Effective Date: May 22, 2025

Growenix Inc. ("Growenix," "we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our lending services, website, applications, and related services (collectively, our "Services").

We understand the importance of your personal information and are dedicated to maintaining transparency about our data practices. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

We serve as the data controller for the personal information we collect and process through our Services. As a data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that your data is handled in compliance with applicable privacy laws and regulations.

This Privacy Policy may change from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" above. You are advised to review this Privacy Policy periodically for any changes.

1. Types of Data that we collect

1.1. When we refer to "data," we mean any details associated with you that, either on its own or when combined with other information, allow the entity gathering and handling that data to distinguish you as an individual. The "processing of data" covers various actions involving your information, such as gathering, storing, transferring, and more.

1.2. Either individually or in collaboration with data processors, we might gather the subsequent types of information about you:

• Information obtained when you get in touch with us: This encompasses your preferred communication language, name, email, phone number, and any details furnished in your inquiries through our contact form.
• Information obtained while using our Website: This includes, but is not confined to, the length of your sessions, your interactions with the Website over time, responses to surveys, data you've shared with our support team (including the language of your requests), and any other information you voluntarily provide when communicating with us.
• Automatically collected information: This pertains to data regarding how you came across our platform, your IP address, time zone, device type and model, device settings, operating system, Internet service provider, mobile carrier, hardware ID, location (country, region, city), and your activities on the Website.
• Cookies and other tracking mechanisms, as outlined in our Cookies Policy, which help us enhance your browsing experience, analyze usage patterns, and improve the overall functionality of our Website.

2. Purpose of Data collection

2.1. We collect and process your personal data for the following purposes:

• To provide and maintain our Website: We use your information to deliver and maintain our services, including monitoring the usage of our Website and detecting technical issues.
• To respond to your inquiries: When you contact us through our contact form or other communication channels, we use your information to respond to your questions, requests, or concerns.
• To improve our Website and services: We analyze user behavior and feedback to enhance the content, functionality, and user experience of our Website.
• To communicate with you: We may use your contact information to send you important updates about our services, changes to our policies, or other administrative information.
• To ensure security and prevent fraud: We use certain information to detect and prevent potential security breaches, fraud, or other unauthorized activities.
• To comply with legal obligations: We may process your data to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• For analytics and statistical purposes: We use aggregated and anonymized data for internal analytics to understand trends, usage patterns, and to make data-driven business decisions.

3. Legal basis for data collection and processing

3.1. We process your personal data in accordance with applicable privacy laws and regulations. Our legal basis for collecting and processing your personal data includes:

• Consent: Where you have given explicit consent for us to process your personal data for specific purposes, such as when you submit information through our contact form.
• Legitimate Interests: We may process your data based on our legitimate business interests, such as improving our Website, ensuring its security, analyzing its performance, and providing better services, provided that these interests are not overridden by your fundamental rights and freedoms.
• Contractual Necessity: Processing may be necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
• Legal Obligation: Processing may be necessary for compliance with a legal obligation to which we are subject, such as maintaining records for tax purposes or responding to valid legal requests from authorities.

3.2. Where we rely on consent as the legal basis for processing your personal data, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

3.3. Where we rely on legitimate interests as the basis for processing, we conduct a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests at any time.

4. Children's Privacy

4.1. Our Website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect or solicit personal information from anyone under the age of 18.

4.2. If you are under 18, please do not attempt to use our Website or send any information about yourself to us. We do not collect or maintain personal information from individuals we know to be under 18 years of age, and no part of our Website is designed to attract or target individuals under 18.

4.3. If we learn that we have collected personal information from a person under the age of 18, we will promptly delete that information. If you believe that we might have any information from or about a child under 18, please contact us immediately at [contact email].

4.4. Parents and legal guardians are encouraged to monitor their children's Internet usage and to help enforce this Privacy Policy by instructing their children never to provide personal information on our Website.

4.5. In certain jurisdictions, the age of majority may be older than 18. In such cases, the references to "18 years of age" in this section shall be deemed to refer to the applicable age of majority in that jurisdiction.

5. Data Subject Rights

5.1. As a data subject, you have certain rights regarding your personal data. Depending on your location and applicable laws, these rights may include:

• Right to Access: You have the right to request information about the personal data we hold about you and to obtain a copy of that data.
• Right to Rectification: If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request correction or completion of that information.
• Right to Erasure (Right to be Forgotten): Under certain circumstances, you have the right to request the deletion of your personal data from our records.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
• Right to Data Portability: You have the right to request that we provide you or a third party of your choice with your personal data in a structured, commonly used, machine-readable format.
• Right to Object: You have the right to object to our processing of your personal data, particularly when the processing is based on our legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
• Right Not to be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

5.2. To exercise any of these rights, please contact us using the contact information provided in the "Contact Us" section of this Privacy Policy. We will respond to your request within the timeframe required by applicable law (typically within 30 days).

5.3. Please note that in some cases, we may not be able to comply fully with your request, such as if it would impact the privacy rights of others, would require disproportionate effort, or where we are legally required to retain certain information. In such cases, we will explain our reasons for not fully complying with your request.

