In www.neoprompts.ai, owned by NEOSMART CORP, S.L. we are committed to ensuring that your personal data is protected and not used for purposes other than those indicated in this Privacy Policy. For this reason in this section we inform users and interested parties of everything concerning the processing of their personal data thus complying with the data protection regulations applicable in our country: the General Data Protection Regulation (EU) 2016/679 of 27 April on the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter, "GDPR") and Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (hereinafter, "LOPDGDDD"). This Privacy Policy applies to the processing of data that NEOSMART CORP, S.L. performs through this website: www.neosmart.ai (hereinafter, the "Website") and / or those indicated. We recommend that you read it carefully before using this Website or provide your data through it. You can contact us with any questions you may have by e-mail: [email protected]

TABLE OF CONTENTS

In this Policy you will find all the information regarding the processing of your personal data and the rights you can exercise to maintain control over them. In this sense, you will find information about: 1. Who is responsible for the processing of your data. 2. What requirements you must meet to provide us with your personal data. 3. What data processing we carry out through the Website and what are its main characteristics, explaining to you: • What data we collect and how we collect it. • For what purposes we collect the data we request from you. • What is the legitimacy for its treatment. • How long we keep them. 4. To which recipients your data is communicated. 5. Existence of international transfers of your data. 6. What your rights are and how you can exercise them. 7. How we protect your personal information. 8. Modifications to this policy.

1. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?

Your personal data will be processed by the company NEOSMART CORP, S.L. ("NEOSMART"), with NIF B13661897 and whose contact details are as follows: ● Address: Vía de las Dos Castillas, 33, Ática. Edificio 7 - 3ª planta, 28224 Pozuelo de Alarcón, Madrid, Spain ● Contact email: [email protected]

2. WHAT ARE THE REQUIREMENTS TO PROVIDE US WITH YOUR PERSONAL DATA?

2.1. Minimum age. To provide us with your personal data, you must be at least 14 years of age, and/or have sufficient legal capacity to use this Website. 2.2. Truthfulness. When you provide us with your data to use our services, you guarantee that the data and information provided is real, truthful, updated and also belongs to you and not to third parties. In addition, you must notify us of any changes that occur in the data provided, responding in any case of the truthfulness and accuracy of the data provided at all times. 2.3. Age and Veracity Control. NEOSMART reserves the right to verify your age and identifying information at any time, if necessary, including by requiring an official document or equivalent procedure and, in the event of fraud detection that proves or is suspected that you are under the age indicated, to delete, temporarily disable and/or terminate your account.

3. WHAT DATA PROCESSING DO WE CARRY OUT THROUGH THE WEBSITE AND WHAT ARE ITS MAIN CHARACTERISTICS?

Below, we explain how we treat your personal information and provide you, in detail, with all relevant information regarding your privacy: 1.1. When you contact us through our channels (contact form, chat, email): What are the data collection methods? ● Contact Form ● Chat ● Sending e-mails to [email protected] or other NEOSMART e-mail addresses. What data do we collect? Identifying and contact information. We collect your identifying information (name and surname) and e-mail address, as well as any other information you voluntarily include in the communications you send us. We may request additional information from you if necessary to fulfill your request or requirement. What are the purposes of the processing of your personal data? To answer your requests. The main purpose of the processing of this data will be to answer your requests, answer your questions and / or provide you with the required information, as well as, where appropriate, to follow up your requests. Customer service via chat on the Web Site is provided by automatic software (chatbot), in order to be able to categorize the inquiry and then forward it to the appropriate person. Improving customer service. All the information derived from the doubts, queries, and advice offered to the interested parties, as well as the way in which the requests are solved, allows us to know how we provide our own customer service, allowing us to improve its quality. In addition, all information collected, after the retention period indicated below, is anonymized and used for the purpose of analyzing the most frequently asked questions through the chat and to automate the most frequently asked questions, create FAQS or be retained for statistical purposes to develop business strategies. What is the basis of legitimacy that allows us to process your data? Is the provision of this data mandatory? Consent. The data provided for the above purposes will be processed on the basis of your consent, given when you voluntarily contact us through the means made available to you to request information or make a request. Legitimate interest. All information collected by the customer service department will be processed by us for statistical purposes that will help us to improve the quality of the customer service provided. You can request more information about the weighting of our legitimate interests by contacting us at The information that you are required to provide will be indicated with an asterisk or similar. Without this information, we will not be able to respond to your inquiries or requests. How long do we keep your information? We will process all your personal information for the time your requests are being processed and, if necessary, to follow up on them. At the end of this period, NEOSMART will retain, blocked, such information for the periods provided by law to meet any liabilities and to demonstrate compliance with our obligations. From this moment on, NEOSMART will only process the information in an anonymized form, so it will not be possible to link the statistical information with the specific users to whom it refers. To whom do we give your personal information? We do not make any additional transfer to carry out this treatment that those indicated, in general, in the point 4. To whom do we transfer your personal information? In this regard, some channels through which you can contact us are managed by service providers, who act as processors. You will find more information on how these service providers act in point 4. 1.2. When you sign up for our newsletter and other commercial communications: What are the data collection methods? ● Newsletter registration form. ● Newsletter subscription box or receipt of commercial information in the various forms on the Website. What data do we collect? Identification and contact data: For the sending of commercial information by electronic means, we use the identification data, e-mail address, and contact data that you include in the corresponding form for the registration to our commercial communications. What are the purposes of the processing of your personal data? Sending publications and commercial communications related to our products/services: We may send you, through electronic means, our newsletter, and other commercial communications related to our products and services. What is the basis of legitimacy that allows us to process your data? Is the provision of this data mandatory? The sending of commercial communications is done on the basis of your consent, requested at the time of registration on the specific form or by checking a corresponding box on the appropriate form. You may unsubscribe from these commercial communications at any time through the mechanism indicated in each email or by expressing your desire to unsubscribe by sending an email to [email protected]. How long do we keep your information? The information will be kept by us for as long as you are on our mailing list for this type of information and, once you unsubscribe, it will be blocked for the legally required time periods in order to address any potential liabilities. To whom do we give your personal information? There are no specific transfers of your personal data to fulfill the purpose indicated in this section. However, we may use the services of email marketing service providers or other advertising and marketing service providers, who will have limited access to the data and will be bound by a duty of confidentiality (for more information on how our service providers operate, see point 4. To whom do we transfer your personal information? Service Providers). 1.3. When you register as a user on our Web Site. What are the data collection methods? Manual registration form or by logging in with your Google account What data do we collect? When you choose to create your account through the registration form: To complete your registration on our Web Site, we ask for your identification data: full name, e-mail address, role and password. When you create your account by logging in with another account (Google, Apple, Facebook or X): In the event that you choose to register or log in through a social network or third party account, we will have access to some of your information included in your public social network account, such as your name and other profile information. At the time of registration, the social network will inform you about the data that will be transmitted to us for registration and will indicate the conditions. Once you have registered as a user to use our services, you will be able to choose whether to subscribe to access more extensive content. In this case, we will collect information about the economic transactions made and information about your subscription. In relation to payments, these will be made through a payment gateway provided by our payment service provider so, in these cases, we will not have information about your bank cards. Usage data. When you register and access the NEOSMART platform, information is collected about your use of our services, including: the actions you perform on the platform, the content you visit, browsing history on the platform, saved content, your account settings, areas of interest. Within the usage data, there is data from the device from which you access the services (URL, cookies, IP, device data, general location, including the country or region without specifying the exact location. What are the purposes of the processing of your personal data? Manage your registration as a user of our Web Site. When you register as a user on our Web Site, we process your data to identify you as a user of this and give you access to the various features and services we make available to you. In your account you will have access to manage your preferences as well as your personal data. You can access your user profile to view, correct