Privacy Policy

Welcome to the website ("Site") or mobile application ("App") of Kikoff Inc. and its affiliates and subsidiaries (collectively, "Kikoff," "we," "our," or "us"). This Privacy Policy explains what personal and other data we collect through the Site, the App, email, and call center (collectively the "Services"), how we use and share that data, and your choices concerning our data practices.

This Privacy Policy forms part of our Terms of Service, which are available at: https://kikoff.com/terms.pdf/. By providing us with your personal data when using the Services you agree to the data practices described in this Privacy Policy. If you do not agree to these practices, please do not access or use the Services.

Before you submit any Personal Data (as defined below) to Kikoff through the Services, please review this Privacy Policy carefully, and contact us at support@kikoff.com if you have any questions. Please note that if you create an account with us, our Gramm-Leach-Bliley Consumer Privacy Notice applies to you. Please review our Gramm-Leach-Bliley Consumer Privacy Notice at the end of this document.

Information We Collect

Personal Data You Voluntarily Provide Us

Personal Information. When you interact with our Services, apply for a financial product, contact us with inquiries or create an account to access the Services, we collect information you voluntarily give us that alone or in combination with other information could be used to identify you ("Personal Data"). The Personal Data we collect from you generally includes your name, email address, social security number, date of birth, bank account and routing numbers, marital status, household income, credit report data, and the login credentials you use to create and access an account with us.

Other Information

• In order to help us determine if you qualify for financial products or services, we may obtain credit reports from consumer credit reporting agencies. If required by law, we will provide notice and/or obtain your consent to do so.
• To prevent fraud, verify your identity, and secure accounts, we may obtain information about your mobile service from your wireless carrier, such as your subscriber data (including mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber and device details).
• When you voluntarily provide it to us, we may also use the information you use to login to your accounts with your financial institutions (such as the username and password you use to access your bank's website). We may also access your bank account balance before initiating an ACH transfer.

Information We Receive Automatically from Your Use of the Site and App

When you visit, use and interact with the Site or App, we may receive certain information about your visit, use or interactions that alone cannot identify you. For example, we may monitor the number of people that visit our Site, peak hours of visits, which page(s) are visited on our Site, the domains our visitors come from (e.g., google.com, facebook.com, etc.), and which browsers people use to access and visit our Site (e.g., Firefox, Google Chrome, etc.), broad geographical information, and Site-navigation patterns.

In particular, the following information is created and automatically logged in our systems:

• Log data. Information ("log data") that your browser automatically sends whenever you visit the Site. Log data includes your Internet Protocol ("IP") address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with the Site.
• Cookies, Pixel Tags and other technologies. Information from cookies, pixel tags and/or other technologies. These technologies may be placed by us or by third parties who provide services to us. Please see the "Cookies" section below to learn more about how we use cookies and other technologies.
• Device information. Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
• Usage Information. We collect information about how you use our Site and App, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency and duration of your activities.

Cookies

In operating the Services, we may use a technology called "cookies." A cookie is a piece of information that the computer that hosts our Services gives to your browser when you access the Services. Our cookies help provide additional functionality to the Services, including helping us analyze Services usage more accurately. For instance, our Site may set a cookie on your browser that allows you to access the Services without needing to remember and then enter a password more than once during a visit to the Site.

On most web browsers, you will find a "help" section on the toolbar. Please refer to this section for information on how to receive notification when you are receiving a new cookie and how to turn cookies off.

In order to personalize your use of the Site, we use local shared objects, also known as Flash cookies, to display content based upon what you view. Flash cookies are different from browser cookies (discussed above) because of the amount and type of information they generate, and how they store that information. Cookie management tools provided by your browser will not remove Flash cookies. To learn how to manage privacy and storage settings for Flash cookies click here.

When you visit the Site or view one of our emails, we will use pixel tags or "clear" gifs to track links and/or similar technology to note some of the pages you visit on our Site and to personalize your experience. Pixel tags are a technology similar to cookies that can be embedded in online content or within the body of an email for the purpose of tracking activity on websites (for example, to know when content has been shown to you), or to know when you have viewed particular content or a particular email message.

Analytics and Tracking Technologies

We may allow third party service providers to use cookies or pixels (as noted above) or other tracking technologies to help us understand your use of our Site and collect information about your browsing activities over time and across different websites. For example, our Site uses Google Analytics for these purposes. To opt-out of Google Analytics collecting your information, go to Google Analytics Opt-out Browser Add-on.

How We Use Your Information

We use Personal Data and other information for the following purposes:

• To provide you with the Services and related customer service, including communicating with you as necessary in connection with your application for financial products and services;
• To market our products and services to you;
• To respond to your inquiries, comments, feedback, or questions;
• To send administrative information to you, for example, information regarding the Services, and changes to our terms, conditions, and policies;
• To analyze how users interact with our Services so we can provide, maintain, customize, and improve the content and functionality of the Services;
• To enforce the terms of our Terms of Use or Privacy Policy or any other agreement between us and you;
• To prevent actual or potential fraud, criminal, illegal, wrongful, or harmful activity, or misuses of our Services, and to ensure the security of our IT systems, architecture and networks;
• To comply with legal obligations and legal process and to protect our rights, privacy, safety or property, and/or that of our affiliates, you or other third parties;
• To conduct and publish market research, e.g., consumer surveys, polls, statistics, etc.;
• To publish user-generated content for use on our Site, social media, or other marketing platforms, websites, or mobile apps; and
• Any other purpose disclosed at the time you provide information or otherwise with your consent or if you authorize or direct us to release information about you.

Direct Marketing and Online Advertising

We may use your information to contact you in the future to tell you about products or services we believe may be of interest to you. If we do, each marketing communication we send you will contain instructions permitting you to "opt-out" of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below.

