NITINX, INC. PRIVACY POLICY Effective Date: March 10, 2026 Overview and Scope NitinX, Inc. (“NitinX,” “Company,” “we,” “us,” or “our”) recognizes the importance of protecting the privacy rights of our users. This Privacy Policy (“Policy”) describes how we collect, use, disclose, and protect personal information about you and other visitors and users (collectively, “Users” or “you”) who access or use our website (including www.NitinX.com), mobile applications, and related services (collectively, the “Services”). The Services include our precious metal-backed settlement network and digital payment infrastructure, enabling users to purchase, hold, transfer, donate, swap, and redeem digital tokens backed by physical gold and silver and fiat-backed payment stablecoins (collectively, “NitinX Tokens” or “Tokens”). The Services also encompass enterprise API and settlement services available to institutional customers, including refineries, vaults, wholesalers, and merchants. We are committed to ensuring that your privacy is protected. By accessing or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree to this Policy, please do not access or use the Services. This Policy is incorporated into and made part of our Terms of Service. Unless otherwise expressly agreed to in writing, your personal information will be processed according to the terms of this Policy. We may provide additional or supplemental privacy notices specific to certain features, services, or activities. This Policy does not apply to information collected by third parties or by other means, including on any other website operated by a third party that may link to or be accessible from the Services. Consistent with California Civil Code § 1798.100(b), at or before the point of data collection we will provide a short-form Notice at Collection identifying the categories of Personal Information collected and the purposes for use. California law requires at least two designated methods for submitting consumer rights requests; we provide email (Section 14) and an online request form (available at launch). This Policy is drafted to comply with the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), and other applicable U.S. state privacy laws (including, without limitation, comprehensive privacy laws in Colorado, Connecticut, Virginia, and Utah). In addition, this Policy is applicable to data subjects within the European Economic Area and the United Kingdom (collectively, the “EEA”). Therefore, this Policy is also drafted to comply with the E.U. General Data Protection Regulation (EU) 2016/679 and the U.K. GDPR (collectively, the “GDPR”), and the Swiss Federal Act on Data Protection (“FADP”). However, the application of these laws depends on each individual case. For the purposes of applicable law, we are the data controller of information we collect from you through the Services. For the purposes of this Policy, “data subject” means an identified or identifiable natural person located in the EEA, the United Kingdom, or Switzerland. Users of the Services are under no statutory or contractual obligation, or other obligation to provide Personal Information to us. BY USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY. 1. Information We Collect The information that we collect depends on your interactions with us, the choices that you make, the products and features you use, your location, and applicable laws. We may collect or receive information directly from you, and in other cases, we receive information through your use of our Services. We collect several types of information from and about Users of the Services, including: 1.1 Personal Information “Personal Information” means any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. We may collect Personal Information when you register for an account, complete forms, participate in surveys, navigate web pages, submit identity verification documentation, conduct transactions, and in connection with other activities, services, features, or resources we make available through the Services. The types of Personal Information we have collected, used, stored, and disclosed in the last twelve (12) months include the following categories: 1.1A Sensitive Personal Information In addition to the categories above, we may collect Sensitive Personal Information (“SPI”) as defined under the California Privacy Rights Act, including: (a) government-issued identification numbers (passport, driver’s license, national ID); (b) financial account credentials used during KYC/AML verification; (c) biometric data, if our identity verification provider uses facial recognition or liveness detection; and (d) source-of-funds documentation. We use SPI only to the extent necessary to provide the Services and comply with applicable law. California residents may limit our use of their SPI (see Section 8.1). Category Types of Information Identifiers Name, email address, postal address, telephone number, username, IP address, device identifiers, online identifiers, and similar identifiers Customer Records Information Name, signature, address, telephone number, bank account number, credit card number, debit card number, and other financial information Commercial Information Records of purchases, transaction history, products or services purchased or considered, and other purchasing or consuming histories or tendencies Internet or Network Activity Browsing history, search history, information regarding interactions with our website, platform, or advertisements, device type, browser type, operating system, and referral URLs Geolocation Data General geographic location (such as country, state, or city) based on your IP address 1.2 Know Your Customer (KYC) and Anti-Money Laundering (AML) Information NitinX is required to comply with applicable KYC and AML laws, rules, and regulations. As a condition of using certain features of the Services, you may be required to submit identity verification documentation, including but not limited to government-issued identification, proof of address, source-of-funds documentation, beneficial ownership information (for legal entity customers), and other documentation as we may require. We may use third-party verification service providers to assist with these procedures. Any information collected during the KYC/AML process will be used solely for the purpose of completing identity verification procedures, complying with applicable law (including the Bank Secrecy Act and FinCEN regulations), and detecting, reporting, and preventing financial crimes. Such information will be retained for a minimum of five years, and for longer periods if required by applicable law or regulation. We may be legally prohibited from informing you that certain regulatory reports or filings have been made in connection with your account or transactions. 1.3 Wallet and Blockchain Information Because the Services operate on the blockchain and involve self-custodial wallet functionality, we may collect technical data such as blockchain wallet addresses, network transaction identifiers, token balances, and on-chain transaction data. When you use our stablecoin or other NitinX payment instruments, transaction data may also be processed by our stablecoin infrastructure integration partner. NitinX shares such data with these providers only to the minimum extent necessary to operate the Services. 1.4 Deidentified and Aggregated Information We may collect deidentified information from you and aggregate information that may not by itself reasonably identify you as the source when you navigate the Services. Deidentified Information may include device type, device operating system, internet browser type, internet service provider, referring/exit pages, date/time stamps, and clickstream information. We will take reasonable measures to ensure that deidentified information we collect is not personally identifiable and may not later be easily used to identify you. 1.5 Children and Restricted Information The Services are not intended for, and we do not knowingly collect Personal Information from, children under the age of eighteen (18). Additionally, you may not access or use the Services if you are located in, a resident of, or a citizen of any jurisdiction where the use of the Services would be prohibited by applicable law, regulation, or sanctions, including if you are listed on any U.S. government or international sanctions list (including the Office of Foreign Assets Control's Specially Designated Nationals and Blocked Persons List) or are located in Cuba, Iran, North Korea, Syria, the Crimea region of Ukraine, or the so-called Donetsk People's Republic or Luhansk People's Republic. If we learn that we have collected or received Personal Information from a child under 18 years of age or from a user in a prohibited jurisdiction without appropriate authorization, we will delete that information. If you believe we might have any such information, please contact us using the contact information provided below. 1.6 Institutional and Business Customer Information NitinX provides services to institutional customers, including refineries, vaults, wholesalers, jewelry retailers, and merchants integrating the NitinX settlement API (collectively, “Business Customers”). In connection with Business Customer relationships, we may collect: (a) entity formation documents and business registration information; (b) authorized representative identification and contact information; (c) commercial banking and financial account details; (d) KYC/AML documentation, including beneficial ownership certifications; (e) trading history and settlement records; and (f) API integration credentials. To the extent NitinX processes Personal Information on behalf of a Business Customer’s end users, NitinX acts as a data processor pursuant to an applicable data processing agreement. 2. How We Collect Information We collect Personal Information and other data in various ways, including: 2.1 Directly from You We collect Personal Information when you voluntarily submit it to us while using the Services, including when you: * Register for an account and create a user profile * Complete our KYC and AML verification procedures * Purchase, transfer, or redeem NitinX Tokens * Subscribe to newsletters or marketing communications * Contact us for customer support or inquiries * Respond to surveys or provide feedback * Communicate with us through email, chat, or other channels 2.2 Automatically Through Your Use of the Services We may collect certain information automatically when you access or use the Services, including information that your browser or device transmits. We may also collect information about how you access and interact with the Services through the use of automated tracking technologies, such as cookies, web beacons, pixels, and similar technologies. 2.3 From Third Parties We may collect Personal Information about you from third parties, including: * Identity verification and KYC/AML service providers * Payment processors and financial institutions * Analytics providers * Third-party redemption locations and partners * Stablecoin infrastructure and payment processing providers We may combine the information we collect from you with information we obtain from third parties and use it as described in this Policy. 3. How We Use Your Information We use the information we collect for various purposes, including: 3.1 Providing and Improving the Services * To create, maintain, and secure your account * To process transactions, including the purchase, transfer, and redemption of NitinX Tokens * To provide customer support and respond to your inquiries * To improve and personalize your experience with the Services * To develop new products, services, and features * To analyze usage trends and monitor the effectiveness of the Services 3.2 Compliance and Verification * To verify your identity and complete KYC and AML procedures * To comply with applicable laws, regulations, and legal processes * To detect, prevent, and address fraud, security breaches, and other prohibited activities * To enforce our Terms of Service and other agreements 3.3 Communications * To send you transactional communications related to your account and transactions * To send you updates, security alerts, and administrative messages * To send you marketing and promotional communications (with your consent where required by law) * To respond to your requests for information 3.4 Other Business Purposes * To maintain records and conduct internal audits * To protect our rights, property, and safety, and the rights, property, and safety of our users and others * For other purposes reasonably necessary and proportionate to achieving the operational purpose for which the Personal Information was collected consistent with the CCPA compatible-use standard, or with your express consent 4. How We Share Your Information We do not sell your Personal Information as the term “sell” is commonly understood to require an exchange for money. We do not “share” Personal Information for cross-context behavioral advertising purposes as those terms are defined under the CCPA/CPRA. If we ever decide to “sell” or “share” Personal Information, as those terms are defined under applicable law, we will update this Policy and include a link entitled “Do Not Sell or Share My Personal Information” to provide you with an opportunity to opt out of the selling or sharing of your Personal Information. We may disclose your Personal Information to the following categories of third parties for business purposes: 4.1 Service Providers We may share your Personal Information with third-party service providers who perform services on our behalf, including: * Cloud hosting and data storage providers * Payment processors and financial institutions * Identity verification and KYC/AML service providers * Customer support providers * Analytics and data analysis providers These service providers are contractually obligated to keep Personal Information confidential and use it only for the purposes for which we disclose it to them. We require service providers to provide security measures in accordance with industry standards and in compliance with contractual obligations, their privacy and security obligations, and any other appropriate confidentiality and security measures. 4.2 Third-Party Redemption Partners NitinX partners with third-party jewelry stores and precious metals dealers to provide redemption services. When you redeem NitinX Tokens at third-party locations, we may share necessary information with those partners to facilitate the redemption. Redemptions at third-party locations are subject to the policies and procedures of those locations. When you redeem NitinX Tokens for physical gold or silver, we may collect and share: (a) physical delivery address or in-store pickup confirmation details; (b) metal specifications (weight, purity, form factor); (c) government-issued identification presented at point of pickup; and (d) delivery confirmation and chain-of-custody records. This information is shared with logistics partners, vault custodians, and redemption location operators only to the extent necessary to complete the redemption. Physical redemption data is subject to the BSA/AML retention requirements in Section 1.2. 4.3 Blockchain Networks Because NitinX Tokens are issued on the blockchain, certain transaction information will be recorded on the public blockchain. This information may include wallet addresses and transaction details. Blockchain transactions are public and immutable, and we cannot control how others may use information visible on the blockchain. 4.4 Affiliates and Professionals We may share your Personal Information with our subsidiaries and affiliates for purposes consistent with this Policy. We may share your Personal Information with legal counsel, accountants, auditors, and other professional advisors to the extent necessary for them to provide services to us. This includes sharing with our public accounting and advisory firm (currently BDO USA, LLP) in connection with financial audits, tax compliance, and required regulatory attestations, including reserve attestations for our stablecoin and other NitinX instruments. Professional advisors are bound by confidentiality obligations and applicable professional ethics rules. 4.5 Legal and Regulatory Disclosures We may disclose your Personal Information if required or permitted by law, including: * To comply with any court order, law, subpoena, or legal process * To respond to requests from, or to satisfy reporting obligations to, government or regulatory authorities, including the U.S. Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), the Financial Crimes Enforcement Network (FinCEN), the Office of Foreign Assets Control (OFAC), the California Department of Financial Protection and Innovation (DFPI), and other applicable federal, state, and local regulators * To enforce our Terms of Service and other agreements * To protect our rights, property, or safety, or the rights, property, or safety of our users or others * To detect, prevent, or address fraud, security issues, or technical problems * To transmit originator and beneficiary transaction information to counterparty financial institutions as required by the FinCEN Travel Rule for virtual asset transfers at or above applicable thresholds 4.6 Business Transfers In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your Personal Information may be transferred as part of that transaction. The successor entity will be subject to this Policy with respect to your Personal Information. We will notify you of any change in applicable ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information, by email and/or by posting a prominent notice on our Services. 4.7 With Your Consent We may disclose your Personal Information to other third parties with your consent. 5. Cookies and Tracking Technologies We use cookies and similar tracking technologies to collect information about your use of the Services. Cookies are small data files stored on your device that enable us to remember and customize your visits, analyze site traffic and usage patterns, and gather broad demographic information. 5.1 Types of Cookies We Use * Essential Cookies: These cookies are necessary for the Services to function properly and cannot be switched off. They are usually only set in response to actions you take, such as logging in or filling out forms. * Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings. * Analytics Cookies: These cookies help us understand how visitors interact with the Services by collecting and reporting information anonymously. We may use analytics tools such as Google Analytics for these purposes. 5.2 Managing Cookies Most web browsers are set to accept cookies by default. You can usually modify your browser settings to decline cookies or to alert you when cookies are being sent. Please note that if you disable cookies, some features of the Services may not function properly. 5.3 Do Not Track Some browsers include a “Do Not Track” (DNT) feature that signals to websites that you do not wish to be tracked. Our Services do not currently respond to DNT signals. However, you can use the range of other tools described in this Policy to control data collection and use, including cookie controls. Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to websites to indicate your preference to opt out of certain types of data processing. We will honor GPC signals where required by applicable law. 6. Data Retention We retain your Personal Information for as long as reasonably necessary to fulfill the purposes for which it was collected, to provide the Services, and to comply with our legal obligations. In determining retention periods, we consider: Notwithstanding the foregoing, we are required by applicable law, including the Bank Secrecy Act and FinCEN regulations, to retain certain transaction and identity records for a minimum of five years. We may also be legally prohibited from disclosing the specific reasons why a data deletion or access request cannot be fulfilled, including where disclosure would be prohibited by federal law. In such cases, we will inform you that we cannot comply without providing the specific reason. * The duration of your relationship with us and your use of the Services * Legal, regulatory, tax, accounting, or reporting requirements * The need to resolve disputes and enforce our agreements * Business and operational needs When we no longer have an ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it within a reasonable period. When we choose to anonymize information, we take commercially reasonable measures to ensure that the information cannot be linked back to you or any specific user. If deletion is not possible (for example, because your Personal Information has been stored in backup archives), we will securely store it and isolate it from any further processing until deletion is possible. Please note that transaction data recorded on the blockchain is permanent and immutable. We cannot delete or modify information that has been recorded on the blockchain. You acknowledge and accept the inherent risks associated with blockchain technology and digital assets, including regulatory uncertainty, technological vulnerabilities, network congestion or failures, the potential for loss of access to Tokens due to lost credentials, and market volatility. We may modify, suspend, or discontinue aspects of the Services as necessary to comply with applicable laws, regulations, or regulatory requirements, which may affect how we collect, process, or retain your Personal Information. 7. Data Security We use commercially reasonable administrative, technical, and physical security measures designed to protect your Personal Information from unauthorized access, use, alteration, disclosure, and destruction. These measures include: * Encryption of data in transit and at rest * Access controls and authentication procedures * Regular security assessments and monitoring * Employee training on data protection and security However, no method of transmission over the internet or method of electronic storage is completely secure. As a result, while we strive to protect your Personal Information, we cannot guarantee or warrant that your Personal Information will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or telecommunications networks. We require third parties acting on our behalf or with whom we disclose your information to provide security measures in accordance with industry standards and in compliance with contractual obligations, their privacy and security obligations, and any other appropriate confidentiality and security measures. We are not responsible for the privacy and security practices of such third parties outside of the information we receive from or disclose to them. Any transmission of Personal Information is at your own risk. 7.1 Your Security Responsibilities You are responsible for maintaining the security and confidentiality of your account credentials, including your password. You are also solely responsible for safeguarding your self-custodial wallet credentials, including your private keys, seed phrases, and recovery credentials. NitinX does not have custody or control over your wallet or the assets held therein, and we cannot recover lost credentials. You should never share your private keys or seed phrase with anyone, including NitinX personnel. NitinX will never ask you for your private keys or seed phrase. Notwithstanding the foregoing, NitinX retains the technical capability to freeze or revoke Tokens where required by applicable law or governmental order. 7.2 Data Breach Notification In the event of a security breach involving your Personal Information that is reasonably likely to result in substantial harm, or that is required to be reported under applicable law, we will notify affected users in the most expedient time possible and without unreasonable delay, as required by California Civil Code § 1798.82 and other applicable state and federal notification laws. Notice will be provided by email to the address associated with your account, by prominent notice on our Services, or by such other method as required by applicable law. We may delay notification at the request of law enforcement to the extent permitted by law. If a breach affects more than 500 California residents, we will also notify the California Attorney General. 8. Your Rights and Choices Depending on your jurisdiction and applicable law, you may have certain rights regarding your Personal Information. We will not discriminate against you for exercising your privacy rights. 8.1 U.S. State Privacy Rights If you are a resident of California, Colorado, Connecticut, Virginia, Utah, or another U.S. state with applicable comprehensive privacy laws, you may have the following rights: * Right to Know/Access: You have the right to request information about the categories and specific pieces of Personal Information we have collected about you, the sources of that information, the purposes for which we collected or sold it, and the categories of third parties with whom we shared it. * Right to Correct: You have the right to request that we correct inaccurate Personal Information that we maintain about you. * Right to Delete: You have the right to request that we delete Personal Information we have collected from you, subject to certain exceptions under applicable law. * Right to Data Portability: You have the right to receive your Personal Information in a portable, readily usable format. * Right to Opt Out of Sales/Sharing: You have the right to opt out of the sale of your Personal Information or the sharing of your Personal Information for cross-context behavioral advertising. We do not sell or share your Personal Information as those terms are defined under applicable law. If our practices change, we will update this Policy and provide required mechanisms to exercise your rights, including recognition of opt-out preference signals where required by law. * Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of your Sensitive Personal Information to uses necessary to perform the Services. * Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your privacy rights. 2. GDPR and FADP Data Subject Rights If you are a data subject located in the EEA, the United Kingdom, or Switzerland, applicable data protection law grants you certain data privacy rights, including: * Right to Access: You have the right to request a copy of your Personal Information. * Right to Rectification: You have the right to request that we correct any inaccuracies in your Personal Information. * Right to Erasure: You have the right to request that we delete your Personal Information. * Right to Restrict Processing: You have the right to restrict processing of your Personal Information. * Right to Object to Processing: You have the right to object to our processing of your Personal Information. * Right to Data Portability: You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format. * Right Not to be Subject to Automated Individual Decision Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. 8.3 Exercising Your Rights To exercise any of these rights, please contact us using the contact information provided below. We may need to verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf, subject to our verification of the agent’s authority. We will respond to your request within the timeframes required by applicable law. If we cannot fulfill your request, we will explain the reasons why to the extent permitted by applicable law. In certain circumstances, including where disclosure would be prohibited by federal or state law (such as in connection with regulatory filings or reports), we may be unable to provide the specific reason for our inability to comply. 