Dobs AI, Inc.

Effective Date: April 27, 2025

Last Updated: April 27, 2025

1. INTRODUCTION

Dobs AI, Inc. ("Dobs," "we," "us," or "our") provides AI-powered accounts payable recovery audit services to enterprise customers. This Privacy Policy explains how we collect, use, disclose, and protect information when you:

• Visit our website at https://dobs.ai (the "Website")

• Use our AI-powered analysis platform and services (the "Services")

• Interact with us in connection with a business relationship

Important Notice for Enterprise Data Processing: This Privacy Policy does not apply to information we process on behalf of our enterprise customers pursuant to written agreements. When we process data as a service provider or processor for our enterprise customers, such processing is governed by our agreements with those customers, including our Data Processing Addendum. If you are an individual whose information we process on behalf of our enterprise customer, please contact that organization directly for information about their privacy practices.

Scope and Application: This Privacy Policy applies to information we collect in our capacity as a controller (or "business" under CCPA) when you interact directly with us or our Website.

2. INFORMATION WE COLLECT

2.1 Information Collected from Website Visitors

When you visit our Website or interact with us, we collect:

• Contact Information: Name, email address, company name, job title, and phone number when you submit our contact form, request information, or request a demo

• Technical Information: IP address, browser type, operating system, referring URLs, and pages visited through standard web server logs

• Communication Data: Contents of communications when you contact us via email or other means

• Technical Information and Cookies: We use essential cookies and first-party analytics (Google Analytics) to understand Website usage and improve user experience. We do not use third-party advertising cookies or tracking for behavioral advertising. You can control cookies through your browser settings.

Website Forms: Our website contact form collects only business contact information (name and business email) for responding to inquiries about our enterprise services. This information is not connected to or used in the provision of our Services.

2.2 Information Processed for Enterprise Customers

In providing our Services to enterprise customers, we process business information on their behalf, which includes:

• Supplier and vendor company information

• Invoice and purchase order data

• Contract terms and pricing information

• Accounts payable records

• Business contact information (such as names, business emails, and titles of supplier representatives in their professional capacity)

This information consists of business-to-business data and relates to individuals only in their professional capacity as representatives of companies. We do not process personal financial information, consumer data, or sensitive personal information as part of our Services.

All processing is performed pursuant to our Master Services Agreement and Data Processing Addendum with each customer.

2.3 Scope of Information Collection

Our information collection is limited to:

• Business-to-business contexts

• Professional contact information

• Business operational data

We only collect information from individuals who are at least 18 years of age and acting in a professional capacity.

2.4 California Notice at Collection

For California residents, at or before the point of collection, we inform you of the categories of personal information collected and the purposes for use:

Categories Collected from Website Visitors:

• Identifiers (name, business email address, company name)

• Internet activity information (IP address, browsing behavior on our Website)

• Professional or employment-related information (job title, company)

Purposes of Collection:

• Responding to business inquiries submitted through our contact form

• Providing information about our enterprise Services

• Analyzing Website usage to improve user experience

• Complying with legal obligations

We will not collect additional categories of personal information or use the personal information collected for materially different purposes without providing notice.

3. HOW WE USE INFORMATION

3.1 Website Visitor Information

We use information from Website visitors to:

• Respond to inquiries submitted through our contact form and provide requested information

• Send information about our Services to business contacts who have expressed interest

• Analyze Website traffic and usage to improve user experience

• Maintain the security and functionality of our Website

• Comply with applicable legal obligations

All communications are business-to-business in nature and relate to our enterprise Services.

3.2 Enterprise Service Delivery

We process information pursuant to our agreements with enterprise customers to:

• Provide AI-enabled accounts payable recovery audit services

• Identify overpayments, duplicate payments, pricing errors, and contract non-compliance

• Generate reports and analytics for our customers

• Develop and improve our Services using deidentified data as permitted in our agreements

Service Improvement: We may use deidentified data to improve our Services. This means we may identify patterns and insights from aggregated, anonymized information that cannot be linked to any specific customer or individual. We do not train our AI models on customer-specific data. All service improvements using customer data are conducted in accordance with our contractual obligations.

4. LEGAL BASIS FOR PROCESSING

We process information based on the following legal bases:

4.1 For U.S. Residents (including California)

• Business Purposes: To operate our business, provide and improve our Services, and achieve our business purposes as permitted under CCPA

• Contract Performance: To fulfill our obligations under agreements

• Legal Compliance: To comply with applicable laws and legal obligations

• Consent: Where required by law, based on your affirmative consent

4.2 For EEA, UK, and Swiss Residents

• Legitimate Interests: To operate our business and provide our Services (where not overridden by your data protection rights)

• Contract Performance: To fulfill our contractual obligations

• Legal Compliance: To comply with applicable legal obligations

• Consent: Where required, based on your explicit consent

5. HOW WE SHARE INFORMATION

We may share information with:

5.1 Service Providers

We engage third-party service providers to assist in delivering our Services and operating our business, including:

• Microsoft Azure (Azure OpenAI, Form Recognizer) - AI inference and data processing services

• Amazon Web Services (AWS) - Cloud hosting, data storage, and compute infrastructure

• AWS RDS (PostgreSQL) - Database services

• Other service providers who assist with technical and operational functions

All service providers are contractually obligated to protect information, maintain confidentiality, and use it only for providing services to us. Service providers do not have access to customer-specific data unless necessary for their specific function and under strict confidentiality agreements.

5.2 Enterprise Customers

We share analysis results, reports, and findings with our enterprise customers as part of our Services.

5.3 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, protect safety, or investigate fraud.

5.4 Business Transfers

We may transfer information in connection with a merger, acquisition, or sale of all or a portion of our assets.

5.5 Aggregated Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

5.6 Sell or Share

We do not "sell" or "share" personal information as those terms are defined under the California Consumer Privacy Act, and we have not sold or shared personal information in the preceding 12 months.

6. DATA SECURITY

We implement appropriate technical and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest

• Access controls and authentication requirements

• Regular security assessments and vulnerability management

• Employee confidentiality obligations

• Secure data centers with physical access controls

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. DATA RETENTION

We retain information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law:

• Website Visitor Information: We retain business inquiry and contact information for up to 3 years from our last interaction, or until you request deletion.

• Customer Data: We retain information processed for enterprise customers in accordance with our agreements, typically for the duration of the business relationship plus 90 days after termination to facilitate final reporting and transition.

• Legal Compliance: We may retain certain information for up to 7 years as required for tax, accounting, or legal purposes.

• Aggregated/Anonymized Data: We may retain aggregated or anonymized data that cannot identify any individual or company indefinitely for research and service improvement purposes.

Upon expiration of the applicable retention period, we will securely delete or anonymize the information.

8. INTERNATIONAL DATA TRANSFERS

We are based in the United States. Information we collect may be transferred to and processed in the United States or other countries where we or our service providers operate. We implement appropriate safeguards for international data transfers as required by applicable law, including Standard Contractual Clauses where required.

9. YOUR RIGHTS AND CHOICES

9.1 Access and Correction

You may request access to or correction of your information by contacting us using the information below. We will respond to your request within 45 days.

9.2 Marketing Communications

We may send you information about our Services if you have expressed interest or submitted an inquiry. You may opt out of receiving such communications at any time by clicking "unsubscribe" in any email or contacting us directly at privacy@dobs.ai.

9.3 Browser Privacy Settings

Our Website honors standard browser privacy settings and signals. We use only essential cookies and first-party analytics as described in this Policy. You can control cookie preferences through your browser settings.

9.4 California Privacy Rights

Notice to California Residents

If you are a California resident, you have specific rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA").

Your Rights Include:

• Right to Know: You may request that we disclose what personal information we collect, use, disclose, and sell

• Right to Delete: You may request deletion of your personal information

• Right to Correct: You may request correction of inaccurate personal information

• Right to Opt-Out: You have the right to opt-out of the sale or sharing of personal information

• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by CCPA:

• Identifiers (business contact information)

• Commercial information (business interactions)

• Internet activity (website usage data)

• Professional information (business title, company)

Your California Data Rights

We process personal information solely for our business purposes and service delivery. As a B2B service provider:

• We use personal information only for the business purposes disclosed in this policy

• We maintain your right to access, correct, and delete your personal information

• We ensure non-discrimination for exercising privacy rights

• We process data only as a service provider when handling our customers' data

Our business model is based on providing services to enterprises, and all data processing supports this purpose.

How to Exercise Your Rights

California residents may exercise their rights by:

• Email: privacy@dobs.ai

• Phone: (415) 770-9945

We will verify your identity before processing your request and respond within 45 days of receipt. You may designate an authorized agent to make a request on your behalf by providing written authorization.

9.5 European Privacy Rights

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have additional rights under GDPR, including rights to:

• Access, correct, or delete your personal data

• Restrict or object to processing

• Data portability

• Lodge a complaint with a supervisory authority

10. DATA PROCESSING FOR ENTERPRISE CUSTOMERS

If you are an individual whose information we process on behalf of an enterprise customer:

• We process your information as a processor/service provider on behalf of our customer

• Your information is governed by our customer's privacy policy

• Please direct privacy inquiries to the organization that submitted your information to us

• We will cooperate with our customers to address your privacy rights as required by applicable law

11. CHILDREN'S PRIVACY

Our Services are intended for businesses and are not directed to individuals under 18 years of age. We do not knowingly collect personal information from individuals under 18. If we learn we have collected information from an individual under 18, we will delete it promptly. If you believe we may have information from or about an individual under 18, please contact us at privacy@dobs.ai.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes, we may provide additional notice.

13. CONTACT US

For all questions about this Privacy Policy, our privacy practices, or to exercise your privacy rights, please contact us at:

Dobs AI, Inc.
Attn: Privacy
San Francisco, California
United States

Email: privacy@dobs.ai
Phone: (415) 770-9945
Website: https://dobs.ai

For All Privacy Requests: Email: privacy@dobs.ai

All privacy-related requests, including those from California residents under CCPA and European residents under GDPR, should be directed to privacy@dobs.ai. We will respond to all requests within the timeframes required by applicable law (45 days for CCPA, 30 days for GDPR).

Registered Agent for Service of Process:
Dobs AI, Inc.
c/o Registered Agent
251 Little Falls Drive
Wilmington, DE 19808

Version 2.0 - Effective April 27, 2025