or complete information, delete information that is not required, and to view privacy settings related to your profile information. We will also contact you and send you, when necessary, communications regarding updates to our terms and conditions, security updates and other administrative communications necessary to maintain your account. To execute and maintain the contractual relationship between the Parties and manage your subscriptions. In the event that you subscribe to a broader content plan, the main purpose of the processing of this data will be to maintain and execute the contractual relationship between the parties in accordance with the Terms and Conditions of Contract , which will include all those procedures derived from the same, such as contacting you to solve your doubts and requests in relation to the services, to solve errors or in case of any incidence in your payments, as well as to carry out all the administrative, fiscal, legal, accounting and commercial management, to notify you about changes in the conditions of the service or about security alerts, etc. This purpose also includes diagnosing, troubleshooting and correcting platform or service problems. To send you electronic commercial communications. The information on this purpose is in section 3.2. Make personalized content recommendations. Personalized content recommendations will be made specifically tailored to your reading habits, which will be generated based on the content you have previously visited. Evaluate and develop new features and content and improve the service. By collecting service usage data, which allows us to test user usage and thus implement improvements to content or functionality, as well as, for example, to improve our personalized recommendation algorithms. Prevent, detect and take action against illegal activities or activities contrary to the terms of use of the Website. We may process the data to monitor and prevent any form of abuse of our services, such as fraudulent activities, denial of service attacks, sending spam, unauthorized access to our users' accounts, as well as any other practice that is contrary to the General Terms and Conditions of Use or jeopardizes the security of the information or the integrity of the website itself. This purpose also includes the adoption of measures in the event of any complaints of infringement of intellectual property, data protection or inappropriate content. Comply with the legal obligations imposed on NEOSMART and any other relevant legal requirements related to the company's business operations and activities. What is the basis of legitimacy that allows us to process your data? Is the provision of this data mandatory? Execution of the contract and fulfillment of legal obligations. The processing of your data for the fulfillment of the above purposes is, except as regards the processing indicated below, necessary for the fulfillment of legal obligations imposed on the company and the execution of the contract that is formalized between the parties, according to which NEOSMART gives the user access to the platform or content of NEOSMART and its services in accordance with the Terms and Conditions of Contract. Legitimate interest: The processing that we carry out for (i) service improvement; (ii) prevention of illegal activities and other security-related activities; as well as (iii) personalization of the content are carried out based on our legitimate interest for: (i) the continuous improvement of NEOSMART's services so that we can ensure the provision of useful and satisfactory services to our customers; (ii) ensuring the security of the network and information to prevent events that may compromise the availability, authenticity, integrity and confidentiality of personal data or the platform itself; and (iii) improving the user experience by providing relevant and interesting information to the user. For more details on the weighting of interests carried out by NEOSMART in relation to this (these) purpose(s), you can send us an email to the address [email protected]. Consent. In connection with registration on our Website and registration for our newsletter and other commercial communications, such purposes will be based on your consent. All data requested and processed for the above purposes are necessary to fulfill the purposes indicated. If they are not provided, it would not be possible to execute the contract that binds us or to carry out the administrative tasks related to it. How long do we keep your information? We will treat your data for as long as you are registered on our website and, where appropriate, our contractual relationship remains in force. In relation to usage data, these are processed for the time necessary to fulfill the purposes for which they were collected or until their anonymization. When you decide to cancel the account and/or the services, we will keep your information blocked for the periods provided by law to meet any liabilities and to demonstrate compliance with our obligations and, subsequently, they will be deleted. To whom do we give your personal information? We do not make any additional transfer to carry out this treatment that those indicated, in general, in point 4. To whom do we transfer your personal information? In this regard, we may use service providers for the provision of certain ancillary services (e.g., management software), who act as Processors. You will find more information on how these service providers act in point 4, mentioned above. 1.4. Website Navigation (cookies) We use cookies or other tracking and tracing tools on this Web Site to collect information about how users use the Web Site. For more information on how we treat you through these tracking tools, please visit our Cookies Policy. 1.5. Use of social plug-ins or add-ons: When you use our services, you can share information on social networks, such as Facebook or LinkedIn, via an implemented social plug-in (such as a "Share" button). If you choose to share information via a social plug-in, the following data will be transferred to the respective social network: I. Date and time of visit; II. The Internet address or URL for the address you are temporarily visiting; III. The IP address; IV. The browser you are using; V. The operating system you are using; VI. Where applicable, your username and password and if you are a registered user of the social network, first and last name; and VII. The information for which you have used the specific plug-in. The use of the above information will be carried out to perform the action you have indicated (sharing, "like", etc.), in accordance with the terms and conditions of the corresponding social network. Therefore, we encourage you to keep yourself informed of the purpose and scope of the collection of information that is done through social plug-ins. If you wish, you can block social plug-ins in your browser settings. Please note that we have no influence over the information that the social network collects through the use of plug-ins. 1.6. NEOSMART profiles in social networks. NEOSMART has a profile on the main social networks, such as Facebook, X (former Twitter), Instagram, LinkedIn and YouTube. When you become a follower of any of our pages on social networks, the processing of data will be governed by the terms of use, privacy policies and access regulations belonging to the corresponding social network and previously accepted by the user. NEOSMART, in this sense, will treat your data for the purposes of properly managing its presence in the social network, informing you of activities, products or services, as well as for any other purpose that the regulations of social networks allow. Please note that we have no influence over the information that the social network collects or how it processes it, so we recommend that you keep yourself informed of the purpose and scope of the collection of information that is done through such social networks.

4. TO WHOM DO WE GIVE YOUR PERSONAL INFORMATION?

In general, NEOSMART will not communicate your data to third parties. However, in addition to the transfers that we specifically indicate in the section in which we explain the characteristics of the different operations (point 3), we inform you of the communications that we can make, in general, and that affect all previous treatments and their legitimate basis. i. Providers of essential services to perform the service we offer you, (for example, computer hosting companies). Notwithstanding the foregoing, these entities have signed the corresponding confidentiality agreements and will only process your data according to our instructions, and may not use them for their own purposes or for purposes other than the service they provide to us. ii. Public Bodies. We may disclose to the competent public authorities the data and any other information in our possession or accessible through our systems when there is a legal obligation to do so, as well as when required, for example, when the purpose is to prevent or prosecute abuse of services or fraudulent activities through our Website or web page. In these cases, the personal data you provide would be retained and made available to the administrative or judicial authorities. iii. In the event of a corporate transaction: In the event of a merger, acquisition, sale of all or part of its assets or any other type of corporate transaction involving a third party, we may share, disclose or transfer user data to the successor entity (including during the pre-transaction phase). iv. To third parties after aggregation or anonymization: we may disclose or use aggregated or anonymized data (i.e., data that cannot be linked to an identified or identifiable natural person) for any purpose. v. To third parties with the user's consent or other legitimate basis: In the event that we want to share data with third parties outside the scope of this Privacy Policy we will, in any case, request your consent or inform you about it and its legitimate basis. We also inform you that this Privacy Policy only refers to the collection, processing and use of information (relating to personal data) by us through your interaction with our Website. Access to third party Web pages that you can access through links from the Web Site have their own privacy policies over which we have no control. Therefore, before providing them with any personal information, we recommend that you inform yourself about their privacy policies.

5. ARE YOUR PERSONAL DATA TRANSFERRED TO THIRD COUNTRIES OUTSIDE THE ECONOMIC AREA?

Some of our service providers are located in countries outside the European Economic Area ("EEA"). The location of these companies outside the EEA implies the existence of an international transfer of your personal data, which may involve a lower level of protection than that provided for in European legislation. However, from NEOSMART we have implemented measures to ensure that such transfers do not result in a lower level of protection of your personal data. In this regard, service providers outside the EEA have a valid mechanism to be able to carry out international transfers: (i) either they have signed the corresponding standard contractual clauses approved by the European Commission ("STC"), an agreement signed between both entities by which the non-EU company guarantees that it applies European data protection standards or, (ii) when they are US companies, alternatively to the STC, they may be certified by the new EU-US Data Privacy Framework (DPF) compliance decision, or (iii) when they are US companies, they may be certified by the new EU-US Data Privacy Framework (DPF) compliance decision. Data Privacy Framework (DPF). Therefore, the use of these providers does not result in a lesser degree of protection of your personal data than would be the case with the use of providers located in the United States. You can consult the content of the TCHs and of the Decision of adequacy to the EU-US Data Privacy Framework at the following links. You can consult the content of the TCHs and the EU-US Data Privacy Framework Adequacy Decision at the following links:  https://commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_en  https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en The following are the international transfers that we make from NEOSMART: Name Country Transfer mechanism Stripe Inc. United States Data Privacy Framework WordPress (Automattic Inc) United States Data Privacy Framework HubSpot, Inc. United States Data Privacy Framework Bluehost Inc. United States Standard contractual clauses

