VERSAAS | Architecting the Future of Global Software

1. Introduction

Welcome to VERSAAS Holdings ("Company," "we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://versaas.io and use our SaaS products and services, including but not limited to Replyk.io (our WhatsApp Business automation platform), AI-powered customer engagement tools, and related services (collectively, the "Services"). Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you: • Register for an account or subscribe to our Services • Express interest in obtaining information about our products and Services • Participate in activities on our Services • Contact us for support or inquiries This information may include: • Identity Data: Full name, username or similar identifier, title, date of birth • Contact Data: Email address, billing address, phone number • Business Data: Company name, job title, industry, business size • Financial Data: Payment card details, billing information, transaction history • Profile Data: Username, password, preferences, feedback, survey responses • Technical Data: Login credentials, authentication data

2.2 Information Automatically Collected

When you access our Services, we automatically collect certain information: • Device Information: IP address, browser type, operating system, device identifiers, device type • Usage Data: Pages visited, time spent on pages, click patterns, navigation paths, features used • Log Data: Access times, server logs, error reports, referring URLs • Location Data: Approximate geographic location based on IP address • Performance Data: Service response times, error rates, crash reports

2.3 Information from Third Parties

We may receive information about you from third parties, including: • Meta/Facebook Platforms: When you connect your Facebook Business account or WhatsApp Business API, we receive data necessary to provide our automation services, including business profile information, messaging metadata, and analytics data • WhatsApp Business API: Message delivery status, read receipts, template approvals, and other messaging-related data (we do NOT access the content of end-user messages unless explicitly authorized by you) • Payment Processors: Transaction verification data from Stripe, PayPal, or other payment providers • Analytics Providers: Aggregated usage analytics from Google Analytics and similar services • Social Media Platforms: Public profile information when you link social accounts

2.4 Sensitive Information

We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, health information, or sexual orientation. If you provide such information through our Services, you consent to our processing of that information in accordance with this Policy.

3. How We Use Your Information

We use the collected information for various purposes, including: Service Delivery and Operations • Providing, maintaining, and improving our SaaS products and Services • Processing transactions and sending related information • Managing your account and providing customer support • Facilitating WhatsApp Business and Meta integrations Communication • Sending administrative information, updates, and security alerts • Responding to your comments, questions, and requests • Providing newsletters, marketing, and promotional materials (with your consent) • Sending service-related announcements Analytics and Improvement • Analyzing usage patterns to improve user experience • Developing new products, services, features, and functionality • Conducting research and analysis on service performance • Monitoring and preventing fraud, security threats, and abuse Legal and Compliance • Complying with applicable laws, regulations, and legal processes • Enforcing our Terms of Service and other agreements • Protecting our rights, privacy, safety, or property • Responding to lawful requests from public authorities

4. Sharing Your Information

4.1 We Do Not Sell Your Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the circumstances described below.

4.2 Service Providers

We share information with third-party vendors and service providers who perform services on our behalf: • Cloud Infrastructure: Amazon Web Services (AWS), DigitalOcean • Payment Processing: Stripe for secure payment transactions • Analytics: Usage analytics tools for service improvement • Communication: Brevo (Sendinblue) for email services • Messaging: Meta WhatsApp Cloud API for business messaging These providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

4.3 Meta/Facebook and WhatsApp

To provide WhatsApp Business automation services, we integrate with Meta's platforms: • We act as a technical service provider facilitating your use of WhatsApp Business API • Information shared with Meta is subject to Meta's Privacy Policy and WhatsApp Business Terms • We share only the minimum necessary data required for service functionality • Your end-customers' data processed through WhatsApp remains under your control and Meta's policies

4.4 Legal Requirements

We may disclose your information when required by law or in response to: • Court orders, subpoenas, or legal process • Government or regulatory requests • Protection against legal liability • Investigation of fraud, security breaches, or violations of our policies • Protection of rights, property, or safety of our users or the public

4.5 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality, authentication, and security • Analytics Cookies: Help us understand how visitors interact with our website • Functional Cookies: Remember your preferences and personalization choices • Marketing Cookies: Track advertising effectiveness and display relevant ads

5.2 Cookie Management

You can control cookies through your browser settings: • Most browsers allow you to refuse or accept cookies • You can delete cookies that have already been stored • Disabling essential cookies may impact the functionality of our Services We also use similar technologies such as web beacons, pixels, and local storage for similar purposes.

5.3 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. We currently do not respond to DNT signals due to lack of industry-standard interpretation. We will update this policy if a standard is adopted.

6. Data Security

We implement appropriate technical and organizational security measures designed to protect your personal information: Technical Measures • Encryption of data in transit (TLS 1.3) and at rest (AES-256) • Secure authentication mechanisms including multi-factor authentication • Regular security assessments and penetration testing • Firewall and intrusion detection/prevention systems • Automated vulnerability scanning Organizational Measures • Access controls limiting data access to authorized personnel only • Employee security awareness training • Incident response and data breach procedures • Regular security audits and compliance assessments • Vendor security due diligence Important Notice: While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected users in the event of a data breach as required by applicable law.

7. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States. For EU/EEA/UK Users: We transfer data outside the European Economic Area using appropriate safeguards including: • Standard Contractual Clauses (SCCs) approved by the European Commission • Where applicable, adequacy decisions by the European Commission • Your explicit consent for specific transfers Data Processing Locations: • Primary data centers located in the United States • Backup and disaster recovery facilities in multiple regions • Third-party service providers may process data in various jurisdictions We ensure that any international transfers comply with applicable data protection laws and that your information remains protected to the standards described in this policy.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy: Active Account Data: Retained while your account is active and for a reasonable period thereafter for backup, archival, and legal compliance purposes. Transaction Records: Retained for 7 years to comply with tax and financial regulations. Communication Records: Retained for 3 years for quality assurance and dispute resolution. Analytics Data: Aggregated and anonymized data may be retained indefinitely for statistical analysis. Deleted Account Data: Upon account deletion request, we will delete or anonymize your personal information within 90 days, except as required by law. You may request deletion of your data at any time by contacting us at [email protected].

9. Your Privacy Rights

9.1 Rights Under GDPR (EU/EEA Users)

If you are located in the European Union, European Economic Area, or the United Kingdom, you have the following rights: • Right to Access: Request a copy of your personal data we hold • Right to Rectification: Request correction of inaccurate or incomplete data • Right to Erasure: Request deletion of your personal data ("right to be forgotten") • Right to Restriction: Request limitation of processing in certain circumstances • Right to Data Portability: Receive your data in a structured, machine-readable format • Right to Object: Object to processing based on legitimate interests or for direct marketing • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent • Right to Lodge a Complaint: File a complaint with your local data protection authority To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): • Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell • Right to Delete: Request deletion of personal information we have collected • Right to Opt-Out: Opt out of the sale or sharing of personal information (note: we do NOT sell personal information) • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights • Right to Correct: Request correction of inaccurate personal information • Right to Limit: Limit the use of sensitive personal information To submit a request, contact us at [email protected] or call us using our contact information. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf. California "Shine the Light" Law: California residents may request information about disclosures of personal information to third parties for direct marketing purposes.

9.3 Other Jurisdictions

Depending on your location, you may have additional privacy rights under applicable local laws. We are committed to complying with data protection requirements in all jurisdictions where we operate. Please contact us if you have questions about your specific rights.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected]. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information as quickly as possible. We comply with the Children's Online Privacy Protection Act (COPPA) and similar laws in other jurisdictions.

11. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by VERSAAS Holdings. This includes: • Meta/Facebook and WhatsApp platforms • Payment processor websites • Partner and integration provider websites • Social media platforms We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites or services you access through our Services.

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or for other operational, legal, or regulatory reasons. Notification of Changes: • We will post the updated policy on this page with a new "Effective Date" • For material changes, we will notify you by email or prominent notice on our website • We encourage you to review this policy periodically Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: VERSAAS Holdings 8206 Louisiana Blvd Ne, Ste A #7849, Albuquerque, New Mexico 87113, United States Email: [email protected] Website: https://versaas.io Data Protection Inquiries: For GDPR-related inquiries or to exercise your data protection rights, please contact our Privacy Team at [email protected]. We aim to respond to all inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Privacy Policy

Table of Contents