Welcome to the online service of Digital DNA Technologies, Inc. (“Company,” “we,” or “us”). This Privacy Policy (the “Policy”) explains how we collect, use, disclose, and protect information about any individual (“you”) who visits or uses our website or any other websites, subdomains, software, and services owned or controlled by Company, or accessible through our web site (collectively, the “Company Services”). The Policy also describes your choices about collecting and using your personal information. By “personal information,” we mean information that directly identifies you. This Policy may describe our practices with respect to other types of information that do not constitute personal information, and we may treat such information as personal information at our discretion. Still, we do not promise to do so. The Policy is part of our Terms of Service.

Click on the links below to jump to each section:

• 1. Information We Collect

• 2. Information Third Parties Collect

• 3. How We Use Personal Information

• 4. Sharing of Your Information

• 5. How We Store and Protect Your Information

• 6. Your Choices

• 7. Children’s Privacy

• 8. Links to Other Websites and Services

• 9. How to Contact Us

• 10. Changes to Our Privacy Policy

• 
  

INFORMATION WE COLLECT

Capitalized terms not defined in this Privacy Policy have the meaning given in our Terms of Service. We collect the following types of information about you:

• Information you provide us directly: We ask for certain information such as your username, first and last name, phone number, and e-mail address when you register for a Company account or correspond with us. We may also retain any messages you send through the Company Services.

• Your Information: We collect the information you upload or transmit in connection with the Company Services and any personal data contained in the Information.

• Information we may receive from third parties: We may receive information about you from third parties. For example, if a third party invites you to collaborate through our system, they will be asked to provide us with your email address.

• Analytics information: We may directly collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Company Services. These tools collect information from your browser or mobile device, including the pages and parts of the Company Services you visit or use and other information. We also may collect and use analytics data from your Information.

• Cookie information: When you visit the Service, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets the Company help you log in faster and enhance your navigation through the Company Services. A cookie may also convey information to us about how you use the Company Services (e.g., the pages you view, the links you click, and other actions you take on the Company Services) and allow us or our business partners to track your usage of the Company Services over time. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You may be able to reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Company Services may not function properly if the ability to accept cookies is disabled.

• Log file information: Log file information is automatically reported by your browser or mobile device each time you access the Company Services. When you use the Company Services, our servers automatically record certain log file information. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Company Services, domain names, landing pages, pages viewed, and other such information.

• Clear gifs/web beacon information: When you use the Company Services, we may employ clear gifs (also known as web beacons) to track our users' online usage patterns. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients.

• Device identifiers: When you access the Company Services by or through a mobile device (including but not limited to smartphones or tablets), we may access, collect, monitor, and/or remotely store one or more “device identifiers,” such as a universally unique identifier (“UUID”). Device identifiers are small data files or similar data structures stored on or associated with your mobile device, uniquely identifying your mobile device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by Company. A device identifier may convey information about browsing and using the Company Services. A device identifier may remain persistently on your device to help you log in faster and enhance your navigation through the Company Services. Some features of the Company Services may not function properly if the use or availability of device identifiers is impaired or disabled.

• Location data: When you access the Company Services, we may access, collect, monitor, and/or remotely store “location data,” which may include GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your device. Location data may convey information about browsing and using the Company Services. Some features of the Company Services, particularly location-based services, may not function properly if the use or availability of location data is impaired or disabled.

• 
  

INFORMATION THIRD PARTIES COLLECT

Third parties may obtain information about you or your computer or device when you visit or use the Company Services. These third parties may include:

·       Sub-processors and Technical Infrastructure: To protect the security and integrity of our proprietary technical architecture—a core component of our Intellectual Property—we do not publicly disclose the specific identities of our third-party sub-processors.

However, in compliance with SOC 2, ISO 27001, and GDPR, we maintain a controlled Sub-processor List. Access to this list is restricted to current customers with a legitimate business need and is subject to the following 'High Hurdle' verification process:

1. Verification: A written request must be submitted to support@rocketforensics.com from an authorized account administrator.

2. Confidentiality: Access is contingent upon the execution of a formal Non-Disclosure Agreement (NDA) or equivalent confidentiality terms within a signed Data Processing Agreement (DPA).

3. Vetting: All sub-processors listed have undergone a rigorous security assessment by our internal compliance team to ensure their data protection standards align with our own.

