This Security and Privacy Policy ("Policy") is an integral part of the Terms and was prepared to reaffirm Electron Group's commitment to the security and privacy of information collected from Users who utilize the products and services offered on the Website.

To facilitate understanding of this Policy, we present the following definitions in summary:

• User: Any individual or legal entity that accesses the Website to register and use the services provided.
• Monitrafo: SaaS (Software as a Service) solution developed for remote monitoring of electrical transformers, power substations, industrial machines and equipment.
• Personal Data: Information related to an identified or identifiable natural person.
• Sensitive Personal Data: Personal data concerning racial or ethnic origin, religious conviction, political opinion, trade union or religious organization membership, health or sexual life data, genetic or biometric data when linked to a natural person.
• Database: Structured set of personal data established in one or more locations, in electronic or physical media.
• Data Subject (User): Natural person to whom the personal data refer for use of this Website and which are processed by Electron Group.
• Controller: Natural or legal person, public or private, responsible for decisions regarding the processing of personal data.
• Processor: Natural or legal person, public or private, that processes personal data on behalf of the Controller.
• Data Protection Officer: Person appointed by the Controller and Processor to act as communication channel between Controller, Data Subjects and ANPD.
• Processing Agents: The Controller and the Processor.
• Processing: Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation, control, modification, communication, transfer, dissemination or extraction.
• Consent: Free, informed and unambiguous manifestation by which the Data Subject agrees to the processing of their personal data for a specific purpose.
• International Data Transfer: Transfer of personal data to a foreign country or international organization of which the country is a member.
• Data Sharing: Communication, dissemination, international transfer, interconnection of personal data or shared processing of personal databases by public entities in compliance with their legal duties, or between these and private entities, reciprocally, with specific authorization.
• National Data Protection Authority (ANPD): Public administration body responsible for overseeing, implementing and enforcing compliance with the General Data Protection Law throughout the national territory.
• Data Processing Agent (Controller): ELECTRON INTELIGÊNCIA ARTIFICIAL LTDA, registered under CNPJ No. 43.730.194/0001-93, headquartered at Rua Anchieta, No. 204 - Room 307, Annex I, Jundiaí/SP, Brazil, ZIP 13.201-804, hereinafter referred to as "Electron Group" (trade name).
• Electron Group's Role in Processing: Predominantly Controller.

TYPES OF PERSONAL INFORMATION COLLECTED

For individual Users who make purchases on the Website, Electron Group may collect the following personal data: full name, CPF, email, complete address and ZIP code, phone number, and credit card details.

For corporate Users, Electron Group collects: corporate name, CNPJ, email, complete address, phone number, and billing information.

PURPOSE OF DATA PROCESSING

Users' personal data is processed for the following purposes:

• Sale and management of the Monitrafo license according to the plan chosen by the User;
• Creation and administration of the User account and access authentication;
• Billing and payment processing;
• Provision of the equipment monitoring service, including displaying asset locations on a map;
• Sending technical alerts, operational notifications and service-related communications;
• User support and request handling;
• Artificial intelligence features (assistant and reports), when used by the User;
• Usage metrics and behavior analytics to improve the platform, subject to consent;
• Information security, fraud prevention and compliance with legal and regulatory obligations.

DATA PROCESSING

Data processing under the General Data Protection Law (LGPD) includes: any operation performed with personal data such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation, control, modification, communication, transfer, dissemination or extraction.

Each category of data is processed under its corresponding legal basis, pursuant to Article 7 of the LGPD:

• Performance of a contract (Art. 7, V): registration, account, billing and payment data, necessary to provide the service and sell the license;
• Compliance with a legal or regulatory obligation (Art. 7, II): retention of tax and contractual data for the periods required by law;
• Legitimate interest (Art. 7, IX, and Art. 10): information security, fraud prevention, IP/access logging and service improvement, subject to a balancing test;
• Consent (Art. 7, I, and Art. 8): analytics cookies (Microsoft Clarity) and any processing not covered by the bases above.

Personal data is securely maintained in Electron Group's database only for as long as necessary to fulfill the above purposes or applicable legal obligations, according to the retention periods described in this Policy, after which it is deleted or anonymized.

To ensure security in processing Users' personal data, Electron Group utilizes antivirus software, firewalls and cloud backups to ensure adequate security levels.

In case of personal data breach, Electron Group will notify ANPD as required by law. If the breach poses high risk to Users' rights, Electron Group will communicate this fact under legal conditions.

Collected information may be accessed by Electron Group employees/service providers and shared with companies, state agencies when relevant, research entities, always for service provision purposes, legal obligations, or in judicial/administrative processes.

USE OF PERSONAL INFORMATION

Electron Group uses provided data to respond to User requests, provide clarifications, answer questions, and return contacts through official communication channels.

Personal data is also used to operate business activities including performance analysis, legal compliance, workforce development and research.

Information is stored and used to clarify product information, improve Website content, and enhance User experience.

REASONS ELECTRON SHARES PERSONAL DATA

Electron Group shares User personal data for Monitrafo license sales, to complete contact requests made through the Website, and to send service-related information/news. Data may be shared with authorized employees and service providers when required by law, to respond to legal processes, maintain Website security, or protect Electron Group's rights/property.

Information will only be shared when necessary: (i) for conflict protection; (ii) under court decision or competent authority request; (iii) with technology infrastructure providers like payment processors and data storage services.

