PRIVACY NOTICE

Last updated 23rd September 2025

This Privacy Notice for Athernal Bio Ltd (“we,” “us,” or “our”) describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:

• Visit our website at http://www.athernalbio.com or any website of ours that links to this Privacy Notice

• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns?

Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services.

SUMMARY OF KEY POINTS

(This summary highlights key points. For details, see the table of contents below and the linked sections.)

• What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us, the choices you make, and the products and features you use. See “Personal information you disclose to us.”

• Do we process any sensitive personal information? We do not process sensitive personal information.

• Do we collect information from third parties? We may collect information from public databases, marketing partners, social media platforms, and other outside sources. See “Information collected from other sources.”

• How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. See “How do we process your information?”

• When and with whom do we share personal information? We may share information in specific situations and with specific categories of third parties. See “When and with whom do we share your personal information?”

• How do we keep your information safe? We use organizational and technical safeguards, but no method is 100% secure. See “How do we keep your information safe?”

• What are your rights? Depending on where you live, you may have certain privacy rights. See “What are your privacy rights?”

• How do you exercise your rights? Submit a data subject access request at https://app.termly.io/dsar/980aa0ba-7951-4535-a071-6dcae112a76a or contact us. We will act in accordance with applicable laws.

Want to learn more? Review the Privacy Notice in full below.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?

2. HOW DO WE PROCESS YOUR INFORMATION?

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

7. HOW LONG DO WE KEEP YOUR INFORMATION?

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

9. DO WE COLLECT INFORMATION FROM MINORS?

10. WHAT ARE YOUR PRIVACY RIGHTS?

11. CONTROLS FOR DO-NOT-TRACK FEATURES

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

13. DO WE MAKE UPDATES TO THIS NOTICE?

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. Depending on your interactions and choices, we may collect:

• names

• phone numbers

• email addresses

• mailing addresses

• job titles

• contact preferences

• contact or authentication data

Sensitive Information. We do not process sensitive information.

All personal information you provide must be true, complete, and accurate, and you must notify us of any changes.

Information automatically collected

In short: Some information — such as your IP address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information that does not reveal your specific identity (like your name or contact info). This includes device and usage information such as IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. We use this primarily to maintain security and operation of our Services and for analytics and reporting.

We also collect information through cookies and similar technologies.

The information we collect includes:

• Log and Usage Data. Service-related, diagnostic, usage, and performance information (e.g., IP address, device info, browser type/settings, date/time of use, pages/files viewed, searches, actions taken, device event information, error reports, and hardware settings).

• Device Data. Information about the device you use (e.g., IP address or proxy, device/application IDs, location, browser type, hardware model, ISP/mobile carrier, operating system, and configuration).

• Location Data. Information about your device’s location (precise or imprecise). You can disable location collection, but certain features may not work.

Information collected from other sources

In short: We may collect limited data from public databases, marketing partners, and other outside sources.

To enhance our ability to provide relevant marketing, offers, and services and to update our records, we may obtain information from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, and other third parties. This may include mailing addresses, job titles, email addresses, phone numbers, intent/behavior data, IP addresses, social media profiles and URLs, and custom profiles for targeted advertising and event promotion.

2. HOW DO WE PROCESS YOUR INFORMATION?

In short: We process your information to provide, improve, and administer our Services, communicate with you, for security/fraud prevention, and to comply with law. We process personal information for the purposes below and may also process it for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To request feedback and contact you about your use of our Services.

• To send you marketing and promotional communications in accordance with your preferences (you can opt out at any time; see “What are your privacy rights?”).

• To protect our Services, including fraud monitoring and prevention.

• To identify usage trends and improve our Services.

• To save or protect an individual’s vital interest (e.g., to prevent harm).

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In short: We only process your personal information when necessary and when we have a valid legal reason — e.g., your consent, to comply with laws, to provide services/perform a contract, to protect your rights, or to pursue legitimate interests.

If you are located in the EU or UK:

We rely on the following legal bases, as applicable:

• Consent. You can withdraw consent at any time (see “Withdrawing your consent”).

• Legitimate Interests. For example, to send special offers/discounts; analyze how Services are used to improve engagement and retention; diagnose problems and/or prevent fraud; understand how users use our products and services to improve user experience.

• Legal Obligations. For compliance, cooperation with law enforcement or regulators, exercising/defending legal rights, or disclosures in litigation.

• Vital Interests. To protect your vital interests or those of a third party.

If you are located in Canada:

We may rely on express or implied consent. You may withdraw consent at any time. In limited cases, we may process without consent where permitted by law (e.g., interests of an individual when consent cannot be obtained in time; investigations/fraud prevention; certain business transactions; insurance claims/witness statements; identifying injured/ill/deceased persons; suspected financial abuse; investigations where consent would compromise availability/accuracy; legal processes like subpoenas; employment-produced information; journalistic/artistic/literary purposes; publicly available information as specified by regulations). We may disclose de-identified information for approved research/statistics projects under appropriate oversight.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In short: We may share information in specific situations and/or with the following categories of third parties.

Vendors, Consultants, and Other Third-Party Service Providers. We may share data with third parties who perform services for us or on our behalf and require access to such information. Our contracts require them to protect your information, use it only as instructed, not share it outside of our instructions, and retain it only as directed.

Categories of third parties may include (as applicable):

• Finance & Accounting Tools

• Government Entities

• Retargeting Platforms

• AI Platforms

• Communication & Collaboration Tools

• Investors

• Parties under NDAs

We may also share your information in these situations:

• Business Transfers. In connection with or during negotiations of any merger, sale of company assets, financing, or acquisition.

• Affiliates. With our affiliates (parent, subsidiaries, joint ventures, or other companies under common control) who must honor this Notice.

• Business Partners. To offer certain products, services, or promotions.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies, web beacons, pixels, and similar technologies to maintain security, prevent crashes, fix bugs, save your preferences, and support basic site functions. Third parties may use tracking technologies on our Services for analytics and advertising (including tailored ads and abandoned cart reminders, depending on your preferences).

To the extent such tracking is deemed a “sale”/“sharing” or targeted advertising under applicable US state laws, you can opt out as described under “Do United States residents have specific privacy rights?”

See our Cookie Notice for details on how we use these technologies and how you can refuse certain cookies.

6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in the UK. Your information may be transferred to, stored by, and processed by us and by third parties with whom we share personal information (see “When and with whom do we share your personal information?”), including facilities in UK and other countries. If you are in the EEA, UK, or Switzerland, those countries may have different data protection laws; we will take necessary measures to protect your information under this Notice and applicable law.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In short: We keep your information as long as necessary to fulfill the purposes outlined in this Notice unless otherwise required by law.

We retain personal information only as long as needed for the purposes set out in this Notice, unless a longer period is required/permitted by law (e.g., tax, accounting, legal requirements). When we have no ongoing legitimate business need, we will delete or anonymize the information; if deletion is not possible (e.g., backups), we will securely store and isolate it until deletion is possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In short: We aim to protect your personal information through organizational and technical security measures.

We implement appropriate and reasonable safeguards to protect the security of personal information we process. However, no electronic transmission or storage technology is 100% secure. Transmission of personal information to and from our Services is at your own risk. Use a secure environment.

9. DO WE COLLECT INFORMATION FROM MINORS?

In short: We do not knowingly collect data from or market to children under 18 years of age (or the equivalent age as specified by law in your jurisdiction).

We do not knowingly collect, solicit, market to, or sell personal information of children under 18 (or applicable age). By using the Services, you represent you are at least 18 (or applicable age) or are a parent/guardian who consents to a minor’s use. If we learn that we have collected such data, we will deactivate the account and delete the data. If you become aware of such collection, contact us at __________.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In short: Depending on your location (e.g., EEA, UK, Switzerland, Canada, or certain US states), you may have rights that give you greater access to and control over your personal information. You may review, change, or terminate your account at any time, depending on your jurisdiction.

In some regions (e.g., EEA, UK, Switzerland, Canada), you may have rights to:

(i) request access and obtain a copy of your personal information;

(ii) request rectification or erasure;

(iii) restrict processing;

(iv) data portability (if applicable);

(v) not be subject to automated decision-making. If a decision with legal or similarly significant effects is made solely by automated means, we will inform you, explain key factors, and offer a way to request human review.

You may also have the right to object to processing. Contact us (see “How can you contact us about this Notice?”).

We will consider and act upon any request in accordance with applicable laws.

If you are in the EEA or UK and believe we are unlawfully processing your personal information, you may complain to your Member State data protection authority or to the UK Information Commissioner’s Office:

• EU: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

• UK: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/

If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch/edoeb/en/home.html

Withdrawing your consent:

If we rely on consent (express or implied, depending on the law), you may withdraw it at any time by contacting us (see “How can you contact us about this Notice?”). This does not affect processing before withdrawal or processing based on other lawful grounds.

Opting out of marketing and promotional communications:

You can unsubscribe at any time by using the unsubscribe link in our emails or by contacting us (see “How can you contact us about this Notice?”). We may still send non-marketing communications (e.g., service, account, or support messages).

