RedRadar Technologies Privacy Statement

Last updated: April 2026

This Privacy Statement explains how RedRadar Technologies Inc. ("RedRadar") collects, uses, and protects personal data when you visit our website, contact us, or engage with us as a client, partner, or candidate. This Statement is written to be read in plain language. It does not replace contractual terms that may apply to specific services (for example, platform Master Services Agreements). Where those terms address data handling, they take precedence over this Statement for the activities they cover.

1. Who we are

RedRadar Technologies Inc. Delaware, USA RedRadar operates redradar.ai website and provides the RedRadar OSINT platform and the VAULT intelligence engine to government, defense, and selected enterprise clients.

2. What this Statement covers — and what it does not

This Statement covers personal data we process about:

3. Personal data we collect, and why

We collect different categories of personal data depending on how you interact with us. The lists below describe each category, the purpose for which we use it, and our lawful basis under the GDPR / UK GDPR.

Website visitors (redradar.ai)

Data collected: device and browser identifiers, pages visited, referral URL, approximate location derived from IP, and cookie identifiers. See Section 17 (Cookies) for detail. Purpose: To operate, secure, and improve our websites; to analyze traffic patterns; to detect abuse; to improve your user experience. Lawful basis (GDPR/UK GDPR): Our legitimate interest in operating a secure, functional website and understanding how it is used. Where required by law, we obtain your consent before placing non-essential cookies.

People who contact us

Controller: RedRadar Data collected: Name, email address, employer, role, and the contents of your message and any attachments. If you request a demo or platform evaluation, we may also collect information about your organization's role, mission, jurisdiction, and intended use case. Purpose: To respond to your inquiry, evaluate fit, and (where applicable) progress a procurement, partnership, or media engagement. Lawful basis (GDPR/UK GDPR): Our legitimate interest in responding to inquiries and developing business relationships, and steps taken at your request prior to entering a contract. We may keep your contact information on file after the initial exchange so we can resume the conversation if you re-engage. If you would prefer we delete your details, write to us.

Clients and their personnel

Controller: RedRadar Data collected: Names, contact details, professional roles, and correspondence of individuals at our client organizations who interact with us as users, project leads, procurement contacts, legal counsel, or otherwise. Contract documentation, invoices, and account records. Purpose: To establish and manage the contractual relationship; to deliver the platform, or services; to issue invoices and process payments; to provide support; to comply with legal and regulatory obligations including export control screening; to enforce our agreements; and to maintain account records. Lawful basis (GDPR/UK GDPR): Performance of a contract; legitimate interest in managing a commercial relationship; compliance with legal obligations. This category does not include data that clients process inside the RedRadar platform in the course of intelligence work. That data is governed by Section 11.

Prospective clients identified through publicly available

information Controller: RedRadar. Data collected: Name, professional role, employer, public professional contact information (LinkedIn URL, business email where publicly listed), and notes on relevance to our work. Purpose: To identify organizations and individuals to whom our offering may be relevant and to make initial outreach. Lawful basis (GDPR/UK GDPR): Our legitimate interest in business development. Where required by applicable law, we limit such outreach to recipients in their professional capacity at organizations whose mission aligns with ours. You can object to this processing at any time by writing to us.

Event and webinar attendees

Controller: RedRadar Data collected: Registration details, attendance, and (where applicable) recordings. We will tell you in advance if a session is being recorded. Purpose: To deliver the event, follow up afterward, take notes, and improve future events for attendees. Lawful basis (GDPR/UK GDPR): Performance of a contract (your registration), our legitimate interest in operating educational events, and consent for any optional uses such as inclusion in promotional material.

Job applicants

Controller: RedRadar Data collected: As described in our Candidate Privacy Notice. In summary: identification and contact data, CV / résumé, application materials, interview notes, references, and (where the role and jurisdiction require) background check results and right-to-work documentation. Purpose: To assess your application and, if you are hired, to onboard you. Lawful basis (GDPR/UK GDPR): Steps taken at your request prior to entering a contract, our legitimate interest in evaluating candidates, and compliance with legal obligations.

4. How we collect personal data

We collect personal data:

5. How we use personal data — summary

We use personal data to:

6. Who we share personal data with

We share personal data only where necessary, and only with recipients who are bound by appropriate confidentiality and data protection obligations. Recipients fall into the following categories:

7. International data transfers

RedRadar Technologies Inc. is established in Delaware, USA. Our service providers are located the US only. As a result, your personal data may be transferred to, stored in, and processed in countries other than the one in which you live (storage servers, cloud providers, third party hosting infrastructure, applications, platforms). When we transfer personal data outside the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we put in place appropriate safeguards. These typically include the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or Swiss equivalents, supplemented where necessary by additional technical and organizational measures.

8. How we protect personal data

We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, exposure, leakage or destruction. These include access controls based on least privilege, encryption in transit and (where appropriate) at rest, infrastructure hardening, logging and monitoring, employee confidentiality obligations, vendor due diligence, and an incident response process. However, since we rely on third party products for communication, delivery of platform access and other functions relevant for business operations, we cannot directly or indirectly control those third party vendors (e.g., cloud providers, site hosting, data storage and others) from being breached, compromised, or targeted (that includes your data). No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a personal data breach affecting your information, we will notify the relevant supervisory authorities and affected individuals where required by applicable law and within the timeframes those laws specify.

9. How long we keep personal data

We keep personal data only as long as we need it for the purposes described in this Statement, plus any additional period required to:

10. Your rights

Depending on where you live and which laws apply, you may have rights in relation to your personal data, including:

11. Platform use by clients (controller / processor distinction)

When a client uses the RedRadar platform — including VAULT — to collect, search, store, or analyze any intelligence data in the course of their own intelligence, security, or research work, the client is the data controller for that activity. RedRadar acts as a data processor or service provider on the client's behalf, under the terms of the contract between us. This means:

12. Children

Our websites and services are not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Information for individuals in the European Economic Area, the

United Kingdom, and Switzerland This section supplements the rest of the Statement for individuals protected by the GDPR, the UK GDPR, or the Swiss Federal Act on Data Protection. Lawful bases. The lawful bases on which we rely are identified in Section 3 for each processing activity. Right to object to processing based on legitimate interests. You may object to processing of your personal data that we carry out on the basis of our legitimate interests. Where you object, we will stop the processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is needed to establish, exercise, or defend legal claims. Right to object to direct marketing. You can object to direct marketing at any time, and we will stop. Unsubscribe links are included in every marketing email. Automated decision-making. We do not make decisions producing legal or similarly significant effects on you based solely on automated processing.

14. Information for residents of US states with comprehensive

privacy laws This section applies to individuals who are residents of US states whose comprehensive consumer privacy laws apply to RedRadar, including (as applicable) California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia. Categories of personal information we collect. As described in Section 3. In the categories used by the California Consumer Privacy Act:

15. General — limits on data subject requests

Our records about clients, prospects, and individuals identified through public sources may include information whose disclosure would compromise legal claims, contractual confidentiality, security, or the rights and freedoms of third parties. Where applicable law allows us to do so, we may redact or withhold information from a response on these grounds, and we will explain the reason. Requests will not be denied on these grounds where the law does not permit it.

16. Cookies and similar technologies

Our websites use cookies and similar technologies for the following purposes:

17. Changes to this Statement

We may update this Statement from time to time. The "Last updated" date at the top of the page shows when the most recent change was made. Where a change materially affects how we process your personal data, we will notify you in advance by email or by a notice on our websites, where required by law.