This Privacy Policy explains how Inspirae Corp. ("NoNarcissAI", "we", "us", or "our") collects, uses, stores and

shares ("processes") your personal information when you use our services (the "Services"), including when you:

• Visit our website at nonarciss.ai or any website of ours that links to this Policy.

• Download, access, or use the NoNarcissAI App.

• Contact us or otherwise interact with us (support, communications, etc.).

If you do not agree with this Policy, please do not use the Services.

Questions or concerns? Reading this Policy will help you understand your privacy rights and the options available

to you. We are responsible for making decisions about how your personal information is processed. Should you

still have doubts or require further information, feel free to reach out to us at data@nonarciss.ai.

1. Information We Collect

A. Information You Provide

We collect personal information that you voluntarily provide to us when you register on the Services, express an

interest in obtaining information about us or our products and Services, when you participate in activities on the

Services, or otherwise when you contact us.

• Account & Profile: Email address, name or alias, date of birth, gender, country of residence. Authentication

is handled by Firebase; we do not store or have access to your password.

• User Content: Your chats with our conversational agent Nini, your cases, and any files you upload (audio,

images, videos, documents), including audio recordings and the transcripts generated by third-party

speech-to-text ("STT") services (e.g., Whisper). We currently do not extract or store metadata such as EXIF

or duration unless operationally necessary. When you interact with Nini or submit cases, your messages

and content are transmitted to third-party AI service providers for processing. See Section 6 for a full

list of providers and the specific data shared with each.

• Sensitive Information: When provided by you voluntarily through conversations with our chatbot, or as

otherwise permitted by applicable law, we may use the following categories of sensitive information: (i) health

data, including without limitation mental health data; and (ii) any other information you choose to share on the

App. Sensitive information you share in conversations may be transmitted to our AI Service Providers

(listed in Section 6) as part of generating responses. You will be asked to consent to this processing

before first use.

• Communications: Information you provide via any of the means of communications we maintain with you,

including messages sent to support, including privacy requests.

• Social Media Login Data: We may provide you with the option to register with us using your existing social

media account details, like your Google, Apple or other social media account. If you choose to register in this

way, we will collect certain profile information about you from the social media provider.

• Application Data: If you use the NoNarcissAI App, we also may collect the following information if you agree

to provide us with access or permission:

■ Mobile Device Access: We may request access or permission to certain features from your mobile device,

including your mobile device's microphone, calendar, reminders, and other features. If you wish to change ouraccess or permissions, you may do so in your device's settings.

■ Mobile Device Data: We automatically gather details about your device, such as its ID, model, manufacturer,

operating system, version data, and system configuration.

■ Push Notifications: We might ask for permission to send you push notifications related to your account or

specific features of our application(s). If you prefer not to receive these messages, you can disable them at

any time through your device settings.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of

any changes to such personal information.

B. Information Collected Automatically

We automatically collect certain information when you visit, use, or navigate the Services. This information does

not reveal your specific identity but may include device and usage information. This information is primarily

needed to maintain the security and operation of our Services, and for our internal analytics and reporting

purposes.

• Device & Usage Data: Device identifiers, operating system and version, language, time zone, app version,

feature usage events, crash logs, and similar telemetry.

• Network Signals: While we do not store your IP address, we may process transient network information to

enforce geo-blocking and security (without persistent storage).

C. Information Not Collected

We do not collect or store payment card numbers or bank details. Purchases are handled by Apple App Store and

Google Play. We do not collect your passwords.

D. Categories of Personal Data We Collect

We and our Vendors have collected the following categories of personal information in the past twelve (12)

months:

2. How We Use Personal Information• To provide the Services: We may process your information in order to operate Nini, store and display your

cases and uploads, deliver personal metrics, and include cases in the community feed when chosen.

• To support account creation and verification: We may process your information to enable you to register,

access your account, and ensure it remains properly maintained.

• To process audio into text: We may process your information in order to convert audio to text via STT

providers and associate transcripts with your messages.

• To secure the Services: We may process your information in order to troubleshoot, prevent fraud/abuse,

measure performance and stability, enforce geoblocking, and maintain safety features (see "Safety

Processing & Risk Signals" below).

• To improve the Services using User Content: We may process your information, including User Content,

to maintain, refine, and improve our artificial intelligence models, features, and heuristics. We may analyze

the content of conversations to understand opportunities for new features, model training, fine-tuning, data

modelling and evaluate the performance of our existing Services. We may use aggregated, de-identified, or

other anonymized data. We may also share anonymized data with third parties for business or commercial

purposes.

• To request feedback: We may process your information when necessary to request feedback and to contact

you about your use of our Services.

• For communications: We may process your information in order to send service notices, respond to

inquiries, and send marketing communications where permitted.

• Due to legal reasons: We may process your information in order to comply with law, enforce our Terms, and

protect rights, safety, and property.

3. Legal Bases

We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e.,

legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services

to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

4. Sharing and Disclosures

We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who

perform services for us or on our behalf and require access to such information to do that work.

The categories of third parties we may share personal information with are as follows:

• Infrastructure & Hosting: Google Cloud Platform (GCP) – us-central1 (Iowa, USA)

• Data Storage Service Providers: Amazon Web Services

• Authentication & App Services: Firebase (authentication, realtime database, push notifications)

• Speech-to-Text (STT): Whisper (and/or other STT providers as we may add)

• LLM/AI Inference: OpenAI, Anthropic, and DeepSeek — these providers process User Content (messages,

cases, uploaded media) to power Nini's conversational and analytical features. See Section 6 for details on

what data is shared.

• Analytics & Monitoring: Singular (MMP), Google Cloud Monitoring, Cloud Logging, Sentry and Firebase

Crashlytics

• Communication & Collaboration Tools: Slack, Notion

• Product Engineering & Design Tools• Regulatory authorities having jurisdiction over NoNarcissAI

We require third parties to use personal information only under our instructions and for permitted purposes, and to

implement appropriate security measures.

We may also disclose information: (i) to comply with law, legal process, or lawful requests; (ii) to protect rights,

safety, and property; (iii) in connection with any merger, sale, financing, or acquisition; or (iv) with your consent.

5. International Transfers

Our systems are hosted in the United States (Google Cloud). If you are accessing our Services from outside the

United States, please be aware that your information may be transferred to, stored by, and processed by us and

our third-party providers in the United States and other countries.

To ensure an adequate level of protection for personal data transferred internationally, we rely on one or more of

the following lawful transfer mechanisms, as applicable: Standard Contractual Clauses (SCCs); Data Privacy

Framework participation mechanisms; contractual, technical, and organizational safeguards; and any additional

transfer mechanisms recognized under the laws of your country of residence.

6. Our Artificial Intelligence-Based Products

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or

similar technologies (collectively, "AI Products"). These tools are designed to enhance your experience and

provide you with innovative solutions. The terms in this Privacy Notice govern your use of the AI Products within

our Services.

Third-Party AI Service Providers

To deliver our AI-powered features, including conversations with Nini, case analysis, and personal metrics, we

share certain User Content with the following third-party AI service providers ("AI Service Providers"):

What we share: When you send a message to Nini, submit a case, or upload content, the text and/or media is

transmitted to one or more of the AI Service Providers listed above for processing. This includes the

conversational context necessary to generate a relevant response.

What we do NOT share with AI Service Providers: Your name, email address, password, payment information,

or account credentials are not transmitted to AI Service Providers as part of content processing.

Your consent: Before using Nini for the first time, you will be asked to provide explicit consent to this data

sharing. You may review which providers process your data at any time in the app's Settings under "Data

Processing."

This list of AI Service Providers is current as of the "Last updated" date of this Policy. We may add, remove, or

replace providers. If we make material changes to this list, we will notify you and request renewed consent where

required.

You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.

How We Use Your Data Using AI

• Use of Personal Information for AI Training: We may collect and use personal information that you

provide to us during your interaction with our services, including conversation and other communication data,

preferences, feedback, and other information. This data may be used to improve and train the performance of

our artificial intelligence models.

• Data Anonymization: We strive to anonymize and aggregate any personal information before it is used for

training AI models. We take appropriate steps to remove identifiable data to the best extent possible.

• Consent to Use of Data for AI Training: By using our Services, you consent to the collection, use and

disclosure of your personal information as outlined in this Privacy Policy, including for the purpose of training

and improving AI models.

• Data Security: We implement industry-standard security measures to protect the personal information you

share with us. However, no method of data transmission over the Internet is completely secure.

• Your Rights: You have the right to access, correct, or delete any personal information we hold about you.

However, we can continue to use personal information used in reliance on your original consent.

7. Safety Processing & Risk Signals

We operate best-effort measures (including automated prompts and limited post-message checks) to detect

imminent risk (self-harm or harm to others). If risk signals are detected, we may temporarily block use and display

crisis resources. These measures do not create a duty to monitor or to intervene and are not a substitute for

professional help or emergency services.

8. Data Retention

We keep your personal information only for as long as we need it to carry out the purposes described in this

Policy, unless the law requires or allows us to keep it for a longer period. None of the purposes in this Policy

require us to keep your personal information longer than the time you maintain an account with us.

When we no longer have a valid business reason to keep processing your personal information, we will delete it or

anonymize it. If deleting or anonymizing is not possible at that moment, we will keep it safely stored and prevent it

from being used until deletion becomes possible.

9. Security

We implement reasonable technical and organizational measures designed to protect any personal information

we process. Data is encrypted in transit (TLS) and at rest. If we learn of an incident affecting personal information,

we will take steps to investigate and will notify you and/or regulators as required by law.

While we use safeguards and take reasonable steps to protect your information, no method of transmitting data

over the Internet can ever be completely secure. Any transmission of information to or from our Services is done

at your own risk.10. Your Privacy Rights

Depending on your location, you may have rights to request access, correction, deletion, portability, restriction, or

objection to certain processing; to opt out of targeted advertising or "sales/sharing" under certain U.S. state laws;

and to not be subject to decisions based solely on automated processing.

• Right to know whether or not we are processing your personal data

• Right to access your personal data

• Right to correct inaccuracies in your personal data

• Right to request the deletion of your personal data

• Right to obtain a copy of the personal data you previously shared with us

• Right to non-discrimination for exercising your rights

• Right to opt out of processing for targeted advertising, sale of personal data, or profiling

How to Exercise Your Rights: Use the in-app settings or email data@nonarciss.ai. We verify requests via your

in-app authenticated session and/or email verification. We will respond as required by law (e.g., 45 days under

certain U.S. state laws). We do not charge fees unless a request is manifestly unfounded or excessive. We will not

discriminate against you for exercising your rights.

Withdrawing Your Consent: You have the right to withdraw your consent at any time by contacting us at

data@nonarciss.ai or updating your preferences. This will not affect the lawfulness of processing before its

withdrawal.

Account Information: You can log in to your account settings and update or terminate your account. Upon

termination request, we will deactivate or delete your account from our active databases, though we may retain

some information as required by law.

11. Children's Privacy

The Services are intended only for individuals 18+. We do not knowingly collect personal information from children

under 18. If you believe a minor has provided personal information, contact us at data@nonarciss.ai.

12. Cookies & Tracking Technologies

The mobile app may use SDKs and similar technologies (e.g., Singular, Firebase, Sentry, Firebase Crashlytics,

Google Cloud Monitoring/Logging) to support analytics, attribution, crash reporting, and performance. You can

adjust certain permissions in your device settings.

13. International Users

Our Services are hosted in the United States and are not currently offered in the EU/EEA, UK, Switzerland, the

Russian Federation and the People's Republic of China, and/or any other jurisdictions NoNarcissAI may choose

to refrain from providing Services in. If you access the Services from outside the United States, you understand

your information will be transferred to and processed in the United States.

14. Changes to This Policy

We may update this Policy from time to time. The "Last updated" date will be revised accordingly. If we make

material changes, we will notify you via in-app notice or email.15. Contact Us

You may contact us via email or post at:

Inspirae Corp.

108 Lakeland Ave.

Dover, Kent, Delaware 19901

United States

Email: data@nonarciss.ai

Controller: Inspirae Corp., 108 Lakeland Ave., Dover, Kent, Delaware 19901, United States