End User Privacy Policy

Effective Date: August 21, 2025

Privacy and security are very important to us at Hyperion. This End User Privacy Policy ("Policy") is meant to help you (the "end user") understand how we at Hyperion collect, use, and share your data when you use Hyperion products or services - for example, when you use the Hyperion Platform, or when you use Hyperion to connect and share your data to power the applications ("apps") you use. These apps, which offer many business services and products such as helping you value a business, benchmark business performance, manage your spending, streamline financing applications, or gather business insights, are built and provided by our technology customers (referred to herein as "developers"), and powered by Hyperion.

This Policy applies to Hyperion Intelligence, Inc. (collectively, "Hyperion," "we," "our," and "us").

You should read this Policy carefully, it contains important information about your privacy rights and choices.

About Hyperion

A quick note about Hyperion

Hyperion helps businesses and financial professionals connect accounting and financial accounts (collectively referred to herein as "financial accounts") to Hyperion or to third-party developers in order to provide you with products and services that you request.

About this Policy

Our goal with this Policy is to provide a simple and straightforward explanation of what data Hyperion collects from and about you and how we use and share that information. We value transparency and want to provide you with a clear and concise description of how we treat your data.

This Policy does not cover what developers of the apps you use do with your data. You should review the privacy policies or terms of service for those apps for information about their practices. This Policy also does not cover data we collect through our websites or when you interact with Hyperion outside of using our product or services, such as emailing Hyperion directly. Please see our Website Terms of Use and Cookie Policy for more information.

Hyperion's services are not directed to individuals under 18 and we do not knowingly collect data relating to children.

Our Data Practices

Hyperion is committed to providing end users with meaningful control over their data. This section describes Hyperion's data practices relating to our processing of data about you. We also provide summaries of our practices organized by category of data collected and by product at the end of this Policy.

Data We Collect and Categories of Sources

As described in more detail below, the data we collect, use, and share depends on the Hyperion products and services that you, and/or the app you have connected to, use. Depending on which of Hyperion's products or services you or your app use, Hyperion may collect the following:

• Data you provide to us;
• Data from financial institutions when you connect your financial account;
• Data from the electronic device you use to connect your financial account using Hyperion or to otherwise interact with Hyperion;
• Data from the developer of the app you have connected to;
• Data from our affiliates to provide support to you or to provide you with a better user experience; and/or
• Data from other sources, including service providers and identity verification and fraud prevention services.

Data you provide to us.

When you use Hyperion's products or services (like when you use Hyperion to connect your financial accounts to an app), we collect the following data from you as needed to power your particular app or Hyperion product or service:

• identifiers like name, email address, entity name, business address, date of entity creation, tax identification number, and phone number;
• login data when required by the provider of your account, like your username and password, account number, or a security token;
• any additional information needed to connect your accounts, including security questions and answers, and one-time password (OTP);
• information from documents or statements that you provide to Hyperion, like financial statements, accounting ledgers, bank statements; and/or
• information related to your use of our services, including which of our services you use, the dates and times of your use, and which financial institutions and apps you connect using Hyperion.

When you provide login data and additional information needed to connect your accounts, you also give Hyperion permission and authority to act on your behalf to access and transmit data to and from your financial institution.

Data we collect from financial institutions about and from your accounts.

Depending on which Hyperion products or services you, or the developer of your app use, as well as what, and how information is made available, we may collect the following data from your financial institutions:

• Account data, including financial institution name, account name, account type, account ownership, account number, entity identification number and tax identification number;
• Data about an account or ledger balance, including current and available balance;
• Data about credit accounts, including due dates, balances owed, payment amounts and dates, transaction history, credit limit, repayment status, and interest rate;
• Data about loan accounts, including due dates, repayment status, balances, payment amounts and dates, interest rate, guarantor, loan type, payment plan, and terms;
• Data about investment accounts, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis;
• Identifiers and data about the account owner(s), including name, email address, phone number, and address information;
• Data about account transactions, including amount, date, payee, type, quantity, price, location, involved securities, and a description of the transaction; and/or
• Data from your payroll and tax documents, including data about your income and tax form information.

