Privacy PolicyWe at LEENA AI, respect your personal data and we are committed to protecting and respecting your privacy. That is why, we have tried to make the information in this Privacy Policy understandable and clear, required by the law. This privacy policy tells you about the information we collect from you when you use our website, apps or our platform. With this policy, we are providing you with information about us, about why and how we use your data, and about the rights you have over your data.

Table of Contents1. Consent2. Who are we3. General4. Information we collect about you and how we collect it5. How we may use your information6. How long will we keep this data7. Disclosure of your information8. Links9. Data security10. Your rights as a data subject11. Circumstances for denial12. Your right to complain13. Data processing addendum14. International Transfer of Data15. Updates to this privacy policy16. Still have some questions?

1. ConsentLeena AI’s privacy policy describes how we (“we” or “us”) collect and use information in connection with your access to and use of our website, apps, platform and related services.By accessing and/or using any of our services, you accept and signify your informed consent to the practices described in this Privacy Policy.This policy complies with applicable data protection laws including the GDPR, CCPA, and the DPDP Act, where applicable.

2. Who are weWe are headquartered at 1013 Centre Road, Suite 403-B, Wilmington, New Castle, Delaware, U.S. 19805 & have a regional office on 2nd floor, Welldone Tech Park, Sector 48, Gurugram, Haryana, India 122001. Leena AI brings artificial intelligence to our clients/platform users and helps them achieve greater service efficiency. The chatbot systems supported by our platform analyze inbound messages and provide users with accurate responses. This reduces the average handling time by up to 80% and automates repetitive and recurring questions right after integration. The system is based on complex NLP algorithms, trained on historical data, is constantly optimized during operational use so that future requirements can be processed more efficiently. For the purposes of the EU General Data Protection Regulation (the ‘GDPR’), Leena AI is the ‘Data Controller’ and is responsible for your personal data in some cases while the ‘Data Processor’ in others.You can contact us by post at the above address, or email us at dpo@leena.ai.

3. GeneralWe collect both the “personal information” and “non-personal information,” collectively defined as “information”. This policy describes the types of information we may collect from you or that you may provide when you visit the websites, https://leena.ai, https://chatteron.io, any subdomain corresponding to them, use our Chatteron platform, or use chatbot applications supported by our Chatteron platform (collectively, “Apps”), and our practices for collecting, using, maintaining, protecting and disclosing that information. This policy applies to information we collect:• on given websites• on Chatteron platform• on apps supported by our Chatteron platform• In e-mail, text, and other electronic messages between you and usPlease read this policy carefully to understand our policies and practices regarding your information and how we treat the information. If you do not agree with our policies and practices, please do not use our Website or Apps. By accessing or using this Website or the Apps, you agree to the privacy policy. This policy may change from time to time.

4. Information we collect about you and how we collect itThe type of information that we collect depends on how you use our products. We collect several types of information from and about users of our Website and Apps, including information: • by which you may be personally identified, such as name, postal address, email address, telephone number, or any other identifier by which you may be contacted online or offline (“personal information”); &• that is about you but individually does not identify you, such as industry, geography, and/or about your Internet connection, the equipment you use to access our Website or Apps, and usage details (“non-personal information”).

Category of Personal Data	Elements of data included
User’s served via App	User Id, Employee Id, Full name, Phone number / mobile number, Email, Designation, Picture, Department, Address, locality, DOB, DOJ, Salary slip, Leave data, Band, Organization structure, Gender, Marital status, Work anniversary date, Dependents data, timezone, IP address, Attendance, Application Logs
Website / Chatteron Platform User’s Data	User Id, User name, Password, Full name, Email, Picture, Time zone, IP address, Facebook data (User ID, Token, Full name & Time zone), Google data (User ID, Token, Full name email, & Photo), Github data (User ID, Token, Full name, email, photo, profile link, username), Application Logs

We collect this information: • Directly from you when you provide it to us.• Automatically as you navigate through the Website or Apps. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.• From third parties, for example, our business partners.

