All information, materials, tools, analyses, outputs, reports, and other content made available on or through the SurgeIR website, platform, documentation, APIs, dashboards, communications, or any other channels operated by SurgeIR (collectively, the “Content”) are provided for general informational and analytical purposes only.

The website, platform and services are intended exclusively for professional users acting in the course of a business or profession.

The Content does not constitute legal, regulatory, financial, compliance, investment, or other professional advice, nor should it be relied upon as such. SurgeIR is not licensed or regulated as a financial advisor, investment advisor, legal advisor, or other regulated professional services provider, unless expressly stated otherwise. Any insights, risk indicators, alerts, classifications, or analytical outputs generated by SurgeIR are intended to support internal assessment and decision-making processes only. Outputs generated by automated systems, algorithms, or analytical models may contain errors, inaccuracies, biases, or limitations and do not replace independent human judgement. Users remain solely responsible for independently evaluating the Content and for obtaining appropriate professional advice where required.

While SurgeIR endeavors to ensure that the Content is prepared with due care and reflects current methodologies, models, and data sources, the Content may be incomplete, contain inaccuracies, or become outdated over time. Analytical results may be influenced by data quality, model assumptions, third-party inputs, and technical limitations. To the maximum extent permitted by applicable law, SurgeIR makes no warranties or representations, whether express or implied, regarding the accuracy, completeness, reliability, availability, or fitness for a particular purpose of the Content or the services.

Access to and use of the SurgeIR website, platform, and services is entirely at the user’s own risk. SurgeIR does not guarantee uninterrupted availability, error-free operation, or the absence of defects, vulnerabilities, or delays. All services are provided on an “as is” and “as available” basis, unless explicitly agreed otherwise in writing. This disclaimer does not replace, amend, or override any binding agreement concluded between SurgeIR and its customers, including any master services agreement, platform agreement, or terms and conditions.

SurgeIR may rely on, process, or reference data, signals, or information obtained from third-party sources. SurgeIR does not control, endorse, or assume responsibility for the accuracy, legality, or reliability of such third-party information. SurgeIR is not responsible for decisions, actions, or omissions taken by users or third parties based on the Content or services.

To the fullest extent permitted by law, SurgeIR shall not be liable for any indirect, incidental, consequential, special, exemplary, or punitive damages, including but not limited to loss of profits, revenue, business opportunities, data, goodwill, or reputational harm, arising out of or in connection with the use of the website, platform, services, or Content, regardless of the legal basis of the claim.

Without prejudice to the foregoing, SurgeIR’s total aggregate liability, to the extent liability cannot be excluded, shall in all cases be limited to the fees actually paid by the relevant customer to SurgeIR in the six (6) months preceding the event giving rise to the claim. If no fees have been paid, SurgeIR’s aggregate liability shall be limited to EUR 1,000. Nothing in this disclaimer excludes or limits liability to the extent such exclusion or limitation is not permitted under applicable law, including liability for intent (‘opzet’), gross negligence (‘bewuste roekeloosheid’), or any other liability that cannot be limited under mandatory law.

All intellectual property rights in and to the website, platform, services, and Content, including but not limited to software, models, methodologies, trademarks, texts, graphics, and reports, are owned by or licensed to SurgeIR. No part thereof may be copied, reproduced, distributed, or otherwise used without prior written consent from SurgeIR, except where mandatory law provides otherwise.

This disclaimer, and any use of the SurgeIR website or services, shall be governed by and construed in accordance with the laws of the Netherlands. Any disputes arising out of or in connection with this disclaimer or the use of the website or services shall, to the extent permitted by law, be submitted exclusively to the competent courts in the Netherlands.

Any contractual limitation periods shall apply only where expressly agreed in a binding written agreement between SurgeIR and the relevant customer.

