Supplemental Information

While this document is not exhaustive, it does represent an overarching summary of the major areas of our security and trust program. Any specific questions about our program can be referred to security@reveald.com.

Protecting Privacy

Reveald considers data privacy to be of paramount importance. Our privacy principles guide our focus and we have codified our privacy efforts accordingly. We define personal data as any information relating to an identified or identifiable natural person.

Privacy Principles

• Accountability: We strive to be a responsible steward of the personal data we manage on behalf of all individuals who share personal data with the Epiphany Intelligence Platform and to uphold these privacy principles. It is our goal to ensure personal data is always processed in a fair and lawful manner.

• Privacy by Design: We seek to embed privacy into our business processes, products, and services by proactively identifying and addressing privacy risk early in the lifecycle of new projects in order to safeguard personal data entrusted to the Epiphany Intelligence Platform.

• Purpose and Use Limitation: We will always attempt to limit our collection and use of personal data to the specific purposes that have been communicated. We will not use personal data in any way that is incompatible with the purpose for which it was collected.

• Transparency: We will always try to provide clear descriptions of our policies and practices that collect, process, transfer, and disclose personal data.

• Choice: Where possible, we will always describe the choices that are available and allow individuals to make informed decisions about the personal data they share with us.

• Data Minimization: We will always strive to collect the minimal amount of personal data that is necessary for the purpose communicated.

• Security for Privacy: We will always seek to protect personal data from unauthorized access throughout the data lifecycle with security safeguards that are appropriate for the sensitivity of the personal data.

• Integrity & Access: Personal data should be accurate and kept up to date. Where feasible, we allow individuals to have access to their personal information to review and update.

• Transfer: We only transfer personal data to authorized third parties after informing users, and only for purposes that have been communicated or are compatible with the collection.

• Storage Limitation: We endeavor to retain personal data for the minimum amount of time required to complete the purpose for which it was collected, or as required by law. After the purpose has been fulfilled, we will responsibly remove it in a timely manner.