Privacy Policy

Swarmer Privacy Policy

Last updated version: February 24, 2026

1. Introduction

At Swarmer, Inc. and its affiliated entities (collectively, “Swarmer,” the “Company,” “we,” “our,” or “us”), we recognize that privacy and information security are critical, particularly in the context of advanced software solutions, artificial intelligence technologies, autonomy systems, and mission-critical operational platforms. We are committed to handling personal data lawfully, transparently, and responsibly.

This Privacy Policy explains how and why we collect, use, store, disclose, and protect personal data, and describes the rights available to individuals under applicable data protection and privacy laws.

This Privacy Policy applies to personal data processed by Swarmer in connection with our Services and related business activities. For purposes of this Privacy Policy, “Services” means all software solutions, artificial intelligence technologies, autonomy systems, mission planning and operational management platforms, data processing and analytics environments, applications, APIs, and related digital offerings developed, provided, licensed, operated, or otherwise made available by Swarmer.

The Services may include, without limitation:

- AI-powered autonomy and navigation software;
- mission planning, coordination, and operational management platforms;
- software applications and APIs supporting autonomous or intelligent systems;
- data processing, analytics, and operational support environments;
- enterprise-, partner-, or government-facing software platforms, dashboards, and controlled-access interfaces;
- technical documentation portals, developer resources, and support environments;
- interactive features such as contact forms, demo request tools, inquiry submission mechanisms, and similar communication interfaces; and
- the Swarmer public website () (hereinafter - “Website”) together with any associated, affiliated, successor, or related websites, landing pages, microsites, or other digital properties through which such solutions are described, demonstrated, accessed, or otherwise made available.

This Privacy Policy applies to personal data processed through these Services, as well as through related communications, demonstrations, onboarding activities, evaluations, contractual engagements, and other business interactions.

This Privacy Policy does not apply to third-party websites, platforms, or services that are not operated or controlled by Swarmer, even if they are linked from our Services.

a. Scope of This Privacy Policy:

This Privacy Policy applies to personal data processed by us when you:

- access or use our websites, platforms, software, APIs, or digital services;
- request information, demonstrations, documentation, or proposals;
- enter into contractual, commercial, or government-related relationships with us;
- create or administer an account or credentials;
- communicate with us electronically or offline;
- apply for employment, internships, or contractor positions; or
- otherwise interact with us in a professional or business context.

b. Regulatory Framework:

We process personal data in accordance with applicable privacy and data protection laws, including, where relevant:

- EU General Data Protection Regulation (EU) 2016/679 (GDPR)
- UK GDPR and Data Protection Act 2018
- California Consumer Privacy Act (CCPA), as amended by the CPRA
- California Online Privacy Protection Act (CalOPPA)
- U.S. federal and state privacy laws
- other comparable international data protection frameworks in the countries where we conduct business

We apply applicable legal requirements depending on the jurisdiction of the individual.

c. Categories of Individuals

This Privacy Policy applies to personal data relating to the following categories of individuals (collectively, “Users”):

→ Website Visitors and Marketing Contacts:

Individuals who access or interact with our public-facing websites, landing pages, or digital content, including those who:

- browse or otherwise use our websites;
- interact with our social media pages, online advertisements, or promotional content;
- subscribe to newsletters or marketing communications; or
- communicate with us via email, forms, events, or other channels under our control.

→ Prospective Customers and Business Partners:

Representatives of organizations who request information about our products or services, engage in preliminary discussions, participate in demonstrations, pilots, or evaluations, or otherwise explore a potential commercial, governmental, or strategic relationship with us.

→ Customers and Authorized Users:

Individuals acting on behalf of, or authorized by, our customers, partners, integrators, or government entities, including:

- User granted access to our software, platforms, systems, or portals;
- customer or partner representatives who administer accounts, credentials, or configurations; and
- individuals who interact with our services in a professional, operational, or administrative capacity.

→ Government, Defense, and Institutional Representatives:

- Employees, officers, contractors, or agents of governmental, defense, public sector, or regulated institutions who may engage with us in connection with procurement, evaluation, deployment, compliance, support, or oversight of our solutions.

→ Job Applicants and Candidates:

- Individuals who apply for employment, consulting, contracting, or internship opportunities with us, including those who submit resumes, CVs, portfolios, or other application materials, or who otherwise communicate with us in connection with current or future career opportunities.

→ Suppliers and Professional Contacts:

- Representatives of vendors, service providers, advisors, consultants, auditors, and other third parties who provide goods or services to us or otherwise interact with us in the course of our business operations.

d. Third-Party Links:

Our website may contain links to third-party websites, plug-ins, or applications. When you follow such links or enable these connections, third parties may collect or process information about you. We do not control these third-party websites and are not responsible for their content, privacy statements, or data handling practices.

Some websites operated by Swarmer affiliates may be subject to separate data governance arrangements. In such cases, the relevant affiliate may act as an independent controller of personal data collected through those websites. This Privacy Statement may not apply to open-source project websites sponsored or supported by Swarmer, which may be governed by their own privacy statements. We encourage you to review those statements where applicable.

This Privacy Statement applies to personal data collected by Swarmer where this statement, or a link to it, is made available by Swarmer in digital communications, in paper form, or during in-person interactions, such as at events.

Please note that co-branded websites - where Swarmer content is presented together with content from one or more business partners - may be subject to additional or different privacy statements. For more information on applicable privacy practices, please refer to the privacy statements provided on those websites.

e. Data Controller Information

The data controller responsible for your personal data is:

Swarmer, Inc, a Delaware Corporation, registered in the USA under company number 7462559 and with registered offices at 4515 Seton Center Pkwy #330 Austin, TX 78759.

Where applicable, an affiliated entity of Swarmer may act as an independent data controller, as identified in the relevant privacy notice.

Email: privacy@swarmer.tech

2. Categories of Personal Data and Information We Collect

We collect and process personal information in connection with your use of our public website. The categories of information collected depend on how you interact with the website and the information you choose to provide. For the purposes of applicable data protection laws, “personal information” or “personal data” means any information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable individual.

a. General Information You Provide to Us:

When you voluntarily interact with our website, we may collect:

- name;
- email address;
- phone number;
- the content of messages or inquiries you send to us or submit through contact forms, email, or other communication channels.

b. Business and Contractual Data:

- Company or organization title, professional (job) title or role, business contact information;
- Information provided in connection with inquiries or business relationships.

Please note:

The provision of personal data through our Website is generally voluntary. However, certain information may be necessary for us to respond to your request, provide information, schedule a demonstration, or take steps at your request prior to entering into a contractual relationship. Where specific information is required to process your request, we will indicate this at the point of collection (for example, by marking certain fields as mandatory).

If you choose not to provide required information, we may be unable to respond to your inquiry or proceed with the requested interaction.

We do not require the provision of personal data as a statutory obligation for the general use of our public Website.

c. Technical and Device Information:

When you access our website, certain information is collected automatically, including:

- Internet Protocol (IP) address;
- browser type and version;
- operating system and device type;
- language and time zone settings;
- approximate geographic location (e.g., country or region);
- referring and exit URLs.

d. Usage Information:

We collect information about how visitors interact with our website, such as:

- pages viewed and features accessed;
- dates and times of visits;
- time spent on pages;
- navigation patterns and interactions with website content.

This information is used to operate, maintain, secure, and improve the website.

e. Cookies and Similar Technologies:

When you visit our Website, we may automatically collect certain technical information through cookies and similar tracking technologies, such as server logs, pixels, and analytics tools etc. This information may include details about your device, browser, IP address, browsing activity, and interactions with the Website.

We use these technologies to operate and secure our Website, analyze usage, improve performance and functionality, and support our legitimate business purposes. Where required by applicable law, we obtain your consent before placing non-essential cookies on your device.

You can manage or disable cookies through your browser settings or other available preference tools. For detailed information about the types of cookies we use, the purposes for which they are used, and how you can control your preferences, please refer to our Cookie Policy.

f. Marketing and Communication Preferences:

Where permitted by law, we may collect information relating to:

- your preferences for receiving marketing or informational communications;
- your interactions with our emails or website communications, such as open rates or click-through activity.

g. Aggregated and De-Identified Information:

We may create aggregated or de-identified data derived from personal information. Such data does not identify individuals and is used for analytical, statistical, research, operational, and product improvement purposes. We may also use aggregated or de-identified data to improve our products and services, including through model training, algorithm development, and performance optimization.

h. Limitations of Data Collection

Our public website is intended for a general professional audience and is not directed at children. We do not knowingly collect personal information from individuals under the age required by applicable data protection laws. If we become aware that personal information relating to a child has been collected unintentionally, we will take appropriate steps to delete such information.

