information We Collect

We may collect the following categories of information, depending on how you interact with the Site or Services.

A. Contact and business information

Examples may include: - first and last name; - business email address; - business phone number; - firm or company name; - job title or role; - business mailing address.

B. Account and access information

Examples may include: - username or login identifier; - authentication credentials or related account security data; - account role, permissions, or administrative settings; - records relating to account creation, changes, and access.

C. Customer-provided operational data

Depending on the Services used, customers may provide information such as: - account, household, or portfolio-related records; - position and transaction data; - claim-related workflow information; - uploaded files, reports, spreadsheets, or supporting documents; - instructions, notes, approvals, and workflow configurations.

This category may include personal information to the extent necessary to provide the Services, although Archeota is designed to minimize exposure to unnecessary personal information wherever possible.

D. Communications and support data

Examples may include: - demo requests; - emails and messages sent to us; - support requests and support records; - meeting notes; - survey or feedback responses.

E. Device, usage, and log information

Examples may include: - IP address; - browser type and version; - device type and operating system; - referring and exit pages; - timestamps; - clickstream or event data; - system logs, diagnostics, and security monitoring data.

F. Integration and API metadata

If the Services use integrations or APIs, we may collect metadata such as: - integration identifiers; - sync status and timestamps; - import/export activity; - error logs and operational event records.

G. Deidentified or aggregated information

We may create or collect deidentified or aggregated information that does not reasonably identify a particular person, account, or household and may use such information for lawful business purposes.

Data Minimization and Product Design

Archeota is designed to minimize unnecessary exposure to personal information wherever possible while still supporting accurate and effective claims recovery workflows.

Where feasible, our workflows are structured around portfolio, position, transaction, and claim-related operational data rather than unnecessary client-profile visibility. However, depending on the Services, customer configuration, uploaded materials, or integration sources, we may process personal information as needed to: - provide the Services; - administer accounts; - support customer workflows; - generate reports and documentation; - comply with legal obligations; and - maintain security and service integrity.

Customers should avoid submitting unnecessary sensitive personal information through the Services and remain responsible for ensuring that any information provided is appropriate, authorized, and limited to what is needed for the relevant workflow.

How We Collect Information

We may collect information in the following ways:

A. Directly from you

We collect information when you: - complete forms on the Site; - request a demo or walkthrough; - contact us by email, phone, or other channels; - create an account; - upload files or records; - configure workflows or settings; - communicate with support.

B. Through your use of the Site or Services

We may automatically collect device, usage, log, and analytics information when you access or use the Site or Services, including through cookies and similar technologies.

C. From customer-authorized integrations or third parties

We may receive information from integrations, data providers, service providers, or other third parties acting on behalf of the customer or otherwise authorized to provide information in connection with the Services.

D. From service providers and vendors

We may receive information from vendors that help us operate the Site or Services, such as hosting providers, analytics providers, communications vendors, and support tools.

How We Use Information

We may use information for lawful business purposes, including to:

A. Provide and operate the Services

Including to: - create and administer accounts; - ingest, organize, and process customer-provided data; - support claims-related workflows; - generate reports, records, and status information; - provide customer support.

B. Communicate with you

Including to: - respond to questions and demo requests; - send service-related notices; - provide onboarding, support, and account communications; - send marketing communications where permitted by law.

C. Improve and develop the Site and Services

Including to: - analyze performance and usage; - troubleshoot and diagnose issues; - improve features, workflows, and user experience; - conduct internal research and development.

D. Security and fraud prevention

Including to: - authenticate users; - monitor for suspicious activity; - investigate potential misuse; - protect the Site, Services, users, and Company.

E. Compliance and legal purposes

Including to: - enforce our terms and policies; - respond to lawful requests and legal process; - satisfy regulatory, recordkeeping, audit, or compliance obligations; - protect rights, safety, and property.

F. Deidentified and aggregated uses

We may use deidentified or aggregated information for analytics, service improvement, research, and other lawful business purposes.

Cookies, Analytics, and Similar Technologies

We may use cookies, logs, web beacons, or similar technologies to: - remember preferences; - maintain sessions; - understand Site usage; - improve performance; - support analytics and security.

Most browsers allow you to manage cookie preferences. If you disable cookies, some Site functionality may be limited.

We may also use third-party analytics or similar tools to help us understand how the Site or Services are used. Those providers may collect information in accordance with their own policies and agreements with us.

The specific cookies, analytics, and similar technologies we use may change over time depending on how the Site and Services are configured and operated.

How We Disclose Information

We may disclose information, including personal information, for legitimate business purposes to the following categories of recipients:

A. Affiliates

We may disclose information to affiliated entities for purposes consistent with this Policy.

B. Service providers and contractors

We may disclose information to vendors and service providers that assist us with hosting, infrastructure, analytics, communications, support, security, and related business operations.

C. Customer-authorized third parties

We may disclose information to third parties authorized or directed by the customer, such as integrations, data sources, or other service providers designated by the customer.

D. Professional advisers

We may disclose information to legal, accounting, audit, compliance, or other professional advisers where reasonably necessary.

E. Business transfers

If we are involved in a merger, acquisition, financing, reorganization, sale of assets, or similar corporate transaction, information may be transferred as part of that transaction, subject to applicable law.

F. Legal and regulatory disclosure

We may disclose information if required or permitted by law, regulation, subpoena, court order, or other legal process, or if we believe disclosure is reasonably necessary to: - comply with legal obligations; - protect rights, safety, or property; - investigate fraud, abuse, or security incidents; or - enforce our agreements.

G. Deidentified or aggregated information

We may disclose deidentified or aggregated information that does not reasonably identify you.

We do not sell personal information in exchange for money in the ordinary course of operating the current Services unless expressly described otherwise.

Customer Responsibility for Submitted Data

Customers and users are responsible for ensuring that they have the authority and legal basis to provide information to Archeota in connection with the Services.

If you submit data relating to accounts, portfolios, transactions, clients, households, claims, or other records, you represent that you are authorized to do so and that such submission and processing are permitted under applicable law and your contractual or fiduciary obligations.

Security

The security and confidentiality of information are important to us. We use commercially reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include access controls, role-based permissions, logging, monitoring, and the use of service providers with appropriate safeguards.

However, no method of transmission over the internet or method of electronic storage is completely secure. As a result, we cannot guarantee absolute security.

Data Retention

We retain information for as long as reasonably necessary to: - provide the Site and Services; - maintain accounts and relationships; - support reporting, audit, security, and continuity needs; - comply with contractual, legal, regulatory, tax, accounting, or operational obligations; - resolve disputes and enforce agreements.

Retention periods may vary depending on the type of information, the Services involved, customer relationships, legal obligations, and operational needs.

In some cases, retained information may persist in backups, archives, security logs, or legally required records for a period of time after deletion requests or account closure, subject to applicable law.

Legal Bases for Processing

Where applicable under GDPR or similar laws, we process personal information on one or more of the following legal bases:

• to perform a contract or take steps at your request before entering into a contract;
• to comply with legal obligations;
• for our legitimate interests in operating, securing, improving, and supporting the Site and Services, except where overridden by applicable rights; and
• with consent where consent is required by law.

Data Privacy Rights

Depending on your jurisdiction, you may have rights regarding your personal information, such as the right to: - request access to personal information we hold about you; - request correction of inaccurate information; - request deletion of certain information; - object to or request restriction of certain processing; - request portability of certain information; and - opt out of certain marketing or data-sharing practices where applicable.

These rights are subject to legal limitations and exceptions. To exercise a request, please contact us using the contact information below. We may request information necessary to verify your identity and process your request.

We may take reasonable steps to verify your identity before fulfilling a privacy-related request and may require additional information where necessary. Where permitted by law, an authorized agent may submit a request on your behalf, subject to appropriate verification and proof of authority.

California

If you are a California resident, you may have rights under California privacy laws, including rights to know, access, correct, delete, and opt out of certain disclosures or uses, subject to applicable exceptions.

EEA / UK

If you are located in the European Economic Area or the United Kingdom, you may have rights under applicable data protection laws, including GDPR-related rights, subject to applicable conditions and limitations.

You may also have the right to lodge a complaint with a supervisory authority where provided by law.

Marketing Communications

If you no longer wish to receive marketing communications from us, you may opt out by: - following the unsubscribe instructions in the communication; - updating your preferences if that functionality is available; or - contacting us using the information below.

Even if you opt out of marketing communications, we may still send you administrative, transactional, security, service, or relationship messages where permitted by law.

Do Not Track

Some browsers may transmit “Do Not Track” signals. The Site does not currently respond differently to such signals unless required by law.

International Transfers

We may process or transfer information in the United States or other jurisdictions where we or our service providers operate. Where required by law, we will take appropriate measures designed to ensure that such transfers comply with applicable data protection requirements.

Children’s Information

The Site and Services are not directed to children under the age of eighteen (18), and we do not knowingly collect personal information from children under 18. If we learn that we have inadvertently collected such information, we will take reasonable steps to delete it.

Third-Party Links

The Site may contain links to third-party websites or services that we do not control. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing information to them.

Changes to This Policy

We may update this Policy from time to time in our sole discretion. If we make material changes, we will post the updated version through the Site with a revised effective date. Your continued use of the Site or Services after the updated Policy is posted constitutes your acceptance of the revised Policy.

Contact Information

If you have questions about this Policy or wish to exercise any privacy-related rights, please contact us at:

Attn: Data Privacy Manager
Archeota
134 Hermitage Drive
Six Mile, SC 29682
hello@archeota.com