We may partner with third-party service providers to display advertising on our Site or to manage our advertising on other sites. These partners may use data technologies such as cookies and pixels to collect information about your activities on this and other websites to provide you targeted advertising based upon your interests. We may also use web beacons to tell when a user is redirected to the Site because of an advertisement that we ran was clicked on or otherwise interacted with and to better target our advertisements (known as "retargeting").

Service providers we use may track Site visitors over time and across multiple websites and social media services to retarget Site visitors. Users logged in to social media programs may be tracked by service providers who track such users across multiple websites and who may disregard the privacy settings in your web browsers.

If you wish to not have this information used for the purpose of serving you targeted ads, you may be able to opt-out by visiting:

• http://www.aboutads.info/
• https://optout.networkadvertising.org/?c=1

Please note that opting-out will not mean that you will no longer be served advertising. Instead, you will continue to receive generic ads that are not based on your specific interests.

Aggregated Data

We may aggregate the information that we collect and use such data for commercial, statistical and market research purposes. This data may include location information derived from your IP address or, if authorized, from the GPS of your mobile device.

How We Store Your Information

We keep your personal information for as long as it's needed to provide the services you've asked for, fulfill transactions, meet legal requirements, resolve disputes, establish legal defenses, conduct audits, enforce agreements, and to effect other legitimate business objectives. The exact duration can differ depending on factors like the type of data, user consent, data sensitivity, availability of automated deletion controls, and our legal or contractual obligations.

Due to regulatory recordkeeping obligations, we may retain information related to you and your account and transactions in accordance with applicable laws. Any personal information we do not keep will be securely disposed of through methods such as shredding, erasing, or altering the records to render the information unreadable or incomprehensible by any means.

Security

Ensuring the security of all information related to our Services is a top priority. We utilize technology on our servers to establish a secure connection between your device and our servers, ensuring a private session. To safeguard our servers from external threats, we employ firewalls and other security measures, securely storing your Personal Data.

Access to this information is restricted to authorized personnel or third parties only on a need-to-know basis through secure web pages. Our data security protocols are aligned with industry standards aimed at protecting nonpublic personal information. We implement reasonable measures to protect and secure your Personal Data.

Still, it's important to note that no method of data transmission or storage can be guaranteed to be entirely secure against all potential threats. No Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us in connection with the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to us via the Internet.

Sharing and Disclosure

Mobile information will not be sold or shared with third parties for promotional or marketing purposes. Your Personal Data will not be sold or shared with outside third parties for promotional or marketing purposes. Your Personal Data will only be shared with our partners for providing the services for which you have signed up.

We may share Personal Data with certain third parties without further notice to you unless required by law in the following circumstances:

Business Transfers

As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution, bankruptcy, or similar event, Personal Data may be part of the transferred assets.

Agents, Consultants, Vendors, and Service Providers

Like many businesses, we sometimes hire other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. Additionally, we may partner with other businesses to provide products or services to you.

Legal Requirements

We may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, legal process, our internal policies, or with prudent legal, data privacy, or data security practice as we may determine, (ii) protect and defend our rights or property or the rights or property of others, (iii) prevent actual or potential fraud or illegal, criminal, wrongful, or harmful activity, (iv) act to protect the safety of users of the Services or the public, or (v) protect against legal liability. You can review our Gramm-Leach-Bliley Act Privacy Notice at the end of this document for more information.

We may also share Personal Data with third parties for any purpose described above in the section titled "How We Use Your Information" or for any other purpose that has been disclosed to you or to which you have consented.

Information Access and Choice

You can contact us at support@kikoff.com to do the following at any time:

• See what Personal Data you provided through the Services, if any.
• Change/correct any Personal Data you provided through the Services.
• Express any concern you have about our use of your Personal Data.

Children

The Services are not intended for children who are under 18 years of age and we do not knowingly collect Personal Data from children under 18. If you are under the age of 18, please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our Privacy Policy. If you believe we have collected information from a child who is under 18 please contact us and we will endeavor to delete the information.

California Privacy Rights

Do Not Track Signals

Our Site currently does not respond to "Do Not Track" (DNT) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do so in the future, we will describe how we do so in this Privacy Policy.

Restrictions on Sharing

If you are a California resident and have concluded a customer relationship with us, you can restrict our sharing of certain information. For more information, review our California Privacy Notice here. If we disclose certain Personal Data to third parties who use it for their direct marketing purposes, you have a right to request further information about the recipients of your Personal Data. To obtain a list of this information, please contact us at the address provided in the "Contact Information" section below.

Links to Other Websites

This Privacy Policy only applies to information collected by Kikoff through our Services. The Kikoff Services may contain links to other websites, apps or online services not operated or controlled by Kikoff ("Third Party Sites"). The policies and procedures described here do not apply to Third Party Sites. By providing links to Third Party Sites or services we do not imply that we endorse or have reviewed such websites or services. We suggest that you contact those sites directly for information about their data practices and policies.

Infrastructure Overview

Kikoff is committed to keeping user information confidential and secure. The cloud infrastructure is designed and configured to maintain a secure environment. Staging and Production environments are segregated in separate virtual private cloud (VPC) environments and within each VPC environment, the public subnet is segregated from the private subnet. External access is restricted to the public subnet. Internal access requires the use of VPN.

Contact Information

Please feel free to contact us if you have any questions about this Privacy Policy or information practices:

Email: support@kikoff.com

Effective Date and Updates

This Privacy Policy is effective as of 11/24/2025. If we materially change this Policy, we will post the revised version here. Your continued use following any changes shall be deemed to be your acceptance of the changes. We suggest that you check here periodically for the most up-to-date version of our Privacy Policy.