4. 
   

HOW WE USE PERSONAL INFORMATION

We process your personal information based on the following legal grounds:

• Performance of a Contract: To provide the Company Services, maintain your account, and process payments.

• Legitimate Interests: For data analytics, service improvement, and securing our platform.

• Legal Obligation: To comply with tax, regulatory, or law enforcement requirements.

• Consent: For marketing communications and special offers, which you may withdraw at any time.

In addition to the purposes noted above, we also may use the information from cookies, log files, device identifiers, location data, and clear gifs information to:

• remember information so that you will not have to re-enter it during your visit or the next time you visit the Company Services;

• provide custom, personalized content and information;

• to provide and monitor the effectiveness of the Company Services;

• monitor aggregate metrics such as the total number of visitors, traffic, and demographic patterns;

• diagnose or fix technology problems;

• help you efficiently access your information after you sign in;

• to provide advertising to your browser or device, and

• automatically update the Company application on your mobile devices.

• 
  

SHARING OF YOUR INFORMATION

We will not rent or sell your personal information to third parties outside Company and its group companies (including any parent, subsidiaries, and affiliates) without your consent, except as noted below:

• Whom you may choose to share your Information with As controlled by any applicable privacy or permission settings, any Information that you upload or transmit in connection with the Company Services will be available to (i) all internal Users associated with you or with your User Account or Administrator Account; (ii) any external Users you invite to join or view the matter(s) associated with the Information (“Invited Users”); (iii) the individual users included as part of the Invited User’s account. Subject to your profile, permission, and privacy settings, any Information you make public is searchable by other Users and subject to use under our Company API. Any party that uses the Company API is subject to the Terms of Use and incorporates the terms of this Privacy Policy. Suppose you remove Information from the Company Services. In that case, copies may remain viewable in cached and archived pages of the Company Services or if other Users have copied or saved that Information.

• What happens in the event of a change of control: We may buy or sell/divest/transfer the Company (including any shares in the Company) or any combination of its products, services, assets, and/or businesses. Your personal information and Information may be among the items sold or otherwise transferred in these transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions, or proceedings involving all or a portion of the Company.

• Instances where we are required to share your information: Company will disclose your information where required to do so by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Use or to protect the security or integrity of the Company Services; and/or (c) to exercise or protect the rights, property, or personal safety of Company, our Users or others.

·       Sharing certain service-type information we collect about you: We may share specific service-type details, including information obtained through tools such as cookies, log files, device identifiers, location data, and clear gifs (such as anonymous usage data, referring/exit pages, and URLs, platform types, number of clicks, etc.): (i) with our third-party service providers or business partners for the purposes described in the section above on “How We Use Personal Information.”

·       Data Ownership and Intellectual Property: While you retain all ownership rights to the raw 'Information' you upload, Digital DNA Technologies, Inc. retains exclusive ownership of all Derived Data. Derived Data includes any de-identified, aggregated insights, statistical patterns, or 'Digital DNA' profiles generated by our proprietary algorithms through your use of the Service. You grant the Company a perpetual, irrevocable license to use, reproduce, and commercialize such Derived Data to improve our Services, develop new technologies, and protect the security of our systems. This Derived Data is the sole Intellectual Property of the Company.

·       Ads on Company Services: We may also share certain information such as your location, browser, cookie data, and other data relating to your use of the Company Services with our business partners to deliver advertisements (“ads”) that may interest you. The company may allow third-party ad servers or networks to serve advertisements on the Company Services. These third-party ad servers or ad networks use technology to send the ads and ad links that appear on the Company Services directly to your browser or mobile device. They will automatically receive your IP address and other information about your computer or device when they do so. They may also use other technologies (such as cookies, JavaScript, device identifiers, location data, and clear gifs, see above) to compile information about your browser’s or device’s visits and usage patterns on the Company Services and to measure the effectiveness of their ads and to personalize the advertising content. The company does not sell, rent, or share the personal information we collect directly from you with these third-party ad servers or ad networks for such parties’ marketing purposes.

Please note that an advertiser may ask Company to show an ad to a specific audience of Users (e.g., based on demographics or other interests). In that situation, Company determines the target audience, and Company serves the advertising to that audience, and only provides anonymous aggregated data to the advertiser. If you respond to such an ad, the advertiser or ad server may conclude that you fit the description of the audience they are trying to reach.