5.4. You also have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable privacy laws.

5.5. We may need to verify your identity before processing your request to ensure the security of your personal data. This may involve requesting additional information from you.

5.6. We will not discriminate against you for exercising any of your data subject rights.

6. Sharing of Collected Data

6.1. Data Processors

When processing your data, we may use the following data processors:

• G-Suite services which may be represented by Google LLC (California, USA), Google Ireland Limited (the Republic of Ireland), Google Asia Pacific Pte. Ltd. (Singapore), or any other entity that directly or indirectly controls, is controlled by, or is under common control with Google LLC. G-Suite serves as our storage place provider to store your data. Google provides more information on how it processes data in its Privacy Policy.
• Google Analytics services which may be represented by Google LLC (California, USA), Google Ireland Limited (the Republic of Ireland), Google Asia Pacific Pte. Ltd. (Singapore), or any other entity that directly or indirectly controls, is controlled by, or is under common control with Google LLC. Google Analytics serves as our analytical services provider to analyze the data. Google provides more information on how it processes data in its Privacy Policy.

6.2. Third-Party Service Providers

In certain instances, we may require the assistance of third-party services and may share your data with them. This is essential to facilitate the operation, improvement, integration, customization, support, and marketing of our services and the Website. The data is shared primarily for the purposes outlined in Section 2 of this Policy. The types of third parties with whom we share information include, but are not limited to:

• Cloud storage providers
• Data analytics providers
• Measurement partners
• Marketing partners
• Communication services providers

It is important to note that by providing us with their services, these third-party providers also act as data processors for your data.

6.3. Affiliated Entities

We have the option to share your personal data with affiliated entities, such as companies connected to Growenix Inc. In such instances, these related companies will adhere to the principles outlined in this Privacy Policy.

6.4. Contractors

We do not lease or sell your personal data to external parties. However, we may share your personal information with business partners, suppliers, and subcontractors as required to fulfill contractual obligations or other agreements formed during our interactions with you. Additionally, we can share personal information with auditors, legal advisors, other professional consultants, and service providers.

6.5. Public Authorities and Entities

We may utilize and disclose your data to enforce the Agreement, safeguard our rights, privacy, safety, or property, as well as that of our affiliates, you, or others. This includes responding to requests from courts, law enforcement agencies, regulatory bodies, and other public and government authorities, or as required by law in other circumstances.

6.6. International Data Transfers

The Company and its service providers are based in the United States. Your country or jurisdiction may have different data privacy laws and protections than the United States.

If we transfer personal data originating from the European Economic Area (EEA) to countries that do not provide an adequate level of data protection, we use one of the following legal bases:

(i) Standard Contractual Clauses approved by the European Commission, or (ii) The European Commission adequacy decisions about certain countries (details available at: https://commission.europa.eu/publications/publications-standard-contractual-clauses-sccs_en).

6.7. Compliance with Legal Obligations

In order to comply with court orders, legal mandates, or legal processes, we may utilize and disclose personal data. This includes responding to government or regulatory requests.

7. Security Measures

7.1. We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect your information against unauthorized access, accidental loss, alteration, disclosure, or destruction.

7.2. While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data.

7.3. Our security measures include:

• Encryption of sensitive data
• Regular security assessments
• Access controls and authentication procedures
• Secure network infrastructure

7.4. We limit access to your personal information to those employees, agents, contractors, and third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

7.5. We have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data Retention

8.1. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

8.2. The retention period for your personal data depends on the purpose for which we process it. We will keep your information for the minimum period necessary to fulfill the purposes outlined in this Privacy Policy.

8.3. To determine the appropriate retention period for personal data, we consider:

• The amount, nature, and sensitivity of the personal data
• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process the data
• Whether we can achieve those purposes through other means
• Applicable legal, regulatory, or contractual requirements

8.4. When your personal data is no longer required for the purposes for which it was collected, we will delete or anonymize it, unless we are legally required to retain it for a longer period.

8.5. In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

8.6. If you request deletion of your data, we will respond in accordance with applicable laws and our data retention policies.

9. Changes to This Policy

9.1. We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws and regulations. The updated version will be effective as of the date stated at the beginning of the policy.

9.2. We will notify you of any material changes to this Privacy Policy by posting a notice on our Website or sending you a direct notification if required by law. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

9.3. Your continued use of our Website after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, you should discontinue your use of our Website.

9.4. Historical versions of this Privacy Policy may be available upon request.

9.5. Material changes to this Privacy Policy will not apply retroactively without your express consent.

10. Contact Us

10.1. If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the following information:

Growenix Inc,

Address: 7901 4TH ST N STE 300, ST PETERSBURG, FL 33702

Email: info@growenix.com

10.2. We will respond to your inquiries and requests within a reasonable timeframe and in accordance with applicable data protection laws.

10.3. If you are located in the European Economic Area and have concerns about our data collection and processing activities, you have the right to lodge a complaint with your local Data Protection Authority.

10.4. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy.