At Evomi, we respect your privacy and are committed to safeguarding your Personal Data. This Privacy Policy ("Policy") explains how we collect, use, store, and protect your Personal Data, and the rights you have in relation to it.

Please read this Policy together with our Terms of Use and Cookie Policy. Terms not otherwise defined here have the meaning given in our Terms of Use.

About Us

The operator of this service and the party responsible for processing your Personal Data is:

TeraShift GmbH, a company incorporated in Switzerland with its registered address at Hauptstr. 35A, 8272 Ermatingen, Switzerland (referred to as "Evomi," "we," "us," or "our").

TeraShift GmbH acts as the controller (the "responsible party" under Swiss law) of the Personal Data of Evomi's Individual Users. "Individual User" means any natural person who visits our Site or uses our Services.

If you have any questions about your privacy, contact us at hello@evomi.com or via the "Contact Us" form on our website.

Governing Law and Scope

Evomi is established only in Switzerland, but our visitors and users come from around the world. The laws that apply to the processing of your Personal Data depend on where you are located:

• Switzerland and all other regions: Our processing is governed primarily by the Swiss Federal Act on Data Protection (the revised FADP / nDSG). The Swiss Federal Data Protection and Information Commissioner (FDPIC) is our lead supervisory authority.

• European Economic Area (EEA) and United Kingdom: Where the EU General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your data, we also comply with those laws, and the references to "GDPR" in this Policy apply to you.

• United States: Certain practices described in the "United States Visitors" section below apply only to visitors located in the United States.

Where this Policy refers to a "legal basis" or "justification," we mean the grounds described in the "Legal Basis for Processing" section.

Acceptance

By accessing or using our Services, you confirm that you have read and understood this Policy. This does not by itself serve as your consent to processing — we rely on the legal grounds set out below. If you disagree with this Policy, please do not access or use the Services.

Consent

Where we rely on your consent to process Personal Data (for example, for certain marketing or where required by law), we will ask for it through a clear affirmative action, such as ticking an unticked box or confirming a request. Consent is always optional, specific, and informed, and you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawing consent will not affect processing we carry out on other legal grounds.

Legal Basis for Processing

Under Swiss law (FADP): As a Swiss controller, we process Personal Data in accordance with the data protection principles of lawfulness, good faith, proportionality, purpose limitation, accuracy, and security. Where a justification is required, we rely on one or more of the following:

• your consent;

• the conclusion or performance of a contract with you, or another overriding legitimate interest of ours (for example, securing our systems, preventing fraud and abuse, and improving our Services), provided your interests do not prevail;

• a legal obligation to which we are subject (for example, KYC/AML and accounting duties).

Under the GDPR (for EEA/UK visitors): Where the GDPR applies, we process your Personal Data on the following legal bases:

• your consent — Art. 6(1)(a);

• the performance of a contract with you, or steps taken at your request before entering a contract — Art. 6(1)(b);

• compliance with a legal obligation — Art. 6(1)(c);

• our legitimate interests, balanced against your rights and freedoms — Art. 6(1)(f).

What Data Is Logged by Default

To ensure the technical functioning of our System and Services, investigate security incidents, and detect malfunctions or attacks, we collect certain standard technical data. You can browse parts of our Website that do not require authorization without providing data that identifies you.

Log Files

When you visit our Website or connect to our Services, our servers automatically record log data, which may include:

• the date and time of access;

• information about activity on the Site and the volume of data transferred;

• your IP address and basic device/connection information.

Some of this data — in particular your IP address — may constitute Personal Data. We use it to operate and secure our Services and do not combine it with other data for purposes incompatible with those described in this Policy.

Anonymized and De-Identified Data

We may create anonymized or de-identified data from Personal Data by removing elements (such as your name, email address, or any linkable identifier) that make the data personally identifiable. Our use of fully anonymized or de-identified data is not subject to this Policy.

IP Addresses and Proxy Traffic

Because Evomi provides proxy and related infrastructure, it is important to distinguish between two different kinds of IP address:

• Your account connection IP. When you log in or connect to our Services, we process the IP address you connect from for security, fraud and abuse prevention, and account administration, as described in "Log Files" above.

• Proxy IP addresses. The IP addresses used to route requests through our proxy network are part of our network infrastructure (for example, proxy endpoint and peer addresses). They are not your personal browsing IP and are not used by us to identify you as a customer.

We do not monitor, inspect, or otherwise process the content of the traffic you route through our proxy network, or the websites, pages, or data you access or collect through the Services. You determine what you access and what data you collect through the Services. Where your use of the Services involves Personal Data of other individuals (for example, data you gather from third-party sources), you act as the controller of that data and are solely responsible for having a valid legal basis and for complying with applicable law. The limited, user-initiated processing performed by our Chrome Extension's AI features is described in the "Evomi Chrome Extension" section.

Is Providing Data Mandatory

Providing certain Personal Data is necessary for us to present and operate the System and Services. Without the technically necessary information, we cannot guarantee their functionality.

Data We Collect and Data Sources

In addition to data you provide directly, we may obtain data from publicly accessible sources, your devices, and third parties (such as our payment and verification providers). The data we process includes, but is not limited to:

name and surname, phone number, email address, postal address, registration date, first-visit date, session times and dates, language preferences, total active System time, and newsletter subscription status.

How Long We Keep Your Data

We retain your Personal Data for as long as you maintain an account or as needed to provide the Services, and afterwards only as necessary to:

• comply with our legal obligations (for example, statutory retention periods for invoicing and AML records);

• resolve disputes and enforce our agreements;

• pursue an overriding legitimate interest, until your interest in deletion or anonymization prevails.

Where we process data based on your consent, we retain it until you withdraw that consent. When we no longer need your data, we delete or anonymize it. Where permissible, we will also delete your Personal Data upon your request — see "Data Deletion Requests" below.

Children

Our Services are not directed to children under the age of 18. We do not knowingly collect Personal Data from children under 18 without appropriate parental or guardian consent. If we become aware that we have collected such data without the required consent, we will delete it promptly.

Third-Party Links

Our Website or System may contain links to other websites or applications. We are not responsible for their content, functionality, or privacy practices. Please review their privacy policies.

Security

We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access or processing, accidental loss, alteration, or destruction. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Automated Decision-Making

We do not make decisions producing legal or similarly significant effects concerning you that are based solely on automated processing, including profiling. The AI features of our Chrome Extension generate scraping configurations at your request and do not make such decisions about you.

Your Rights

Subject to the conditions of applicable law, you have the right to:

• request information about, and access to, the Personal Data we process about you;

• have inaccurate data corrected;

• have your data deleted or its processing restricted;

• object to processing of your data;

• receive your data in a portable, machine-readable format, and where technically feasible have it transferred to another controller (data portability);

• withdraw any consent you have given, with effect for the future;

• lodge a complaint with a competent data protection supervisory authority (see "Right to Lodge a Complaint").

To exercise any of these rights, contact us at hello@evomi.com.

Data Deletion Requests

You can ask us to delete the Personal Data we hold about you at any time. We will handle your request in line with the "Your Rights" and "How Long We Keep Your Data" sections — please note that we may need to keep certain data to comply with legal obligations (for example, AML and accounting records), and we will tell you if that is the case.

To protect your account, we may need to verify your identity before acting on a request. We will confirm once your request has been completed.

To submit a request, email us at hello@evomi.com with the subject line "Data Deletion Request" and include the details below. You can copy and complete this template:

To: hello@evomi.com Subject: Data Deletion Request Full name: Email address associated with my account: What I would like deleted: (leave blank to request deletion of all my data) I confirm that I am the account owner (or am authorized to act on their behalf) and that I am requesting deletion of my Personal Data. Name: Date:

How We Share Data

We work with selected service providers to operate our Website, System, and Services. We share your data only as necessary to perform our contract with you, to meet a legal obligation, or based on another valid legal ground. We do not sell your Personal Data.

Categories of service providers we use: data storage and server hosting, development services, customer support software, email providers, payment processing, order processing, receivables management, call center services, newsletter providers, translation services, telecommunications providers, postal services, bookkeeping and invoicing, and legal, audit, and tax advisors.

Identity Verification

To meet KYC (Know Your Customer) and AML (Anti-Money Laundering) obligations, we use third-party verification providers:

• Stripe — https://stripe.com/privacy

• Didit — https://didit.me/terms/information-security/

Email Hosting and Communications

• Brevo (formerly Sendinblue) — https://www.brevo.com/legal/privacypolicy/

• Google Workspace — https://policies.google.com/privacy

Payment Processing

• Stripe — https://stripe.com/privacy

• PayPro Global — https://docs.payproglobal.com/documents/legal/privacyPolicy.pdf

• Mollie — https://www.mollie.com/privacy

• Cryptomus — https://cryptomus.com/privacy

Communication, Support, and Analytics

• Slack — https://slack.com/privacy-policy

• Intercom — https://www.intercom.com/legal/privacy

• Google Analytics — https://policies.google.com/privacy

• PostHog — https://posthog.com/privacy

• Microsoft — https://privacy.microsoft.com/en-gb/privacystatement

AI Processing

To power the AI-assisted scraping and chat features of our Chrome Extension, the page elements you select and the messages you send to the AI assistant are processed by:

• Google (Google LLC) — https://policies.google.com/privacy

International Data Transfers

We are based in Switzerland and the European Economic Area is recognized as providing an adequate level of data protection. Some of our service providers are located in other countries, including the United States. Where we transfer Personal Data to a country that does not benefit from an adequacy decision, we rely on appropriate safeguards, such as:

• an adequacy decision of the Swiss Federal Council or the European Commission;

• the Standard Contractual Clauses approved by the European Commission, together with the Swiss addendum recognized by the FDPIC;

• the EU–US and Swiss–US Data Privacy Framework, where the recipient is certified; or

• your explicit consent, or another transfer exception permitted by law.

You can request more information about these safeguards by contacting hello@evomi.com.

Marketing Communications

We send marketing communications only where we have a valid legal basis to do so — your consent, or, where permitted by law, our legitimate interest in marketing similar products to existing customers. Every marketing message includes an easy way to unsubscribe, and you can withdraw your consent or object at any time at no cost.

United States Visitors — Identity Resolution and Opt-Out

This section applies only to visitors located in the United States. When a U.S. visitor accesses or logs in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate that activity with other personal information they hold, including by association with an email address. We (or service providers acting on our behalf) may then send communications and marketing to those email addresses.

For this purpose we may use:

• RB2B — https://www.rb2b.com/

If you are a U.S. visitor, you may opt out of receiving this advertising at https://app.retention.com/optout, and you may opt out of the related collection of your personal data at https://www.rb2b.com/rb2b-gdpr-opt-out.

This identity-resolution practice does not apply to visitors located in Switzerland, the EEA, the UK, or other regions, where we send marketing only on the legal bases described in "Marketing Communications" above.

Evomi Chrome Extension

The Evomi Chrome Extension ("Evomi – Proxy & Scraper") extends our Services to your browser, enabling proxy management and AI-assisted web scraping. This section describes how we handle Personal Data when you use the Extension.

Information collected by the Extension. When you use the Extension, we may collect and process:

• Account information. When you log in, your API key and authentication tokens are stored locally in your browser to identify your account and provide access to our Services.

• Website cookies. The Extension captures cookies from websites only when you explicitly activate the cookie-capture feature. These cookies may be transmitted to our servers to enable scraping of login-protected pages and may be retained as part of your scraping configuration for use in future sessions. You are responsible for ensuring you are entitled to use any cookies or credentials you capture.

• Page elements. When you select elements on a webpage for data extraction, the Extension transmits the location and text content of those elements to our AI service provider, Google (Google LLC — see Google's Privacy Policy), to generate scraping configurations on your behalf.

• Proxy configuration. Proxy settings, including geographic targeting preferences such as country and city, are stored locally in your browser and transmitted to our proxy servers to route your traffic according to your preferences.

• AI chat conversations. Messages you exchange with the AI assistant within the Extension are processed by our AI service provider, Google, to generate responses, and are stored on our servers to maintain conversation history and continuity across sessions.

How we use this information. We use it to authenticate your account, display your available credit balance, route your traffic through our proxy network, power AI-assisted scraping at your request, and maintain your conversation history and scraping configurations.

Your choices. You may log out of the Extension at any time to remove locally stored authentication data. Cookie capture and element selection occur only when you explicitly initiate them. Proxy connections can be disabled at any time within the Extension. Uninstalling the Extension removes all locally stored data from your device.

Security. All data transmitted between the Extension and our servers is encrypted in transit using HTTPS. Data stored locally is protected by Chrome's built-in storage security mechanisms.

Data Protection Contact

For any question about our data protection practices or to exercise your rights, contact us at hello@evomi.com. For particularly sensitive matters, you may contact us by post, as email communications can carry security risks.

Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or legal requirements. We will always handle your Personal Data in accordance with the Policy in effect at the time it was collected, unless you agree to changes. We will indicate the date of the latest revision at the top of this Policy.

Contact Us

For privacy-related questions, please contact us:

• Email: hello@evomi.com

• "Contact Us" form on our website