Privacy Policy

We collect information about you in the following ways:

A. Personal Data You Provide

Personally identifiable information you voluntarily give us when you:

• Sign up for email alerts, newsletters, or investor updates.
• Contact our Investor Relations or Media Relations teams via email.
• Request information regarding our financial reports or SEC filings.

This may include your name, email address, telephone number, company name, and job title.

B. Automatically Collected Data

When you access the Site, our servers and third-party analytics services automatically collect:

• IP address and approximate geographic location.
• Browser type, version, and operating system.
• Pages viewed, time on page, and navigation path.
• Referring website address.
• Device type (desktop, mobile, tablet) and screen resolution.
• Date and time of access.

C. Cookies and Tracking Technologies

We use cookies and similar tracking technologies. Cookies are small files stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, some Site features may not function properly without cookies.

We use the following categories:

• Strictly Necessary Cookies: Required for the Site to function. No consent required.
• Analytics Cookies: Help us understand how visitors interact with the Site. Subject to your consent where required by law.

D. Analytics Services

We use the following analytics platforms. Each may set cookies and collect data as described:

• Google Analytics 4 (Google LLC): Tracks page views, sessions, events, and demographic information. Data is processed by Google LLC and may be stored on servers in the United States. Data retention is set to 14 months. You may opt out via Google’s opt-out browser add-on. Google’s privacy policy is available at policies.google.com/privacy.
• Matomo (self-hosted): An open-source analytics platform hosted on Alpha Compute’s own infrastructure. Tracks page views, link interactions, and session data. Data is stored on company servers and is not shared with third parties. You may opt out below or by contacting us at privacy@alphacompute.ai.

E. Third-Party Embedded Content

Our Site embeds video content hosted by Vimeo, Inc. When you view a video, Vimeo may collect your IP address, browser information, and video interaction data (e.g., play, pause, seek, duration watched), regardless of whether you have a Vimeo account. This data is subject to Vimeo’s Privacy Policy.

For individuals in the European Economic Area (EEA) and United Kingdom (UK), we process your personal data under the following legal bases as set out in the General Data Protection Regulation (GDPR):

• Consent (Art. 6(1)(a)): For analytics cookies, email marketing, and any non-essential tracking. You may withdraw consent at any time.
• Legitimate Interests (Art. 6(1)(f)): For website security monitoring, fraud prevention, server log collection, and improving our Site, where such interests are not overridden by your rights.
• Legal Obligation (Art. 6(1)(c)): For compliance with applicable laws, including SEC record-keeping requirements and other financial regulations.
• Contract (Art. 6(1)(b)): Where processing is necessary to respond to your inquiries or fulfill a request you have made.

We use the information we collect to:

• Investor Communications: Send email alerts regarding press releases, SEC filings (10-K, 10-Q, 8-K), and other material corporate events.
• Respond to Inquiries: Address your comments, questions, and requests relating to our business, corporate governance, and SEC filings.
• Site Improvement: Analyze usage trends and diagnostic data to improve the performance, layout, and content of the Site.
• Security and Fraud Prevention: Monitor for suspicious activity and protect the integrity of the Site and our systems.
• Legal and Regulatory Compliance: Comply with applicable laws and regulations, including SEC record-keeping requirements, SOX obligations, and court or regulatory orders.

We do not sell, trade, or rent your personal information to third parties for their own marketing purposes. We share information with the following categories of service providers who process data on our behalf, subject to contractual obligations to protect it:

Hosting and Infrastructure

• Vercel, Inc.: Hosts the Site. Processes access logs including IP addresses, request paths, and response times. Vercel may store data on servers in the United States and other locations.
• Neon, Inc.: Provides the PostgreSQL database used by our content management system. Stores investor relations content, team information, and site configuration data. Data is encrypted in transit and at rest.
• Vercel Blob Storage: Content delivery network for images and media assets uploaded to the Site.

Analytics

• Google LLC: Provides Google Analytics 4. See Section 1D above.
• Matomo (self-hosted): Operated on Alpha Compute infrastructure. No data is shared with Matomo as a vendor.

Video Hosting

• Vimeo, Inc.: Hosts and delivers video content embedded on the Site. See Section 1E above.

Other Disclosures

We may also disclose your information where required by law, court order, or regulatory authority (including the SEC), or in connection with a merger, acquisition, or asset sale, in which case we will provide notice where required.

We retain personal information only as long as necessary for the purposes described in this policy or as required by law:

• Investor contact data: Retained for 7 years to comply with SEC record-keeping requirements and SOX obligations.
• Google Analytics data: 14 months (our configured retention period); older data is automatically deleted by Google.
• Matomo analytics data: Retained on company servers for up to 13 months, then purged automatically.
• Server access logs (Vercel): Approximately 30 days, per Vercel’s standard retention policy.
• Database backups (Neon): Up to 30 days of point-in-time recovery.

We implement administrative, technical, and physical security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include encrypted data transmission (TLS), encrypted database storage, and access controls on administrative systems.

No method of data transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify affected individuals without undue delay, and within 72 hours where required under GDPR (Art. 33–34).
• File any required disclosures with the SEC pursuant to updated cybersecurity disclosure rules.
• Provide information on the nature of the breach, data affected, likely consequences, and steps taken to address it.

To report a suspected security vulnerability, please contact ir@alphacompute.ai.

Depending on your location, you may have the following rights regarding your personal information. To exercise any of these rights, contact us at privacy@alphacompute.ai. We will respond within 30 days.

• Access and Portability: Request a copy of the personal information we hold about you, in a portable format where technically feasible.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention obligations (e.g., SEC record-keeping).
• Restrict Processing: Request that we restrict how we use your data while a dispute is under review.
• Object: Object to processing based on legitimate interests.
• Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Opt-Out of Email: Unsubscribe from investor email alerts at any time via the unsubscribe link in any email or by contacting us directly.

We will not discriminate against you for exercising any of these rights.

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR:

• Right of Access (Art. 15): Obtain confirmation of whether we process your data and receive a copy.
• Right to Rectification (Art. 16): Have inaccurate data corrected.
• Right to Erasure (Art. 17): Have your data deleted (“right to be forgotten”), subject to legal grounds for retention.
• Right to Restrict Processing (Art. 18): Limit how we use your data.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing.
• Right to Lodge a Complaint: File a complaint with your local data protection authority (DPA). In the EU, a list of DPAs is available at edpb.europa.eu. In the UK, contact the Information Commissioner’s Office (ICO).

We will respond to verified requests within 30 days and may extend this by two further months where the request is complex.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months, including sources, purposes, and third parties with whom we shared it.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions (e.g., legal compliance).
• Right to Correct: Request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale / Sharing: We do not sell personal information in the traditional sense. However, our use of Google Analytics may constitute “sharing” of personal information for cross-context behavioral advertising under CPRA’s broad definition. California residents may opt out by enabling the Global Privacy Control (GPC) signal in their browser, or by contacting us at privacy@alphacompute.ai.
• Right to Limit Sensitive Personal Information: We do not collect sensitive personal information as defined under CPRA (e.g., Social Security numbers, financial account details, precise geolocation) except where volunteered by you for investor communications purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA or CPRA rights.

To submit a verifiable consumer request, contact us at privacy@alphacompute.ai. We will respond within 45 days, with a possible 45-day extension where necessary.

Shine the Light (Cal. Civil Code § 1798.83): California residents may request a list of third parties to whom we disclosed personal information for their own direct marketing purposes in the preceding calendar year. We do not disclose personal information to third parties for their own direct marketing purposes.

Alpha Compute is headquartered in the United States. If you are accessing the Site from outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on the following transfer mechanisms as applicable:

• EU-US Data Privacy Framework (DPF): For service providers certified under the DPF (e.g., Google LLC, Vercel, Inc.).
• Standard Contractual Clauses (SCCs): EU Commission-approved contractual clauses ensuring adequate safeguards for personal data transferred to processors not covered by an adequacy decision.

You may request a copy of the applicable transfer safeguards by contacting us at privacy@alphacompute.ai.

Our Site is not directed to individuals under the age of 18 and is intended for professional and investor audiences. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will delete it promptly. If you believe a child has provided us personal information, contact us at privacy@alphacompute.ai.

The Site may contain links to third-party websites (e.g., Nasdaq, SEC EDGAR, partner sites) and to our social media accounts on X, Instagram, LinkedIn, and YouTube. This Privacy Policy does not apply to those external sites or platforms. Each has its own privacy policy, and we encourage you to review it before interacting. We are not responsible for the content or privacy practices of any third-party site.

As a public company, Alpha Compute’s SEC filings and certain investor communications are publicly available on SEC EDGAR. Information submitted through this Site in connection with investor relations may be subject to SEC record-keeping and disclosure obligations.

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Our Site is designed to be accessible to AI agents, search crawlers, and large language model (LLM) indexing services, as described in our llms.txt file. Publicly available content on this Site (including press releases, governance disclosures, and informational copy) may be indexed by AI training datasets. Personal information provided to us via email or inquiry forms is not made publicly available and is not intentionally provided to AI systems.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will update the “Last Updated” date at the top of this page when we do. Material changes will be communicated via a prominent notice on the Site or, where we have your contact information, by email. We encourage you to review this policy periodically.

For privacy inquiries, data subject requests, or questions about this policy, please contact our Privacy Officer:

For Investor Relations inquiries: ir@alphacompute.ai