Electron Group may subcontract third parties for processing User personal data without requiring additional User authorization.

By agreeing to this Policy, Users acknowledge data sharing and may exercise LGPD rights directly with Electron Group via email to the Data Protection Officer at [email protected].

INTERNATIONAL DATA TRANSFER

As the internet is a global environment, certain Electron Group services may require transferring User data to other countries.

In such cases, data is processed according to LGPD and other data protection laws. Electron Group will implement security measures per this Policy and adopt standard contractual clauses with suppliers/service providers.

International data transfers, when necessary to provide the service (for example, the use of processors such as payment, cloud, maps and analytics providers located abroad), observe the conditions and safeguards of Article 33 of the LGPD, including the adoption of specific contractual clauses with suppliers and service providers. Electron Group will ensure all collected information is securely processed according to data protection standards and this Policy.

HOW ELECTRON GROUP STORES PERSONAL INFORMATION

All data provided by Website Users is collected, stored, maintained and processed in the site management platform by Electron Group employees according to demands, exclusively for service provision. After termination of this Policy, data will remain stored as follows:

• Anonymized data will be kept indefinitely;
• Contact data for commercial purposes will be kept until consent withdrawal; and
• User data will be maintained while the account is active. After account deletion, personal data without tax or contractual relevance is deleted or anonymized within up to 90 (ninety) days;
• Only data subject to a specific legal obligation is retained, for the corresponding legal periods — as a rule, 10 years for tax-relevant data and 20 years for contract-relevant data. If required by competent authorities or pending legal/administrative process, retention periods will be extended accordingly.

Data processing may be internal or externally subcontracted to operators who must follow LGPD requirements and contractual provisions.

Electron Group may communicate/transfer User personal data to public/private entities when required by contract, law, or necessary for fulfilling these Terms.

RESPONSIBILITY AND CONFIDENTIALITY OF USER DATA PROCESSING

Electron Group commits to processing User personal data in accordance with LGPD and applicable privacy legislation.

Electron Group commits to maintaining User data confidentiality by implementing all necessary technical and administrative measures.

Electron Group will be responsible for administrative fines, compensation, including damages to Users if failing to comply with this Policy or if third parties directly contracted by Electron Group fail such obligations.

ELECTRON'S OBLIGATIONS REGARDING USER DATA PROCESSING

For faithful compliance with User data processing, Electron Group commits to:

• Strictly follow the General Data Protection Law; and
• Conduct processing through professionals with technical capability, diligence and respect, being exclusively responsible for any acts/omissions by its representatives in User data processing.

LAWFULNESS OF SOURCE

Electron Group guarantees that all information shared will be collected observing LGPD, ensuring Users' legitimate expectations.

DATA SUBJECT RIGHTS

Data Subjects have the right to obtain from Electron Group, at any time through formal request, information regarding their data.

Electron Group will have 15 days to respond to Data Subject requests. Requests will be analyzed as per current legislation, and some may not be fulfilled for legal reasons.

Data Subjects may exercise their LGPD rights through:

• Confirmation of processing existence;
• Access to processed personal data;
• Correction of incomplete, inaccurate or outdated data;
• Anonymization, blocking or elimination of data;
• Data portability;
• Information about public/private entities with whom data was shared;
• Information about consequences of consent revocation; and
• Explanation of automated decision-making factors.

HOW TO EXERCISE YOUR RIGHTS

Data Subjects may exercise their rights by contacting the Data Protection Officer at [email protected].

To change preferences regarding service-related news/information, Users may unsubscribe anytime by clicking the link in emails.

HOW TO CONTACT THE DATA PROTECTION OFFICER

The Data Protection Officer acts as communication channel between Controller, Data Subjects and ANPD. Any questions may be directed to [email protected].

BROWSING INFORMATION COLLECTED AUTOMATICALLY

Electron Group automatically stores browser activity information including IP addresses and accessed pages on its servers through cookies. IP addresses are considered personal data under the LGPD and are processed on the basis of Electron Group's legitimate interest (Art. 7, IX, and Art. 10) for security, fraud prevention and access auditing purposes, subject to a balancing test.

The Website may use "cookies" (small data files sent to your device) to track usage patterns. Users may configure browsers to receive alerts before accepting cookies. However, this may limit Website functionality.

Users may manage or disable cookies through browser settings. Disabling some cookies may impact Website functionality. For specific instructions, consult your browser's support.

The Website may use cookies for various purposes including:

• Account-related cookies: Used during account creation and general administration, usually deleted when logging out;
• Login-related cookies: Remember login status, typically removed when logging out;
• Order processing cookies: Essential for remembering orders between pages;
• Form-related cookies: Remember user details for future correspondence;
• Site preference cookies: Store user preferences for personalized experience.

The Website uses Microsoft Clarity, an analytics service that helps us understand how Users interact with the platform (through usage metrics and session recordings) in order to improve it. These analytics cookies are only enabled with your consent, requested through the cookie notice shown on your first visit. You may decline analytics cookies without affecting the essential functionality of the Website, and you may change your choice at any time by clearing the site data in your browser. These cookies are managed by Microsoft under its own privacy policy.

For more information about Microsoft Clarity, visit: https://clarity.microsoft.com/

WEBSITE SUPPORT SERVICES

Companies contracted for Website support services must strictly follow this Policy.

Last updated: June 23, 2025.