Privacy Policy

1.1. Information You Provide Directly: • Account information (name, email address, phone number, organization name) • Profile information (farm location, crop types, land area) • Payment information (processed through secure third-party payment processors) • Communications with us (support tickets, feedback, inquiries) • User-generated content (photos of crops, soil samples, field notes) 1.2. Information Collected Automatically: • Device information (device type, operating system, browser type) • Log data (IP address, access times, pages viewed, referring URL) • Location data (GPS coordinates when you use AgriMap features, with your consent) • Usage data (features used, queries made to Đom Đóm AI, interactions with the platform) 1.3. Information from Third Parties: • Weather data from meteorological services • Satellite imagery from authorized providers • Market price data from agricultural exchanges and government sources • Publicly available agricultural research data

We use your information for the following purposes: 2.1. Service Delivery: • Provide, operate, and maintain our Services • Personalize your experience and deliver relevant recommendations • Process transactions and send related information • Respond to your comments, questions, and support requests 2.2. Service Improvement: • Analyze usage patterns to improve our Services • Develop new features and functionality • Train and improve our AI models using anonymized, aggregated data • Conduct research and analytics on agricultural trends 2.3. Communications: • Send technical notices, updates, and security alerts • Provide information about products, services, and events • Send marketing communications (with your consent) 2.4. Legal and Safety: • Comply with legal obligations • Protect against fraudulent, unauthorized, or illegal activity • Enforce our Terms of Service and other agreements

3.1. We Do NOT Sell Your Personal Data. 3.2. We may share your information with: Service Providers: Third-party vendors who assist us in providing the Services (cloud hosting, payment processing, analytics, customer support). Business Partners: Agricultural cooperatives, government agencies, and research institutions (only with your explicit consent and for specific, disclosed purposes). Aggregated Data: We may share anonymized, aggregated data with partners, researchers, and the public. This data cannot be used to identify you personally. 3.3. Legal Disclosures: We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others. 3.4. Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

4.1. Security Measures: We implement industry-standard security measures to protect your data, including: • Encryption of data in transit (TLS/SSL) and at rest (AES-256) • Regular security assessments and penetration testing • Access controls and authentication mechanisms • Secure data centers with physical security measures • Employee training on data protection practices 4.2. Data Breach Response: In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable laws within 72 hours of becoming aware of the breach. 4.3. Your Responsibility: You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

5.1. Retention Periods: • Account data: Retained while your account is active and for 3 years after deletion • Transaction records: Retained for 7 years for tax and legal compliance • Usage data: Retained for 2 years for analytics purposes • AI training data: Anonymized data may be retained indefinitely 5.2. Deletion: You may request deletion of your personal data at any time. Upon request, we will delete your data within 30 days, except where retention is required by law or for legitimate business purposes.

Depending on your location, you may have the following rights: 6.1. Access: Request a copy of the personal data we hold about you. 6.2. Correction: Request correction of inaccurate or incomplete data. 6.3. Deletion: Request deletion of your personal data. 6.4. Portability: Request your data in a structured, machine-readable format. 6.5. Objection: Object to processing of your data for certain purposes. 6.6. Withdrawal of Consent: Withdraw consent where processing is based on consent. 6.7. To exercise these rights, contact us at privacy@vinimex.tech. We will respond within 30 days.

7.1. Types of Cookies We Use: • Essential cookies: Required for the operation of our Services • Analytics cookies: Help us understand how you use our Services • Preference cookies: Remember your settings and preferences • Marketing cookies: Used to deliver relevant advertisements (with consent) 7.2. Cookie Management: You can manage your cookie preferences through your browser settings or through our cookie consent banner. Note that disabling certain cookies may affect the functionality of our Services. 7.3. Do Not Track: We currently do not respond to "Do Not Track" signals as there is no industry standard for this technology.

8.1. Data Location: Your data is primarily stored on servers located in Vietnam and Singapore. 8.2. Cross-Border Transfers: When we transfer data outside of Vietnam, we ensure appropriate safeguards are in place, including: • Standard contractual clauses approved by relevant authorities • Adequacy decisions where applicable • Your explicit consent for specific transfers 8.3. GDPR Compliance: For users in the European Economic Area, we comply with the General Data Protection Regulation (GDPR) requirements for data transfers.

Our Services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@vinimex.tech.

10.1. Farm and Crop Data: Agricultural data you provide (crop types, yields, farming practices) is treated with the same level of protection as personal data. 10.2. AI Processing: Data submitted to Đom Đóm AI may be processed by machine learning models. We ensure: • No personally identifiable information is used in model training without anonymization • Agricultural insights derived from your data are not shared with competitors • You retain ownership of your farm-specific data and insights 10.3. Data Aggregation: We may aggregate your agricultural data with data from other users to provide regional insights, market trends, and research findings. Such aggregated data will be anonymized and cannot be traced back to you.

Our Services may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

We may update this Privacy Policy from time to time. We will notify you of any material changes by: • Posting the new Privacy Policy on this page • Updating the "Last Updated" date • Sending you an email notification (for significant changes) Your continued use of the Services after any changes constitutes acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Vinimex AI Lab - Data Protection Officer Email: privacy@vinimex.tech Address: District 7, Ho Chi Minh City, Vietnam Phone: +84 123 456 789 For GDPR-related inquiries from the EU: EU Representative: [To be appointed] Email: gdpr@vinimex.tech