Hi. We're EVEN. We built this platform with Chris Brown to bring you closer to his music, his community, and his work. This Privacy Policy explains what we collect from you, why, and what you can request concerning your information. We tried to write something you'd actually read. The full legal version follows below.

A few things up front:

You have to be 18 years of age or older to make an account here. That's not a vibe thing. It's a legal thing tied to how we and Sony handle data.

We collect information that we need to run the platform. Your phone or email so you can sign in. Your purchase info so we can deliver what you bought. Your chat messages so the community works. Some basics about the devices you’re using so the site loads correctly.

We share information with the people who help us provide you with this community. . Stripe handles your payments, so they see your card information. Magic helps you sign in, so they see your phone or email. Stream powers the chat, so chat lives in their system. Sony Music gets account-level information because they're Chris Brown's label and they're a partner here. We've listed everyone in Section 5 below.

We don't sell your information. Full stop. We share it as we describe in this policy, and that's it.

We keep most information until you ask us to delete them, except for chat messages, which stay in the chat history because that conversation belongs to the community. If you delete your account, your name comes off your messages but the messages remain. If you posted something you regret, email us and we'll work on it.

You can opt out of marketing texts and emails any time. STOP works. Unsubscribe links work. Emailing us works. Authentication codes and order updates aren't marketing and will keep coming if you have an active account, because that's how the platform runs.

You have rights here. Specifically, you can ask us what information we have,, ask us to fix it if it's wrong, and ask us to delete it. How that works depends on where you live. The regional sections at the end of this policy spell out the specifics for your country or state.

We use cookies. We have a cookie banner if you're somewhere that requires one. You can manage them through that banner or your browser.

If you have a question or a complaint, email info@even.biz and we'll respond within 30 days, sooner if your local law requires it.

That's the gist. Everything below is the precise version. If you want to skip ahead, jump to the section that matches where you live.

Main Policy

Regional Addenda

EVEN Labs Inc. ("EVEN," "we," "us," or "our") is a Delaware corporation with its principal place of business at 313 N Plankinton Ave., Milwaukee, WI 53203, USA.

We operate the BROWN platform at brown.live (the "Platform") in collaboration with Chris Brown Entertainment and RCA Records, a label of Sony Music Entertainment ("Sony"). The Platform allows fans to access exclusive content, purchase digital and physical music releases, participate in fan community chat, view tour information, and engage with artist content.

For purposes of data protection law, EVEN is the controller of the personal information collected through the Platform, except where this Policy specifies otherwise. Sony is a separate controller for the personal information shared with Sony as described in Section 5.

Contact for privacy matters: info@even.biz Mail: EVEN Labs Inc., Attn: Privacy, 313 N Plankinton Ave., Milwaukee, WI 53203, USA

This Policy applies to anyone who accesses or uses the Platform. This includes:

You must be at least 18 years old to create a Member account or make a purchase. We do not knowingly collect personal information from individuals under 18. If you believe a minor has created an account, contact us at support@even.biz and we will delete the account and associated data.

We collect information in three ways: information you give us directly, information collected automatically when you use the Platform, and information we receive from third parties.

When you create an account (Member tier):

When you make a purchase (Purchaser tier):

When you participate in chat:

When you gift a release:

When you contact support:

We do not knowingly collect sensitive personal information (such as government ID numbers, biometric data, precise geolocation, health information, or information about racial or ethnic origin, religious beliefs, or sexual orientation) except where you voluntarily provide it (for example, in a chat message). We do not use any such voluntarily-provided information for marketing or profiling.

We use your information for the following purposes:

You can opt out of marketing at any time. See Section 10 for details.

We do not use automated decision-making that produces legal or similarly significant effects on you. We do not train artificial intelligence models on your personal information, and we do not allow third parties to train AI models on EVEN data.

We rely on the following legal bases for processing your personal information:

You can withdraw consent at any time. See Section 10 and the regional addenda.

We share personal information only as described below. We do not sell your personal information.

EVEN operates the BROWN Platform in collaboration with Chris Brown Entertainment and RCA Records, a label of Sony Music Entertainment. We share certain personal information with Sony as a separate controller, including:

Sony uses this information to administer artist relationships, provide marketing support to the artist, report sales data to chart bodies (such as Luminate and Billboard), and comply with its obligations to recording artists.

Sony's processing of your information is governed by Sony's Privacy Policy, available at https://www.sonymusic.com/privacy-policy/. Sony's Terms and Conditions are available at https://www.sonymusic.com/terms-and-conditions/. If you have questions about how Sony processes your data, contact Sony directly using the methods in Sony's policy.

We do not share chat message content with Sony though they can view it if you post publically.5.2 Service Providers (Sub-Processors)

We use the following service providers to operate the Platform. Each is contractually bound to process personal information only on our instructions and to maintain appropriate security.

This list reflects our service providers as of the Last Updated date above. The list may change as we add, remove, or replace providers. We will update this section when changes occur.

EVEN is based in the United States, and our service providers are primarily located in the United States. If you access the Platform from outside the United States, your personal information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For users in the United Kingdom, European Economic Area, and Switzerland, we rely on the following transfer mechanisms:

For users in Brazil, Australia, the Philippines, and South Africa, see the regional addenda for specific transfer information.

You can request a copy of the safeguards we use by emailing info@even.biz.

We retain your personal information for as long as necessary to provide the Platform, comply with legal obligations, resolve disputes, and enforce agreements. Specifically:

If you have a right to deletion under applicable law (see Section 8 and the regional addenda), we will delete or anonymize your personal information within the timeframes required by law, except where retention is required for legal, regulatory, or fraud-prevention purposes.

Depending on where you live, you have certain rights regarding your personal information. The rights below are available to all users where they don't conflict with applicable law. Additional or different rights may apply in your jurisdiction; see the regional addenda.

Email info@even.biz with a description of your request. We will respond within 30 days, or sooner if required by your jurisdiction. We may need to verify your identity before processing certain requests.

If you are unsatisfied with our response, you may have the right to lodge a complaint with a data protection authority. See the regional addenda for the relevant authority in your jurisdiction.

We will not discriminate against you for exercising your privacy rights. We will not deny you the Platform, charge different prices, or provide a different level of service because you exercised a right.

We and our service providers use cookies, web beacons, pixel tags, and similar technologies (collectively, "Cookies") to operate the Platform, analyze usage, and personalize your experience.

When you first visit the Platform from a region where consent is required, you will see a cookie banner allowing you to accept, reject, or customize non-essential cookies. You can change your preferences at any time through the cookie settings link in the Platform footer.

You can also manage cookies through your browser settings. Note that disabling strictly necessary cookies may prevent the Platform from functioning correctly.

Some browsers offer a "Do Not Track" signal. Industry standards have not settled on a uniform interpretation of this signal, and we do not currently respond to it. We honor opt-out preferences expressed through the Global Privacy Control (GPC) signal where required by applicable law (including in California, Colorado, Connecticut, Oregon, and other states with universal opt-out mandates).

If you receive marketing emails from us, you can unsubscribe by:

We will honor opt-out requests within 10 business days.

If you opted into SMS marketing at sign-up, you can opt out by:

We will honor opt-out requests within 10 business days. After you opt out, you may receive one confirmation message and no further marketing texts.

Opting out of marketing does not affect transactional communications (authentication codes, order confirmations, account security notices), which are necessary for your account.

Marketing SMS frequency is up to 10 messages per month. Marketing email frequency varies; you can adjust frequency or topic preferences in your account settings.

We maintain administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our practices include:

EVEN is working toward SOC 2 Type II certification.

No system is completely secure. While we work to protect your information, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at info@even.biz.

If we experience a data breach affecting your personal information, we will notify you and any required regulators in accordance with applicable law. Notification timing and content vary by jurisdiction and the nature of the breach. Specific obligations are described in the regional addenda.

The Platform includes a community chat feature operated using Stream.io infrastructure. Specific disclosures for chat:

The chat does not support private direct messages between users. All chat content is posted in shared rooms or threads visible to other Members.

Chat is actively moderated. We use a combination of:

Moderators can remove messages, restrict accounts, and ban users for violations of the community guidelines and Terms of Service.

Chat messages are retained indefinitely. If you delete your account, your messages remain in the chat history but your display name is replaced with a generic identifier. See Section 7.

By posting in chat, you understand that your messages are visible to other Members and may be retained, screenshotted, or referenced by them. Do not share information in chat that you would not want to be public.

The Platform is intended for users 18 years of age and older. We do not knowingly collect personal information from individuals under 18 years of age

If you believe a person under 18 has created an account or provided personal information to us, contact us at info@even.biz. We will delete the account and any associated personal information without undue delay.

If you purchase a gift through the Platform, we collect the recipient's name and email to deliver the gift. The recipient must opt in (by accepting the gift and creating an account) before they can access the content.

We use recipient contact information solely to deliver the gift and notify the recipient. We do not use recipient contact information for marketing unless the recipient creates an account and opts in independently. If a recipient does not accept the gift within a reasonable time, we delete the recipient information after the offer expires, except where retention is required for fraud prevention or accounting.

The Platform includes a tour information section that links to ticketing partners (Ticketmaster and Live Nation) for the R&B Tour Starring Usher, Raymond and Chris Brown. When you click a tour link, you leave the Platform and visit the ticketing partner's site, which is governed by the partner's own privacy policy.

EVEN does not share your personal information with Ticketmaster or Live Nation in connection with these links. We may receive aggregated, de-identified data about referral traffic.

We may update this Policy from time to time. The "Last Updated" date at the top reflects the most recent version. We will notify you of material changes by:

Your continued use of the Platform after changes take effect constitutes your acceptance of the updated Policy. If you do not agree to the updated Policy, you should close your account.

For questions about this Policy or to exercise your privacy rights:

Email: info@even.biz Mail: EVEN Labs Inc., Attn: Privacy, 313 N Plankinton Ave., Milwaukee, WI 53203, USA Support: support@even.biz

For UK and EU users, see the regional addenda for additional contacts and the relevant supervisory authorities.

The regional addenda below apply in addition to the main Policy. Where a regional addendum conflicts with the main Policy, the regional addendum controls for users in that jurisdiction.

If you are unsure which addendum applies to you, contact us at info@even.biz.

This Addendum applies to residents of the United States. State-specific sections below apply where indicated.

Within the past twelve months, we have collected the categories of personal information described in Section 3 of the main Policy. We use these categories for the purposes described in Section 4 and disclose them to the recipients described in Section 5.

We do not sell personal information.

We do not share personal information for cross-context behavioral advertising except where you have opted in through cookie preferences (see Section 9).

We do not knowingly process the personal information of consumers under 16 years of age.

We do not use or disclose sensitive personal information for purposes other than those described in Section 4 and as permitted by applicable law.

We are not a data broker and do not register as one.

If you are a California resident, the following additional rights apply under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"). Definitions in the CCPA apply.

You have the right to:

Submit a request by:

We will verify your identity before responding to access, deletion, or correction requests. Verification typically requires you to confirm two pieces of personal information we already hold.

We will respond within 45 days, with a possible 45-day extension. We may extend this once if reasonably necessary, with notice to you.

You may designate an authorized agent to make a request on your behalf. We will require written authorization signed by you and may verify the agent's identity.

We collect the following categories of sensitive personal information as defined by the CCPA:

We use this information only for the purposes permitted under CCPA Section 1798.121 (operating the Platform, security, and as you direct).

This Privacy Policy serves as our Notice at Collection for California consumers. The categories of personal information we collect, the purposes for collection, the retention period, and whether we sell or share information are described above.

We will publish annual metrics on requests received and processed under the CCPA where required.

Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not currently disclose personal information for third-party direct marketing purposes.

California Business and Professions Code Section 22581 allows California residents under 18 who are registered users of online services to remove content they post. Our Platform is not directed to and does not knowingly accept registrations from individuals under 18.

You may file a complaint with the California Privacy Protection Agency at https://cppa.ca.gov/ or with the California Attorney General at https://oag.ca.gov/.

If you are a Colorado resident, you have the following rights under the Colorado Privacy Act:

To exercise these rights, email info@even.biz. We will respond within 45 days. You have the right to appeal a denial; appeal procedures will be described in any denial response.

We honor the Global Privacy Control as a universal opt-out mechanism for targeted advertising and sale of personal data.

You may file a complaint with the Colorado Attorney General at https://coag.gov/.

If you are a Connecticut resident, you have the following rights under the Connecticut Data Privacy Act:

To exercise these rights, email info@even.biz. We will respond within 45 days, with a 45-day extension if reasonably necessary. You have the right to appeal a denial.

We honor the Global Privacy Control for opt-out signals.

Effective July 1, 2026, Connecticut amendments expand the definition of sensitive data to include neural data and government-issued identification numbers, prohibit the sale of sensitive data without consent, and reduce the threshold for applicability. Where these provisions apply, we will treat the listed categories as sensitive data and obtain consent before processing for new purposes.

You may file a complaint with the Connecticut Attorney General at https://portal.ct.gov/AG.

If you are a Montana resident, you have the following rights under the Montana Consumer Data Privacy Act:

The "solely automated" qualifier on profiling opt-outs was removed effective October 1, 2025. The opt-out applies to profiling whether or not the decision-making is solely automated.

