Please read this document carefully: it explains our data-related practices and applies to all our Services unless otherwise specified. Also read the Terms of Use for our products and services, which describe the terms that govern your use of courses and training from our Services.

This Privacy Policy explains:

• What data we collect

• Why we collect this data

• What we do with the data

• Your rights regarding your data

WHO WE ARE

The website https://aros.com.br, which you are accessing at this moment, is controlled by ArOS Soluções e Tecnologia LTDA (also referred to as "we" or "Controller"), Tax ID: 59.343.767/0001-66, headquartered at Alameda Rio Negro 503, Sala 2020/1138 - CEP 06454-000 - Alphaville, Barueri SP, Brazil. The Controller is responsible for the data transmitted by the User (referred to as "you"), and processes your data in compliance with applicable data protection laws.

COMPLIANCE WITH DATA PROTECTION LAWS

We comply with applicable data protection laws including:

• GDPR (General Data Protection Regulation) for European Union users

• CCPA (California Consumer Privacy Act) for California residents

• LGPD (Lei Geral de Proteção de Dados) for Brazilian users

• Other applicable privacy regulations in your jurisdiction

DATA PROCESSED

We collect and process data to operate, provide, improve, understand, personalize, support and advertise our Services. Data is collected directly from you on our pages or through payment processors and service providers we work with, including Stripe and other trusted payment platforms, which have their own Terms of Use and Privacy Policies.

The types of data we collect depend on how you use our Services. To provide our Services, we request certain information necessary for service delivery. For example, we need your name, email address and phone number to provide information and instructions when you sign up for our products or Services.

Data You Provide:

• Identity Data: first and last name

• Contact Data: physical address, email address and phone numbers

• Profile Data: your comments, messages and/or information received through your interaction with us and other users through our Services, and responses to questionnaires

• Payment Data: processed securely through our payment providers (we do not store full credit card numbers)

You are responsible for updating any data provided to the Controller in case of changes.

Data Collected Automatically:

• Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, platform and other technologies on devices you use to access the website

• Usage Data: information about how you use our website and services

• Marketing and Communication Data: your preferences in receiving marketing from us and your communication preferences

Cookies

We use cookies to operate and provide our Services, enhance your experience, understand how our Services are used and personalize them. Our use of cookies includes:

• Essential cookies: Required for the website to function properly

• Functional cookies: Remember your preferences and settings

• Analytics cookies: Help us understand how visitors use our site

• Advertising cookies: Used to deliver relevant advertisements

You can control cookie settings through your browser. Note that disabling certain cookies may affect functionality of our Services.

Third Party Data:

We may receive data about you from other users when they provide your contact information to share our Services or from our service providers who help us operate our business.

LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Economic Area, we process your data based on:

• Contract: Processing necessary to perform our contract with you

• Legal Obligations: Processing necessary to comply with legal requirements

• Legitimate Interests: Processing necessary for our legitimate business interests, except where overridden by your rights

• Consent: Where you have given explicit consent for processing

USE OF DATA

We process your data following principles of legality, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality.

We use your data to:

• Provide, maintain and improve our Services

• Process transactions and send related information

• Send technical notices, updates, security alerts and support messages

• Respond to your comments, questions and customer service requests

• Communicate about products, services, offers and events

• Monitor and analyze trends, usage and activities

• Detect, investigate and prevent fraudulent transactions and abuse

• Personalize and improve the Services and provide content or features that match your interests

• Comply with legal obligations

Artificial Intelligence Model Training

As part of improving our AI-based services, ArOS may use data entered or generated by users on our platforms (including texts, prompts, commands, interactions and outputs) to train and improve our proprietary AI models, anonymized whenever possible.

This use is exclusively aimed at improving the accuracy, usefulness and safety of ArOS's AI tools.

If you do not wish your data to be used for this purpose, you may opt out at any time by emailing: hello@aros.com.br with the subject "Opt-out from AI training use."

Opt-out requests will be processed within 15 business days and will not affect the legality of previous data use.

AGE RESTRICTION

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect data from individuals under 16. If you become aware of any data collection from individuals under 16, please contact us at hello@aros.com.br.

YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights:

For All Users:

• Access: Request access to your personal data

• Correction: Request correction of inaccurate data

• Deletion: Request deletion of your data (subject to legal requirements)

• Portability: Receive your data in a portable format

• Objection: Object to certain processing activities

• Restriction: Request restriction of processing

• Withdraw Consent: Where processing is based on consent

For California Residents (CCPA):

• Right to know what personal information is collected, used, shared or sold

• Right to delete personal information

• Right to opt-out of sale of personal information (we do not sell personal data)

• Right to non-discrimination for exercising privacy rights

For EU/EEA Residents (GDPR):

• All rights listed above

• Right to lodge a complaint with supervisory authorities

• Right to be informed about automated decision-making

To exercise any of these rights, contact us at hello@aros.com.br. We will respond within 30 days (or 45 days for complex requests, with notice).

MARKETING COMMUNICATIONS

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in our emails

• Contacting us at hello@aros.com.br

• Adjusting your preferences in your account settings

DATA SHARING

We share your data only as necessary to:

• Provide our Services through service providers and partners

• Comply with legal obligations

• Protect rights, safety and property

• With your consent

We require all third parties to respect your data security and treat it in accordance with applicable law. We do not sell your personal data.

INTERNATIONAL DATA TRANSFERS

We operate from Brazil and may transfer your data internationally. When we transfer data outside your country, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission (for EU data)

• Ensuring receiving parties maintain adequate data protection standards

• Compliance with applicable data transfer requirements

DATA RETENTION

We retain your data only as long as necessary for the purposes outlined in this Policy, typically:

• Account information: Duration of your account plus 5 years (or as required by law)

• Marketing data: Until you opt out

• Technical/usage data: Up to 2 years

• Legal compliance data: As required by applicable law

DATA SECURITY

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit and at rest

• Regular security assessments

• Access controls and authentication

• Employee training on data protection

• Incident response procedures

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

CHILDREN'S PRIVACY

Our Services are not intended for individuals under 16 years of age. If we learn we have collected data from someone under 16, we will delete that information promptly.

DO NOT TRACK

Our website does not currently respond to "Do Not Track" browser signals, but you can control tracking through cookie settings and the options provided in this Policy.

THIRD-PARTY LINKS

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Policy on our website

• Sending you an email notification (for registered users)

• Updating the "Last Updated" date

Continued use of our Services after changes constitutes acceptance of the updated Policy.

CONTACT US

For questions about this Privacy Policy or our data practices, contact us at:

Data Protection Officer ArOS Soluções e Tecnologia LTDA Email: hello@aros.com.br Address: Alameda Rio Negro 503, Sala 2020/1138 - CEP 06454-000 - Alphaville, Barueri SP, Brazil

For privacy-specific inquiries: hello@aros.com.br (Subject: Privacy Inquiry)

SUPERVISORY AUTHORITY

Depending on your location, you may have the right to lodge a complaint with your local data protection authority:

• EU/EEA: Your local Data Protection Authority

• Brazil: ANPD (Autoridade Nacional de Proteção de Dados)

• California: California Privacy Protection Agency

Last Updated: September/24/2025