Cookies and similar technologies:

Most browsers accept cookies by default. You can remove or reject cookies, but some features may not work properly.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Some web browsers and mobile operating systems include a Do-Not-Track (“DNT”) setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this time, no uniform technology standard for recognizing and implementing DNT signals has been finalized, and we do not currently respond to DNT browser signals. If a standard for online tracking is adopted that we must follow in the future, we will update this section. Depending on your location, you may still have the right to opt out of certain types of tracking for targeted advertising; see “Do United States residents have specific privacy rights?” below for details.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes. If you are a resident of a U.S. state with a comprehensive privacy law (e.g., California, Colorado, Connecticut, Utah, Virginia, and others as laws become effective), you may have the rights described in this section.

12.1 Categories of personal information we may collect

Depending on how you interact with us and our Services, we may have collected the following categories of personal information within the last 12 months:

• Identifiers (e.g., name, email address, postal address, phone number, Internet Protocol (IP) address, account identifiers)

• Commercial or transactions information (e.g., records of Services purchased or considered)

• Internet or other electronic network activity (e.g., browsing history, search history, interactions with our Services)

• Geolocation data (e.g., general location derived from IP address or, if enabled, device location)

• Inferences drawn from any of the information identified above to create a profile about a consumer’s preferences or characteristics

We do not knowingly collect or process “sensitive” personal information as defined by some state laws (e.g., precise geolocation, racial or ethnic origin, etc.). If this changes, we will update this Notice and, where required, seek your consent or provide the ability to limit such use.

12.2 Sources of personal information

• You (directly, when you submit information to us)

• Your device and browser (automatically, when you use the Services)

• Third parties (e.g., public databases, marketing/analytics partners, social platforms), as described earlier

12.3 Purposes for which we use personal information

See “How do we process your information?” for details (e.g., to provide and improve Services, communicate with you, security/fraud prevention, compliance with law, marketing consistent with your preferences).

12.4 Disclosures of personal information

We may disclose personal information to the categories of third parties described in “When and with whom do we share your personal information?” (e.g., service providers, affiliates, business partners, government entities when required by law, and in business transfers). We do not sell personal information for money. We may “share” personal information for targeted advertising or allow certain analytics/advertising partners to collect information via cookies or similar technologies on our Services; you can opt out of this activity as described below.

12.5 Your privacy rights (state-specific)

Subject to exceptions, you may have the right to:

• Know/Access: Request the categories and specific pieces of personal information we collected about you, the categories of sources, our business/commercial purposes, categories of third parties with whom we disclosed it, and the categories of personal information disclosed.

• Correct: Request that we correct inaccurate personal information.

• Delete: Request that we delete personal information we collected from you.

• Data Portability: Request a copy of certain personal information in a portable and, to the extent technically feasible, readily usable format.

• Opt Out: Opt out of (i) selling personal information, (ii) sharing personal information for targeted advertising, and (iii) certain profiling/automated decision-making where applicable.

• Limit Use of Sensitive Personal Information: If we process sensitive personal information for certain purposes, request that we limit such use (not applicable if we do not process sensitive personal information).

We will not discriminate against you for exercising your rights.

12.6 How to exercise your rights

• Submit a request: Use our data subject access request form: https://app.termly.io/dsar/980aa0ba-7951-4535-a071-6dcae112a76a or contact us using the details in “How can you contact us about this Notice?”

• Verification: We may need to verify your identity (e.g., match information you provide with information we maintain) before fulfilling your request.

• Authorized agents: You may authorize someone to submit a request on your behalf. We may require proof of authorization and also verify your identity directly.

• Appeal: In some states, you may appeal our decision to deny your request by replying to our decision notice with “Appeal” in the subject line or by following the appeal instructions we provide. We will explain our reasons for any denial and how you can escalate if you remain dissatisfied.

• Global Privacy Control (GPC): If you enable a browser-based opt-out signal such as GPC, we will treat it as a request to opt out of sharing for targeted advertising for the browser or device that sends the signal, to the extent required by applicable law.

13. DO WE MAKE UPDATES TO THIS NOTICE?

Yes. We may update this Privacy Notice from time to time to stay compliant with relevant laws and to reflect changes to our practices. The updated version will be indicated by a revised “Last updated” date at the top and will be effective as soon as it is accessible. We encourage you to review this Notice frequently to be informed of how we are protecting your information.

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this Notice, or to exercise your rights, you may contact us at:

• Email: info@athernalbio.com

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, province, or state, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please contact us using the details above. We will consider and act upon any request in accordance with applicable data protection laws.