5. How we may use your informationWe use the information that we collect about you or that you provide to us, including any personal information:• To present our Website, Apps, and their contents and functionality to you. • To provide you with information, products, or services that you request from us. • To fulfill any other purpose for which you provide it. • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection. • To notify you about changes to our Website, Apps, or any products or services we offer or provide though it. • To allow you to participate in interactive features on our Website or Apps.• In any other way we may describe when you provide the information. • For any other purpose with your consent.We may also use your information to contact you about our own goods and services that may be of interest to you.

6. How long will we keep this dataWe limit the collection and use of personal information to that which is necessary for the identified purpose (see — How we may use your information), and will not be used for any other purposes. Personal information used will be retained as per legal or contractual requirements in a secure system unless you requested us to dispose of your information.We will delete your personal data as soon as we no longer have a need or a legal basis to process it.• We’ll always delete your data when we receive a request from you to do so. In the unlikely event that we are still obliged under the law to keep your data, we’ll inform you about that.• We will not store or otherwise process your data for an “unlimited period” in other cases. If we rely on legitimate interest for processing, your data will be kept as long as we are in a business relationship with you.

7. Disclosure of Your InformationWe may disclose aggregated non-personally-identifying information about our users, and information that does not identify any individual, without restriction.We may disclose personal information that we collect or you provide as described in this privacy policy:• To our subsidiaries and affiliates • To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them. • To third parties if: (a) we are required to do so by law, or in response to a subpoena or court order; (b) we believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, to protect the property or other rights of us or other users, third parties or the public at large; or (c) we believe that you have abused the service, App or Website or we believe you are violating applicable laws, rules or regulations. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. • To any other third party with your consent.

8. LinksThe website pages can contain links to sites, services, and functions of third parties, subsidiaries, and affiliates that may use and conform to different rules and procedures of confidentiality provision from those stated here. Leena AI is not responsible for the Policy of confidentiality of such resources.

9. Data SecurityWe take the security of your personal data very seriously and have policies and procedures in place to ensure our compliance with the GDPR. We have implemented appropriate administrative, physical, and technical safeguards for the security and confidentiality of your information, and use reasonable efforts to maintain physical and information security management programs to protect your information from loss, misuse, alteration, unauthorized access, and disclosure.At Leena AI, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Further, we use secure encryption technology to protect certain categories of information. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Despite these precautions, no data security safeguards guarantee 100% security all of the time. Although we do our very best to protect your personal details, the transmission of information via the internet is not completely secure and we can’t and don’t guarantee the absolute security and protection of your data. The safety and security of your information also depend on you where you are expected to follow safe online behavior while dealing with our websites, apps, or platform.In jurisdictions like India, we follow applicable breach notification obligations under local laws including the DPDP Act.