Depending on the Hyperion service you or the developer of your app use, and the manner in which the data is made available, the data collected from your financial accounts may include data from all accounts accessible through a single set of account credentials.

Data we receive from your devices.

When you use a device, like your smartphone, tablet, or computer, to interact with our services (including through a developer's app), we may collect the following data about that device:

• internet protocol (IP) address;
• timezone setting and location, device location;
• hardware model and operating system;
• features within our services you access;
• browser data;
• network data; and
• other technical data about the device (such as settings and preferences).

Data we receive about you from the developers of apps powered by Hyperion.

When needed for Hyperion to provide a service (like performing analysis, verifying your identity, protecting against fraud or risk, or enabling business insights), the developers of the apps you use may provide us with identifiers and commercial information about you, like your name, unique identifier, email address, phone number, or information about your financial accounts and transactions.

Data we receive about you from other sources.

When needed to provide a service, identify your device, or to help prevent fraud, abuse, or security threats, we may also receive data about you directly from third parties, including your wireless carrier, agents and our service providers.

Information we derive from the data we collect.

We may derive additional information about you from the data we collect.

How We Use Your Data

We use your data for the following business and commercial purposes:

• Provide Services: To operate, provide, service, process, and maintain our products and services.
• Develop Existing Services: To improve, enhance, modify, add to, and further develop our services.
• Help Prevent Fraud, Verify Your Identity, or Protect Privacy: To verify your identity and help protect you, developers, our partners, Hyperion, and others from fraud, malicious activity, and other privacy and security-related concerns.
• Develop New Services: To develop new products and services.
• Develop Insights: To develop insights based on the data we've collected about you. This includes your transaction data, other financial data, data about which financial accounts you have connected to which apps, and data from other sources, to help us, your financial institutions, and the developers of your connected apps provide services and/or a better user experience to you, like providing you with a faster connection and onboarding experience, faster access to your funds, to help detect and prevent potentially fraudulent activity, or personalize their services to you.
• Provide Support: To provide support to you or to developers, including to help respond to your inquiries related to our services or developers' apps.
• Communicate With You: To communicate with you and send you things like technical notices, updates, security alerts, and messages.
• Investigate Misuse and Misconduct: To investigate any misuse of our service or developers' apps, including violations of our Developer Terms of Use, criminal activity, or other unauthorized access to our services.
• For Legal Purposes: To comply with contractual and legal obligations under applicable law and for other legal purposes such as to establish and defend against claims.
• With Your Consent: For other notified purposes with your consent or at your direction.

We also collect, use, and share data that has been aggregated or anonymized in a manner that does not identify you personally or any related business for any purpose permitted under applicable law. This includes creating or using aggregated or anonymized data to develop new products or services, to facilitate research, and for analytics purposes to help assess the speed, accuracy, and/or security of our services.

How We Share Your Data

We share your data for the following reasons:

• With the developer of the app you are using and as directed by that developer;
• To enforce any contract with you;
• With our data processors and other service providers, partners, agents or contractors in connection with the services they perform for us or developers;
• With financial institutions to help establish, maintain, or manage a connection you've chosen to make between your financial institution accounts and the products or services you use, as well as to help them protect your financial accounts and offer you personalized services such as returning user experiences;
• If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (like a court order or subpoena);
• In connection with a change in ownership or control of all or a part of our business (like a merger, acquisition, reorganization, or bankruptcy);
• Between and among Hyperion and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
• As we believe reasonably appropriate to protect against and prevent actual or potential fraud, unauthorized transactions, claims, other liabilities, or otherwise protect the rights, privacy, safety, or property of you, developers, our partners, Hyperion, and others; or
• For any other notified purpose with your consent or at your direction.

