PRIVACY POLICY

1. Introduction

Rule14, LLC, together with its subsidiaries and affiliates (“ Rule14 ,” “ we ,” “ our ,” or “ us ”), is firmly committed to protecting the privacy, confidentiality, and security of personal information entrusted to us.

This Privacy Policy (“ Policy ”) governs the collection, use, disclosure, transfer, and safeguarding of personal data in connection with Reach Out (“ Service ”) and any other websites, applications, or services operated by Rule14. By accessing or using the Service, you expressly acknowledge and agree to the practices described herein.

This Policy is intended to comply with applicable data protection and privacy laws, including, where applicable:

• The General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR;
• The California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA);
• The Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada;
• The Digital Personal Data Protection Act, 2023 (DPDP Act) of India;
• Other applicable federal, state, and international privacy laws and regulations; and
• The EU–US and UK–US Data Privacy Frameworks for international transfers.

2. Scope

This Policy applies to all individuals whose personal data we process, including but not limited to:

• Visitors to our websites and applications;
• Clients, vendors, and business partners;
• End users of our Services;
• Job applicants and employees, to the extent covered by applicable employment notices.

3. Categories of Data Collected

Rule14 shall collect only such categories of data as are adequate, relevant, and reasonably necessary for the stated purposes, including:

• Personal Identifiable Information (PII): Name, postal address, email address, telephone number, job title, date of birth, government-issued identifiers (such as tax identification, social security, or national insurance numbers), payment and financial information, and company details.
• Sensitive Data: Certain special categories of data (e.g., health-related, biometric, or other sensitive information) may be processed only where legally permitted and with explicit consent, unless another lawful basis applies.
• Technical and Usage Information: IP address, device identifiers, browser type, log data, cookies, and similar technologies.
• Communications: Correspondence, inquiries, and support requests.
• Employment Information: Résumés, education, work history, and related data submitted for recruitment purposes.

4. Legal Bases for Processing

Rule14 shall process personal data only where a lawful basis exists under applicable law, including but not limited to:

• Consent, where voluntarily provided.
• Performance of a contract, including the provision of Services.
• Legitimate interests pursued by Rule14 or third parties, provided such interests are not overridden by data subject rights.
• Compliance with legal obligations, including regulatory, judicial, or law enforcement requirements.
• Protection of vital interests of individuals.

5. Use of Personal Data

Personal data shall be processed strictly for legitimate business purposes, which may include:

• Delivering and improving the Service;
• Verifying identity and providing secure access;
• Processing payments and fulfilling contractual obligations;
• Responding to lawful inquiries and customer service requests;
• Complying with applicable law, including anti-fraud, anti-money laundering, and security obligations;
• Recruiting, employing, and managing personnel; and
• Enforcing contractual terms and protecting Rule14’s legal rights.

Rule14 shall not process personal data for purposes materially inconsistent with those described in this Policy, unless required or permitted by law.

6. Disclosure of Personal Data

Rule14 shall not sell personal data. Rule14 may disclose personal data only under the following circumstances:

• Affiliates and Subsidiaries – to entities under common ownership or control, subject to this Policy.
• Service Providers and Vendors – strictly limited to those engaged under written contracts requiring equivalent protections.
• Regulatory, Judicial, or Governmental Authorities – where disclosure is required by law, court order, or law enforcement.
• Business Transfers – in the event of a merger, acquisition, or sale of assets, provided that such transfer is subject to contractual safeguards consistent with this Policy.
• Fraud Prevention and Security – as necessary to detect, investigate, or prevent fraud, unauthorized transactions, or other unlawful activity.

Rule14 expressly disclaims liability for the acts or omissions of third parties to whom data is lawfully disclosed.

7. International Data Transfers

Personal data may be transferred to, stored in, or accessed from jurisdictions outside the individual’s country of residence, including the United States. Rule14 shall implement appropriate safeguards, which may include:

• Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner’s Office;
• Certification under the EU–US and UK–US Data Privacy Frameworks; or
• Other lawful transfer mechanisms recognized under applicable law.

By using the Service, you acknowledge and consent to such transfers, subject to these safeguards.

8. Data Subject Rights

To the extent required by law, individuals may exercise the following rights:

• Access to personal data held by Rule14;
• Correction/Rectification of inaccurate or incomplete data;
• Erasure (“Right to be Forgotten”), subject to lawful exceptions;
• Restriction of processing under certain conditions;
• Portability, where applicable, in a structured, commonly used, machine-readable format;
• Objection to processing, including direct marketing;
• Withdrawal of Consent, without affecting prior lawful processing; and
• Non-Discrimination, particularly under CCPA/CPRA.

Requests must be submitted using the contact details in Section 12. Rule14 reserves the right to verify the requester’s identity and to deny requests where permitted by law (e.g., where disclosure would infringe on the rights of others, conflict with legal obligations, or create disproportionate burden).

9. Data Security

Rule14 shall implement reasonable and appropriate technical, organizational, and physical safeguards designed to protect personal data against unauthorized access, alteration, disclosure, or destruction.

However, Rule14 disclaims liability for security breaches arising from factors beyond its reasonable control, including cyber-attacks, transmission errors, or unlawful acts of third parties.

10. Data Retention

Personal data shall be retained only for so long as is necessary to fulfil the purposes outlined in this Policy or as required by applicable law, regulation, or contractual obligations. Upon expiration of retention periods, personal data shall be securely destroyed or anonymized.

11. Enforcement, Complaints, and Dispute Resolution

Rule14 conducts periodic self-assessments to verify compliance with this Policy.

• Individuals may submit complaints directly to Rule14 (see Section 12).
• If unresolved, disputes may be escalated to competent data protection authorities (e.g., EU/UK regulators, the U.S. Federal Trade Commission, or the Office of the Privacy Commissioner of Canada).
• For cross-border transfers, Rule14 adheres to the EU–US and UK–US Data Privacy Frameworks, including binding arbitration as a last resort.

Employees who violate this Policy shall be subject to disciplinary measures, up to and including termination.

12. Contact Information

Questions, concerns, or rights requests should be directed to: