PRIVACY POLICY

Grey Atlantic LLC  |  Effective Date: April 4, 2026

1. Acceptance of This Privacy Policy

BY ACCESSING OR USING THE SERVICES OF GREY ATLANTIC LLC ("COMPANY," "WE," "US," OR "OUR"), YOU UNCONDITIONALLY ACCEPT AND AGREE TO BE BOUND BY THIS PRIVACY POLICY IN ITS ENTIRETY. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY CEASE ALL USE OF OUR SERVICES. YOUR CONTINUED USE CONSTITUTES IRREVOCABLE ACCEPTANCE.

This Privacy Policy governs the collection, use, storage, disclosure, and handling of personal information by Grey Atlantic LLC, its members, managers, officers, employees, agents, successors, and assigns (collectively, the "Grey Atlantic Parties"). We reserve the absolute and unconditional right to amend, modify, or replace this Privacy Policy at any time without prior notice. All changes are effective immediately upon posting. It is your sole responsibility to review this Policy periodically.

2. Information We Collect and Own

(a) Grey Atlantic LLC collects personal information you voluntarily provide, including but not limited to your name, email address, phone number, mailing address, payment information, and any other information submitted through our website, application, or any other means of communication.

(b) We also automatically collect technical information including but not limited to IP addresses, device identifiers, browser type and version, operating system, referring URLs, pages visited, time spent, clicks, and behavioral data. This data is collected whether or not you are a registered user.

(c) ALL DATA YOU PROVIDE OR THAT IS GENERATED THROUGH YOUR USE OF OUR SERVICES — INCLUDING BUT NOT LIMITED TO USER-GENERATED CONTENT, BEHAVIORAL DATA, INTERACTION LOGS, USAGE PATTERNS, ARCHITECTURAL PREFERENCES, DESIGN SELECTIONS, ROOM CONFIGURATIONS, COLLABORATION METADATA, AND ALL INFERENCES, DERIVATIONS, AND AGGREGATIONS THEREOF — IS THE SOLE AND EXCLUSIVE PROPERTY OF GREY ATLANTIC LLC TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW. This includes data you do not explicitly submit but that is generated passively through your use of the app. By submitting or generating information, you grant Grey Atlantic LLC a perpetual, irrevocable, worldwide, royalty-free, fully sublicensable license to use, reproduce, modify, adapt, publish, distribute, and commercialize such information, including for machine learning model development, competitive benchmarking, product analytics, and any other lawful business purpose, without compensation to you.

(d) We may collect additional information at any time, including through third-party sources, analytics providers, advertising partners, and data brokers. We are under no obligation to disclose the specific sources of such third-party data.

3. How We Use Your Information

(a) Grey Atlantic LLC may use your personal information for any lawful business purpose, including but not limited to: operating and improving our services; communicating with you; marketing and promotional activities; analytics and research; fulfilling legal obligations; protecting our rights and property; machine learning and artificial intelligence model development; competitive intelligence and market benchmarking; and any other purpose consistent with this Privacy Policy or disclosed at the time of collection.

(b) We reserve the right to use aggregated, de-identified, or anonymized data derived from your information for any purpose without restriction, including commercial purposes, and without compensation to you. Such de-identified datasets are and remain the sole property of Grey Atlantic LLC, including after account deletion.

(c) We may use your contact information to send you marketing and promotional communications. You may opt out of marketing emails, but we reserve the right to continue sending transactional and administrative communications regardless of your preferences.

(d) If you withhold personal information, Grey Atlantic LLC reserves the right to restrict or terminate your access to our services without liability.

4. Healthcare Data — HIPAA Disclaimer and Prohibited Content

GREY ATLANTIC LLC DOES NOT PROVIDE HIPAA-COMPLIANT HOSTING, STORAGE, OR DATA PROCESSING SERVICES. GREY ATLANTIC LLC HAS NOT EXECUTED AND WILL NOT EXECUTE A BUSINESS ASSOCIATE AGREEMENT (BAA) IN CONNECTION WITH YOUR USE OF THIS APP. GREY ATLANTIC LLC IS NOT A COVERED ENTITY OR BUSINESS ASSOCIATE UNDER THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) OR THE HEALTH INFORMATION TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ACT (HITECH).

(a) You shall not upload, transmit, create, or collaborate on any content within the app that contains Protected Health Information (PHI) as defined by HIPAA, HITECH, or the HIPAA Privacy Rule. This prohibition includes, without limitation, any content that identifies or could reasonably identify any patient, resident, clinical subject, or individual by name, medical record number, diagnosis, treatment, or any other identifier.

(b) You represent and warrant that all content you upload, transmit, or create within the app is free of PHI and complies with all applicable healthcare privacy laws, including HIPAA, HITECH, and all applicable state laws.

(c) If Grey Atlantic LLC discovers or suspects that any user has uploaded, created, or transmitted PHI within the app, Grey Atlantic LLC reserves the right, in its sole discretion, to immediately disable access, permanently delete the content, notify appropriate regulatory authorities, and take any other action required or permitted by law. You assume all liability — civil, criminal, regulatory, and financial — for any breach of healthcare privacy laws resulting from your use of the app.

(d) Grey Atlantic LLC shall have no liability whatsoever for any HIPAA, HITECH, or state healthcare privacy law violation arising from a user's unauthorized upload or transmission of PHI. You agree to indemnify, defend, and hold harmless the Grey Atlantic Parties from any claim, penalty, fine, or expense arising from your violation of this Section.

5. Disclosure of Your Information

(a) Grey Atlantic LLC may share your personal information with: (i) our employees, members, managers, officers, agents, contractors, and professional advisors; (ii) technology and infrastructure service providers who process data solely on our behalf and are contractually bound to protect your information in accordance with this Privacy Policy; (iii) affiliates and subsidiaries; (iv) prospective or actual buyers, investors, or acquirers in connection with a business transaction; and (v) any other party with your consent or as required by law.

(b) Grey Atlantic LLC is the data controller for all personal information collected through our services. Third-party infrastructure providers act as data processors on our behalf and are contractually prohibited from using your data for any purpose other than providing services to Grey Atlantic LLC. Grey Atlantic LLC is not liable for any acts or omissions of third-party processors beyond our reasonable control.

(c) In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your personal information — including all behavioral data, usage logs, and analytical datasets — may be transferred to the acquiring entity without notice to or consent from you. Your information, including all data derived therefrom, is a business asset of Grey Atlantic LLC.

(d) Grey Atlantic LLC may disclose your information without notice to comply with any law, regulation, subpoena, court order, or government request, or if we determine in our sole discretion that disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.

6. Data Retention and Permanence of Analytical Data

Grey Atlantic LLC retains your personal information for as long as we deem necessary for legitimate business purposes, legal compliance, dispute resolution, and enforcement of our agreements.

UPON ACCOUNT DELETION, GREY ATLANTIC LLC WILL REMOVE OR ANONYMIZE YOUR DIRECTLY IDENTIFIABLE PERSONAL INFORMATION (INCLUDING NAME, EMAIL ADDRESS, AND PHONE NUMBER) IN ITS PRIMARY ACTIVE SYSTEMS. HOWEVER, GREY ATLANTIC LLC RETAINS THE PERPETUAL, IRREVOCABLE RIGHT TO RETAIN ALL BEHAVIORAL DATA, INTERACTION LOGS, USAGE ANALYTICS, DESIGN PREFERENCES, ROOM CONFIGURATIONS, COLLABORATION METADATA, DE-IDENTIFIED DATA, AND AGGREGATED DATA INDEFINITELY FOR PRODUCT DEVELOPMENT, MACHINE LEARNING, COMPETITIVE BENCHMARKING, LEGAL DEFENSE, AND ANY OTHER LAWFUL BUSINESS PURPOSE. DELETION OF YOUR ACCOUNT DOES NOT RESULT IN DELETION OF ANY DATA THAT HAS BEEN DE-IDENTIFIED, AGGREGATED, OR INCORPORATED INTO GREY ATLANTIC LLC'S ANALYTICAL DATASETS. USERS CANNOT REQUEST DELETION OF DATA THAT HAS BEEN INCORPORATED INTO COLLABORATIVE WORK PRODUCTS OR THAT IS NECESSARY FOR GREY ATLANTIC LLC TO MAINTAIN SYSTEM INTEGRITY, PREVENT FRAUD, OR SATISFY LEGAL OBLIGATIONS.

7. Deletion Requests

You may submit a deletion request for your directly identifiable personal information to apps@greyatlantic.com. Grey Atlantic LLC will verify your identity before processing any request. We reserve the right to deny deletion requests where retention is required by law, necessary for legitimate business interests, or where fulfillment would impair ongoing legal proceedings or dispute resolution. You may also request account deletion within the app by navigating to Accounts > Delete Account. Account deletion does not override Grey Atlantic LLC's perpetual data retention rights as set forth in Section 6 of this Policy.

8. Security

(a) Grey Atlantic LLC implements commercially reasonable technical and organizational measures to protect your personal information. However, NO DATA TRANSMISSION OR STORAGE SYSTEM IS GUARANTEED TO BE 100% SECURE. YOU USE OUR SERVICES AND TRANSMIT INFORMATION TO US ENTIRELY AT YOUR OWN RISK.