6. WHAT ARE THE RIGHTS YOU CAN EXERCISE AS A STAKEHOLDER?

You can exercise the rights guaranteed by law in relation to the processing of your personal data by contacting us by e-mail at [email protected]. Any request for rights that we receive will be dealt with as soon as possible and, in any case, within the maximum period established by law from the time we receive it. In some cases, we may need to ask you for a copy of your identity card or other identifying document if we need to verify your identity. The rights that correspond to you as a stakeholder are as follows: i. Right to withdraw the consent given You may revoke your consent in relation to all consent-based processing at any time. However, withdrawal of consent will not affect the lawfulness of the processing based on the consent prior to its withdrawal. ii. Right of access You have the right to know what data is being processed, if any, and, if so, to obtain a copy of it, as well as to obtain information regarding: • the origin and recipients of the data; • the purposes for which they are processed; • whether there is an automated decision-making process, including profiling; • the data retention period; and • the rights provided by the regulations. iii. Right of rectification You have the right to obtain the rectification of your personal data or to complete them when they are incomplete. iv. Right to suppression You have the right to request the deletion of your personal data if they are no longer necessary for the purpose for which they were collected or, as the case may be, if we are no longer authorized to process them. v. Right to data portability You have the right to request data portability in the case of processing of your data that is based on your consent or the performance of a contract, provided that the processing was carried out by automated means. In case of exercise of this right, you will receive your personal data in a structured format, commonly used and readable by any electronic device. However, you may also request, where possible, that your data be transmitted directly to another company. vi. Right to limit the processing of your personal data You have the right to limit the processing of your data in the following cases: a) When you have requested the rectification of your personal data during the period in which we verify the accuracy of your personal data. b) When you believe that we are not authorized to process your data. In that case, you can ask us to limit its use instead of requesting its deletion. c) When you consider that it is no longer necessary for us to continue processing your data and you want us to keep them for the purposes of the exercise or defense of claims. d) In cases where there is processing based on our legitimate interest and you have exercised your right to object to such processing, you may ask us to limit the use of your data during the verification of the prevalence of such interests over yours. vii. Right of opposition You have the right to object at any time to the processing of your personal data based on our legitimate interest, including profiling. Unsubscribe from commercial communications: Remember that at any time you can oppose the receipt of such communications by sending an email to [email protected]. You may also opt-out of this service by following the instructions at the bottom of the body of each of the electronic communications we send you. viii. Right to lodge a complaint with the Control Authority Remember that, at any time, and in the event that you consider that we have violated your right to the protection of your data, you may address your defense to the corresponding Control Authority, in the case of Spain, the Spanish Data Protection Agency (www.agpd.es).

5. ARE YOUR PERSONAL DATA TRANSFERRED TO THIRD COUNTRIES OUTSIDE THE ECONOMIC AREA?

Some of our service providers are located in countries outside the European Economic Area ("EEA"). The location of these companies outside the EEA implies the existence of an international transfer of your personal data, which may involve a lower level of protection than that provided for in European legislation. However, from NEOSMART we have implemented measures to ensure that such transfers do not result in a lower level of protection of your personal data. In this regard, service providers outside the EEA have a valid mechanism to be able to carry out international transfers: (i) either they have signed the corresponding standard contractual clauses approved by the European Commission ("STC"), an agreement signed between both entities by which the non-EU company guarantees that it applies European data protection standards or, (ii) when they are US companies, alternatively to the STC, they may be certified by the new EU-US Data Privacy Framework (DPF) compliance decision, or (iii) when they are US companies, they may be certified by the new EU-US Data Privacy Framework (DPF) compliance decision. Data Privacy Framework (DPF). Therefore, the use of these providers does not result in a lesser degree of protection of your personal data than would be the case with the use of providers located in the United States. You can consult the content of the TCHs and of the Decision of adequacy to the EU-US Data Privacy Framework at the following links. You can consult the content of the TCHs and the EU-US Data Privacy Framework Adequacy Decision at the following links:  https://commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_en  https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en The following are the international transfers that we make from NEOSMART: Name Country Transfer mechanism Stripe Inc. United States Data Privacy Framework WordPress (Automattic Inc) United States Data Privacy Framework HubSpot, Inc. United States Data Privacy Framework Bluehost Inc. United States Standard contractual clauses

7. HOW DO WE GUARANTEE THE CONFIDENTIALITY OF YOUR INFORMATION?

The security of your personal data is a priority for us. Therefore, NEOSMART has implemented all necessary security measures to ensure effective use and processing of personal data provided by the / the user, safeguarding the privacy, privacy, confidentiality and integrity of the same and makes use of the necessary technical means to prevent alteration, loss, unauthorized access or processing of your data, according to the state of technology at all times. Consequently, we comply with the security standards recommended to protect them. However, it is impossible to completely guarantee their security due to the nature of the Internet and because there may be malicious acts by third parties beyond our control. We undertake to act promptly and diligently in the event that data security is compromised or compromised, and to inform you if relevant.

8. MODIFICATIONS TO THIS POLICY

From NEOSMART may modify the content of the privacy policy at any time, especially when there are changes in legislation, jurisprudence or interpretation of the competent authorities that affect the processing of data by NEOSMART through this Website. Any new version of this Privacy Policy shall enter into force on the date of entry into force published. If the revised version includes a material change that affects the processing of your data, we will notify you at least 30 days in advance by posting a notice on our website or communicating it to you via email at . Notwithstanding the foregoing, we recommend that you periodically review this Privacy Policy to be informed of how your personal data is processed and protected, as well as your rights. This Privacy Policy was amended on February 22, 2024.