General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) Policy

Effective Date: 03.03.2025.

1. Introduction Welcome to Tesseract Analytics Ltd (“Company”, “we”, “our”, or “us”). We are committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, and protect your personal information in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the California Consumer Privacy Act (CCPA).

2. Data Controller Tesseract Analytics Ltd, registered at: 85 Great Portland Street, First Floor, W1W 7LT, London, United Kingdom, is the data controller responsible for processing your personal data.

For GDPR and CCPA-related inquiries, you may contact our Data Protection Officer (DPO): Marko Rukavina, Founder & CEO Email: marko@tesseract-analytics.com

3. Data We Collect We may collect the following categories of personal data:

• Contact details (name, email address, phone number, company name, job title)

• Technical data (IP address, browser type, operating system, and usage data)

• Communications data (correspondence via email, website forms, or social media)

• Any other information provided voluntarily by you

• In compliance with CCPA, we may collect additional categories, such as geolocation data and commercial information (e.g., purchase history, service preferences)

4. Legal Basis for Processing (GDPR) & Data Collection Basis (CCPA) We process your personal data under the following legal bases:

• Consent: When you provide explicit consent for processing

• Contractual Necessity: When processing is required to fulfill a contract

• Legal Obligation: To comply with legal or regulatory requirements

• Legitimate Interest: To improve our services, marketing, and business operations

Under CCPA, personal information is collected for business purposes, including:

• Providing and improving services

• Fraud prevention and security

• Complying with legal obligations

• Internal analytics and marketing (only with user consent)

5. How We Use Your Data Your personal data may be used for the following purposes:

• Providing our services and responding to inquiries

• Processing transactions and managing contracts

• Sending marketing communications (only if you have opted in)

• Improving website functionality and user experience

• Complying with legal and regulatory requirements

6. Data Retention We retain personal data for as long as necessary to fulfill the purposes outlined in this policy or as required by applicable laws.

7. Data Sharing & Transfers We do not sell or rent personal data. However, we may share data with:

• Service providers who assist in our operations (e.g., cloud hosting, analytics, marketing)

• Legal authorities when required by law

• International partners, ensuring GDPR- and CCPA-compliant safeguards are in place

8. Your Rights Under GDPR and CCPA Under GDPR, you have the right to:

• Access, correct, or delete your personal data

• Restrict or object to processing

• Withdraw consent at any time

• Data portability (request transfer of your data)

• File a complaint with a supervisory authority

Under CCPA, California residents have the right to:

• Know what personal data is being collected

• Request deletion of their personal data

• Opt out of the sale of personal data (we do not sell personal data)

• Non-discrimination for exercising privacy rights

To exercise these rights, contact us at marko@tesseract-analytics.com.

9. Data Security We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, or disclosure.

10. Updates to this Policy We may update this GDPR and CCPA Policy from time to time. Changes will be posted on our website with the revised effective date.

For any questions or concerns regarding this policy, please contact Marko Rukavina at marko@tesseract-analytics.com.