We do not intentionally collect sensitive or special categories of personal data through our public website, including information relating to health, biometric data, genetic data, racial or ethnic origin, religious or philosophical beliefs, political opinions, or similar protected characteristics. We encourage visitors not to submit such information through our website.

In certain circumstances, personal information may be collected in separate and clearly defined contexts, such as recruitment processes, contractual engagements, or secure customer portals. In those cases, additional or separate privacy notices or data processing disclosures may apply and will be provided as appropriate.

3. Purposes of Processing

Purposes and Legal Bases for Processing Personal Data

We process personal data for the following purposes in accordance with the GDPR and UK GDPR:

Purpose

To operate, maintain, and secure the Website

Legitimate interests

To respond to inquiries, requests, or communications submitted through the Website

Performance of a contract (pre-contractual steps) and/or Legitimate interests

To analyze Website usage and improve performance, functionality, and content

Legitimate interests (analytics cookies subject to consent where required)

To send marketing or informational communications

Consent

To manage communication preferences and opt-outs

Legitimate interests / Legal obligation

To protect the Website, systems, and Users against fraud, misuse, or unauthorized access

Legitimate interests

To comply with applicable legal, regulatory, and compliance obligations

Legal obligation

To establish, exercise, or defend legal claims

Legitimate interests

To create aggregated or de-identified analytics and statistics

Legitimate interests (or not personal data once de-identified)

Table 2: USA (CCPA / CPRA / CalOPPA / U.S. State Privacy Laws)

Purposes for Collecting and Using Personal Information
‍
We collect and use personal information for the following business or commercial purposes, as defined under applicable U.S. privacy laws:

Purpose

Business / Commercial Purpose (U.S. Laws)

To operate, maintain, and provide the Website

Providing and maintaining services

To communicate with you and respond to inquiries

Customer service and communications

To analyze Website usage and improve functionality and user experience

Analytics and service improvement

To ensure Website security and prevent fraud or malicious activity

Security and fraud prevention

To detect, investigate, and prevent illegal or unauthorized activities

Security and compliance

To comply with applicable laws, regulations, or legal processes

Legal and regulatory compliance

To protect our rights, property, and safety

Protecting business and legal interests

To manage marketing communications and preferences

Marketing and advertising (where permitted by law)

To generate aggregated or de-identified statistics

Internal research and operational purposes

4. Legal Bases for Processing (GDPR/UK GDPR)

We process personal data only where we have a valid legal basis under applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the UK GDPR. The legal basis relied upon depends on the nature of the personal data, the purpose of processing, and the context of the interaction.

Specifically, we rely on one or more of the following legal bases:

a. Consent:

We process personal data based on consent where you have provided a freely given, specific, informed, and unambiguous indication of your agreement to the processing of your personal data for a particular purpose.

This may apply, for example, where you:

- opt in to receive marketing or informational communications;
- consent to the use of certain cookies or similar technologies, where required by law;
- voluntarily provide personal data for a clearly defined purpose that requires consent.

You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

b. Contract:

We process personal data where such processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.

This includes processing that is necessary to:

- respond to requests for information or proposals;
- communicate with you regarding potential or ongoing business relationships;
- take pre-contractual steps initiated by you.

If the required personal data is not provided, we may be unable to respond to your request or proceed with the relevant engagement.

c. Legal Obligation:

We process personal data where such processing is necessary for compliance with a legal obligation to which we are subject.

This may include processing required to:

- comply with applicable laws, regulations, or regulatory guidance;
- respond to lawful requests from courts, regulators, or public authorities;
- meet record-keeping, reporting, or compliance requirements;
- establish, exercise, or defend legal claims where required by law.

d. Legitimate Interests:

We process personal data where it is necessary for our legitimate interests or those of a third party, provided that such interests are not overridden by your interests, fundamental rights, or freedoms.

Our legitimate interests may include, among others:

- operating, maintaining, and improving our website;
- ensuring the security, availability, and integrity of our systems and networks;
- preventing fraud, misuse, or unauthorized access;
- analyzing website usage to improve functionality and user experience;
- responding to inquiries and managing business communications;
- protecting our legal rights, property, and interests.

When relying on legitimate interests, we assess the necessity and proportionality of the processing and balance our interests against the potential impact on your rights.

