We respect your privacy and are committed to protecting your personal data. This Privacy Policy ('Policy') describes how we collect, process, and protect your information and personal data, the security measures we have implemented, and your rights concerning your data.

This Policy applies to the Xpastro app, website, and social media platforms owned by Xpastro (collectively referred to as 'Xpastro,' 'Services,' or 'App').

Your access to and use of Xpastro are governed by this Privacy Policy and our Terms of Use ('Terms'). The Terms apply to definitions used in this Policy and to provisions not explicitly covered herein. We recommend that you review the Terms of Use to understand the definitions, functions, and features of Xpastro.

By accessing or using Xpastro, you agree to the collection and use of your information and personal data in accordance with this Policy. You also confirm that you have reviewed and understood how your information and personal data are processed, including your legal rights. If you do not agree with the Terms or this Privacy Policy, please do not use the Website and/or Services offered by Xpastro.

We may collect the following information and personal data when you access Xpastro or otherwise use the Website and/or Services:

Xpastro is not intended for users under the age of 13. If you are under 13, please do not use or access the App or Website at any time or in any manner. By using the App and Website, you affirm that you are over 13. Parents and guardians are strongly encouraged to notify us if they become aware that a child under 13 is using the app. As stated in this Privacy Policy and our Terms, we do not knowingly collect information from children under 13 in compliance with the Children's Online Privacy Protection Act ('COPPA').

We will not sell, trade, or otherwise transfer your personal data to third parties for commercial purposes. Your data may be shared for the following reasons:

• Mobile App Stores: We use Google and Apple services (depending on your download platform) for app distribution, login, and updates. Transfers to these providers comply with GDPR data transfer rules and measures.

• IT, Hosting, and Analytics Service Providers: We may share your personal information with trusted third-party service providers who assist us in delivering and improving our Services, including providers of cloud infrastructure, analytics, and app performance tools (e.g., Google Cloud, Firebase for storage and backend support; Appsflyer for analytics). These providers process data on our behalf under applicable data protection laws and contractual safeguards.

• Legal, Tax, and Financial Consultants: We may share your data with professional advisors for legal, tax, or financial consulting related to our operations, conducted in compliance with the GDPR and limited to what is necessary.

• Public Authorities: We may disclose your personal data to legally authorized public institutions and government authorities when required by applicable laws, regulations, or administrative or judicial orders.

We are committed to storing your personal data securely and in compliance with applicable laws and regulations.

We take the security of your personal data seriously and implement measures aligned with the General Data Protection Regulation (GDPR). Our key principles include:

• Safety Measures: Personal data is processed internally only by authorized personnel in a non-public manner. We implement verification and confidentiality measures, particularly for special categories of data, where applicable.

• Access Controls: Strict controls limit data access to authorized personnel on a need-to-know basis.

• Regular Security Audits: We conduct regular audits to identify and address potential vulnerabilities.

• Data Minimization: We collect and retain only the personal data necessary for specified purposes.

• Incident Response Plan: We maintain a plan to promptly address potential data breaches or security incidents.

While we strive to maintain a secure digital environment, no system can be fully secure. We encourage users to take precautions, such as using antivirus software, secure firewalls, safe Wi-Fi connections, and keeping their devices secure and updated.

If you suspect a data breach or security incident, please inform HubX immediately. We will investigate and take necessary measures to mitigate risks. Your security and privacy are our top priorities, and we are committed to maintaining high standards of data protection as required by law.

We reserve the right to transfer information to a third party in the event of a sale, merger, or other transfer of all or substantially all of the assets of Xpastro or any of its Corporate Affiliates. 'Corporate Affiliate' means any entity that directly or indirectly controls, is controlled by, or is under common control with Xpastro, by ownership or otherwise. Any information shared with our Corporate Affiliates will be handled in accordance with this Privacy Policy.

The General Data Protection Regulation (GDPR) establishes a framework for personal data protection within the European Union and European Economic Area. As a data subject, you have the following rights regarding your personal data:

• Right to Access: To obtain confirmation and a copy of your personal data being processed.

• Right to Rectification: To request correction of inaccurate or incomplete data.

• Right to Erasure: To request deletion of your personal data under certain conditions.

• Right to Restrict Processing: To request limitation of how your data is processed in specific situations.

• Right to Data Portability: To receive your data in a structured, machine-readable format and transmit it to another controller.

• Right to Object: To object to the processing of your personal data, particularly for direct marketing.

• Rights Related to Automated Decision-Making: Not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects, unless exceptions apply.

To exercise these rights, please send a clear email or petition specifying the right you wish to exercise, along with your name and accurate contact details. We will respond within the legally required timeframe.

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, legal obligations, or operational needs. We encourage you to review this policy periodically. The revision date is stated at the beginning of the policy. Updates take effect immediately upon posting. If you disagree with any amendments, you should discontinue using the app. Continued use after updates constitutes acceptance of the revised policy.

This Privacy Policy constitutes the entire understanding between you and us regarding the collection, use, and protection of your personal data. If you have any questions or concerns about this policy or our data practices, please contact us at:

HubX Yazılım Hizmetleri Anonim Şirketi

Çınarlı Mahallesi, Ankara Asfaltı Caddesi, No:15 Kat:41 D:411 Konak / İzmir

legal@hubx.co

Last Update: May 2025