© SurgeIR – All rights reserved – 2026 / v1.0

This Cookies Policy applies to the website operated by SurgeIR B.V. (“SurgeIR”, “we”, “us”, or “our”) at www.surgeir.ai and/or www.surgeir.com, (the “Website”)

This Cookies Policy forms part of our Privacy Policy and explains:

• what Cookies and similar technologies we use;
• why we use them;
• the legal basis for their use (where applicable);
• how long they are stored; and
• how you can control them.

Except for strictly necessary Cookies, we will only place Cookies on your device where required by applicable law and, where required, after you have provided your prior consent through our cookie consent management mechanism.

You may withdraw or modify your consent at any time via the “Cookie Settings” link available on our Website.

1. How we use cookies

We use Cookies and similar technologies on our Website for the following purposes:

• to ensure the technical functioning and security of the Website;
• to remember user preferences and settings;
• to analyse Website traffic and performance;
• to improve user experience; and
• where applicable and consented, to provide personalised content or advertising.

Some Cookies are strictly necessary for the operation of the Website and do not require consent where permitted by law. All other Cookies (including analytics, functionality and advertising Cookies) will only be placed where required by applicable law and, where required, after consent has been obtained.

If you choose to disable certain cookies, some parts of the Website may not function properly.

2. Cookies

Cookies are small text files that are placed on your device (computer, tablet or mobile device) when you visit a website.

In this Policy, the term “Cookies” also includes similar technologies such as pixels, web beacons, tags and local storage technologies that enable information to be stored or accessed on your device. Cookies and similar technologies may collect information such as:

• IP address;
• browser type and version;
• device identifies;
• operating system;
• pages visited and time spent on the Website

In some cases, this information may constitute personal data under applicable data protection laws.

Cookies may be:

• Session Cookies - which are deleted automatically when you close your browser; or
• Persistent Cookies - which remain on your device for a defined period or until manually deleted.

Except for strictly necessary Cookies, we will only place Cookies on your device after obtaining your consent via our cookie consent management tool.

3. The cookies we use

We use the following categories of Cookies:

1. Strictly Necessary Cookies
   These Cookies are essential for the operation and security of the Website. They enable core functionality such as page navigation, security authentication and network management. The legal basis for these cookies is legitimate interest. These Cookies do not require user consent.
2. Analytics / Performance Cookies
   These Cookies allow us to analyse Website traffic and understand how visitors interact with the Website. The legal basis for these cookies is consent, and these Cookies are only placed after you provide consent.
3. Functionality Cookies
   These Cookies remember your preferences (such as language or region) to improve your user experience. The legal basis for these Cookies is also consent.
4. Advertising / Targeting Cookies [if applicable]
   These Cookies track browsing activity across websites to deliver advertising that may be relevant to you. The legal basis for these Cookies is also Consent.

 

4. Third-party Cookies and Data Sharing

Some Cookies used on our Website are placed by third-party service providers. These providers may process information collected through their Cookies in accordance with their own privacy policies. Third-party Cookies may include, for example: analytics service providers, marketing and advertising platforms, social media platforms.

Where third-party Cookies are used, we ensure that:

• Such Cookies are only placed after you have provided consent (except where strictly necessary);
• appropriate contractual safeguards are in place where required under applicable data protection law.

If personal data collected via Cookies is transferred outside the jurisdiction in which you are located, we ensure that appropriate safeguards are implemented in accordance with applicable data protection laws. Such safeguards may include:

• Reliance on an adequacy decision (such as the EU–US Data Privacy Framework, where applicable);
• participation in recognised data transfer frameworks; or
• the use of standard contractual clauses or similar approved safeguards.

For more information on how third-party providers process your data, please consult their respective privacy policies.

5. How can I manage my cookies?

When you visit our Website, you may be presented with a cookie consent mechanism that allows you to manage your preferences for non-essential Cookies. Where required by applicable law, non-essential Cookies will only be placed on your device after you have provided your consent. You may review and modify your Cookie preferences at any time through the cookie settings functionality available on the Website.

Most web browsers allow you to control Cookies through their settings. You may:

• delete existing Cookies;
• block future Cookies; or
• configure your browser to notify you before a Cookie is placed.

Instructions for managing Cookies in common browsers can be found on the respective browser providers’ websites. Please note that disabling certain Cookies may affect the functionality and performance of the Website.

However, if you use your browser settings to block all cookies you may not be able to access all or parts of our Website.

Where processing of personal data is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

For more information about how we process personal data and your rights under applicable data protection law, please refer to our Privacy Policy.

6. Contact us

If you have any questions about this Cookies Policy or our use of Cookies, you may contact us at:

SurgeIR B.V.
Vlierweg 12
1032 LG Amsterdam
The Netherlands
privacy@surgeir.com

You also have the right to lodge a complaint with a supervisory authority in your country of residence, place of work or place of the alleged infringement. For further information about how we process personal data, please refer to our Privacy Policy.

© SurgeIR – All rights reserved – 2026 / v1.0

1. Introduction

This Privacy Policy explains how SurgeIR collects, uses, stores, discloses and otherwise processes the personal data we collect about individuals who use and interact with our websites that display or link to this Privacy Policy, register for an account and use our Services, visit our branded social media pages, register for, attend or take part in our events, webinars, or contests, or otherwise interact with us in person and/or by email, text message, instant messaging, telephonically or other electronic means. This Privacy Policy also applies to Customer company contacts and company representatives, such as IROs, CEOs, CFOs (individually and collectively referred to herein as "Company Contacts") whose personal data may be displayed on our website or within our Services.

This Privacy Policy does not apply to our processing of personal data in the role of a processor or service provider on behalf of our business customers. Our processing of personal data on behalf of our business customers is governed by our agreement with the customers.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, you should not use our websites or the Services or otherwise provide us with your personal data. By using and/or accessing our website and the Services or otherwise providing us with your personal data, you acknowledge that you have read and understood this Privacy Policy. Your use of our websites and the Services is also governed by our Terms of Service.

This Privacy Policy is effective as of the date first set forth above. We may update this Privacy Policy from time to time. If we make changes, we will post the updated Privacy Policy on this page or another page that links to this page and change the date at the top of this webpage. We encourage you to look for updates and changes to this Privacy Policy by checking this date when you access our website. We will notify you of any modifications to this Privacy Policy that might materially affect the way we use or disclose your personal data prior to the change becoming effective by means of a message on this website, unless another type of notice is required by the applicable law. Your continued use of the website and our Services after we have posted changes to this Privacy Policy or notified you, if applicable, is deemed to be your acceptance of those changes.

2. Key Definitions

"Affiliates“ means entities in our group who are listed in this Privacy Policy (please read the Affiliates section).

“European Data Protection Law” means the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national legislation implementing the GDPR and, if applicable, the UK Data Protection Act 2018 and the UK GDPR.

“Privacy Policy” refers to this Privacy Policy.

“SurgeIR”, “we”, “us” and/or “our” refers to SurgeIR BV, unless specified otherwise.

“Services” refers to our AI video creation Services offered as software-as-a-service made available via our websites.

“You” and “your” refers to the individual to whom the personal data covered by this Privacy Policy relates.

3. Who We Are

SurgeIR is a company established in the Netherlands. The Services enable investor relations and C-suite level professionals to create and manage AI videos converting financial updates/messages about the company they represent. The Services are available as a subscription service via surgeir.com.

 

4. Data Controller

SurgeIR is responsible for how your personal data is handled. This means we are the controller of your personal data under the GDPR.

However, we act as a processor on behalf of our customers in relation to personal data that our customers may upload to our Services or make accessible to us through the use of APIs. We process this data pursuant to our customers’ instructions and subject to our agreements with our customers. If you have questions about how your personal data is processed by our customer, please contact that customer directly.