5. Your Rights Under GDPR and UK GDPR

You have the following rights regarding your personal data:

- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data in certain circumstances.
- Right to Restriction: Request restriction of processing in certain circumstances.
- Right to Data Portability: Receive your data in a structured, commonly used format.
- Right to Object: Object to processing based on legitimate interests or for direct marketing.
- Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

6. Your U.S. Privacy Rights

a. Rights of California Residents (CCPA / CPRA)

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), subject to certain exceptions and limitations provided by law:

→ Right to Know:

You have the right to request information about:

- the categories of personal information we have collected about you;
- the categories of sources from which personal information is collected;
- the purposes for which personal information is used;
- the categories of third parties with whom personal information is disclosed; and
- the specific pieces of personal information we have collected about you.

→ Right to Delete:

You have the right to request that we delete personal information we have collected about you, subject to exceptions where retention is permitted or required by law.

→ Right to Correct:

You have the right to request correction of inaccurate personal information maintained about you.

→ Right to Opt Out of Sale or Sharing:

You have the right to opt out of the sale or sharing of your personal information, as those terms are defined under the CCPA and CPRA.

→ Right to Limit Use of Sensitive Personal Information:

Where applicable, you have the right to limit the use and disclosure of sensitive personal information to purposes permitted by law.

→ Right to Non-Discrimination:

You have the right not to receive discriminatory treatment for exercising any of your privacy rights under California law.

b. California “Shine the Light” Disclosure

California Civil Code Section 1798.83 (“Shine the Light”) permits California residents to request certain information regarding the disclosure of personal information to third parties for their direct marketing purposes.
‍
We do not disclose personal information to third parties for their own direct marketing purposes.

c. Do Not Sell or Share My Personal Information option (California)

California residents have the right, under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), to opt out of the sale or sharing of their personal information, as those terms are defined under applicable law.

We do not sell Personal Information in exchange for monetary consideration.

However, depending on how certain advertising or analytics technologies are configured, some disclosures to third-party providers may be considered a “sale” or “sharing” under applicable U.S. state privacy laws. Where required by law, we provide individuals with the right to opt out of such processing, including through our “Do Not Sell or Share My Personal Information” link and recognition of Global Privacy Control (GPC) signals. In addition, California law provides residents with the right to opt out of certain data disclosures that may be considered a “sale” or “sharing” under a broad statutory definition.

→ How to Exercise Your Right to Opt Out:

You may exercise your right to opt out of the sale or sharing of personal information by any of the following methods:

- Clicking the “Do Not Sell or Share My Personal Information” link available in the footer of our Website;
- Enabling the Global Privacy Control (GPC) signal in your browser or device settings, which we recognize where required by law; or
- Contacting us at privacy@swarmer.tech

→ Effect of Opting Out:

Once your opt-out request is processed, we will honor your preference in accordance with applicable law. This may include limiting certain data disclosures and adjusting our use of cookies or similar technologies where required.

d. Categories of Personal Information Collected (California Residents)

Pursuant to the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), we are required to disclose the categories of Personal Information we collect, the sources from which it is collected, the purposes for which it is used, and whether it is disclosed, sold, or shared.

The categories listed below reflect the Personal Information we have collected in the preceding twelve (12) months.

→ Categories of Personal Information Collected:

- Identifiers (Such as name, email address, postal address, telephone number, online identifiers, IP address, or other similar identifiers).
- Professional or Employment-Related Information (Such as employer name, job title, business contact information, and professional role).
- Commercial Information (Such as records of services requested, proposals, communications regarding potential or existing business relationships).
- Internet or Other Electronic Network Activity Information (Such as browsing activity on our Website, device information, interaction with our Website content, and analytics data).
- Geolocation Data (Non-Precise) (Such as approximate location derived from IP address).
- Inferences Drawn from Other Personal Information (Such as analytics-based insights regarding Website usage patterns (in aggregated or internal business contexts only).

Please note we do not use or disclose sensitive personal information for purposes other than those permitted by the California Privacy Rights Act (CPRA).

Where sensitive personal information is processed, it is used solely for permitted business purposes as defined under applicable law.

e. Retention of Personal Information (California Residents)

We retain each category of Personal Information described in Section 6(d) for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including to operate our Website, respond to inquiries, maintain security, comply with legal obligations, and resolve disputes. Retention periods vary depending on the context of the interaction and applicable legal requirements. In general, we apply the following retention approach by category:

- Identifiers: retained for as long as needed to communicate with you and manage requests, and for a reasonable period thereafter for recordkeeping and legal purposes.
- Professional or Employment-Related Information: retained for the duration of the relevant business relationship and for a reasonable period thereafter for recordkeeping, compliance, and dispute resolution.
- Commercial Information: retained to manage inquiries, proposals, and pre-contractual or contractual records, and for a reasonable period thereafter as required for compliance and legal purposes.
- Internet or Other Electronic Network Activity Information: retained for analytics, security monitoring, and fraud prevention, and for a reasonable period thereafter where needed for investigations and compliance.
- Non-Precise Geolocation Data: retained only as long as necessary for Website functionality, security, and analytics purposes.
- Inferences: retained only in aggregated or internal business contexts and only as long as necessary to support analytics and service improvement.

We may retain certain information for longer periods where required or permitted by law (for example, for tax, accounting, regulatory, or litigation-related purposes). We also may de-identify or aggregate information, in which case we may use and retain it in that form in accordance with applicable law.

f. Disclosure of Personal Information (California Residents)

As of the “Last Updated” date of this Privacy Policy, and for the twelve (12) months preceding that date, we may have disclosed the categories of Personal Information listed in Section 6(d) to the categories of recipients described in Section 9 (for example, service providers, professional advisors, and relevant business counterparties) for business purposes, such as operating and securing our Website, responding to requests, performing analytics, and complying with legal obligations.

→ Depending on your interaction with us, the categories of Personal Information that may be disclosed for these business purposes can include:

- Identifiers - disclosed to service providers (e.g., hosting, email delivery, security), and professional advisors where necessary.
- Professional or Employment-Related Information - disclosed to service providers supporting communications and business operations, and to business counterparties where relevant to an engagement you initiate.
- Commercial Information - disclosed to service providers supporting communications and recordkeeping and, where relevant, to business counterparties at your direction or in connection with a request you initiate.
- Internet/Network Activity Information and Non-Precise Geolocation Data - disclosed to service providers supporting analytics, security, and fraud prevention.
- Inferences - disclosed only in aggregated or internal contexts and, where applicable, to service providers supporting analytics.

g. Rights of Residents of Other U.S. States (except of California)

Residents of certain U.S. states may have additional rights under applicable state privacy laws. Depending on your state of residence, these rights may include:

- the right to access personal information collected about you;
- the right to request correction of inaccurate personal information;
- the right to request deletion of personal information;
- the right to obtain a copy of personal information in a portable format;
- the right to opt out of certain processing activities, such as targeted advertising or the sale of personal information, where applicable;
- the right to know the categories of personal information collected and the purposes for which it is used;
- the right to know the categories of third parties with whom personal information is shared;
- the right to know the sources of personal information, where not collected directly from you; and

the right to receive information about data retention practices, where required by law.

These rights may vary by state and may be subject to limitations and exceptions under applicable law.

h. Profiling / Targeted Advertising (Certain U.S. States)

Certain U.S. state privacy laws provide residents the right to opt out of (i) the processing of personal data for purposes of targeted advertising, (ii) certain disclosures that constitute a “sale” under applicable law, and/or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects. Swarmer does not engage in profiling that produces legal or similarly significant effects. Where we process information in ways that may be considered targeted advertising or a sale under applicable state law, we will provide applicable opt-out mechanisms and honor valid opt-out preference signals as may be required by law.

i. Additional Information

Please note that the availability and scope of privacy rights depend on your state of residence and applicable law. If you have questions regarding your rights or our privacy practices, you may contact us using the information provided in the Contact Us section of this Privacy Policy.

7. How to Exercise Your Rights

You may exercise any privacy rights available to you under applicable data protection and privacy laws by submitting a request using one of the methods described below:

a. How to Submit a Request:

b. Verification of Identity:

To protect your personal information and prevent unauthorized access, we may need to verify your identity before responding to your request. Verification may involve requesting information that enables us to confirm your identity based on information already in our records.

If a request is submitted on behalf of another individual, we may require documentation demonstrating the requester’s authority, as permitted or required by applicable law.

с. Authorized Agents:

Where permitted by law, authorized agents may submit privacy rights requests on behalf of individuals. In such cases, we may require verification of both the agent’s authority and the identity of the individual on whose behalf the request is submitted.

d. Response Timeframes:

We will respond to privacy rights requests within the timeframes required by applicable law:

Within one (1) month of receipt of the request. This period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests. If we require an extension, we will inform you within the initial one-month period and explain the reasons for the delay.

