RINZY PRIVACY POLICY

This Privacy Policy describes how Rinzy ("Rinzy," "we," or "us") collects, uses, discloses, and otherwise processes information about you when you access or use our website, https://rinzy.tech/ (including https://www.rinzy.tech/) and other online products and services that link to this Privacy Policy (collectively, our "Services"), and when you otherwise interact with us (for example, through our contact channels).

Rinzy is currently operating a waitlist experience ahead of a broader product launch. We do not offer user accounts, a customer dashboard, or in-product purchases through the Services at this time. If and when these features launch, we will update this Privacy Policy.

We may change this Privacy Policy from time to time. If we make changes, we will update the date at the top of this policy. If we make material changes, we will provide additional notice (such as by adding a statement to the Services). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.

CONTENTS

• Collection of Information
• Use of Information
• Targeted Advertising and Analytics
• Disclosure of Information
• Your Choices
• Security
• Additional Information for Individuals in Europe
• U.S. State Privacy Notice
• Children's Privacy
• Contact Us

COLLECTION OF INFORMATION

The information we collect about you depends on how you use our Services or otherwise interact with us. In this section, we describe the categories of information we collect and the sources of this information.

Information You Provide to Us

We collect information you provide directly to us. For example, we collect information when you join the waitlist, request updates, or otherwise communicate with us. The types of information we collect directly from you include:

• Name
• Work email
• Organization website
• Company size (range)
• Role / intended use-case
• Any other information you choose to provide (e.g., a message)

We do not currently accept purchases through the Services and therefore do not collect payment card numbers via the Services. If this changes, we will update this section.

Information We Collect Automatically

We automatically collect certain information about your interactions with the Services, including:

Device, usage, and activity information: hardware model, operating system and version, browser type, language, approximate location, access dates and times, pages viewed, links clicked, and the route by which you access our Services.

Network and identifiers: IP address (which may be stored in hashed form), session ID, user agent, and timezone.

Referrers and campaign data: referrer URL and UTM parameters associated with your visit.

Cookies and similar technologies: We use cookies, pixels, and similar technologies to operate the site, understand engagement, and (as described below) enable retargeting. See Targeted Advertising and Analytics and Your Choices.

Information We Collect from Other Sources

We may obtain information from other sources, such as email or analytics providers, including deliverability status (e.g., whether a message bounced) and high-level engagement metrics.

Information We Derive

We may derive information or draw inferences from the information we collect—for example, approximating your location based on your IP address or inferring interest in certain features based on pages viewed.

USE OF INFORMATION

We use the information we collect to provide, maintain, and improve the Services. We also use the information we collect to:

• Manage the waitlist and communicate with you about product updates, early access, and opportunities to participate in research or pilots.
• Personalize your experience (e.g., tailoring updates that may be more relevant to your organization type).
• Send technical notices, security alerts, and support messages, and otherwise respond to your requests and inquiries.
• Send marketing communications such as newsletters and promotional materials (you can opt out at any time).
• Monitor and analyze trends, usage, and activities in connection with the Services.
• Detect, investigate, and help protect against fraud, abuse, or security risks, and protect the rights and property of Rinzy and others.
• Comply with legal obligations.

TARGETED ADVERTISING AND ANALYTICS

We engage others to provide analytics services, serve advertisements on our behalf, and perform related services. To do this, Rinzy and these partners may use cookies, web beacons, pixels, SDKs, device identifiers, and other technologies to collect information about your use of our Services and other websites and apps, including your IP address, browser and network information, pages viewed, time spent on pages, links clicked, and conversion information. This information is used to deliver advertising targeted to you on other companies' sites or apps (retargeting), measure the effectiveness of advertising, analyze and track data, and better understand your activity.

• We do not run third-party display ads on our site.
• We may use retargeting partners (for example, major advertising platforms) to show ads to you off-site based on your interactions with our Services.

You can usually adjust your browser settings to remove or reject cookies. You may also learn more about interest-based advertising or opt out of having your web browsing information used for behavioral advertising by companies participating in the Digital Advertising Alliance by visiting www.aboutads.info/choices (or, in Europe, www.youronlinechoices.eu).

We do not use session replay tools (e.g., keystroke/mouse recording).

DISCLOSURE OF INFORMATION

We disclose personal information as described in Targeted Advertising and Analytics above and in the following scenarios:

Vendors and Service Providers. We make personal information available to vendors, service providers, contractors, and consultants who perform services on our behalf (e.g., web hosting and infrastructure, email delivery, analytics, security, advertising/retargeting).

Law Enforcement and Legal Process. We disclose information to comply with applicable law or legal process, including lawful requests by public authorities.

To Protect Rights and Safety. We may disclose information if we believe it is necessary to enforce our terms and policies, protect our operations, or protect the rights, property, and safety of Rinzy, our users, or the public.

Professional Advisors. We disclose information to our legal, financial, insurance, and other professional advisors where necessary to obtain advice or manage business interests.

