AMPEL PRIVACY POLICY

Last Updated: November 14, 2025

Effective Date: November 14, 2025

INTRODUCTION

Ampel Co. ("Ampel," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect information when you use the Ampel mobile application and related services (the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.

This Privacy Policy should be read together with our Terms of Service. Capitalized terms not defined in this Privacy Policy have the meanings given in the Terms of Service.

1. INFORMATION WE COLLECT

We collect several types of information from and about users of our Service.

1.1 Information You Provide Directly

Account Information: When you create an account, we collect:

• Full name
• Email address
• Password (encrypted)
• Subscription preferences
• Profile settings and preferences
• Communication preferences

Payment Information: When you subscribe to the Service, our payment processor (Stripe, Inc.) collects:

• Payment card information (credit/debit card number, expiration date, CVV)
• Billing address
• Payment transaction history

Important: We do not directly receive or store your complete payment card information. Stripe processes and stores payment data in accordance with PCI-DSS standards. We receive only:

• Confirmation of successful payment
• Last 4 digits of card number
• Card expiration date
• Transaction identifiers
• Subscription status information

Identity Verification Information (For Equity Program Participants): If you choose to participate in our equity incentive program, you must complete identity verification through our partner Persona. This process collects:

• Government-issued photo identification (driver's license, passport, or state ID)
• Facial photograph for biometric verification
• Social Security Number or Tax Identification Number
• Date of birth
• Physical address
• Citizenship or residency status
• Accredited investor status information (income and/or net worth data)

Communications: We collect information when you communicate with us, including:

• Customer support messages and inquiries
• Email correspondence
• Feedback and survey responses

1.2 Information Collected Automatically

Usage Data: When you use the Service, we automatically collect:

• Features and functions you access
• AI models you interact with
• Session duration and frequency
• Time and date of access
• Engagement metrics (prompts submitted, responses generated)
• Referral activity (if you refer others or are referred)

AI Interaction Data: We collect and store:

• Your prompts and questions submitted to the AI ("Input Content")
• AI-generated responses ("Output Content")
• Conversation history and context
• Feedback on AI responses (if provided)
• Model preferences and settings

Device and Technical Information: We automatically collect:

• Device type, model, and operating system
• Mobile device identifiers (advertising ID, device ID)
• IP address
• Browser type and version
• Mobile network information
• App version
• Time zone and locale settings
• Crash reports and error logs

Location Information: We may collect general location information based on:

• IP address (approximate geographic location)
• Time zone settings

We do NOT collect precise geolocation data through GPS or mobile device sensors.

Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information about your interactions with the Service. See Section 9 for details.

1.3 Information from Third Parties

From Service Providers: We receive information from third-party service providers that help us operate the Service:

• Stripe: Payment transaction confirmations, subscription status updates, billing information
• Persona: Identity verification results, document validation status, fraud risk assessments
• Google Analytics: Aggregated usage statistics and analytics data

From Other Users: If another user refers you to Ampel:

• We may receive your email address or phone number from the referring user
• We will only use this information to contact you about the referral and will not add you to marketing lists without your consent

1.4 Information About Your Equity Holdings (If Applicable)

If you receive Class B Common Stock through our equity incentive program, we maintain:

• Stock ownership records (number of shares, issuance dates, grant reasons)
• Investment amount and valuation at grant
• Tax reporting information (for Form 1099 preparation)
• Accredited investor status
• Annual investment limit tracking
• Securities transaction history
• Correspondence regarding securities offerings

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

2.1 To Provide and Improve the Service

• Operate the Ampel AI chat platform
• Process and respond to your AI queries
• Maintain your account and conversation history
• Authenticate your identity and prevent fraud
• Process subscription payments and billing
• Provide customer support
• Troubleshoot technical issues
• Analyze usage patterns to improve AI model performance
• Develop new features and capabilities
• Conduct research on AI systems and user interactions
• Monitor and improve Service performance and reliability

2.2 For Securities Compliance (Equity Program Participants)

If you participate in our equity incentive program, we use your information to:

• Verify your identity and eligibility to receive securities
• Comply with "Know Your Customer" (KYC) and Anti-Money Laundering (AML) regulations
• Process equity grants and maintain accurate stockholder records
• Track your annual investment limits under Regulation Crowdfunding
• Prepare and file required SEC disclosures (Form C and amendments)
• Deliver annual reports to stockholders
• Facilitate communications from Loupt Portal LLC (our registered funding portal)
• Prepare and file tax forms (IRS Form 1099)
• Comply with SEC, FINRA, and state securities law requirements
• Respond to regulatory inquiries or examinations