To exercise these rights, email info@even.biz. We will respond within 45 days. You have the right to appeal a denial.

We honor the Global Privacy Control for opt-out signals.

You may file a complaint with the Montana Attorney General at https://dojmt.gov/.

If you are a Nevada resident, Nevada Revised Statutes Chapter 603A gives you the right to opt out of the sale of certain personal information to third parties.

We do not sell personal information as defined under Nevada law. If you wish to formally exercise this right, email info@even.biz with the subject line "Nevada Opt-Out Request."

If you are an Oregon resident, you have the following rights under the Oregon Consumer Privacy Act:

We do not sell personal data of consumers under 16 years of age. We do not sell precise geolocation data relating to an individual's location within a 1,750-foot radius.

To exercise these rights, email info@even.biz. We will respond within 45 days.

We honor the Global Privacy Control for opt-out signals.

You may file a complaint with the Oregon Attorney General at https://www.doj.state.or.us/.

If you are a Texas resident, you have the following rights under the Texas Data Privacy and Security Act:

To exercise these rights, email info@even.biz. We will respond within 45 days.

We honor the Global Privacy Control for opt-out signals.

The Texas Data Privacy and Security Act applies to businesses that conduct business in Texas or target Texas residents and process personal data, regardless of revenue or volume thresholds. We comply with this lower-threshold standard.

You may file a complaint with the Texas Attorney General at https://www.texasattorneygeneral.gov/.

If you are a Utah resident, you have the following rights under the Utah Consumer Privacy Act:

To exercise these rights, email info@even.biz. We will respond within 45 days.

You may file a complaint with the Utah Division of Consumer Protection or the Utah Attorney General.

If you are a Virginia resident, you have the following rights under the Virginia Consumer Data Protection Act:

To exercise these rights, email info@even.biz. We will respond within 45 days, with a 45-day extension if reasonably necessary. You have the right to appeal a denial.

You may file a complaint with the Virginia Attorney General at https://www.oag.state.va.us/.

This section applies to Canadian residents under the Personal Information Protection and Electronic Documents Act ("PIPEDA"), which applies to personal information collected, used, or disclosed in the course of commercial activity.

Under PIPEDA, you have the right to:

We collect, use, and disclose personal information with your consent, except where we are permitted or required by law to do so without consent. We rely on implied consent for routine commercial activities and express consent for sensitive information and marketing communications.

Email info@even.biz. We will respond within 30 days, with a possible extension as permitted by law.

You may file a complaint with the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca/ or by mail at:

Office of the Privacy Commissioner of Canada 30 Victoria Street Gatineau, Quebec K1A 1H3 Canada Phone: 1-800-282-1376

If you are a resident of Quebec, the Act to modernize legislative provisions as regards the protection of personal information (commonly known as "Law 25" or formerly Bill 64) applies in addition to PIPEDA.

EVEN's Privacy Officer is responsible for compliance with Law 25 and can be contacted at:

Email: info@even.biz (Attn: Privacy Officer) Mail: EVEN Labs Inc., Attn: Privacy Officer, 313 N Plankinton Ave., Milwaukee, WI 53203, USA

Under Law 25, Quebec residents have the right to:

Consent under Law 25 must be free, clear, informed, granular, and specific to each purpose of data use. Consent for sensitive personal information must be express. We obtain express consent for marketing communications and for the use of cookies that are not strictly necessary.

Law 25 requires that personal information transferred outside Quebec receive a level of protection equivalent to that provided in Quebec. Before transferring your personal information outside Quebec, we conduct an assessment, enter into appropriate contractual safeguards, and inform you of the transfer. By using the Platform, you acknowledge that your personal information will be transferred to and processed in the United States and other countries where our service providers operate, subject to appropriate safeguards.

We conduct privacy impact assessments where required by Law 25, including for transfers outside Quebec and for new technologies handling personal information.

We will respond to requests within 30 days. If we deny your request, we will explain why and inform you of your right to seek review by the Commission d'accès à l'information.

Law 25 provides individuals with a private right of action for violations resulting from intentional misconduct or gross fault.

