Privacy Policy

1. Overview

Threeum Corporation ("Threeum," "we," "our," or "us") is a Delaware corporation with its principal place of business in Denver, Colorado. Threeum develops adaptive computing hardware, biological intelligence platforms, and related products and services.

We respect the privacy of the people who visit our websites, use our products, engage with our sales and support teams, attend our events, apply for jobs, partner with us, or invest in us. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what rights and choices you have.

2. Scope

This Privacy Policy applies to personal information collected by Threeum across all of our public-facing properties and services, including:

• Websites and subdomains: threeum.com, threeum.ai, and any other site we operate.
• Products: Naos, Aperture, Cella computers, the THM Chip Series, Pulse, the Threeum App, and any future products.
• Sales and support: email, phone, and messaging interactions with our teams, including outreach we send and receive.
• Business operations: partner, supplier, investor, and job applicant interactions.
• Events and marketing: webinars, conferences, and campaigns.

This Policy does not apply to information that our enterprise customers process on their own systems using Threeum products. When Threeum processes personal information on behalf of a customer, we do so as a data processor under that customer's instructions and subject to a separate data processing agreement. See Section 17 for more.

3. Information We Collect

3.1 Information You Provide Directly

We collect personal information you choose to provide to us, including:

• Account and contact information: name, business name, title, email address, postal address, phone number, and country.
• Product access information: login credentials, profile settings, preferences, and roles within the Threeum App or enterprise product consoles.
• Reservation and order information: reservation details, deployment site, number of units, use case, intended industry, and shipping contact information.
• Payment information: payment card or bank information, billing address, tax identification numbers. Payment card data is processed by Stripe, Inc. or another qualified payment processor; Threeum does not store full card numbers.
• Communications: the content of emails, messages, support tickets, call notes, meeting notes, form submissions, and feedback you send to us.
• Marketing preferences: subscriptions to newsletters, events, and product updates.
• Career and partner applications: resume or CV, cover letter, work history, references, compensation expectations, partner proposals, investor materials, and any other information you submit in support of an application.
• Event participation: attendance, registration details, and any information shared during an event.

3.2 Information Collected Automatically

When you interact with our websites, the Threeum App, or our product consoles, we automatically collect information about your device and activity, including:

• Device and browser information: IP address, device type, operating system, browser type and version, language settings, and approximate location inferred from IP address.
• Usage data: pages visited, time spent, features used, referring URLs, clickstream data, searches, and error and performance logs.
• Cookies and similar technologies: as described in Section 7.
• Session and authentication data: session identifiers, timestamps, access logs, and security tokens.

3.3 Information From Third Parties

We may receive information about you from third-party sources, including:

• Enrichment and identity verification vendors (for customer and counter-party due diligence, export control screening, and fraud prevention).
• Publicly available sources such as company websites, LinkedIn profiles, news articles, regulatory filings, and professional directories, used for business outreach and relationship context.
• Referral sources such as existing customers, partners, and service providers who introduce you to us.
• Payment and logistics providers who share transaction and delivery information with us to complete your orders.
• Authentication providers (such as single sign-on) if you choose to log in using a third-party identity.
• Analytics and advertising partners who provide aggregated or pseudonymous information about our websites and campaigns.

3.4 Sensitive Information

We do not knowingly collect sensitive categories of personal information (such as government identifiers, precise geolocation, biometric identifiers, health information, racial or ethnic origin, religion, union membership, sexual orientation, or the contents of your private communications) except to the extent strictly required for a specific purpose (for example, tax IDs for billing, or export-control screening information for government contracting). Where we do collect sensitive information, we do so only with your consent or as otherwise permitted by law, and we apply appropriate safeguards.

4. How We Use Information

We use personal information for the following purposes:

• Provide our products and services, including account creation, reservations, order fulfillment, product access, technical support, and customer success.
• Process payments and manage billing, invoicing, taxes, and collections.
• Communicate with you about your account, orders, reservations, product updates, security notices, policy changes, and responses to your inquiries.
• Improve and develop our products, including debugging, performance monitoring, usage analytics, research, and the development of new features and products.
• Market and sell, including sending marketing emails and newsletters, personalizing website content, measuring the performance of campaigns, attending and hosting events, and conducting outreach to prospective customers, partners, and investors.
• Protect our people, products, and customers, including fraud prevention, abuse monitoring, threat detection, incident response, and security auditing.
• Comply with law and cooperate with lawful requests, including tax reporting, export controls, sanctions compliance, and responses to subpoenas and other legal process.
• Evaluate candidates and partners, including hiring decisions, investor and counter-party diligence, and pilot program selection.
• Conduct business operations, including accounting, audits, corporate transactions, and enforcement of our contracts and policies.

5. Legal Bases for Processing (EU and UK Residents)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases to process your personal information:

• Performance of a contract: to deliver products, fulfill orders, process reservations, and provide customer support.
• Legitimate interests: to operate, secure, and improve our business; to communicate with customers and prospects; and to protect our rights and the rights of others, where these interests are not overridden by your rights.
• Compliance with legal obligations: to meet tax, export control, sanctions, anti-money-laundering, and other legal requirements.
• Consent: for certain marketing, cookie, and optional processing activities, which you may withdraw at any time.
• Vital interests or public interest: in limited circumstances where processing is necessary to protect life or serve a defined public interest.

6. How We Share Information

We share personal information in the following circumstances:

• Service providers and processors. We share information with vendors that support our business, such as cloud hosting, payment processing (including Stripe), email delivery, customer relationship management, analytics, identity verification, background checks, accounting, professional services, shipping, and IT operations. These providers may only use your information to perform services for us and are contractually bound to protect it.
• Business partners. We may share information with partners involved in joint marketing, joint development, referral, reseller, or distribution arrangements, in each case subject to appropriate confidentiality and data protection obligations.
• Customers. If you are associated with a Threeum customer (for example, as an employee or designated contact of a reserving entity), we may share information with that customer about your interactions with our products and services.
• Regulators, courts, and law enforcement. We may share information in response to lawful requests, to comply with applicable law, or to protect the rights, property, or safety of Threeum, our customers, or the public.
• Export control and sanctions screening. Given the dual-use nature of adaptive computing hardware, we conduct denied-party and sanctions screening and may share information with compliance vendors and, where required, with U.S. and foreign government authorities.
• Corporate transactions. In the event of a merger, acquisition, financing, reorganization, or sale of all or part of our business or assets, personal information may be transferred to the acquiring or succeeding entity, subject to this Policy or a successor policy with substantively similar protections.
• With your consent or at your direction. We may share information in other ways when you ask us to or authorize us to do so.

We do not sell your personal information, and we do not share your personal information with third parties for their own independent advertising purposes, except as described in Section 12 regarding certain digital advertising activities.

7. Cookies and Tracking Technologies

We and our service providers use cookies, pixels, local storage, and similar technologies to operate our websites and products, remember your preferences, analyze usage, measure the performance of marketing campaigns, and protect against fraud and abuse. We use the following categories:

• Strictly necessary cookies enable core functions such as sign-in and security and cannot be turned off.
• Performance and analytics cookies help us understand how visitors use our websites and products.
• Functional cookies remember choices you have made, such as language or region.
• Marketing and advertising cookies help us measure the performance of our campaigns and tailor content to your interests.

You can control cookies through your browser settings, through any cookie banner or preference center we make available, and through opt-out mechanisms such as the Network Advertising Initiative and the Digital Advertising Alliance. Disabling some cookies may affect how our sites and products function.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, to comply with legal, tax, accounting, and regulatory obligations, to resolve disputes, and to enforce our contracts. Retention periods vary depending on the type of information and the purpose for which we collected it. When we no longer need personal information, we securely delete, anonymize, or destroy it.

9. Security

We implement administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, disclosure, alteration, and destruction. These include encryption in transit, restricted access, logging and monitoring, vendor risk management, and employee training. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for notifying us promptly if you suspect unauthorized access to your account.

10. International Data Transfers

Threeum is headquartered in the United States, and we may process and store personal information in the United States and other countries that may have data protection laws different from those in your country of residence. When we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Agreement, together with supplementary measures where required. You may request a copy of these safeguards by contacting us using the information in Section 20.

11. Your Privacy Rights

Depending on where you live, you may have the following rights with respect to your personal information:

• Access: the right to request access to and a copy of the personal information we hold about you.
• Correction: the right to request correction of inaccurate or incomplete personal information.
• Deletion: the right to request deletion of your personal information, subject to legal exceptions.
• Portability: the right to receive a copy of your personal information in a portable format.
• Objection and restriction: the right to object to or restrict certain processing, including direct marketing.
• Withdrawal of consent: the right to withdraw consent where we rely on consent as a legal basis.
• Non-discrimination: the right not to be discriminated against for exercising these rights.
• Complaint: the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, email privacy@threeum.com. We will respond within the time period required by applicable law. We may need to verify your identity before acting on your request. Authorized agents may submit requests on your behalf with proof of authorization.

12. California Residents

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"), provides you with specific rights regarding your personal information.

12.1 Categories of Information Collected

In the preceding 12 months, we have collected the categories of personal information described in Section 3, which map to the CCPA categories of identifiers, customer records information, commercial information, internet or other electronic network activity information, geolocation data (approximate), professional or employment information, and inferences drawn from the foregoing. We collect this information for the business and commercial purposes described in Section 4.

12.2 Sale and Sharing

We do not "sell" personal information in exchange for money. Certain uses of third-party cookies for analytics and cross-context behavioral advertising may be considered a "sale" or "sharing" under the CCPA. You can opt out of these activities by using the Do Not Sell or Share link on our websites, by enabling a Global Privacy Control (GPC) signal in your browser, or by emailing privacy@threeum.com.

12.3 Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes beyond those permitted by CCPA without providing you the right to limit such use.

12.4 Your California Rights

You have the right to know, access, correct, and delete personal information; to opt out of sale or sharing; to limit the use of sensitive personal information; and to be free from discrimination for exercising your rights. To exercise these rights, contact us at privacy@threeum.com.

12.5 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not make such disclosures.

13. Europe and UK Residents

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation, the UK GDPR, and the Swiss Federal Act on Data Protection provide additional rights:

• Right of access, rectification, erasure, restriction, and portability.
• Right to object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent at any time.
• Right to lodge a complaint with your local supervisory authority.

Threeum is the data controller for personal information we collect about you in connection with our websites, marketing, and our own products, except where we act as a processor as described in Section 17. Our representative for data protection matters can be reached at privacy@threeum.com.

14. Other U.S. State Privacy Laws

Residents of Colorado, Virginia, Connecticut, Utah, Texas, Oregon, Montana, and other U.S. states with comprehensive privacy laws have similar rights to access, correct, delete, and port their personal information, and to opt out of targeted advertising, sale, and profiling that produces legal or similarly significant effects. To exercise these rights, email privacy@threeum.com.

Because Threeum is headquartered in Colorado, we apply the Colorado Privacy Act's requirements as a baseline across our U.S. operations where practicable.

15. Children's Privacy

Our websites and products are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information. If you believe a child has provided us with personal information, contact privacy@threeum.com.

16. Third-Party Services and Links

Our websites and products may contain links to third-party sites, services, and integrations that we do not operate. This Policy does not apply to those third parties, and we are not responsible for their content, privacy practices, or terms. We encourage you to review the privacy policies of any third-party services you use.

17. Customer Data on Threeum Products

When enterprise or commercial customers use Threeum products (such as Aperture, Naos, Pulse, or Cella) to process information, including personal information about their own employees, contractors, or end users, the customer is the data controller (or "business" under CCPA) and Threeum acts as the data processor (or "service provider" or "contractor"). In those cases:

• The customer's own privacy policy governs how that information is collected and used.
• Threeum processes the information only in accordance with the customer's documented instructions and the applicable customer agreement, including a data processing addendum where required.
• If you are an end user of a customer's deployment and wish to exercise privacy rights, contact that customer directly. We will assist our customer in responding to verified requests.

18. A Note on Substrate-Level Data Immunity

Certain Cella computer workloads operate on biological substrates rather than silicon. Data processed within these substrates is stored as biochemical states rather than digital bits, and is not directly accessible through conventional digital means. Threeum applies additional technical, administrative, and physical controls to govern access to substrate-resident data and to the enclosures in which it is processed. Where substrate-resident data includes personal information, it remains subject to this Policy and to any applicable customer agreement.

19. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will update the Effective Date above and notify you by reasonable means, such as posting a notice on our websites, sending an email, or providing notice within our products. Your continued use of our websites or products after the updated Policy takes effect constitutes acceptance of the updated terms, unless otherwise required by applicable law.

20. Contact Us

For questions, requests, or concerns about this Privacy Policy or our privacy practices, contact us:

• Email: privacy@threeum.com
• Mail: Threeum Corporation, Attn: Privacy, Denver, Colorado, United States

If you have an unresolved privacy concern that we have not addressed satisfactorily, you may contact your local data protection authority or supervisory body, as described in Sections 11 and 13.