The privacy of your personal information is important to us. This Privacy Policy describes how Dragonfly Financial Technologies Corp. (“Dragonfly", “DFT", “we" or “we") collects, uses, and discloses information about you. This Privacy Policy applies to information we collect when you access or use our website located at dragonflyft.com or the Dragonfly digital banking platform (together with any materials and services available therein, related mobile applications, and successor platform(s) thereto, the “DRAGONFLY PLATFORM") (collectively with the website, the “SERVICES"). We may provide different or additional notices of our privacy practices with respect to certain products or services, in which case those notices will supplement or replace this Privacy Policy.

The information we collect and use from you varies depending on the way you use our Services. Below, we describe the different ways we might collect information from you when you access or use our website as a website visitor (“Website Visitor”), or when you directly access or use the Dragonfly Platform as a customer (“Customer”).

We collect information you provide directly to us. If you are a Website Visitor, we collect information directly from you when you fill out a form or otherwise communicate with us. The types of information about you that we collect include your name, your company’s name, your company email address, and any other information you choose to provide. If you are a customer, we collect information from you when you create an account or request customer support, such as your name, your company’s name, your address, phone number, account username, account password, Taxpayer Identification Number, and other information that is required to create an account on the Dragonfly Platform.

We may also indirectly collect information from you if you have a direct relationship with a customer that uses the Dragonfly Platform. Dragonfly does not directly collect or control such information and the Customers determine what information they collect. To the extent Dragonfly receives such information, we do so on behalf of our customers.

We automatically collect certain information about your interactions with us or our Services, including:

• Device and Usage Information: We collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. We also collect information about your activity on our Services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our Services.
• Location Information: In accordance with your device permissions, we may collect information about the precise location of your device. You may stop the collection of precise location information at any time (see the Your Privacy Rights and Choices section below for details).
• Information Collected by Cookies and Similar Tracking Technologies: We use tracking technologies, such as cookies, SDKs, and web beacons, and collect information about your interactions with the Services. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons (also known as “pixel tags” or “clear GIFs”) are electronic images that we use on our Services and in our emails to help deliver cookies, count visits, and understand usage and campaign effectiveness. For more information about our use of these technologies, see the Your Privacy Rights and Choices section below.

We obtain information from other sources, such as conference organizers, or identity verification services. The information we collect include your name and email address.

We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your internet protocol (IP) address.

We use the information we collect to administer the Services. We also use the information we collect to:

• Provide, maintain, improve, and develop new products and services, including to debug and repair errors in our Services.
• Personalize your experience with us.
• Send you technical notices, security alerts, support messages and other transactional or relationship messages.
• Communicate with you about products, services, and events offered by Dragonfly and others and provide news and information that we think will interest you (see the Your Privacy Rights and Choices section below for information about how to opt out of these communications at any time).
• Monitor and analyze trends, usage, and activities in connection with our products and services.
• Detect, investigate, and help prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and help protect the rights and property of Dragonfly and others.
• Comply with our legal and financial obligations.
• Create de-identified, anonymized, or aggregated information.
• Carry out any other purpose described to you at the time the information was collected.

We disclose personal information in the following circumstances or as otherwise described in this policy:

• We disclose personal information to vendors, service providers, contractors and consultants that access personal information to perform work for us, such as companies that assist us with web hosting, payment processing, fraud prevention, customer relationship management, and customer service.
• We disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
• We disclose personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Dragonfly, our users, the public, or others.
• We disclose personal information to our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
• We may disclose personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
• We disclose personal information with your consent or at your direction.

We also disclose aggregated or de-identified information that cannot reasonably be used to identify you. Dragonfly processes, maintains, and uses this information only in a de-identified fashion and will not attempt to re-identify such information, except as permitted by law.

We may engage others to provide analytics services across the web and in mobile apps. These entities may use cookies, web beacons, SDKs, device identifiers, and other technologies to collect information about your use of our Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. This information may be used by Dragonfly and others to, among other things, analyze and track data and better understand your online activity.

Dragonfly is headquartered in the United States, and we have operations and vendors in the United States and other countries. Therefore, we and those that perform work for us may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law.

Depending on where you reside, you may have the right to (1) request to know more about and access the categories and specific pieces of personal information we collect, use, and disclose, (2) request deletion of your personal information, (3) request correction of inaccurate personal information, and (4) opt out of certain processing activities, such as selling, sharing, targeted advertising, processing of certain sensitive personal information, or profiling. We will verify your request by asking you to provide information related to your recent interactions with us, such as your name and email address. We will not discriminate against you for exercising your privacy rights.

To request access, correction, or deletion of your personal information or exercise any other rights described above, please contact us at privacy@dragonflyft.com. If you are a customer, you can also access, correct, or delete certain information stored within your account at any time by logging into your account.

If you are a customer using any of our mobile apps that collect precise location information, you will be asked to consent to the app's collection of this information the first time you launch the app. If you initially consent to our collection of such location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. You may also stop our collection of this location information by following the standard uninstall process to remove all our mobile apps from your device.

Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Services.

If you are a customer, we may send push notifications to your mobile device when we have your permission. You can deactivate these messages at any time by changing the notification settings on your mobile device.

By providing your mobile phone number, you agree to receive recurring automated text messages from “Dragonfly Financial Technologies” to the mobile telephone number that you provided. You may change your preferences regarding these notifications, including which notifications to receive or disabling such notifications, by logging in to your account through the Dragonfly Financial Technologies website or Mobile Application. Message frequency varies. Message & Data rates may apply. Reply HELP for help, STOP to cancel.

If you are a customer, we store personal data associated with your account for as long as your account remains active. We store other personal data for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations. We will not retain your personal data for longer than is reasonably necessary to carry out the purposes we disclose in this Privacy Policy.

We obtain consent to collect information that is considered “sensitive personal information” where consent is required. If we notify you that we collect sensitive personal information, that means that we collect sensitive personal information within the meaning of the law of that state. We may collect the following types of sensitive personal information: precise geolocation, account login credentials, we only process this information to provide our services to you, or as required by applicable laws or regulations.

Certain states afford consumers with certain rights with respect to their personal information. For example, if you are a California resident, this section applies to you.

In the preceding 12 months, we have collected the following categories of personal information from Customers or Website Visitors: identifiers; categories of information that are protected classifications under California law; internet or other electronic network activity information; geolocation data; inferences drawn from other personal information (e.g., approximate location inferred from IP address) and professional or employment-related information. For details about the precise data points, we collect and the categories of sources of such collection, please see the Collection of Information section above. We collect personal information for the business and commercial purposes described in the Use of Information section above. In the preceding 12 months, we have disclosed the following categories of personal information for business purposes to the following categories of recipients:

We do not sell or share your personal information, nor do we knowingly sell or share personal information about consumers under the age of 16.

Please see the “Your Privacy Rights and Choices” section above for more information about your privacy rights and how to exercise them.

If we receive your request from an authorized agent who does not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you are an authorized agent seeking to make a request, please email privacy@dragonflyft.com.

If you are located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland, you have certain rights and protections under the law regarding the processing of your personal data, including the rights outlined in the ““Your Privacy Rights and Choices” section above, and this section applies to you.

When we process your personal data, we will do so in reliance on the following lawful bases:

• To perform our responsibilities under our contract with you (e.g., providing the products and services you requested).
• When we have a legitimate interest in processing your personal data to operate our business or protect our interests (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you).
• To comply with our legal obligations (e.g., to maintain a record of your consents).
• When we have your consent to do so (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing your personal data, you may withdraw such consent at any time.

If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:

For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en

For individuals in the UK: https://ico.org.uk/global/contact-us/

For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

If you have any questions about this Privacy Policy, please contact us at privacy@dragonflyft.com.

All Employees are expected to comply with all the provisions of this Code, and the Company recognizes the need for this Code to be applied equally to everyone it covers. The Code will be strictly enforced throughout the Company and violations will be dealt with immediately. Violations of the Code that involve illegal behavior will be reported to the appropriate authorities. Failure to adhere to this Code may result in disciplinary action, varying from reprimand to dismissal. Retaliation against any employee for good faith reporting of violations of this Code is strictly prohibited. Any such retaliation will be treated as a serious violation of this Code.

We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. If we make material changes, we may provide you with additional notice (such as by adding a statement to the Services or sending you a notification). We encourage you to review this Policy regularly to stay informed about our information practices and the choices available to you.