PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

‍

[Last Modified: September 16, 2025]

Applicability

This CCPA Notice is an integral part of Mate Security Ltd. (Collectively with its affiliates and subsidiaries shall be referred to as "Company", "we", "us" or "our") Privacy Policy, and applies to California residents' Personal Information, which we collect directly or indirectly while in our role as a Business operating our website. The California Consumer Privacy Act of 2018 together with any other applicable California privacy-related laws ("CCPA"), may apply to visitors of our website, and others who are California residents ("consumers" or "you") visiting and using our website ("website") or using any of our services where and to the extent the CCPA applies. Any terms defined in the CCPA shall have the same meaning when used in this CCPA Privacy Notice.

This CCPA notice does not pertain to Personal Data relating to our employees, contractors and other staff as part of their employment or engagement with us.

PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES:

Categories Of Personal Information

We collect Personal Information which is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed in the table below. Personal Information further includes Sensitive Personal Information ("SPI").

Personal Information does not include: publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; De-identified or aggregated consumer information; Information excluded from the CCPA's or CPRA's scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver's Privacy Protection Act of 1994.

Furthermore, we do not process or use any Sensitive Data of any of our website's visitors and users, to the extent such a term is defined under the CCPA.

Please see below a table detailing the categories of Personal Information that we collect (and has collected within the last 12 months) as a Business from visitors and users of our website:

The table below details the processing of Personal Data, the purpose, lawful basis, and processing operations:

Category	Examples of Personal Information	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.	Yes. As part of our communications with you as a visitor of our website, or through our customer service to any of our services, we may collect basic contact information including online identifier, IP address, full name, and business email address. We may use your contact info, subject to applicable law, to send you promotional emails and marketing content via email or SMS. You may withdraw consent at any time through the "unsubscribe" link within any email sent to you or by contacting us directly.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	Yes. As part of providing, you with the use of our Product, we may collect some information including your full name, telephone number, etc. Other details may overlap and already included under category A above. Note that Customers End-Users' (as such terms are defined under the Privacy Policy) data may be processed in our Product by the Customers in their capacity as the legal owners (Business) of such data.
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	No.
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Yes. Payment data (through third party clearance services) when you purchase our services, which, and to the extent applicable, may relate to an individual within your organization.
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	No.
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	Yes. We may collect security and other technical information on your interaction with our website and services, or advertisements included therein.
G. Geolocation data.	Physical location, approximate location derived from IP address or movements.	Yes. We may collect your approximate location from IP address when accessing the website.
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	No.
I. Professional or employment-related information.	Current or past job history or performance evaluations.	No.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No.
K. Inferences drawn from other personal information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	No.
L. Sensitive personal information.	Government-issued identifying numbers, financial account details, genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, mail, email, text messages, biometric data, health data, and sexual orientation or sex life.	No.

Disclosures Of Personal Information for a Business Purpose

We may disclose your Personal Information to a contractor or service provider for our business purposes. When we disclose Personal Information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except fulfilling the contract. In the preceding twelve (12) months, we disclosed the following categories of Personal Information for a business purpose:

#	Category (corresponding with the table above)	Category of Recipient	Business Purpose
1	Category A Category B Category D Category F Category G	Cloud computing and storage vendors.	Storage, hosting.
2		Government entities/Law enforcement.	Subject to a law requirement, such as tax authorities.
3		Operating systems.	Operating the website.
4	Category A Category B Category D	Clearance and Payment processors.	Paying for our services.
5	Category A Category B Category D	External AI/ML Models	We use external AI/ML models to provide our services.
6	Category A Category F Category G	Data analysis providers.	Providing analytic data on the use of our website.
7	Category A Category B Category F Category G	Marketing & promotions providers, CRM providers, social networks, advertising networks.	Marketing, ad delivery, etc.
8	Category A Category F	Security service providers.	Debugging, security, fraud prevention.

How We Collect Personal Informatio

We collect the categories of Personal Information detailed above, in the following ways:

Directly from you: For example, from forms you complete, when you contact us, file an application, etc.
Indirectly from activity on the website or usage of the services: For example, we collect your usage data automatically from measurement tools.
Indirectly from you: We track your activities across the internet related to engagement with our campaigns, for example, when you view or interact with certain content, web page or ad.

Use Of Personal Information

We may use, or disclose the Personal Information we collect for one or more of the following business purposes:

To fulfill or meet the reason you provided Personal Information. For example, if you are a customer of our services, or when you contact us with an inquiry and share your name and contact information, we will use that Personal Information to respond to your inquiry, as well as for support, etc.;
For security and fraud detection purposes, monitoring and to maintain the safety, security, and integrity of our website;
To improve our services, which includes but not limited to, analyze which types of ads should be provided as part of the website; analyzing your use of the website;
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
As described to you when collecting your Personal Information or as otherwise set forth in the Privacy Policy.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you a notice.

