1.1. Personal Data: Any information that relates to an identified or identifiable individual, including but not limited to names, email addresses, phone numbers, IP addresses, location data, or online identifiers. 1.2. Sensitive Personal Data: A subset of Personal Data that includes more sensitive information, such as financial details, social security numbers, or health information. 1.3. Non-Personal Data: Data that does not, on its own, identify an individual, such as aggregated data, device data, or anonymous usage statistics. 1.4. Data Subject: An individual whose personal data is being processed by Epoch. 1.5. Data Controller: Epoch Inc., which determines the purposes and means of processing personal data. 1.6. Data Processor: Any third party that processes personal data on behalf of the Data Controller. 1.7. Processing: Any operation or set of operations performed on personal data, whether automated or manual, including collection, storage, use, and disclosure.

Epoch collects various types of data depending on the interaction with our Services: 2.1. Personal Data Provided by You This includes data voluntarily provided during registration or account setup, subscription, and other interactions with our platform: • Identity Information: Name, email address, username, and password. • Contact Information: Mailing address, phone number, and email address. • Billing Information: Payment details such as credit card numbers or PayPal account information. • User Preferences: Language preferences, notification settings, and other preferences set within the platform. 2.2. Personal Data Collected Automatically When you interact with our Services, certain information is collected automatically: • Device Information: IP address, browser type, device model, operating system, and unique device identifiers. • Usage Data: Log files, browsing history, time and date of visits, time spent on pages, and actions taken within the platform. • Geolocation Data: Information related to the location of your device, such as your IP address or GPS data, if enabled. 2.3. Third-Party Data Epoch may receive data from third-party service providers, partners, or public sources: • Authentication Providers: Information from third-party authentication services (e.g., Google, Facebook, etc.) if you log in through such services. • External Platforms: Data from integrated services, such as payment processors, analytics services, or third-party brokers. 2.4. Cookies and Tracking Technologies We use cookies, web beacons, and similar technologies to collect information about how you use the platform: • Session Cookies: Used to operate our Services and remember your preferences during your current visit. • Persistent Cookies: Used to retain your preferences or actions across sessions. • Analytical Cookies: Used to monitor and analyze platform performance and user behavior. • Marketing Cookies: Used to deliver targeted advertisements to users based on their online activity. You may modify your browser settings to decline some or all cookies, but doing so may affect your ability to use certain features of the platform.

Epoch collects and processes your data for legitimate business purposes, including but not limited to: 3.1. Provision of Services We use personal data to deliver our Services, including managing user accounts, providing access to platform features, and facilitating transactions. 3.2. Platform Customization Data is used to personalize your experience on our platform, including tailored algorithmic recommendations and customized content delivery based on your preferences. 3.3. Billing and Payment Processing Personal and financial data are used for invoicing, subscription management, and payment processing, as well as for verifying your identity and preventing fraudulent activities. 3.4. User Communication We use personal data to communicate with you regarding your account, platform updates, new features, and promotional content. You can opt-out of marketing communications at any time. 3.5. Platform Analytics and Improvement We use aggregated and anonymized data to conduct platform analytics and monitor usage trends to enhance platform performance and user experience. 3.6. Compliance with Legal Obligations We may process your data to comply with regulatory or legal requirements, including data retention, taxation, audit, and reporting obligations. 3.7. Security and Fraud Prevention Personal data may be used to prevent, detect, and investigate potential security breaches, fraud, or unauthorized access to the platform. 3.8. Legal Defense In cases where necessary, personal data may be processed to defend legal claims, enforce contracts, or manage disputes with users or third parties.

We rely on the following legal bases for processing your personal data: 4.1. Consent Where you have provided explicit consent, such as opting in to marketing communications or enabling cookies. 4.2. Contractual Necessity Processing is necessary to perform our contract with you, such as delivering the Services or processing transactions. 4.3. Legitimate Interests Processing is necessary for our legitimate interests, including improving our platform, preventing fraud, and managing legal claims, provided these do not override your privacy rights. 4.4. Compliance with Legal Obligations Processing is necessary for compliance with legal or regulatory obligations to which we are subject.

Your personal data may be shared under the following circumstances: 5.1. With Third-Party Service Providers We may share data with trusted third-party vendors who provide essential services to Epoch, including but not limited to: • Payment Processors: To process subscription payments and manage billing. • Cloud Hosting Providers: For data storage and platform functionality. • Analytics Providers: To analyze platform performance and user behavior. • Customer Support Providers: To assist with user inquiries and technical issues. 5.2. Legal and Regulatory Disclosures We may disclose personal data to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. Additionally, we may disclose data in connection with an investigation into potential fraud or other unlawful activities. 5.3. Business Transfers In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the acquiring entity. We will ensure appropriate safeguards are in place during such transactions, and you will be notified of any changes. 5.4. Third-Party Brokers When connecting third-party brokerage accounts to the platform, we may share data necessary for integration, such as account identifiers, transaction data, and relevant profile information.