8.4 Verifiable Consumer Requests If you are a California resident, a data subject located in the EEA, the United Kingdom, or Switzerland, or a resident of another jurisdiction whose privacy laws grant any of the above rights, you can exercise your legal rights by submitting a Verifiable Consumer Request to us by emailing us at privacy@NitinX.com. Only you, or someone legally authorized to act on your behalf, may make a Verifiable Consumer Request related to your Personal Information. Making a Verifiable Consumer Request does not require you to create an account with us. You may only make a Verifiable Consumer Request for access to Personal Information twice in a 12-month period. The Verifiable Consumer Request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in a Verifiable Consumer Request to verify the requestor's identity or authority to make the request. 8.5 Response Timing and Format We will acknowledge receipt of a Verifiable Consumer Request within ten (10) days. We endeavor to respond to Verifiable Consumer Requests within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the Verifiable Consumer Request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to Verifiable Consumer Requests, unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 8.6 Marketing Communications You may opt out of receiving marketing communications from us at any time by following the unsubscribe instructions in any marketing email we send, or by contacting us using the contact information provided below. Please note that even if you opt out of marketing communications, we may still send you transactional and administrative communications related to your account and use of the Services. 8.7 Accessing and Updating Your Information You may access, update, or correct certain Personal Information through your account settings. If you need assistance, please contact us using the contact information provided below. 8.8 Withdraw Consent Generally, we do not process Personal Information based on consent. However, in the event we do, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on said consent before its withdrawal. If you would like to withdraw your consent, please use the Verifiable Consumer Request method described above. 9. Third-Party Links and Services The Services may contain links to third-party websites, applications, or services that are not owned or controlled by NitinX. This Policy does not apply to those third-party services. We are not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of any third-party services before providing your Personal Information to them. Additionally, NitinX issues and the Services support a payment stablecoin, and the Services may also accept payment in stablecoins issued by third-party partners. Transaction data associated with our stablecoin and other NitinX-issued payment instruments is subject to enhanced BSA/AML monitoring and may be subject to additional requirements under applicable federal payment system law, including the GENIUS Act. Your use of third-party stablecoins is subject to the terms and conditions and privacy policies of the applicable stablecoin issuer. NitinX is not responsible for the operation, stability, or regulatory compliance of any third-party stablecoin or stablecoin issuer. Additionally, our Services may utilize functions from or integrate with third-party platforms, including but not limited to social networks and external APIs. When you interact with these functions, the operators of the respective third-party platforms may record that you are using our Services and may use this information according to their own privacy policies. Please check with these individual platforms regarding their privacy policies. We are not responsible for data collected by these third-party platforms. 10. Changes to This Privacy Policy We may update this Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make changes, we will revise the “Effective Date” at the top of this Policy and post the updated Policy on the Services. If we make material changes, we may also provide you with additional notice, such as by email or through a prominent notice on the Services. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically to stay informed about our privacy practices. 11. California “Shine the Light” Law California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. We do not share Personal Information with third parties for their direct marketing purposes without your consent. If you have any questions about this, please contact us using the contact information provided below. 12. SPAM Policy We do not participate in bulk email solicitations that you have not consented to receiving. We do not sell or disclose customer lists or email address lists to unrelated third parties. Except as otherwise provided herein, we do not share Personal Information with any third-party advertisers. 13. File a Complaint If you would like to file a complaint with us about our privacy practices, please contact us at the Contact Information provided below. 14. Contact Information If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, or if you wish to exercise any of your rights under applicable law, please contact us at: NitinX, Inc. Email: privacy@NitinX.com 2445 Augustine Dr Suite 150, Santa Clara, CA 95054