Privacy Policy

Furistic Inc. ("Furistic," "we," "us," or "our") collects information across our platform and products in the following categories: **Account & Identity Data.** When you create a Furistic account or sign in via our centralized identity and SSO system, we collect your name, email address, phone number, organization details, role, and authentication credentials. This identity data is shared across Furistic products you access (RealtyOS, TradeOS). **RealtyOS Data.** Property listings, client information, transaction records, communication logs, documents, MLS data accessed through integrations, and AI-assisted valuations and market analyses. **TradeOS Data.** Trading strategies, portfolio configurations, market watchlists, order history, risk parameters, AI-generated trading signals, and performance analytics. **Usage & Telemetry Data.** Log data, device information, IP addresses, browser type, pages visited, feature usage patterns, API call metadata, and performance metrics. **AI Interaction Data.** Prompts, queries, and interactions with our AI features, along with the AI-generated outputs and your feedback on those outputs.

We use your information to: • Provide, maintain, and improve the Platform and its products • Authenticate your identity and manage access across products via our unified identity system • Process transactions and manage billing • Deliver AI-powered features, insights, and recommendations • Communicate with you about your account, products, and updates • Monitor for security threats, fraud, and abuse • Comply with legal obligations and enforce our Terms of Service • Generate anonymized, aggregated analytics to improve our AI models and services We process your data on the legal bases of contract performance, legitimate interests, consent, and legal obligations as applicable under PIPEDA and other relevant privacy legislation.

**You own your data.** All content, records, and data you input into the Platform remain your property. Furistic does not claim ownership of Your Content. **Product-specific data** — Data you enter into RealtyOS (property records, client data) and TradeOS (trading strategies, portfolio data) belongs to you. You may export your data at any time through the respective product settings. **Cross-product data** — Your identity and account information is shared across Furistic products to enable seamless SSO and unified experience. You can manage cross-product data sharing preferences in your account settings. **Data portability** — You have the right to request a copy of your data in a structured, commonly used, machine-readable format. We will fulfill data export requests within 30 days.

To improve our AI models and services, Furistic may use anonymized and aggregated data derived from Platform usage. This data: • Is stripped of all personally identifiable information before use • Cannot be used to identify individual users or their specific data • Is used solely to improve model accuracy, performance, and capabilities • Is never sold or shared with third parties for their own training purposes You may opt out of anonymized data usage for AI training through your account privacy settings. Opting out will not affect your access to the Platform or its features.

We share your information only in the following circumstances: **Infrastructure Providers.** We use cloud infrastructure providers (including AWS, Google Cloud, and Cloudflare) to host and deliver the Platform. These providers process data on our behalf under strict data processing agreements. **Payment Processors.** Payment information is processed by PCI-compliant third-party payment processors. We do not store full credit card numbers on our servers. **Analytics & Monitoring.** We use analytics tools to monitor Platform performance and usage. Data shared with these providers is anonymized or pseudonymized where possible. **Legal Requirements.** We may disclose information when required by law, subpoena, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others. **Business Transfers.** In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections described in this Policy. We do not sell your personal information to third parties.

We implement industry-standard security measures to protect your data, including: • Encryption in transit (TLS 1.3) and at rest (AES-256) • Multi-product data isolation at the infrastructure level • Role-based access controls and principle of least privilege • Regular security audits and penetration testing • Automated threat detection and incident response procedures We retain your data for as long as your account is active or as needed to provide services. Upon account deletion, we will remove your personal data within 90 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).

Furistic Inc. is headquartered in Canada. Your data may be processed and stored in Canada and other jurisdictions where our infrastructure providers operate. When transferring data outside of Canada, we ensure adequate protection through: • Contractual safeguards with data processors, including standard contractual clauses • Compliance with PIPEDA requirements for cross-border data transfers • Selection of infrastructure providers that maintain appropriate certifications (SOC 2, ISO 27001) For users in the European Economic Area (EEA), we rely on adequacy decisions, standard contractual clauses, or other approved transfer mechanisms under the GDPR.

Under PIPEDA and applicable privacy legislation, you have the right to: • **Access** — Request a copy of the personal information we hold about you • **Correction** — Request correction of inaccurate or incomplete personal information • **Deletion** — Request deletion of your personal information, subject to legal retention requirements • **Portability** — Receive your data in a structured, machine-readable format • **Withdraw Consent** — Withdraw consent for specific processing activities at any time • **Restrict Processing** — Request that we limit how we use your data in certain circumstances • **Complaint** — Lodge a complaint with the Office of the Privacy Commissioner of Canada To exercise any of these rights, contact us at privacy@furistic.co. We will respond to your request within 30 days.

Furistic Inc. complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and its ten fair information principles: • **Accountability** — Our Privacy Officer is responsible for compliance with this Policy • **Identifying Purposes** — We identify the purpose for data collection at or before the time of collection • **Consent** — We obtain meaningful consent for the collection, use, and disclosure of personal information • **Limiting Collection** — We collect only the information necessary for identified purposes • **Limiting Use, Disclosure, and Retention** — We use and disclose personal information only for the purposes identified, and retain it only as long as necessary • **Accuracy** — We keep personal information accurate, complete, and up-to-date • **Safeguards** — We protect personal information with appropriate security measures • **Openness** — We make our privacy practices readily available • **Individual Access** — Upon request, we inform you of the existence, use, and disclosure of your personal information • **Challenging Compliance** — You may challenge our compliance by contacting our Privacy Officer

We may update this Privacy Policy from time to time. When we make material changes, we will: • Post the updated Policy on this page with a revised "Last Updated" date • Notify you by email or through the Platform at least 30 days before the changes take effect • Obtain your consent where required by applicable law Your continued use of the Platform after the effective date of changes constitutes acceptance of the updated Policy.