5. Information We Collect

We collect data, including personal data, about you as you use our websites and Services or request our Services, and otherwise interact with us. Some of our websites’ functionality can be used without providing any personal data, though for using some features of the Services, personal data is required. We process three broad categories of personal data:

• Information you provide us;
• Information we receive from third parties; and
• Information we collect automatically.
• Information You Provide Us

Account registration
If you register with the Services through one of our websites or through a separate subscription agreement with us, then as part of such registration we will ask you to provide certain personal data, including your name, company name, email address, phone number and password. If you create an account or log into the Services using third-party services, such as an agency affiliated with SurgeIR, we will receive your name and email address as permitted by your profile settings on the third-party service in order to authenticate you. The information we receive when you authenticate through a third-party service depends on the settings, permissions and privacy policy controlled by that third-party service. You should always check the privacy settings and notices in the relevant third-party services to understand what data may be disclosed to us or shared with our Services.

Communication with SurgeIR
We collect personal data that you voluntarily give us when you contact us with inquiries (including by filling out relevant forms on our websites), engage with our chat bot on the website, respond to one of our surveys, contact our customer support regarding a problem you are experiencing with the Services or otherwise contact us regarding the website or the Services.

Transactions
We collect details of transactions you carry out using the Services including information you provide to enable us to fulfill your orders, which may include financial information such as your credit card number. As a paying user of the Services, we may receive your payment transaction details (for example, your name, the amount paid and the date of payment).

Payment Information
We collect payment and billing information when you register for certain paid Services. For example, upon registration we ask you to designate a billing representative, including name and contact information. You may also provide payment information, such as payment card details, which we collect via secure payment processing services. If you sign-up for a free trial account, you are not required to enter your credit card information unless and until you decide to continue with a paid subscription to the Services.

Additional Payment Information
You may choose to provide additional information such as your VAT, additional billing address or name of the entity that you represent.

Identity Verification
In some cases (for example if you request a refund) we may ask you to provide us information such as your billing information (name, transaction ID, billing date, etc.), email address, login name, and if needed, information that verifies your identity, in accordance with applicable law.

Use of our blog or requesting content. If you use our blog, request content or register to participate in or receive information about any of our webinars or events, we may ask you to provide us with information such as your name, job title, photo or other information. By posting any information on publicly accessible blogs or other areas of our websites you acknowledge and agree that the data you provide on our websites would be visible to any member of the public who accesses the websites.

Testimonials
We collect and display personal testimonials of satisfied customers and users on the Services in addition to other endorsements. With your consent, we may post your testimonial, along with your name, on the Services. If you wish to update or delete your testimonial, you can contact us at privacy@surgeir.com.

Information We Receive From Third Parties
Our websites may link to other websites operated by third parties (“Third Party Websites”) such as when you click on links to access the full news articles or promotional articles published by publicly-available media sources. You may have the ability to provide information such as your name, email address, company name, location, and phone number, on such Third Party Websites, when you request more information, register for a trade show or event or perform other activities on these Third Party Websites. Third Party Websites may share with us your personal and/or business contact information, such as your name, email address, company name, job title, phone number, as well as your browsing activity, for our marketing and promotional purposes. We do not control, and are not responsible for, the content or practices of Third Party Websites. This Privacy Policy does not apply to Third Party Websites, which are subject to their own privacy policies.

Resellers, Affiliates, and Agencies
We may obtain personal data about you from our resellers or Affiliates, for example, if you purchase access to the Services through them. The personal data we may receive includes business contact information, including mailing addresses, job titles, email addresses, phone numbers.

Publicly Available Sources
We collect information from publicly accessible sites such as business directories and social media sites.

Information We Collect Automatically
Like many other commercial websites, we use certain technologies, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies, to automatically collect information that may contain personal data as you navigate our website or use our Services or interact with communications we send to you. Please read our Cookie Policy for more information.

Device and Usage Data.
When users come to our website, we may track, collect, and aggregate information indicating, among other things, which pages of our websites were visited, the order in which they were visited, when they were visited, and which hyperlinks were clicked. We also collect information from the URLs from which you linked to our websites. Collecting such information may involve logging the IP address, operating system and browser software used by each user of the website. We may be able to determine from an IP address a user’s Internet Service Provider and the geographic location of his or her point of connectivity.

Collection of Information from Google API Services.
In order to enhance your experience with the Services’ content creator tool, you may grant us access to your Google Drive account through Google APIs. If you choose to connect your surgeir.com account with your Google Drive account, we will access the individual Google Drive files that you elect to share for the sole purpose of providing and improving your use of the Services, and allowing you to further edit and publish files through the Services.

SurgeIR’s use of information received from Google APIs will adhere to Google API Services User Data Policy and Google APIs Terms of Service. By using our Services, and Google’s API integrated services, you acknowledge you have read and agree to Google Privacy Policy at https://www.google.com/policies/privacy/. SurgeIR does not collect or use data from ‘restricted scopes’ as defined in Google API Services User Data Policy, and will only collect and use individual Google files you choose to share. SurgeIR will not transfer the data received via Google Drive integration to any third-party apart from service providers, and will not share such data for serving ads, including retargeting, personalized, or internet-based advertising. However, SurgeIR may transfer this data as necessary to comply with applicable law or as part of a merger, acquisition, or sale of assets with notice to users.

6. How We Use Your Information

We use the personal data we receive and/or collect as follows:

To provide the Services and related customer and/or technical support, process transactions, manage your user account, invoice you for the Services, and respond to your requests. This is necessary to perform the contract we are about to enter into or have entered into with you.

To pursue legitimate interests of SurgeIR or those of third parties, including customers and Media Contacts as follows:

• to provide you with the information that you request about our Services, scheduling a demo or enrolling you in a webinar, or to respond to other requests you may have about our Services (including sharing your personal data with our resellers as necessary to respond to your request for the Services in an efficient manner and facilitate the sale of our Services, as described in the ‘How We Share Your Information’ section below);
• to plan or host company events, online forums and social networking activities, such as our user conference or webinars about our Services or the products and services of our Affiliates;
• to operate and administer our websites;
• to manage our relationship with you, including sending administrative information to you, such as information regarding the website and changes to our terms, conditions, and policies;
• to analyze trends and track your usage of and interactions with our websites and Services in order to improve or enhance your experience by providing you with more relevant content and service offerings, present our website content in a more effective manner for you and for your computer or device, and to help us develop new products and services (including to increase our Service’s functionality, product features, and user-friendliness);
• to prevent fraud or criminal activities, misuse of our Services and ensure the security of our IT systems, architecture and networks;
• to (a) comply with legal obligations and legal processes, (b) respond to requests from public and government authorities, including public and government authorities outside your country of residence, (c) enforce our Terms of Service, (d) protect our operations, (e) protect our rights, privacy, safety of property, and/or that of you or others, and (f) enable us to pursue available remedies or limit the damages that we may sustain.

To send you updates and information about our new products and services, upcoming events or other promotions or news by email or push notification. Where required by law we will only send you marketing information if you consent to us doing so at the time you provide us your personal data. You may opt-out of receiving such emails by following the instructions in each promotional email we send you or by updating your user settings. In addition, if at any time you wish not to receive future communications or you wish to have your name deleted from our mailing lists or Media Database, please contact us at privacy@surgeir.ae. We will continue to contact you via email regarding the provision of our Services and to respond to your requests.

7. How We Share Your Information

Service Providers
We may engage other persons or entities to perform tasks on our behalf -- meaning they are helping us provide our Services. In particular, we use third party providers of payment processing, fraud prevention, and risk assessment, hosting and other information technology services, email communication and customer support services, analytics, marketing, and advertising. Following our instructions, these parties may process your personal data in the course of providing the relevant services to us.

Affiliates
We may share your personal data such as name, contact information, IP address, as well as information collected through our use of cookies, with our Affiliates as necessary for administrative purposes, to help us provide our Services (such as providing engineering and development services), and to provide customer support, sales and/or marketing activities on our behalf. For example, if you request information about a company or a service that is an Affiliate of SurgeIR, then we may pass your personal data relevant to such a request onto such Affiliate to enable it to appropriately respond to your request.

Marketing Partners
We may share your personal data with our marketing partners and resellers and with whom we may jointly offer products, services and programs (such as PR or other services, newsletters or web content); such marketing partners use the information we provide in accordance with their own privacy policies.

Social Networking Websites
Where permissible according to applicable law we may use certain limited personal data about you, such as your email address, to hash it and to share it with social network websites, such as Facebook or Google, to generate leads, drive traffic to our websites or otherwise promote our products or Services. The social network websites with which we may share your personal data are not controlled or supervised by us. Therefore, any questions regarding how your social network websites service provider processes your personal data should be directed to such a provider.

Business Transfers
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of a service to another provider, your personal data and other information may be transferred to a successor or Affiliate as part of that transaction.

Legal Requirements
We may share your personal data so that we can comply with a legal obligation to which we are subject, protect and defend the rights or property of SurgeIR, act in urgent circumstances to protect your personal safety or that of the public, or protect Prowly against legal liability, such as where we are obliged to share your personal data with regulatory bodies which govern our work and services; government departments such as law enforcement, courts orders; financial institutions; external auditors; etc.

8. Data Retention

We retain your personal data for as long as reasonably necessary to provide the Services and fulfill the transactions you have requested, complying with our legal obligations or for other legitimate business purposes, such as maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements. After the applicable retention period has elapsed, your personal data will be anonymized and deleted.

9. How We Protect Your Personal Data

We have implemented physical, technical, and administrative security measures designed to protect personal data. The Internet, however, cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any personal data you provide to us. It is your responsibility to protect the security of your login information. If you know or suspect that your personal data have been lost, stolen, misappropriated, or otherwise compromised, or in case of any actual or suspected unauthorized use of your SurgeIR account, please immediately contact us by email at privacy@surgeir.com.

10. Your Choices and Rights Regarding Your Personal Data

If you are a user of the Services, you may access, review, modify and delete your account profile within the Services by going to your account and editing your information. For all other requests to access, review, modify, update, delete, or limit the use or disclosure of the personal data we hold about you, email your request to us at privacy@surgeir.com.

Moreover, the GDPR grants data subjects the following rights:

• Access. You can request a copy of the personal data that we maintain about you. If you require additional copies, we may need to charge a reasonable fee.
• Deletion and Correction. You can ask us to delete or correct the personal data that we hold about you.
• Objection. You may have the right to object to how we use your personal data.
• Restrict Processing. You may ask us to suspend our processing of your personal data, for example, if you want us to establish its accuracy or the reason for processing it.
• Data Portability. If required to do so, we will give you your personal data in a structured, commonly used, and machine-readable format.
• Withdraw consent. If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.

To exercise these rights, please email privacy@surgeir.com. You also have the right to complain to a data protection authority in your country about our processing of your personal data.

11. Children

Our Services are not directed to children who are under the age of 16. We do not knowingly collect personal data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided personal data to us through the Services, please contact us at privacy@surgeir.com and we will endeavor to delete that information from our databases.

12. International Transfer of Personal Data

SurgeIR B.V. is based in the European Union. Our Affiliates and service providers can be based in countries outside the European Union and the United Kingdom (please read the Affiliates section above for more information). Please note that in connection with our business and for administrative, management and legal purposes, we may transfer your personal data from the European Union and the United Kingdom to our Affiliates and to our service providers in the United States. These countries may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. We have taken measures to protect your personal data where it is processed and your rights as a data subject , including through the use of Standard Contractual Clauses approved by the European Commission. If you would like to receive more information, please contact us as indicated below.

13. Contact Information

If you have any questions or concerns regarding this Privacy Policy or use of personal data, or if you want to exercise your rights regarding your personal data, please contact us by email at our designated request address at privacy@surgeir.com or by regular mail to:

SurgeIR B.V.
Vlierweg 12
1032 LG Amsterdam
The Netherlands

© SurgeIR – All rights reserved – 2026/v1