The Policy does not apply to, and we cannot control, the activities of third-party advertisers. Please consult the respective privacy policies of such advertisers or contact such advertisers for more information.

HOW WE STORE AND PROTECT YOUR INFORMATION

• Storage and Processing: Your personal information may be stored and processed in the United States or any other country where Company or its subsidiaries, affiliates, or service providers maintain facilities. The company may transfer information we collect about you, including personal information, to affiliated entities or other third parties across borders and from your country or jurisdiction to other countries or jurisdictions worldwide. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as yours. You consent to the transfer of information to the U.S. or any other country where the Company or its parent, subsidiaries, affiliates, or service providers maintain facilities and the use and disclosure of information about you as described in this Privacy Policy.

• Security and Breach Notification: We maintain a comprehensive Information Security Management System (ISMS) aligned with SOC 2 and ISO 27001 standards. This includes technical controls such as AES-256 encryption at rest, TLS 1.2+ encryption in transit, and strict Multi-Factor Authentication (MFA) for administrative access. While no system is impenetrable, we conduct regular vulnerability scans and third-party audits to ensure data integrity. In the event of a security breach involving personal data, we will notify the appropriate regulatory authorities and affected individuals within 72 hours of confirmation, in accordance with GDPR requirements.

• Compromise of information: If any personal information under our control is compromised due to a security breach, the Company will take reasonable steps to investigate the situation and, where applicable law, notify you or the individuals whose personal information may have been compromised. You consent to electronic notices, such as by email or any security breach.

• 
  

YOUR CHOICES

·       Depending on your location, you have the following rights regarding your personal information:

• Right of Access: Request a copy of the data we hold about you.

• Right to Erasure: Request that we delete your personal information ('Right to be Forgotten').

• Right to Portability: Request a transfer of your data to another service provider.

• Right to Restriction/Objection: Object to or restrict certain processing activities, such as profiling or direct marketing.

To exercise these rights, contact us at support@rocketforensics.com.

• Opting out of the collection of your information for Tracking: Please refer to your mobile device or browser’s technical information for instructions on deleting and disabling cookies and other tracking/recording tools. However, we do not promise that these efforts will be practical. Note that disabling cookies and/or other tracking tools prevents Company or its service providers or business partners from tracking your browser’s activities in relation to the Company Services. Doing so may turn off many of the features available through the Company Services. If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly at support@rocketforensics.com.

• Do not track: While we want to honor your privacy as described in this Policy, unfortunately, the Company Services do not monitor for or behave differently if your computer or browser transmits a “do not track” or similar message to us or the Company Services.

• How long we keep your User Content: We retain personal information only as long as necessary to fulfill the purposes outlined in this Policy. Specifically:

·       Account Data: Retained for the duration of your active account plus 3 years for audit and legal purposes.

·       Financial Records: Retained for 7 years to meet legal tax and accounting obligations.

·       Backups: Retained for a maximum of 90 days before permanent deletion.

CHILDREN’S PRIVACY

The company does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register as Users. The Company Services are not directed at children under the age of 13. If we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe we have any information from or about a child under 13, please get in touch with us at support@rocketforensics.com.

LINKS TO OTHER WEBSITES AND SERVICES

We are not responsible for the practices employed by websites or services linked to or from the Company Services, including the information or content contained therein. Please remember that when you use a link from the Company Services to another website, this Policy does not apply to third-party websites or services. Your browsing and interaction on any third-party website or service, including those with a link or advertisement on our website, are subject to that third party’s rules and policies. In addition, you agree that we are not responsible for and have no control over any third parties you authorize to access your Information. If you use a third-party website or service (like Facebook) and allow such a third-party access to your Information, you do so at your own risk. This Policy does not apply to information we collect by other means (including offline) or from other sources other than through the Company Services.

HOW TO CONTACT US

If you have any questions about this Policy or the Company Services, please contact us at support@rocketforensics.com.

CHANGES TO OUR PRIVACY POLICY

The company may modify or update this Policy from time to time to reflect the changes in our business and practices, so you should review this page periodically. When we materially change the Policy, we will let you know and update the ‘last modified’ date at the bottom of this page.