Privacy Policy

When you use Glomatech, we may collect the following types of information: Information you provide: • Account information: name, email, phone number, password • Business information: company name, address, industry, company size • Content you create: RFQs, quotes, messages, supplier reviews • Verification documents: business registration, quality certifications Information collected automatically: • Usage data: pages visited, searches performed, time and frequency of access • Device data: device type, operating system, browser, IP address • Cookies and session data (see our Cookie Policy for details)

We use the information we collect to: • Provide and improve services: process registrations, connect Buyers and Suppliers, deliver relevant search results • Personalize your experience: recommend suppliers based on your search history, AI-powered matching • Communicate with you: send important account notifications, RFQ updates, and service announcements • Ensure security: detect and prevent fraud, abuse, and suspicious activity • Analytics: understand how users interact with the platform to improve our product • Legal compliance: fulfill legal obligations and resolve disputes

Glomatech does not sell your personal information. We may share information in the following circumstances: With authorized service providers: • Technical service providers (cloud hosting, data analytics, email delivery) • All providers sign a Data Processing Agreement (DPA) With other platform users: • Supplier public profile information is visible to Buyers • RFQ content is shared with the Suppliers you contact When required by law: • In response to valid legal requests from authorities • To protect the legitimate legal interests of Glomatech

We use cookies and similar technologies for: Essential cookies: Maintain login sessions, account security. Cannot be disabled. Performance cookies: Analyze how users interact with the platform (Vercel Analytics). Can be disabled in browser settings. Functional cookies: Save preferences such as language, theme, and layout. Can be disabled but may affect your experience. Marketing cookies: Display relevant content on external platforms. Can be opted out in your account settings. For full details, see our Cookie Policy.

In compliance with applicable data protection laws (including PDPA and GDPR where applicable), you have the following rights: • Right of access: Request to view all personal data we hold about you • Right to rectification: Request correction of inaccurate information • Right to erasure: Request deletion of your personal data ("right to be forgotten") • Right to restriction: Request that we pause processing while a complaint is resolved • Right to data portability: Receive your data in a machine-readable format (JSON, CSV) • Right to object: Opt out of certain types of data processing To exercise any of these rights, contact us at: privacy@glomatech.com

Glomatech applies appropriate technical and organizational security measures: Technical measures: • Data in transit: TLS 1.3 encryption • Data at rest: AES-256 encryption • Two-factor authentication (2FA) for admin accounts • Regular security audits and penetration testing • 24/7 anomaly monitoring Organizational measures: • Staff training on data security • Principle of Least Privilege for data access • Documented incident response procedures No system is completely secure. In the event of a breach affecting your data, we will notify you within 72 hours.

Data retention periods: • Active account data: Retained for the lifetime of your account • Data after account deletion: 30 days (for recovery if needed), then permanently deleted • Transaction and RFQ records: 7 years (as required by accounting regulations) • System logs: 90 days • Anonymized analytics data: Indefinitely Storage locations: • Primary data is stored in Singapore (AWS ap-southeast-1) • Backups in Japan (AWS ap-northeast-1)

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. For material changes, we will: • Send an email notification to your registered address at least 30 days before the changes take effect • Display a notice banner on the platform • Update the "Last Updated" date at the top of this page Continued use of the platform after a policy update takes effect constitutes your acceptance of the new terms.

If you have questions or complaints about how we handle your personal data, please contact our Data Protection Officer (DPO): Data Protection Officer — Glomatech Email: privacy@glomatech.com Address: Ho Chi Minh City, Vietnam Phone: +84 28 1234 5678 We are committed to responding to all requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.