Privacy Policy

This Privacy Policy describes the privacy practices of Nesoi AI Inc., a corporation incorporated under the laws of Canada ("Nesoi," "we," "us," or "our"). This policy applies to personal information we collect through our website at nesoi.ai, our AI learning content platform, and all related services, tools, and applications (collectively, the "Services"). We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the date at the top of this policy and, where required by applicable law, providing additional notice (such as via email or an in-product notification). We encourage you to review this policy periodically to stay informed about our privacy practices.

We use the personal information we collect for the following purposes: • Service delivery: to provide, maintain, and operate our AI learning content platform, including generating interactive experiences, training videos, gamification elements, and analytics dashboards. • Support and improvement: to respond to your inquiries, troubleshoot issues, improve our Services, and develop new features based on usage patterns and feedback. • Analytics: to analyze usage trends, measure the effectiveness of learning content, and generate aggregated insights for our customers. • Marketing and communications: to send you product updates, newsletters, and promotional materials where permitted by applicable law. You can opt out of marketing communications at any time. • Legal compliance: to comply with applicable laws, regulations, and legal processes, and to protect our rights and the rights of our users. • Security: to detect, prevent, and address fraud, abuse, security risks, and technical issues. We do not use your content to train our AI models without explicit consent. Your uploaded training materials and learning content remain yours and are processed solely to deliver the Services you have requested.

We may share your personal information in the following circumstances: • Service providers: we share information with third-party vendors who perform services on our behalf, such as cloud hosting (AWS), analytics, payment processing, and customer support tools. These providers are contractually obligated to protect your information and use it only for the purposes we specify. • Enterprise customers: if you access our Services through an enterprise account, we may share your usage data and learning analytics with the enterprise customer that manages your account, as they are the data controller for their organization’s data. • Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control. • Legal requirements: we may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others. • With your consent: we may share your information in other ways if you have given us explicit consent to do so.

Depending on your jurisdiction, you may have the following rights regarding your personal information: • Right to access: request a copy of the personal information we hold about you. • Right to correction: request that we correct inaccurate or incomplete personal information. • Right to deletion: request that we delete your personal information, subject to certain legal exceptions. • Right to restriction: request that we limit how we process your personal information. • Right to data portability: request a machine-readable copy of your personal information. • Right to withdraw consent: where processing is based on consent, you may withdraw your consent at any time. • Right to object: object to certain types of processing, including direct marketing. To exercise any of these rights, please submit a data subject request (DSR) by emailing privacy@nesoi.ai. We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

Nesoi stores and processes data primarily on Amazon Web Services (AWS) infrastructure located in Frankfurt, EU and Canada. If you access our Services from outside these regions, your personal information may be transferred to and processed in countries with different data protection laws than your country of residence. When we transfer personal information internationally, we implement appropriate safeguards to ensure your data receives an adequate level of protection. These safeguards include Standard Contractual Clauses (SCCs) approved by the European Commission, as well as any supplementary measures required to address the specific circumstances of the transfer.

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our standard retention periods are as follows: • Active accounts: personal information is retained for the duration of your subscription or active account. • Post-termination: upon account termination or cancellation, we retain your data for 30 days to allow for account recovery or reactivation. • Backups: backup copies of your data are retained for 60 days following deletion from production systems. • Transcripts and interaction logs: conversation transcripts and learning interaction logs are retained for 180 days by default, unless a different retention period is agreed upon with your enterprise administrator. After the applicable retention period expires, we securely delete or anonymize your personal information in accordance with our data management procedures.

Our Services are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@nesoi.ai, and we will take steps to delete such information promptly. Enterprise customers who use our Services in educational settings with students under 16 must ensure appropriate consent and safeguards are in place in accordance with applicable laws, including COPPA, FERPA, and equivalent regulations in their jurisdiction.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. Categories of personal information we collect: identifiers (name, email, IP address); professional or employment-related information; internet or electronic network activity; geolocation data; and inferences drawn from the above categories. Your rights under the CCPA include: • Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you. • Right to delete: request deletion of your personal information. • Right to correct: request correction of inaccurate personal information. • Right to opt out: opt out of the "sale" or "sharing" of your personal information. Nesoi does not sell personal information in the traditional sense, but certain data sharing activities may constitute a "sale" or "sharing" under the CCPA. • Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights. To exercise these rights, please contact us at privacy@nesoi.ai or submit a request through your account settings.

If you are a resident of Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial privacy legislation may apply to our collection, use, and disclosure of your personal information. As Nesoi AI Inc. is incorporated under the laws of Canada, we are committed to complying with PIPEDA and applicable provincial privacy laws. Applicability: PIPEDA applies to the collection, use, and disclosure of personal information in the course of commercial activities. If you are a Canadian user of our Services, the following principles and rights apply to you. Consent: We obtain your meaningful consent before collecting, using, or disclosing your personal information, except where permitted or required by law. Consent may be express or implied depending on the sensitivity of the information and the reasonable expectations of the individual. You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. Right to access and correct: You have the right to request access to the personal information we hold about you and to request correction of any information that is inaccurate or incomplete. We will respond to access requests within 30 days. Right to withdraw consent: You may withdraw your consent to our collection, use, or disclosure of your personal information at any time by contacting us at privacy@nesoi.ai. We will inform you of the implications of withdrawing consent, which may include our inability to provide certain Services. Accountability: Nesoi has designated a privacy officer who is accountable for our compliance with PIPEDA. Our privacy officer can be reached at privacy@nesoi.ai. Data retention: We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal information is no longer needed, we securely destroy, erase, or anonymize it. Filing a complaint: If you believe that Nesoi has not handled your personal information in accordance with PIPEDA, you may file a complaint with our privacy officer at privacy@nesoi.ai. If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and UK GDPR apply to our processing of your personal data. Lawful bases for processing: we process your personal data on the following legal bases: • Performance of a contract: processing necessary to provide our Services under our terms of service. • Legitimate interests: processing necessary for our legitimate business interests, such as improving our Services, ensuring security, and communicating with you, where these interests are not overridden by your data protection rights. • Consent: where you have given explicit consent, such as for marketing communications or optional analytics. • Legal obligation: processing necessary to comply with applicable laws and regulations. Data subject rights: in addition to the rights listed in Section 5, you have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates applicable law. Data Protection Officer: for questions about our data protection practices or to exercise your rights, please contact us at privacy@nesoi.ai.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: privacy@nesoi.ai Nesoi AI Inc. 180 John Street Toronto, ON M5T 1X5 Canada For data subject requests, please email privacy@nesoi.ai with the subject line "Data Subject Request" and include sufficient information for us to verify your identity and process your request.