Sale Of Personal Information

In the preceding twelve (12) months, we do not "sell" information as most people would commonly understand that term, we do not, and will not, disclose your Personal Information in direct exchange for money or some other form of actual payment. We may "share" Personal Information for "interest-based advertising" or "cross-context behavioral advertising". The CCPA defines "sharing" as "communicating orally, in writing, or by electronic or other means, a consumer's Personal Information" to "a third party for cross-context behavioral advertising, whether or not for money or other valuable consideration". In other words, we may share your Personal Information with a third party to help serve personalized content or ads that may be more relevant to your interests, and to perform other advertising-related services such as enabling our partners to serve such personalized content.

In the preceding twelve (12) months, we "sell" or "share" the following categories of Personal Information for a business purpose:

Category (corresponding with the table above)	Category Recipient	Purpose of Sale or Share
Category A Category F Category G	Ad-network and advertising partners.	Sale/Share for cross-context behavioral advertising.

Data Retention

In general, we retain the Personal Information we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to optout, where applicable.

The retention periods are determined according to the following criteria:

For as long as it remains necessary in order to achieve the purpose for which the Personal Information was initially processed. For example, if you contacted us, we would retain your contact information at least until we address your inquiry.
To comply with our regulatory obligations. For example, transactional data will usually be retained for seven years as of termination of engagement (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes.
To resolve a claim, we might have a dispute with you, including any legal proceeding between us, until such dispute is resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.

Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice of our intention to do so.

Further, retention periods of Customer End-Users' data are set by the Customers as the legal owners of such data, per their business needs, legal obligations and other consideration upon their sole discretion.

Amendments

As required under the CCPA, we will update this Privacy Notice every 12 months. The last revision date will be reflected in the "Last Modified" heading located at the header of the Privacy Notice.

Children Under Age 16

We do not knowingly collect information from children under the age of 16.

PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPA and how to exercise them

Users' Rights

If you are a California resident, you may exercise certain privacy rights related to your Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law. We may limit our response to your exercise of these privacy rights as permitted under applicable law, all as detailed herein and in the Data Subject Request Form available HERE.

California Privacy Right	Details
The right to know what Personal Information the business has collected.	The right to know what Personal Information the business has collected about the consumer, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the consumer.
Deletion rights.	The right to delete Personal Information that the business has collected from the consumer, subject to certain exceptions.
Correct inaccurate information	The right to correct inaccurate Personal Information that a business maintains about a consumer.
Opt-Out of sharing for cross-contextual behavioral advertising	You have the right to opt-out of the "sharing" of your Personal Information for "cross-contextual behavioral advertising", often referred to as "interest-based advertising" or "targeted advertising".
Opt-out from selling	the right to opt-out of the sale or sharing of Personal Information by the business.
Limit the Use or Disclosure of SPI	Under certain circumstances, If the business uses or discloses SPI, the right to limit the use or disclosure of SPI by the business.
Opt-out of the use of automated decision making	In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your Personal Information.
Non-discrimination	The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee's, applicants, or independent contractor's right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Information.
Data portability	You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format.

To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.

How Can You Exercise the Rights?

We provide option to opt out of Sharing for Cross-Contextual Behavioral Advertising or Selling Personal Information by using the following opt-out options:

Use the "Do Not Sell or Share My Information" or "Reject All" option through the cookie setting tool available on our Site.

To opt out from cross contextual ads you can further use these links:
Network Advertising Initiative's ("NAI") HERE;
Digital Advertising Alliance's ("DAA") HERE Or the European Interactive Digital
Advertising Alliance ("EDAA") HERE;
California and Colorado residents that wish to opt-out from having your data used for interest-based advertising, you may exercise your right here: https://optout.privacyrights.info/.
We also honor the Global Privacy Control

Other rights may be exercised by using the Data Subject Request Form HERE and sending it to us by email at: privacy@matesecurity.io. The instructions for submission, the general description of the process, verification requirements, when applicable, including any information the consumer or employee must provide are all detailed therein.

Authorized Agents

"Authorized Agents" may submit opt out requests on a consumer's behalf. If you have elected to use an authorized agent, or if you were an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer. Usually, we will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent's state of residence, provided that the third party successfully completes the following qualification procedures:

When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require that the consumer does the following:
Provide the authorized agent signed permission to do so or power of attorney.
Verify their own identity directly with the business.
Directly confirm with the business that they provided the authorized agent permission to submit the request.
A business may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.

Notice Of Financial Incentive

We do not offer financial incentives to consumers for providing Personal Information.

PART III: OTHER CALIFORNIA OBLIGATIONS

Direct Marketing Requests:

California Civil Code Section 1798.83 permits you, if you are a California resident, to request certain information regarding disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please use the Data Subject Request Form available HERE.

Do Not Track Settings:

Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the "Do Not Track" settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us. Please note that, though we do not respond to DNT signals, we do honor Global Privacy Control (GPC) signals as detailed above.

California's "Shine the Light" law (Civil Code Section § 1798.83):

Permits employees that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us the Data Subject Request Form available HERE.

CONTACT US:

By email: privacy@matesecurity.io.
By Mail: Karo Yosef 15, Tel Aviv, Israel.