Privacy Statement

Table of Contents

• Introduction
• Data Protection Officer
• How we collect and use (process) your personal information
• Use of the Guardian RF websites
• Cookies and tracking technologies
• Use of Guardian RF services and DroneView
• When and how we share information with third parties
• Transferring personal data to the U.S.
• Data Subject rights
• Security of your information
• Data storage and retention
• Children's data
• Questions, concerns, or complaints

Introduction

Guardian RF Corporation is a Washington, DC-based technology company that provides passive radiofrequency-based drone detection, airspace awareness, and related sensor and software services. Guardian RF products and services include DroneView, the browser-based command interface used by authorized customers to monitor, classify, alert on, and review RF-detected UAS activity.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes Guardian RF Corporation's policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Data Protection Officer

Guardian RF Corporation is headquartered in Washington, DC, in the United States. Guardian RF Corporation has appointed an internal data protection officer for you to contact if you have any questions or concerns about Guardian RF Corporation's personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to Guardian RF Corporation's data protection officer. Guardian RF Corporation's data protection officer's name and contact information are as follows:

How we collect and use (process) your personal information

Guardian RF Corporation collects personal information about its website visitors, prospects, customers, and authorized DroneView users. With a few exceptions, this information is generally limited to:

• name
• job title
• employer name
• work address
• work email
• work phone number
• account credentials and role-based access information for authorized DroneView users
• basic usage, login, device, and audit log information needed to operate and secure Guardian RF services

We use this information to provide prospects and customers with services, operate Guardian RF sensors and software, manage customer accounts, deliver support, secure our systems, and communicate with authorized users about Guardian RF products and services.

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery, operation, security, or support of our services.

From time to time, Guardian RF Corporation receives personal information about individuals from third parties. Typically, information collected from third parties will include further details on your employer, role, organization, or industry. We may also collect your personal data from a third party website, such as LinkedIn, or from customer-provided deployment and account records.

Use of the Guardian RF websites

As is true of most other websites, Guardian RF Corporation's websites, including guardianrf.com and droneview.guardianrf.com, may collect certain information automatically and store it in log files. The information may include internet protocol addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, and other usage information about the use of Guardian RF Corporation's websites, including a history of the pages you view. We use this information to help us design our sites to better suit our users' needs. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

Guardian RF Corporation has a legitimate interest in understanding how customers and potential customers use its websites. This assists Guardian RF Corporation with providing more relevant products and services, improving DroneView and related interfaces, and providing appropriate staffing to meet customer needs.

Cookies and tracking technologies

Guardian RF Corporation may use cookies and similar tracking technologies on guardianrf.com and droneview.guardianrf.com to operate the websites, maintain secure sessions, support user authentication, remember user preferences, measure website performance, and protect Guardian RF services. Users may configure their browser to reject or delete cookies. Some cookies are necessary for secure access to DroneView and related customer services.

Guardian RF Corporation provides cookie information in this Privacy Statement and in any cookie banner or notice presented on guardianrf.com or droneview.guardianrf.com.

Use of Guardian RF services and DroneView

DroneView is Guardian RF Corporation's browser-based command interface for customer access to sensor telemetry, event history, airspace alerts, geofences, role-based user management, and RF-detected UAS activity. When an authorized customer uses DroneView, Guardian RF Corporation may process account information, login information, role and permission information, device and browser information, customer configuration information, alert preferences, telemetry metadata, audit logs, and support communications.

Guardian RF Corporation uses this information to provide the DroneView service, maintain security, support customer deployments, investigate service issues, enable customer-requested alerts and integrations, and preserve auditability of access and system activity.

When and how we share information with third parties

The personal information Guardian RF Corporation collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage, retrieval, service delivery, support, and security functions performed on behalf of Guardian RF Corporation. On occasion, Guardian RF Corporation engages third parties to send information to you, including information about our products, services, and events.

A list of Guardian RF Corporation third party subprocessors is available upon request by contacting contact@guardianrf.com.

We do not otherwise reveal your personal data to non-Guardian RF Corporation persons or businesses for their independent use unless: (1) you request or authorize it; (2) it is in connection with Guardian RF Corporation-hosted or Guardian RF Corporation co-sponsored events; (3) the information is provided to comply with the law, for example compelled by law enforcement to comply with a search warrant, subpoena, or court order, enforce an agreement we have with you, or protect our rights, property, or safety, or the rights, property, or safety of our employees or others; (4) the information is provided to our agents, vendors, or service providers who perform functions on our behalf; (5) to address emergencies or acts of God; or (6) to address disputes, claims, or persons demonstrating legal authority to act on your behalf. We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated and non-personally identifiable information to our partners, service providers, or other third parties for operational, marketing, or promotional purposes.

The Guardian RF Corporation websites may connect with third party services such as LinkedIn and other services. If you choose to share information from a Guardian RF Corporation website through these services, you should review the privacy policy of that service. If you are a member of a third party service, those connections may allow that service to connect your visit to our site to your personal data.

Transferring personal data to the U.S.

Guardian RF Corporation has its headquarters in the United States. Information we collect about you will be processed in the United States. By using Guardian RF Corporation's services, you acknowledge that your personal information will be processed in the United States. The United States has not sought nor received a finding of adequacy from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, Guardian RF Corporation provides for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA and the UK, when required and appropriate.

Depending on the circumstance, Guardian RF Corporation also collects and transfers to the U.S. personal data with consent; to perform a contract with you; or to fulfill a compelling legitimate interest of Guardian RF Corporation in a manner that does not outweigh your rights and freedoms. Guardian RF Corporation endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Guardian RF Corporation and the practices described in this Privacy Statement. Guardian RF Corporation also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate. Since it was founded, Guardian RF Corporation has received zero government requests for information.

For more information or if you have any questions, please contact us at contact@guardianrf.com.

Data Subject rights

The European Union's General Data Protection Regulation and other countries' privacy laws provide certain rights for data subjects. Data Subject rights under GDPR include the following:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right of data portability
• Right to object
• Rights related to automated decision making including profiling

This Privacy Notice is intended to provide you with information about what personal data Guardian RF Corporation collects about you and how it is used.

If you wish to confirm that Guardian RF Corporation is processing your personal data, or to have access to the personal data Guardian RF Corporation may have about you, please contact us.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Guardian RF Corporation might have received the data from Guardian RF Corporation; what the source of the information was if you did not provide it directly to Guardian RF Corporation; and how long it will be stored. You have a right to correct the record of your personal data maintained by Guardian RF Corporation if it is inaccurate. You may request that Guardian RF Corporation erase that data or cease processing it, subject to certain exceptions. You may also request that Guardian RF Corporation cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Guardian RF Corporation processes your personal data. When technically feasible, Guardian RF Corporation will, at your request, provide your personal data to you.

Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, Guardian RF Corporation will provide you with a date when the information will be provided. If for some reason access is denied, Guardian RF Corporation will provide an explanation as to why access has been denied.

For questions or complaints concerning the processing of your personal data, you can email us at contact@guardianrf.com. Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or your nation's data protection authority.

Security of your information

Guardian RF Corporation maintains administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These safeguards may include role-based access controls, authentication controls, encryption where appropriate, logging, monitoring, vulnerability management, and internal security policies governing access to customer and service data.

No method of transmission over the internet or method of electronic storage is completely secure. Guardian RF Corporation works to protect personal information using commercially reasonable safeguards appropriate to the nature of the information and the services provided.

Data storage and retention

Your personal data is stored by Guardian RF Corporation on its systems and on the systems of cloud-based database management and infrastructure services Guardian RF Corporation engages, located in the United States. Guardian RF Corporation retains service data for the duration of the customer's business relationship with Guardian RF Corporation and for a period of time thereafter, to analyze the data for Guardian RF Corporation's own operations and for historical, security, audit, legal, and archiving purposes associated with Guardian RF Corporation's services. Guardian RF Corporation retains prospect data until such time as it no longer has business value and is purged from Guardian RF Corporation systems. All personal data that Guardian RF Corporation controls may be deleted upon verified request from Data Subjects or their authorized agents, subject to legal, contractual, security, and operational retention requirements. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at contact@guardianrf.com.

Children's data

We do not knowingly attempt to solicit or receive information from children.

Questions, concerns, or complaints

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at: