Flagship Labs 105, Inc. (“FL105”, the “Company”, “we”, “us,” or “our”) is undertaking research to advance the development of a tool to support mental health and wellbeing, and to evaluate potential commercial applications and user benefits for such technology (the “Research”). This Privacy Policy explains how we handle the personal information that we collect from participants in the Research.

Personal Information We Collect

In connection with the Research, we collect the following categories of personal information:

Personal information you provide.

• Contact information (e.g., name, email address, phone number)
• Demographic information (e.g., age, gender, occupation)
• Questionnaire responses (e.g., personality assessments, psychological well-being assessments, lifestyle surveys)
• Responses to questions or chats during service usage
• Information you authorize sharing from third-party providers

Personal information we collect automatically or generate.

• Usage data and derived data (e.g., service interactions, feature usage patterns)
• Device information (e.g, IP address, operating system, device type)

How We Use Personal Information

We use your personal information to further our Research activities, including for the following purposes:

Establishing and Maintaining Participant Accounts

• Account Creation: Setting up and managing your user account to facilitate your participation in the Research.
• User Authentication: Verifying your identity to ensure secure access to our services.
• User Preferences: Storing and managing your preferences, settings, and consents.

Personalizing User Experiences

• Tailored Content: Customizing the interface and content to better align with your personal interests and needs.
• Interactive Features: Providing personalized feedback and interactive elements based on your engagement with the services.

Generating and Refining Participant Profiles

• Data Collection and Integration: Aggregating data from your interactions, responses, and third-party sources to create a comprehensive profile.
• Profile Updates: Continuously refining and updating your profile based on new data and insights.

Conducting Scientific Analysis

• Research Publications: Using aggregate data to conduct scientific research and publish findings without identifying specific individuals.
• Trend Analysis: Exploring data trends and patterns to derive insights and contribute to the broader understanding of psychological well-being.

Testing and Validating Technology

• Algorithm Testing: Evaluating the performance and accuracy of our technology.
• User Feedback: Collecting and analyzing feedback to improve the functionality and user experience of our platform.

Providing Personalized Insights

• Predictive Insights: Providing personalized insights that may promote self-awareness for an individual.
• Simulation of conversation: Testing different strategies to determine the best way to effectively deliver our services.

Complying with Legal Requirements and Protecting Rights

• Regulatory Compliance: Ensuring compliance with applicable laws, regulations, and ethical standards.
• Legal Protections: Protecting our rights, your rights, and the rights of others by monitoring and ensuring the integrity of the Research.

Enhancing User Safety and Security

• Fraud Prevention: Identifying and preventing fraudulent activities and unauthorized access.
• Data Security: Protecting your personal information with commercially reasonable safeguards.

Business and Service Operations

• Operational Support: Using data to support and optimize the operational aspects of our app and services, including customer support and IT functions.
• Service Improvements: Continually improving our services based on the insights derived from data analysis and user feedback.

In addition, where required, we may also use personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; to protect our, your or others’ rights, privacy, safety, or property (including by making and defending legal claims), including by monitoring the safety and integrity of our Research; to audit our internal processes for compliance with legal and contractual requirements and internal policies; and prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks, identity theft, and fraud.

How We Disclose Personal Information

We will keep your personal information confidential. Except as described here, we will not disclose your personal information to third parties.

To administer the Research, comply with applicable laws, and manage our business, we may disclose personal information as follows:

• Third-party technology providers. In the process of providing our services, we use third-party providers that may require access to your data.
• Service providers and professional advisors. We may disclose your personal information to companies and individuals that provide services on our behalf or help us conduct the Research or on behalf of our business (such as hosting, information technology, participant support, and email delivery), and to professional advisors, such as lawyers, auditors, and insurers, as necessary to support our business. We may also use AI technologies provided by third-party AI service providers in the course of the Research, and may disclose personal information to them in connection with the use of such technologies. Third-party AI service providers are prohibited from using your data to train or update models, and we have required them to implement appropriate data retention and deletion protections on your behalf.
• Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
• Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving without limitation, a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, our business (including, in connection with a bankruptcy or similar proceedings) in accordance with applicable law.

Your Privacy Choices

Drop out of the Research. You can withdraw your participation in the Research at any time by contacting us at: support@irischat.ai.

You may also request the following in relation to your personal information:

• Access to a copy of the personal information that we have collected about you.
• Correction of personal information that is inaccurate or out of date.
• Deletion of personal information that we no longer need for the Research or for other lawful purposes.

To make a request, please email us or write to us as provided in the “How To Contact Us” section below. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others or our ability to comply with our legal obligations and enforce our legal rights.

Data Retention

We will keep personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, or as otherwise required by law (e.g. for tax, legal, accounting, or other purposes).

These data will be stored until the Research phase is complete (approximately 3 years).

Data Security

We employ commercially reasonable safeguards designed to protect the personal information we collect. However, no security measures are failsafe, and we cannot guarantee the security of your personal information. You provide us with your personal information at your own risk.

All user data, including personal information and health-related data, will be securely stored in encrypted form using industry-standard encryption protocols, both at rest and in transit. Access to user data will be restricted to authorized personnel only, and will require multi-factor authentication (MFA) for all access points. Regular audits of security systems will be conducted to ensure compliance with applicable privacy laws and best practices. In addition, data will be backed up securely, and any access to or handling of sensitive data will be logged for accountability and monitoring purposes. Cloud infrastructure providers are selected based on their ability to meet high standards of security, compliance and privacy, and they must support features such as encryption, secure backups, and multi-factor authentication.

Please direct any questions or comments about this Privacy Policy to privacy@fl105inc.com.

‍