10. Your rights as a data subjectIn accordance with applicable laws—including the GDPR, CCPA, and the DPDP Act—you may have the following rights:(For Indian users, “Data Subject” also refers to “Data Principal” as defined under the DPDP Act.)
• If you wish to access, correct, update, or request deletion of your personal data, you can contact us. Event registrants and attendees may update their user profiles for Events we host by logging into the applicable event website or registration page.• Certain jurisdictions provide their residents with specific privacy rights under applicable law. We will process your requests to exercise such rights, including if you object to the processing of your personal data, ask us to restrict the processing of your personal data, or request portability of your personal data, in accordance with applicable data protection laws.• If you do not wish to receive our email marketing communication for promotional purposes, you may opt-out by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt out of other forms of marketing (such as telemarketing), please contact us.• In addition, if we process your personal data in reliance upon your consent, you can contact us or our customer (controller) at any time to withdraw your consent.• You have the right to complain to a data protection authority if you are unhappy about our collection and use of your personal data.• Under applicable laws, you may have the right to appeal where we make a decision in relation to your request regarding your personal data. To exercise this right, you may contact us.• Certain jurisdictions provide their residents with additional control over how their personal data is “shared,” “sold,” or used for “targeted advertising” under applicable law. We use cookies and similar tracking technologies to analyze the use of our Website and interactions with our marketing communications. As described in the “Information we collect about you and how we collect it” section, we also use these technologies for cross-context behavioural advertising. You may opt-out by managing your cookies preference by clicking on the “Cookies Preferences” link in the footer of the site or the “Your Privacy Choices” link in the application. For detailed information on our cookies, please see our Cookie Policy.• CCPA provides you with five rights, of which two are covered as part of the rights listed above. These two are the right to access personal information and the right to request deletion of personal information. The third is the right to opt out of sale, which is redundant since we promise not to sell or monetize your data in any way. The fourth right available to you under CCPA is the right against discrimination because you exercised the rights available to you and the fifth is the right to protection against waiver of rights.Please note that in order to fulfil your request, we may need you to provide certain information to verify your identity. Additionally, depending on where you reside, you can use an authorized representative to exercise your rights. We may request evidence that you have provided such an agent with authority to submit requests on your behalf, and/or ask that you verify your identity directly with us.To submit a request regarding any of the above-mentioned rights by email or web form, please use the contact information provided above in the ‘Who Are We’ section of this policy. We strive to respond to data subject requests as quickly as possible (within 30 days), even if the law does not mandate a specific timeframe.

11. Circumstances for denialIf we cannot verify if you (or your authority to act on behalf of another person), we have the right to deny requests. While verifying your identity we shall generally avoid requesting additional information from you for purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request additional information from you, which shall only be used for the purposes of verifying your identity while you are seeking to exercise your rights, and for security or fraud-prevention purposes. We shall delete any new personal information collected for the purposes of verification as soon as practical after processing your request, except as required to comply with applicable legislation.

12. Your right to complainIf you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the respective authorities office of your region via their website or write to them.

13. Data processing addendumTo enable you(subscriber) to be compliant with your data protection obligations, we are prepared to sign an appropriate Data Processing Addendum (DPA). You can request a DPA from Leena AI by sending an email to our DPO desk. Once we get your request, we'll forward the DPA to you for your signature.

14. International Transfer of DataWe store and process any personal data collected in connection with Data Subjects (who use our SaaS) in: (i) any country where we have contracted with customer/subscribers (Controller) who might be your employer or supplier or business partner, (ii) any country in which we engage service providers;We store and process any personal data collected in connection with Data Subjects (who use our website or any other user) in: (i) any country in which we engage service providers; or (ii) any country where Leena AI Events are held.For international transfers of personal data from the European Economic Area ("EEA"), the UK or Switzerland, we implement such measures as are necessary to ensure we provide appropriate safeguards for the transferred data, including through the use of Standard Contractual Clauses or another lawful transfer data transfer mechanism.For businesses in India, we support data localisation on request, in line with obligations under the DPDP Act.

15. Updates to this privacy policyBecause of changes in technology and the growth and development of our business, or for other business reasons, we may need to change this privacy policy from time to time. It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users’ personal information, we will post a copy of the new policy with its effective date on the Website, and notify you through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for periodically visiting our Website and this privacy policy to check for any changes.

16. Still have some questions?You can reach us using the contact details given in the section “Who we are” if you:• Want to know more about the privacy of your information• Want to make any kind of claim or request with regard to your personal data • Want to say that we are wrong in any privacy issue • Want to share your thoughts on how we could make our privacy practices better• For any query, feel free to contact our Data Protection Officer at dpo@leena.ai• For the UK, our designated representative is Ametros Group Ltd, located at Lakeside Offices, Thorn Business Park, Rotherwas Industrial Estate, Hereford, Herefordshire, England HR2 6JT.• For the EU, our representative is Ametros Ltd, situated at Unit 3d North Point House, North Point Business Park, New Mallow Road, Cork, Ireland.

Last updated date: 05th June 2025