We do not share your data with non-affiliated third parties except as permitted by law (as authorized by 12 C.F.R. § 1016.14 and 1016.15).

We only share your financial data with third parties to power the services you requested, when you consent, and/or to protect against fraud.

We may collect and share cookie data with third parties when you visit our website, or we may allow third parties to collect this cookie data from our sites. Please see our Cookie Policy and Website Terms of Use for more details.

Our Retention and Deletion Practices

We retain your data only as long as it is needed. To determine whether the data is needed, we consider the reason your data was collected and used and any legal requirements to hold onto your data. We review your data periodically to ensure it is still needed to fulfill the purpose for which it was collected or any other legal requirements.

The exceptions to this may be if: (a) you've established a connection with another developer's app through Hyperion that is still active; (b) Hyperion needs your data to continue providing you with a Hyperion product or service you requested; (c) Hyperion is required by law to keep your data; (d) Hyperion needs your data to help protect against or prevent fraud or protect privacy, provide support, or investigate misuse and misconduct; (e) Hyperion has anonymized your data such that it cannot be reidentified; or (f) we request - and you specifically agree - to allow us to retain your data longer.

Your data will only be processed as required by law or in accordance with this Policy.

Please refer to the Your Data Protection Rights section of this Policy for options that may be available to you, including how to request deletion of your data. You can also contact us about our data retention practices at support@hyperionintelligence.co.

Protection of Data

Hyperion's security policies and practices are designed to protect the confidentiality and integrity of your data. Hyperion implements controls designed to limit access to this data to personnel who have a business reason to know it and prohibits its personnel from unlawfully accessing, using or disclosing this data.

Your Data Protection Rights

We will honor the following rights related to your data, subject to some limitations and exceptions provided by law, and you will not be discriminated against for exercising them:

• Access data collected about you;
• Request access to more details about the categories and specific pieces of information we may have collected about you in the last 12 months (including information disclosed for business purposes);
• Request, under certain circumstances, that we rectify or update your data that is inaccurate or incomplete;
• Request, under certain circumstances, that we erase or restrict the processing of your data;
• Object to our processing of your data under certain conditions provided by law;
• Where processing of your data is based on consent, withdraw that consent;
• Request that we provide data collected about you in a structured, commonly used and machine-readable format so that you can transfer it to another company, where technically feasible.

Please note that for an official record of your financial information you should make that request directly to your financial institution.

Depending on where you live, you may have the right to lodge a complaint.

To exercise any rights you have, you can contact us support@hyperionintelligence.co to exercise any of your data protection rights. You may be required to provide additional information necessary to confirm your identity before we can respond to your request.

If we receive your request from an authorized agent, we may ask for evidence that the agent has valid written authority, like a power of attorney, to submit requests on your behalf.

We will consider requests and provide our response within a reasonable period of time (and within any time period required by applicable law). Please note, however, that certain data may be exempt from such requests, for example if we need to keep the data to comply with our own legal obligations or to establish, exercise, or defend legal claims.

Your Additional Privacy Controls

Hyperion developed the Hyperion Platform to provide you with a convenient, centralized way to view and manage the connections you've made using Hyperion.

Once you've signed up for Hyperion Portal, you'll be directed to a dashboard that can show you financial accounts you've connected to, your chosen apps using Hyperion, and the types of data shared with those apps. Additionally, the Hyperion Portal provides you with controls to terminate the connection between apps and your financial accounts and delete associated data stored in Hyperion's systems.

Changes To This Policy

We update or change this Policy from time to time. If we make any updates or changes, we will post the new policy on Hyperion's website and update the effective date at the top of this Policy. We will also notify developers of any material changes in accordance with our developer agreements, as they may be better positioned to notify you about changes to this Policy.

Contacting Hyperion

If you have any questions or complaints about this Policy, or about our privacy practices generally, you can contact us at support@hyperionintelligence.co.