Privacy Policy

Version: 1.0 Effective Date: May 1, 2026 Last Updated: May 1, 2026

Your privacy matters to us. This Privacy Policy explains how Full Summit LLC ("Full Summit," "we," "us," or "our") collects, uses, discloses, and protects information when you use our Services. The Services may include web applications, desktop applications, hosted cloud services, websites, administrative dashboards, support services, and related product features we operate.

For purposes of this Policy:

• "Personal information" means information that identifies, relates to, or could reasonably be linked to an identified or identifiable individual.
• "Customer Data" means business records, documents, files, content, and related information submitted to the Services by or on behalf of a customer. Customer Data may include personal information.

Our Principles

A few commitments that guide everything below:

• We aim to collect only information reasonably necessary to provide, secure, support, and improve the Services.
• We never sell your personal information, and we do not share personal information for cross-context behavioral advertising.
• We never use Customer Data to train generative AI models.
• We're transparent about what we do, and we'll let you know when we make material changes to this Policy.
• Where available or required by law, you can request a copy of your information or ask us to delete it.

Information We Collect

Information you provide. When you sign up and use the Services, you may provide information such as your name, business name, email, phone number, login credentials, and billing contact information. Payment card details are processed directly by our payment processor; we do not store full card numbers on our systems. Passwords are transmitted to our authentication provider, which is responsible for storing and verifying them; we do not retain your password. You may also provide information when you contact support, respond to a survey, or fill out a form on our website.

Information from connected services. When you connect a third-party service to the Services (for example, authorizing access to a mailbox), we access only the information needed for the feature you've enabled. You can revoke access at any time through the provider or within the Services. Note that revoking access stops future collection from that service, but does not automatically delete information already imported into the Services unless you also delete it within the Services or request deletion from us.

Customer Data. When you use the Services, you may submit Customer Data such as business records, documents, and files. Customer Data may include personal information about your customers, employees, or other individuals, for example, names and contact details that appear in a document you upload.

Information collected automatically. Like most online services, we collect some technical information automatically:

• Log data: IP address, browser type, device identifiers, operating system, and timestamps when you use the Services.
• Usage data: which pages you visit, which features you use, and how you interact with the Services.
• Device and application data: application version, update channel, license or activation status, device identifiers, operating system details, configuration settings, synchronization status, and update or compatibility check information.
• Diagnostic data: crash reports, error logs, performance data, and similar diagnostic information used to maintain, secure, and improve the Services.
• Cookies and similar technologies: small pieces of data your browser stores to keep you signed in, remember your preferences, and help us understand how the Services are used. You can usually control cookies through your browser settings, though some features may not work without them.

Local Processing

Some Services include components that run on your device. Local components may store or process data locally, for example, application settings, cached records, documents, extracted text, logs, and files needed for the application to function.

Depending on the product and configuration, some data may remain only on your device, while other data may be synchronized with, backed up to, or processed by our cloud services. Cloud-connected features may require transmitting account information, license or activation information, application version information, diagnostic information, synchronization metadata, Customer Data, or related files to provide the requested functionality.

Some Services may be made available in different deployment modes that affect where Customer Data is stored. Where a Service is configured for local-mode deployment, Customer Data resides on your device by default and is not automatically transmitted to us.

For Services in local mode, you may have the option to enable encrypted cloud backup. When this option is enabled, Customer Data is encrypted on your device before being transmitted to our cloud infrastructure for storage. The encryption keys for such backups remain on your device and are not transmitted to us. As a result, we store the encrypted backup data but cannot decrypt or access the underlying Customer Data. If you lose access to your encryption keys, we cannot recover or decrypt the backup data.

Other deployment modes may be made available in the future. The applicable Service or Order Form will describe the deployment mode and how Customer Data is handled.

In all deployment modes, the application may transmit operational data to us, including aggregated or de-identified usage statistics, performance metrics, license and activation status, error and diagnostic data, and similar metadata. We design this operational data not to include Customer Data in identifiable form.

Unless a feature requires cloud processing, synchronization, backup, support, licensing, update, security, or account functionality, locally stored data may remain on your device and is not transmitted to us.

You are responsible for securing your device, operating system, user accounts, local backups, exported files, and the local environment in which the Services run. Deleting cloud-hosted data or closing your account may not automatically delete information stored locally on your device, in your backups, or in files you exported.

Some update, compatibility, security, and licensing checks may occur automatically when the application is connected to the internet.

Automated Processing and Document Features

To provide requested features, the Services may use automated processing, including optical character recognition (OCR), document parsing, classification, extraction, and similar technologies. These features convert documents into structured data so they can be used within the Services.

We do not use Customer Data to train generative AI models. If we use third-party processors to provide these features, those processors handle Customer Data only to provide the requested service, subject to applicable contractual restrictions. We will update this Policy if we materially change how automated processing works.

How We Use Information

We use information to:

• Provide the Services. Set up your account, process the work you ask us to do, and keep things running.
• Process payments. When you pay for a subscription, we (and our payment processor) use your billing information to charge you and send receipts.
• Communicate with you. Send service-related messages (like account notices and security alerts) and, where permitted, occasional product updates. You can opt out of marketing emails at any time.
• Provide support. Respond to your questions, troubleshoot issues, and, when necessary, allow authorized personnel to access limited account information or Customer Data to resolve support, security, or operational issues.
• Improve the Services. Understand what's working and what isn't so we can make things better.
• Keep things safe. Detect and prevent fraud, abuse, and security incidents.
• Comply with the law. Meet our legal obligations and enforce our agreements.

We don't sell your personal information, and we don't use Customer Data to train generative AI models.

How We Share Information

We share information only in these situations:

• Service providers (subprocessors). We use vendors that help us operate the Services, for example cloud hosting and payment processing. We may use additional categories of vendors as the Services evolve, such as for analytics, customer support, transactional email, or specialized processing features. Vendors process information on our behalf under confidentiality obligations. A current list of subprocessors is available on request.
• Other users in your organization. If you're part of a team account, the data you submit may be visible to other authorized users based on the access you configure.
• Legal and safety. We may share information when we reasonably believe it's required by law, necessary to protect rights or safety, or needed to address fraud or security issues.
• Business transfers. If Full Summit is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. This Policy will continue to apply to your information.
• Aggregated or de-identified information. We may share information that has been aggregated or de-identified so that it can no longer reasonably be used to identify you or your organization. We will not attempt to re-identify de-identified information except as permitted by law, such as to test whether our de-identification processes are effective.

Customer Data and Organization Accounts

If you use the Services as part of an organization (for example, your employer), the organization controls the Customer Data submitted to the Services and is responsible for it. We process that data on the organization's behalf.

If your account is managed by an organization, administrators or authorized users of that organization may be able to access, manage, export, restrict, or delete information associated with the organization's account, including information associated with your individual user.

We use logical access controls designed to restrict access to Customer Data to authorized users within the applicable organization or account.

Deleting an individual user account does not necessarily delete Customer Data controlled by an organization.

If you have questions about your organization's data, please contact your organization directly.

Your Full Summit Account

A single Full Summit account may be used to access more than one of our Services. Account information, such as your name, email, and login credentials, is associated with your Full Summit account and used across the Services you have access to.

Access to each Service is granted separately. Having a Full Summit account does not by itself provide access to a Service; you must be subscribed to or otherwise authorized to use that Service.

Customer Data submitted within a specific Service is kept logically separate from Customer Data submitted within other Services. We do not use Customer Data from one Service to provide a different Service unless you direct us to do so, or unless necessary for security, support, legal compliance, account administration, or to protect the Services. If you stop using one Service but continue to use another, we retain the data needed to continue providing the Service you are still using.

Deleting your Full Summit account may affect your access to multiple Services. In some cases, you may be able to stop using or delete data from one Service without deleting your entire Full Summit account.

How Long We Keep Information

We keep information for as long as your account is active and as long as we need it to provide the Services. After that, we delete or de-identify it.

Some information may be retained longer than your account is active, including:

• Backups, logs, and archival systems may retain information for a limited period before it is overwritten or removed.
• Security and audit logs may be retained as needed to investigate incidents and meet our compliance obligations.
• Billing, tax, and accounting records may be retained as required by applicable law.
• Information subject to a legal hold or required to resolve a dispute will be retained until the matter is resolved.

You can ask us to delete your information at any time, and we'll honor the request to the extent we're not required to keep it.

Security

We use reasonable administrative, technical, and physical safeguards to protect information, for example, encrypting data in transit and at rest, restricting internal access, and monitoring for unauthorized activity. But no system is completely secure. You're responsible for keeping your account credentials confidential and letting us know promptly if you suspect unauthorized access.

If we become aware of a security incident affecting personal information, we will provide notice as required by applicable law.

International Data Transfers

We primarily process and store information in the United States. We and our service providers may process information in other countries where we or they operate. If you access the Services from outside the United States, your information may be transferred to, processed in, and stored in countries whose privacy laws may differ from those in your country.

Your Privacy Rights

Depending on where you live, you may have rights under applicable privacy laws, for example, the right to access, correct, delete, or receive a copy of your personal information; to object to or restrict certain processing; and to appeal a denied request. Contact us at the email below to exercise these rights, and we'll respond as required by law.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under applicable U.S. state privacy laws.

Your Choices

You have several choices about your information:

• Update your information within the Services or by contacting us.
• Delete your account by contacting us. Some information may be retained as described in How Long We Keep Information above.
• Opt out of marketing emails using the unsubscribe link. Service-related emails (like billing notices and security alerts) will continue.
• Manage cookies through your browser settings.
• Revoke connected services through the provider or within the Services.

Age Restrictions

The Services are intended for use by individuals 18 years of age or older. The Services aren't directed to children, and we don't knowingly collect personal information from anyone under 18. If you believe someone under 18 has provided us with personal information, please contact us and we'll take appropriate steps to delete it.

Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will provide notice as appropriate, for example, through the Services, by email, or by updating the change log below and the "Last Updated" date. The updated Policy will apply after its effective date. If required by law, we will obtain your consent before applying material changes.

Contact

Questions, requests, or concerns about this Privacy Policy or our privacy practices may be sent to:

Full Summit LLC

Email: privacy@fullsummit.us

Change Log

• v1.0 (May 1, 2026): Initial version.

Version: 1.0.

Previous versions: None.