→ CCPA / CPRA and other U.S. state privacy laws:

Within forty-five (45) days of receipt of the request. This period may be extended by an additional forty-five (45) days where reasonably necessary and permitted by law.

If an extension is required, we will inform you of the reason for the delay within the applicable response period.

e. Appeals (Where Applicable):

If we decline to take action on your request, or partially deny it, you may have the right to appeal our decision in accordance with applicable law. Instructions on how to submit an appeal will be provided in our response to your request.

f. Additional Information:

Please note that certain privacy rights may be subject to limitations or exceptions under applicable law. The availability and scope of specific rights may depend on your jurisdiction and the nature of our relationship with you. For more information about managing cookies and similar technologies, please refer to our Cookie Policy.

8. Marketing Communications and Anti-Spam

a. Marketing Communications and Anti-Spam

We may send you marketing or promotional communications only where permitted by applicable law, including where:

- you have provided your prior consent; or
- we are otherwise permitted to do so under applicable laws, such as where an existing business relationship allows us to communicate with you about similar products or services (for example, under the UK Privacy and Electronic Communications Regulations (PECR)).

You have the unconditional right to opt out of receiving marketing communications at any time. You may exercise this right by:

- clicking the “unsubscribe” link included in any marketing email; or
- contacting us at privacy@swarmer.tech.

9. Data Sharing and Disclosure

We may disclose personal information to third parties only as described in this Privacy Policy and in accordance with applicable data protection and privacy laws.

a. Affiliates and Corporate Group:

We may share personal information within our corporate group or with affiliated entities where necessary for internal administrative purposes, operational support, security, compliance, and business continuity, and only in accordance with this Privacy Policy.

b. Service Providers (Processors / Vendors):

We may disclose personal information to third-party service providers that perform services on our behalf and under our instructions to use such personal information for the provision of such services, and not for their own independent purposes.

→ These may include, for example, providers of:

- cloud hosting and infrastructure;
- website and form functionality;
- analytics and performance measurement;
- email delivery and communications tooling;
- cybersecurity and fraud prevention; and
- IT support and maintenance.

→ Service providers are contractually required to:

- use personal information only for the purposes we specify;
- implement appropriate security measures;
- maintain confidentiality; and
- comply with applicable privacy and data protection requirements.

c. Business Contacts and Relationship Counterparties:

Where relevant to a business relationship or at your direction, we may disclose personal information to customers, suppliers, integrators, advisors, or other business contacts - for example, to facilitate communications, coordinate a request you initiated, or support a legitimate business engagement.

d. Professional Advisors:

We may disclose personal information to professional advisors (such as lawyers, auditors, accountants, insurers, or consultants) where necessary to obtain professional services, comply with legal obligations, or protect our legal interests.

e. Legal and Regulatory Disclosures:

We may disclose personal information where we believe disclosure is necessary or appropriate to:

- comply with applicable law, regulation, or legal process;
- respond to lawful requests from courts, regulators, or law enforcement authorities (including subpoenas and court orders);
- establish, exercise, or defend legal claims; or
- protect the rights, property, safety, or security of the Company, our Users, or others.

f. Business Transfers:

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, dissolution, sale of assets, joint marketing or similar transaction, personal information may be disclosed or transferred as part of that transaction. Where required by law, we will take reasonable steps to ensure that personal information continues to be processed in accordance with this Privacy Policy.

g. Aggregated and De-Identified Information:

We may disclose aggregated or de-identified information that does not reasonably identify individuals for statistical, analytical, research, or operational purposes.

10. International Data Transfers

We may transfer, store, or process personal information in countries other than the country in which it was originally collected, including countries that may have data protection laws that differ from those in your jurisdiction.

Where personal information originating from the European Economic Area (EEA) or the United Kingdom is transferred to countries that have not been deemed to provide an adequate level of protection by the European Commission or the UK government, we implement appropriate safeguards in accordance with applicable data protection laws.

→ These safeguards may include, as appropriate:

- Standard Contractual Clauses approved by the European Commission and/or the UK Information Commissioner’s Office (ICO);
- transfers to countries that are subject to an adequacy decision by the relevant authorities; or
- other lawful transfer mechanisms recognized under applicable data protection laws.

We take appropriate technical, organizational, and contractual measures to ensure that personal information remains protected and is processed in accordance with this Privacy Policy, regardless of where it is transferred or processed.

11. Data Retention

We retain personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected, including to provide our website and services, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements.

The retention period for personal information varies depending on several factors, including:

- the nature, amount, and sensitivity of the personal information;
- the purposes for which the personal information is processed;
- whether there is an ongoing or potential business relationship;
- applicable legal, regulatory, tax, accounting, or reporting requirements; and
- legitimate business needs, including security, fraud prevention, and the establishment, exercise, or defense of legal claims.

Where personal information is no longer required for the purposes for which it was collected, we will securely delete or anonymize it in accordance with applicable law and our internal retention policies.

12. Data Security

We implement appropriate technical and organizational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

These measures are implemented on a risk-based basis and are appropriate to the nature of the personal information, the purposes of processing, and the risks associated with the processing activities. Such measures may include, where appropriate, access controls, security policies and procedures, internal controls, and personnel confidentiality and training measures.

Access to personal information is restricted to employees, contractors, and third parties who have a legitimate business need to know and who are subject to confidentiality obligations. Such parties are permitted to process personal information only in accordance with our instructions and applicable law.

We maintain procedures to identify, assess, and respond to suspected personal data security incidents. Where required by applicable law, we will notify affected individuals and relevant supervisory or regulatory authorities of a personal data breach.

While we take reasonable steps to protect personal information, no method of transmission over the internet or method of electronic storage is completely secure. Accordingly, we cannot guarantee absolute security.

13. Third-Party Links and Services

Our Website may contain links to third-party websites, services, plug-ins, or applications that are not operated or controlled by us. These links are provided for your convenience and informational purposes only.

If you click on a third-party link or enable a third-party connection, you may be directed to a website or service that is governed by its own privacy policy, terms, and practices. We do not control, and are not responsible for, the privacy practices, content, or security of any third-party websites or services.

Any personal information you choose to provide to third parties, or that is collected by third parties through their websites or services, is subject to their respective privacy notices and policies. We encourage you to review the privacy policies of any third-party websites or services before providing personal information.

In some cases, our Website may include content or pages that are co-branded or presented together with business partners. Where applicable, such pages may be governed by additional or different privacy statements, which will be made available at the point of collection or access.

This Privacy Policy applies only to personal data collected by us through our Website and does not apply to third-party websites, services, or platforms, even if they are linked to or accessible from our Website.

14. Children's Privacy

Our Website is intended for a general professional audience and is not directed to children.

In accordance with applicable laws and regulations, including the U.S. Children’s Online Privacy Protection Act (COPPA), the EU General Data Protection Regulation (GDPR), the UK GDPR, and relevant U.S. state privacy laws, we do not knowingly collect, use, or process personal information from children under the age of 13, or under the age of 16 where a higher age threshold applies under applicable law.

We do not design our Website to attract children, nor do we knowingly engage in activities involving the collection of personal information from children.

If you are a parent or legal guardian and believe that a child has provided us with personal information through our Website, please contact us at privacy@swarmer.tech. Upon becoming aware that personal information of a child has been collected, we will take reasonable steps to delete such information in accordance with applicable law.

15. Do Not Track Signals

Some web browsers transmit “Do Not Track” (“DNT”) signals to request that websites disable certain tracking activities. Our Website does not respond to Do Not Track signals.

We process information collected through cookies and similar technologies only as described in this Privacy Policy and our Cookie Policy.

You may control certain tracking technologies through your browser settings, cookie preference tools, or other opt-out mechanisms made available through our Website, as described in our Cookie Policy.

16. Global Privacy Control

We recognize and honor Global Privacy Control (“GPC”) signals as a valid request to opt out of the sale or sharing of personal information, as those terms are defined under applicable U.S. state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

Where a GPC signal is detected, we will apply the opt-out preference to the browser or device from which the signal is sent, in accordance with applicable law. The effect of a GPC signal may be limited to the specific browser or device used to access our Website.

This section applies only to GPC signals and does not affect how we respond to other browser-based signals, such as Do Not Track, which are addressed separately in this Privacy Policy.

17. Updates to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this Policy and, when required by law, by providing additional notice (such as a prominent notice on our Website or direct communication).

18. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at: Swarmer, Inc 4515 Seton Center Pkwy #330 Austin, TX 78759 Email: privacy@swarmer.tech For complaints regarding data protection, you also have the right to lodge a complaint with a supervisory authority:

California: