Last Updated and Effective Date: March 26th, 2026

This Privacy Notice ("Notice") applies to personal information Lattice Intelligence, Inc. (collectively, "Lattice," "we," "us," or "our") collects. This Notice explains how Lattice processes your personal information in connection with our services and our website (collectively, the "Services"). This Notice also covers rights and choices related to your personal information.

For the Services:

• You are a "Customer" if you are the (employee of a) legal or natural person that purchases or subscribes to the Services and/or if you avail of customer support services provided by us in respect of the Services.

• You are a "User" if a Customer has provided you with access to the Services, directly or indirectly.

We refer to Customer and User collectively as "you."

Generally, Lattice is a service provider or processor (as defined by applicable privacy laws) of User personal information except for data collected for services management purposes and data that we generate or derive from your use of the Services ("Services Data"). In those cases, Lattice is a business or controller (as defined by applicable privacy laws) of User data.

This Notice applies when:

• You create an account on the Service.

• We collect personal information to manage, secure, or bill the Services.

• We analyze Services Data to improve the Services.

• You visit latticepay.io.

This Notice does not apply when:

• You use our Services through our Customer's services or website, except for the Services Data as explained above.

• You visit another website or service from a link.

In those cases, please review the privacy notice of that Customer or company instead.

Personal Information We Collect

The following describes the categories of personal information we collect, with examples and their primary purposes.

Account Registration

We collect your name and contact information when you create an account. We also collect data on the actions you perform while logged in. We use this information to provide account-related functionalities, including easy checkout, saved preferences, and purchase history.

Customer Information

We collect the name and contact information of our Customers. We use this information to communicate with Customers about business activities such as projects, services, and billing.

Demographics

We collect personal information such as your age or region. We use this information to better understand our current and potential Customers.

Feedback and Support

If you provide feedback or contact us for support, we collect your name and email, as well as other content that you send. We use this information to receive and act upon feedback.

Job Applicants

If you apply for a job or provide personal information for purposes of employment, we collect information needed to process your application. This may include your Social Security number and information on your resume. In some contexts, we are required by law to collect data about applicants. We use this information to evaluate your application or consider you for other positions. Providing this information is required for employment.

Mailing List

When you sign up for our mailing lists, we collect your contact information. We use this information to share updates about our Services.

Order Placement

We collect your name, billing and shipping addresses, email address, phone number, and credit or debit card information when you place an order. We use this information to provide the Services.

Services Data

We collect transaction and checkout-related data, information about your operating system and versions, usage data, crash reports, and system-generated and partner-provided metadata. We use this information to understand how Users interact with the Services and to improve the Services, including to:

• Optimize payment method ordering and presentation, including authorization approvals, service reliability, cost efficiency, and time-to-checkout speed.

• Improve authorization and approval rates through intelligent routing, retries, and cross-method fallback logic.

• Detect, prevent, and reduce fraud and abuse patterns.

• Recover failed or abandoned transactions through alternative methods, reminders, or incentives.

• Train and continuously improve AI agents used for checkout optimization, cost reduction, reliability, and fraud mitigation.

• Provide normalized, cross-rail reporting and analytics to Customers and platforms.

Transaction data is used in aggregated, anonymized, tokenized, or pseudonymized form wherever possible.

Use of Our Website

We use cookies and similar technologies (including localStorage) to understand how you engage with our website. This may include which links you click, what you type into our online forms, your IP address, the website that referred you to us, and data about your device. We use this information to operate, improve, and secure our website, gather analytics, and understand your preferences.

We use Google Analytics to collect anonymized usage data. Analytics cookies and localStorage are only placed after you provide consent via the cookie banner on our website. You may withdraw consent at any time by clearing your browser's localStorage for latticepay.io. If you decline or withdraw consent, no analytics data will be collected.

How We Use Data

In addition to the purposes described above, we use data to:

• Operate the Services.

• Identify you when you visit our sites.

• Complete transactions.

• Improve the Services or create new services.

• Conduct analytics.

• Respond to your requests, inquiries, issues, or feedback.

• Market the Services.

• Detect and prevent malicious, deceptive, fraudulent, or illegal activity.

• Detect and prevent security incidents.

• Enforce our policies and agreements.

• Debug, identify, and fix errors that impair the Services.

• Comply with legal or regulatory obligations.

• Establish or exercise our rights.

• Defend against legal claims.

• Manage our relationships.

• Other purposes with your consent.

The sections above describe our main purposes in collecting your data, but often we have multiple purposes.

To the extent we store and use deidentified personal information, we will not attempt to reidentify the information, except to test our deidentification methods. If we share deidentified data, we will obligate the recipient not to attempt to reidentify the data.

How We Share Data

In addition to the specific situations discussed elsewhere in this Notice, we may share personal information in the following situations:

Affiliates and Acquisitions. We may share data with our affiliates. If a company acquires or enters negotiations to acquire our company, business, or assets, we may share data with that company.

Other Disclosures without Your Consent. We may share data to cooperate with law enforcement, participate in a legal process, or for legal compliance. We may share your data to establish or exercise our rights, to defend against legal claims, to investigate, prevent, or act on possible illegal activities, threats to safety of person or property, or a violation of our policies.

Your Providers. We may share your data with companies you work with in connection with our Services. Depending on how you access the Services, this may include a software partner that provides you access to Lattice or a merchant or customer that uses the Services with you. We share data with these parties as needed to provide and support the Services, process transactions, manage accounts, provide customer support, and meet legal obligations.

Service Providers. We may share your data with service providers who help us run our website, conduct surveys, provide technical support, process payments, fulfill orders, and more.

Professional Services. We may share personal information with our professional service providers, such as auditors or lawyers.

Other Disclosures with Your Consent. We may share your data with third parties when you consent or direct us to.

We do not "sell" your personal information for money.

Categories of Personal Information Disclosed

The following table indicates the categories of personal information we collect and how they are transferred.

Category Disclosed for a Business Purpose Shared for Targeted Advertising Identifiers (name, alias, postal address, unique personal identifier, online identifier, email address, account name) Affiliates; Business partners; Data analytics providers; Internet service providers; Operating systems and platforms; Other service providers; Payment processors and financial institutions; Professional services organizations N/A Government-Issued Identification (Social Security number, driver's license number, state-issued ID number) Affiliates; Professional services organizations N/A Characteristics of Protected Classifications (age, sex, race, ethnicity, physical or mental handicap) Affiliates; Professional services organizations N/A Commercial Information (products or services purchased, obtained, or considered; purchasing or consuming histories or tendencies) Affiliates; Other service providers; Payment processors and financial institutions; Professional services organizations N/A Internet or Electronic Network Activity (browsing history, search history, interaction with websites, apps, or ads) Affiliates; Business partners; Data analytics providers; Internet service providers; Operating systems and platforms; Other service providers; Professional services organizations N/A Professional or Employment-Related Information (e.g., job applicant information) Affiliates; Business partners; Data analytics providers; Internet service providers; Operating systems and platforms; Other service providers; Payment processors and financial institutions; Professional services organizations N/A Non-Public Education Information (as defined in the Family Educational Rights and Privacy Act) Affiliates; Professional services organizations N/A Inferences drawn from any of the above Affiliates; Business partners; Data analytics providers; Other service providers; Professional services organizations N/A Additional Categories described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (signature, physical characteristics or description, insurance policy number) Affiliates; Payment processors and financial institutions; Professional services organizations N/A

Your Choices

Some jurisdictions provide you with the following rights regarding your personal information:

Access. You may request access to your personal information or confirmation that we have data about you. In certain limited cases, you may ask to receive access to your data in a portable, machine-readable form.

Change. Our Services may allow you to change your account profile. If our website does not permit you to update or correct certain information, you can ask us to correct inaccurate or incomplete data by contacting us at the address below. We may keep historical data in our backup files as permitted by law.

Deletion. You may ask us to delete your personal information. If required by law, we will grant such a request, but note that in many cases, we must keep your personal information to comply with legal obligations, resolve disputes, enforce agreements, or for other business purposes.

List of Third-Party Recipients. You may request a list of specific third parties to which we have disclosed personal information. Some jurisdictions also allow you to obtain a list of the categories of third parties to which we have disclosed personal information. You can find that information in the table above under "How We Share Data."

Promotional Emails. You may provide us with your email address to receive newsletters, surveys, offers, or other promotional content, as well as targeted offers from third parties. You can stop receiving such emails by following the unsubscribe instructions at the bottom of those emails. If you choose not to receive such emails, we may still send you service-related communications.

Promotional Mailings. If you do not want to receive offers and/or circulars from us, email us with "NO SNAIL MAIL" in the subject line, and include your name, address, and zip code. Note that our mailings are prepared in advance. We will remove your name from our mailing list after receiving your request, but you may receive mailings that were prepared prior to processing your request.

Not all the rights above are absolute, and they do not apply in all circumstances. We may limit or deny a request where the law permits or requires us to do so. We will not discriminate against individuals who exercise a privacy right.

Submitting Requests

You may exercise the above rights by contacting us via the contact information below. If you disagree with our denial of a request, you may appeal our decision by contacting us with the subject line "Appeal."

We will require you to prove your identity when making most types of requests. We may verify your identity by phone or email. Depending on your request, we will ask for information such as your name, the last item you purchased from us, or the date of your last purchase. We may also ask you to send us a signed declaration confirming your identity.

In some circumstances, you may designate an authorized agent to exercise rights on your behalf. If you are an authorized agent, you must attach a copy of a completed notarized permission which shows that you may act on another's behalf.

How We Protect and Retain Data

No method of internet transmission or electronic storage is fully secure. While we use reasonable efforts to protect personal information, we cannot guarantee its security. If we are required to inform you about a security incident, we will do so electronically, in writing, or by phone, as the law permits.

Some of our websites permit you to create an account. You are responsible for selecting a unique and complex password and keeping it confidential. You are responsible for any access to or use of your account by someone who has obtained your password, whether or not you approved of such access or use. Notify us of unauthorized use of your password or account immediately.

We keep your personal information for only as long as necessary to fulfill the purposes in this Notice unless a longer retention period is required or permitted by law. This includes the purposes of satisfying legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the data. We also weigh the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we obtained the data and whether we can meet those purposes through other means, as well as applicable legal requirements.

Children

The Services are not intended for children under 13 years old, and we do not knowingly collect personal information from children under age 16 without parental consent. Children under 13 should not provide us with their personal information.

Changes to This Privacy Notice

We may change our Notice and privacy practices. Updated notices will be published on our website. If changes are material, the Notice that was in place when you submitted personal information to us will generally govern that data unless you consent to the new Notice. Our Notice shows "effective" and "last updated" dates. The effective date is the date the current version took effect. The last updated date is the date the current version was last substantively changed.

Contact Information

If you have questions, comments, or complaints about our privacy practices, or if you need to access this Notice in a different format due to a disability, please contact us at privacy@latticepay.io. We will try to address your requests and provide you with additional privacy-related information.