Epoch operates globally, and as such, personal data may be transferred and processed in countries outside your jurisdiction, including countries that may have different data protection laws than your own. 6.1. Data Transfers Outside the EEA For users located in the European Economic Area (EEA), we ensure that data transfers outside the EEA comply with the General Data Protection Regulation (GDPR) by implementing appropriate safeguards, such as: • Standard Contractual Clauses: Approved by the European Commission for the transfer of personal data to third countries. • Binding Corporate Rules: Where applicable, to ensure that all entities within Epoch comply with data protection requirements. 6.2. Cross-Border Data Transfers For users located in other jurisdictions, we ensure that adequate measures are in place to protect personal data when transferred to countries with varying privacy regulations. Epoch ensures that all third-party service providers maintain equivalent or higher standards of data protection.

Epoch retains personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, and as required by applicable laws: 7.1. Account Data Data associated with your account is retained for the duration of your active use of the platform and for a reasonable period after account closure, to comply with legal obligations or resolve disputes. 7.2. Payment Information Payment information is retained only as long as necessary to process transactions and satisfy tax, audit, or legal requirements. 7.3. Cookies Cookie data is retained for the duration specified by the cookie type, or as required by law. Users may opt to delete cookies via browser settings.

Epoch is committed to ensuring the security of personal data and implements industry-standard security measures to protect against unauthorized access, disclosure, or loss: 8.1. Encryption Personal data is encrypted in transit and at rest using secure encryption protocols (e.g., SSL/TLS). 8.2. Access Controls We limit access to personal data to authorized personnel only, ensuring that data access is based on a need-to-know basis. 8.3. Data Breach Protocols In the event of a data breach, we will notify affected individuals and regulatory authorities as required by law and take necessary actions to mitigate any risks. 8.4. Third-Party Security We ensure that third-party service providers implement equivalent security standards when processing personal data on our behalf.

Depending on your jurisdiction, you may have the following rights concerning your personal data: 9.1. Right to Access You may request a copy of the personal data Epoch holds about you, including information about how the data is processed. 9.2. Right to Rectification You may request corrections to inaccurate or incomplete personal data. 9.3. Right to Erasure You may request the deletion of your personal data under certain conditions, including when data is no longer necessary for the purposes for which it was collected. 9.4. Right to Data Portability You may request that your personal data be transferred to another service provider in a structured, machine-readable format. 9.5. Right to Object You may object to the processing of your personal data in certain cases, including for direct marketing purposes. 9.6. Right to Restrict Processing You may request that Epoch restricts the processing of your personal data under certain conditions, such as if you contest the accuracy of the data. 9.7. Right to Withdraw Consent If processing is based on your consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing. 9.8. Right to Complain You have the right to lodge a complaint with your local data protection authority if you believe Epoch is processing your personal data in violation of applicable privacy laws.

10.1. Rights for California Residents Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), California residents are entitled to the following rights regarding their personal information: • Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, or sell. • Right to Delete: You have the right to request the deletion of your personal information that we have collected, subject to certain exceptions. • Right to Correct: You have the right to request corrections to your personal information if it is inaccurate. • Right to Opt-Out of Sale or Sharing of Personal Information: You have the right to direct us to stop selling or sharing your personal information with third parties. • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information, such as Social Security numbers, financial information, and biometric data. • Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA rights. To exercise any of these rights, please submit a verifiable consumer request by contacting us at [Insert Contact Information]. You may only make a verifiable request twice within a 12-month period. 10.2. Rights for European Union Residents Under the General Data Protection Regulation (GDPR), residents of the European Union have the following rights: • Right of Access: You have the right to request access to the personal information we hold about you. • Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal information. • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal information, subject to certain conditions. • Right to Restrict Processing: You have the right to request that we limit the processing of your personal information under certain circumstances. • Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to have it transferred to another data controller, where technically feasible. • Right to Object: You have the right to object to the processing of your personal information for direct marketing or any other purposes based on our legitimate interests. • Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To exercise these rights under GDPR, please contact us at [Insert Contact Information]. We will respond to your request in compliance with the applicable laws.

Epoch reserves the right to amend this Privacy Policy at any time to reflect changes in our data practices or regulatory obligations. We will notify you of significant changes by posting the updated Privacy Policy on our platform, along with the effective date.