2.3 For Marketing and Communications

• Send you service announcements and updates
• Notify you about new features or changes to the Service
• Send promotional emails about Ampel (you may opt out)
• Process and respond to your referrals
• Send investor relations communications (if you are a stockholder)
• Notify you about equity grants and securities offerings
• Conduct surveys and request feedback

2.4 For Legal and Safety Purposes

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from government authorities
• Enforce our Terms of Service and other agreements
• Protect our rights, property, and safety and that of our users and the public
• Detect, prevent, and address fraud, security, or technical issues
• Investigate and prevent prohibited activities

2.5 Business Operations and Analytics

• Understand how users interact with the Service
• Analyze trends and usage patterns
• Measure the effectiveness of marketing campaigns
• Conduct internal business analysis and planning
• Prepare aggregated, anonymized statistics

3. HOW WE SHARE YOUR INFORMATION

We share your personal information with third parties only as described below. We do not sell your personal information to third parties.

3.1 Service Providers

We share information with third-party companies that perform services on our behalf:

Hosting and Infrastructure:

• Vercel: Provides hosting services for our mobile application and backend infrastructure
• Supabase: Provides database services to store account data, conversation history, and application data

Payment Processing:

• Stripe, Inc.: Processes subscription payments and manages billing
• Stripe receives payment card information, billing address, and transaction data
• See Stripe's privacy policy at: https://stripe.com/privacy

Identity Verification (Equity Program Participants Only):

• Persona: Verifies user identity for securities law compliance
• Persona receives government ID, biometric data, SSN/TIN, and personal information
• See Persona's privacy policy at: https://withpersona.com/legal/privacy-policy

Analytics:

• Google Analytics: Analyzes usage patterns and Service performance
• Google Analytics receives device information, usage data, and aggregated analytics
• See Google's privacy policy at: https://policies.google.com/privacy

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Securities Intermediary (Equity Program Participants Only)

If you participate in our equity incentive program, we share your information with:

• Loupt Portal LLC (SEC-registered funding portal, FINRA member)
• We share: Name, email, identity verification results, investment history, stockholder information, and communications regarding securities offerings
• Purpose: To facilitate Regulation Crowdfunding securities offerings and comply with SEC regulations
• Loupt Portal LLC has its own privacy policy and terms of service

3.3 Legal and Regulatory Authorities

We may disclose your information to government authorities, regulators, and law enforcement when:

• Required by law, regulation, legal process, or governmental request
• Necessary to comply with securities laws (SEC, FINRA, state regulators)
• Requested through valid subpoena, court order, or similar legal process
• Necessary to enforce our Terms of Service or protect our rights
• Necessary to protect the safety, rights, or property of Ampel, our users, or the public
• Required to detect, prevent, or address fraud, security, or technical issues

Securities Regulators: The Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), and state securities regulators may request access to stockholder information for examination and enforcement purposes.

Tax Authorities: We are required to report certain equity grants to the Internal Revenue Service (IRS) and may share information as required for tax compliance.

3.4 Business Transfers

If Ampel is involved in a merger, acquisition, asset sale, bankruptcy, or similar business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the Service before your information is transferred and becomes subject to a different privacy policy.

3.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you, including:

• Statistical data about Service usage
• Aggregated AI interaction patterns (without individual identifiers)
• General demographic information
• Research findings based on anonymized data

This information may be shared with: Business partners, Researchers and academics, The public (in reports or publications)

3.6 With Your Consent

We may share your information with other third parties when you explicitly consent to such sharing.

4. YOUR PRIVACY RIGHTS

4.1 General Rights (All Users)

Regardless of where you live, you have the following rights:

Access: You can access your personal information through your account settings or by contacting us at privacy@ampel.ai.

Correction: You can update or correct your personal information through your account settings or by contacting us at privacy@ampel.ai.

Deletion: You can request deletion of your account and personal information by contacting us at privacy@ampel.ai. See Section 4.5 for important limitations.

Data Portability: You can request a copy of your personal information in a portable format by contacting us at privacy@ampel.ai.

Marketing Opt-Out: You can opt out of promotional emails by clicking the "unsubscribe" link in any marketing email or by contacting us at privacy@ampel.ai. Note that you cannot opt out of service-related emails (e.g., account notifications, transaction confirmations).

4.2 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). See Section 12 for detailed information.

4.3 Other State Privacy Rights

Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws have similar rights. Please contact us at privacy@ampel.ai to exercise your rights.

4.4 Cookie Preferences

You can manage cookie preferences through your browser settings. See Section 9 for more information.

4.5 Important Limitations on Deletion Rights

If you have received Class B Common Stock through our equity incentive program, we cannot delete certain information even if you request account deletion. Federal securities laws and IRS regulations require us to maintain:

• Stockholder identity and contact information
• Stock ownership records (number of shares, issuance dates, transaction history)
• Investment amount and valuation records
• Identity verification documents and KYC information
• Securities offering documents and disclosures (Form C)
• Annual reports and stockholder communications
• Tax reporting information (Form 1099 data)

Retention Period: These records must be maintained for at least 7 years after your last securities transaction, and some records may be retained permanently.

What You Can Delete: Even as a stockholder, you may delete: Your conversation history and AI chat data, Profile preferences and settings, Marketing preferences

5. DATA RETENTION

5.1 General Platform Data

We retain different types of data for different periods:

Account Data: Retained until you request deletion (subject to Section 4.5 limitations). After deletion request, typically deleted within 30-90 days.

Conversation History: Retained until you delete conversations or close your account. Deleted conversations may be retained in backups for up to 90 days.

Usage and Analytics Data: Retained for up to 2 years. May be aggregated and anonymized for indefinite retention.

Log Data: Retained for up to 90 days for security and troubleshooting purposes.

Payment Data: Processed and retained by Stripe in accordance with payment industry requirements. We retain transaction metadata (dates, amounts, status) for 7 years.

5.2 Securities-Related Data (Equity Program Participants)

If you participate in our equity incentive program and receive Class B Common Stock, the following information is subject to extended retention requirements under federal securities laws and IRS regulations.

6. DATA SECURITY

6.1 Security Measures

We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction.

6.2 No Guarantee of Absolute Security

No system is completely secure. Despite our efforts, we cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your password and notifying us immediately of any unauthorized access.

7. CHILDREN'S PRIVACY

7.1 Age Restriction

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

7.2 Parental Notice

If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe we have collected information from a child under 13, please contact us immediately at privacy@ampel.ai.

7.3 Users Under 18

Users between 13 and 18 years old may use the Service but may require parental consent depending on their state of residence. These users are NOT eligible to participate in the equity incentive program (which requires users to be 18 or older).

8. INTERNATIONAL USERS

8.1 U.S.-Based Service

Ampel is based in the United States, and our Service is currently available only to U.S. residents. Our data storage and processing facilities are located in the United States.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What Are Cookies?

Cookies are small text files that websites and applications place on your device to store information about your preferences and activities. We use cookies and similar technologies to enhance your experience with the Service.

9.2 Types of Cookies We Use

Essential Cookies: Required for the Service to function properly. Enable account authentication and security.

Analytics Cookies: Collect information about how you use the Service (via Google Analytics).

9.3 Managing Cookies

Most browsers allow you to view, delete, and block cookies. Consult your browser's help section for instructions.

10. CHANGES TO THIS PRIVACY POLICY

10.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make changes, we will update the "Last Updated" date and notify you of material changes via email or prominent notice in the Service.

10.2 Continued Use Constitutes Acceptance

Your continued use of the Service after the effective date of changes to this Privacy Policy constitutes your acceptance of the revised Privacy Policy.

11. CONTACT US

11.1 Privacy Questions

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us at:

• Email: privacy@ampel.ai
• Mail: Ampel Co., Attn: Privacy Officer, [Registered Agent Address - To Be Added]

11.2 Data Rights Requests

To exercise your privacy rights (access, deletion, correction, etc.), please email privacy@ampel.ai with:

• Your full name
• Email address associated with your account
• Specific request (access, deletion, correction, etc.)
• Any relevant details or documentation

We will verify your identity before processing your request and will respond within 45 days (or as required by applicable law).

11.3 Securities and Investor Relations Questions

For questions about equity holdings, stockholder records, or investor relations:

• Email: ir@ampel.ai

11.4 General Customer Support

For general questions about the Service:

• Email: legal@ampel.ai

12. CALIFORNIA PRIVACY RIGHTS SUPPLEMENT

12.1 CCPA Categories of Information

Under the California Consumer Privacy Act (CCPA), we are required to disclose the categories of personal information we collect:

• Identifiers: Name, email, IP address, device ID
• Personal Information: Name, address, SSN, payment information
• Commercial Information: Purchase history, subscription records
• Internet/Network Activity: Browsing history, interactions with Service
• Geolocation Data: Approximate location from IP address

12.2 Sale of Personal Information

We do not sell personal information as defined by the CCPA. If our practices change, we will update this Privacy Policy and provide a "Do Not Sell My Personal Information" link.

12.3 Exercising Your Rights

To exercise your CCPA rights, email us at privacy@ampel.ai. We will verify your identity before processing your request and will respond within 45 days.