Corporate Transactions. We disclose information in connection with, or during negotiations of, certain corporate transactions (e.g., merger, financing, or acquisition).

With Your Consent or at Your Direction. We disclose information when you ask us to or otherwise consent.

We also disclose aggregated or de-identified information that cannot reasonably be used to identify you. We maintain and use this information only in a de-identified fashion and will not attempt to re-identify it, except as permitted by law.

We do not sell personal information or share it with data brokers.

YOUR CHOICES

Access, Correction, and Deletion

Because the Services are waitlist-only and do not include a user account dashboard, you can request access, correction, deletion, or portability of your personal information by emailing info@rinzy.tech.

Cookies and Similar Technologies

You can usually adjust your browser settings to remove or reject cookies. Note that removing or rejecting cookies could affect some functionality of the Services. In regions where required, we display a consent banner and will only set non-essential cookies (including advertising/retargeting) with your consent.

Communications Preferences

You may opt out of receiving promotional emails from Rinzy by following the instructions in those communications. If you opt out, we may still send you non-promotional communications (for example, messages about your waitlist status).

SECURITY

We take reasonable measures to help protect personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. These safeguards include encryption in transit (via TLS/HTTPS), encryption at rest where applicable, role-based access controls, least-privilege principles, and vendor due diligence. We also maintain an incident response plan to address potential security events. However, no system is completely secure, and we cannot guarantee the absolute security of your information. If you believe your information has been compromised, please contact us immediately at info@rinzy.tech.

ADDITIONAL INFORMATION FOR INDIVIDUALS IN EUROPE

Controller Information

For individuals in the EEA/UK/Türkiye, the controller of your personal data is ArfFi Teknoloji ve Danışmanlık A.Ş.

International Transfers

Rinzy and our service providers may process and store personal information in the United States, Türkiye, the European Economic Area, and other countries. Whenever we make restricted international transfers of personal information, we take steps to ensure that your information receives an adequate level of protection (for example, using Standard Contractual Clauses) or rely on another valid transfer mechanism under applicable law. Where relevant, you may request access to key safeguards (we may need to redact for confidentiality).

Retention

We retain personal data for as long as necessary to carry out the purposes described in this Privacy Policy and for other legitimate business purposes, such as compliance with legal obligations, resolving disputes, and enforcing agreements. Typical retention periods are:

• Waitlist & communications: up to 24 months after your last interaction or until you unsubscribe.
• Server logs/security data: up to 90 days.
• Analytics: aggregated or anonymized after 14 months.

Legal Basis for Processing

We process personal data on the following legal bases:

• Contract / pre-contractual steps (e.g., communicating about early access to the product).
• Legitimate interests (e.g., operating, securing, and improving the Services; analytics; communications related to the waitlist).
• Consent (e.g., sending marketing communications; using non-essential cookies/retargeting).
• Legal obligations (e.g., maintaining records required by law).

Data Subject Requests

You have the right to access your personal data (including in a portable format), request erasure, and request correction of inaccurate data. You may also have the right to object to or request restriction of certain processing. To exercise these rights, email info@rinzy.tech. You may also lodge a complaint with your local Data Protection Authority:

• EU: https://edpb.europa.eu/about-edpb/board/members_en
• UK: https://ico.org.uk/global/contact-us/
• Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

U.S. STATE PRIVACY NOTICE

Sale or Sharing of Personal Information

Rinzy does not sell or share personal information as those terms are defined under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), or similar state privacy laws.

Consumer Rights

If you are a resident of California, Colorado, Connecticut, Utah, Virginia, or another U.S. state with comprehensive privacy legislation, you may have the following rights:

• Right to Know/Access: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Portability: Obtain a copy of your personal information in a portable and readily usable format (where applicable).
• Right to Limit Use of Sensitive Personal Information: Request that we limit the use or disclosure of your sensitive personal information to certain purposes (where applicable).
• Right to Opt-Out of Selling or Sharing: Because we do not sell or share personal information, no opt-out is required for these activities.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.

How to Exercise Your Rights

To exercise any of these rights, please contact us at info@rinzy.tech. We will verify your identity before processing your request and respond within the timeframes required by applicable law (typically 45 days). You may designate an authorized agent to make a request on your behalf by providing written authorization or a power of attorney.

Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals as a valid opt-out request for the sale or sharing of personal information and for limiting the use of sensitive personal information, where applicable under state law. If you enable GPC in your browser, we will process it as a request to opt out of these activities.

CHILDREN'S PRIVACY

The Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as soon as possible.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at info@rinzy.tech and we will work to delete that information from our systems.

CONTACT US

If you have questions about this Privacy Policy or our data practices, please contact us:

ArfFi Teknoloji ve Danışmanlık A.Ş.

Email: info@rinzy.tech

Registered Address (English): Atatürk Neighborhood, Sütçü İmam Street, Malkoçoğlu Building, No: 101, Apartment 2, Ümraniye, Istanbul, Türkiye