(b) GREY ATLANTIC LLC AND THE GREY ATLANTIC PARTIES SHALL HAVE NO LIABILITY WHATSOEVER FOR ANY UNAUTHORIZED ACCESS, DATA BREACH, OR LOSS OF YOUR PERSONAL INFORMATION, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW. In the event of a data breach, our notification obligations will be governed solely by applicable law.

9. No Liability for Third-Party Practices

Our services may contain links to or integrations with third-party websites, services, or platforms. Grey Atlantic LLC has no control over and assumes no responsibility for the privacy practices, content, or data handling of any third party. YOUR USE OF ANY THIRD-PARTY SERVICE IS ENTIRELY AT YOUR OWN RISK AND GREY ATLANTIC LLC EXPRESSLY DISCLAIMS ALL LIABILITY IN CONNECTION THEREWITH.

10. GDPR — EU Users

(a) To the extent applicable, Grey Atlantic LLC complies with the EU General Data Protection Regulation (GDPR). Grey Atlantic LLC acts as a data controller; third-party infrastructure providers act as data processors on our behalf.

(b) EU users have the right to access, correct, delete, restrict processing of, and port their personal data, and to object to certain processing activities. To exercise these rights, contact us at apps@greyatlantic.com. We may require identity verification and reserve the right to deny requests to the extent permitted under the GDPR and consistent with our data retention rights set forth in Section 6.

(c) We do not knowingly collect personal information from individuals under the age of 16 without verifiable parental consent. If you are under 16, you must not use our services.

(d) International transfers of personal data are subject to appropriate safeguards including standard contractual clauses approved by the European Commission.

11. Florida and U.S. Privacy Rights

To the extent required by the Florida Information Protection Act (FIPA) or other applicable U.S. federal or state privacy laws, Grey Atlantic LLC will comply with applicable obligations. Nothing in this Privacy Policy shall be construed to grant rights beyond those expressly required by applicable law. Grey Atlantic LLC reserves all rights not expressly granted herein.

12. Cookies and Tracking

We use cookies, pixels, beacons, and similar tracking technologies to collect information about your use of our services, including behavioral data, design preferences, and usage patterns. By using our services, you consent to our use of these technologies and to our use of data collected thereby for all purposes described in this Policy, including commercial analytics and machine learning. You may adjust your browser settings to refuse cookies, but doing so may impair the functionality of our services. Grey Atlantic LLC is not responsible for any loss of functionality resulting from your cookie preferences.

13. Changes to This Privacy Policy

Grey Atlantic LLC reserves the absolute right to modify this Privacy Policy at any time, in its sole discretion, without prior notice. All changes are effective immediately upon posting at www.greyatlantic.com. YOUR CONTINUED USE OF OUR SERVICES AFTER ANY MODIFICATION CONSTITUTES YOUR BINDING ACCEPTANCE OF THE REVISED POLICY. It is your responsibility to review this Policy periodically.

14. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE GREY ATLANTIC PARTIES SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THE COLLECTION, USE, OR DISCLOSURE OF YOUR PERSONAL INFORMATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION APPLIES REGARDLESS OF THE LEGAL THEORY UNDER WHICH DAMAGES ARE SOUGHT. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF THE GREY ATLANTIC PARTIES EXCEED ONE HUNDRED U.S. DOLLARS ($100.00).

15. Indemnification

You agree to indemnify, defend, and hold harmless Grey Atlantic LLC and the Grey Atlantic Parties from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees and all costs of defense) arising out of or related to: (i) your use of our services; (ii) your violation of this Privacy Policy; (iii) your violation of any applicable law, including any healthcare privacy law; (iv) any information you submit to us; or (v) any claim by a third party arising from your use of the app, including any claim of IP infringement, negligent design, breach of confidentiality, or HIPAA violation. Grey Atlantic LLC reserves the right to assume exclusive control of the defense of any matter subject to indemnification by you, at your expense.

16. Governing Law; Dispute Resolution

This Privacy Policy is governed exclusively by the laws of the State of Florida, without regard to conflict of law principles. Any dispute arising out of or relating to this Privacy Policy shall be resolved exclusively by binding arbitration in Florida, on an individual basis. YOU HEREBY WAIVE ANY RIGHT TO A JURY TRIAL AND ANY RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT OR CLASS-WIDE ARBITRATION. Grey Atlantic LLC reserves the right to seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property, data assets, or confidential information, without the requirement to post bond or other security.

17. Contact

For privacy-related inquiries, contact us at apps@greyatlantic.com or www.greyatlantic.com.