You may file a complaint with the Commission d'accès à l'information du Québec at:

Website: https://www.cai.gouv.qc.ca/ Quebec address: Bureau 2.36, 525, boulevard René-Lévesque Est, Québec (Québec) G1R 5S9 Montreal address: Bureau 18.200, 500, boulevard René-Lévesque Ouest, Montréal (Québec) H2Z 1W7

This Addendum applies to residents of the United Kingdom (UK), the European Economic Area (EEA), and Switzerland. It implements requirements under the UK General Data Protection Regulation ("UK GDPR"), the EU General Data Protection Regulation ("EU GDPR"), the UK Data Protection Act 2018, and the Swiss Federal Act on Data Protection ("FADP").

EVEN Labs Inc., 313 N Plankinton Ave., Milwaukee, WI 53203, USA, is the controller of your personal information.

EU Representative (Article 27 GDPR): [TO BE APPOINTED BEFORE EU LAUNCH]

UK Representative (Article 27 UK GDPR): [TO BE APPOINTED BEFORE UK LAUNCH]

Privacy contact: info@even.biz

We rely on the following Article 6 GDPR legal bases:

For sensitive data ("special category data") under Article 9 GDPR, we rely on explicit consent or another applicable Article 9 condition.

You may contact us at info@even.biz to obtain more information about our balancing assessments where we rely on legitimate interests.

You have the following rights, subject to applicable conditions and exceptions:

To exercise these rights, email info@even.biz. We will respond within one month of receipt, with a possible two-month extension for complex requests, in which case we will inform you within the first month.

Your personal data is transferred to and processed in the United States and other countries that may not have laws providing the same level of protection as your country of residence.

We rely on the following transfer mechanisms:

For transfers to the United States specifically, where applicable, we may also rely on participation in the EU-US Data Privacy Framework, the UK Extension to the Data Privacy Framework, or the Swiss-US Data Privacy Framework by our service providers that are certified under those frameworks.

You may request a copy of the safeguards applicable to your data by emailing info@even.biz.

You have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or place of an alleged infringement.

United Kingdom: Information Commissioner's Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF https://ico.org.uk/

Switzerland: Federal Data Protection and Information Commissioner (FDPIC) Feldeggweg 1, 3003 Bern https://www.edoeb.admin.ch/

EEA Member States: A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. You may file a complaint with the supervisory authority of your country.

Examples of EEA supervisory authorities:

We will notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach where required under Article 33 GDPR/UK GDPR. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.

In addition to the retention periods in Section 7 of the main Policy, we retain personal data only for as long as necessary for the purposes of processing, taking into account legal, regulatory, and operational requirements. You can request information about specific retention periods by emailing info@even.biz.

For Swiss residents, the FADP applies in addition to or instead of the EU GDPR depending on the specific circumstances. Your rights under the FADP are substantially similar to those under the EU GDPR. Complaints may be lodged with the Federal Data Protection and Information Commissioner (FDPIC) at the address above.

We obtain consent for non-essential cookies through a cookie consent banner before any non-essential cookies are placed on your device. You can manage your cookie preferences at any time through the cookie settings link in the Platform footer. See Section 9 of the main Policy.

This Addendum applies to residents of Brazil under the Lei Geral de Proteção de Dados Pessoais ("LGPD," Federal Law No. 13.709/2018).

EVEN Labs Inc. is the controller of your personal data. Our Data Protection Officer ("Encarregado") for Brazil can be contacted at:

Email: info@even.biz (Attn: DPO Brazil) Mail: EVEN Labs Inc., Attn: DPO Brazil, 313 N Plankinton Ave., Milwaukee, WI 53203, USA

Under Article 18 of the LGPD, you have the right to:

To exercise these rights, email info@even.biz. We will respond within 15 days, in accordance with Article 19 of the LGPD.

We process personal data based on the legal bases listed in Article 7 (or Article 11 for sensitive data) of the LGPD, including:

We transfer your personal data to the United States and other countries. Under Articles 33-36 of the LGPD, we rely on the following mechanisms:

You may file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD):

Website: https://www.gov.br/anpd/ Address: Esplanada dos Ministérios - Bloco C - 1° andar, Brasília - DF, 70046-900, Brazil

The Platform is intended for users 18 years of age and older. The LGPD provides specific protections for the processing of personal data of children (under 12) and adolescents (12-18) under Article 14. We do not knowingly process the personal data of any individual under 18.

This Addendum applies to residents of Australia under the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs").

This Privacy Policy is our APP 1 privacy policy. We manage personal information openly and transparently in accordance with the APPs.

Where lawful and practicable, you may interact with us anonymously or pseudonymously (for example, by browsing the Platform without creating an account). To create a Member account or make a purchase, we require identifying information.

We collect personal information for the purposes described in Section 4 of the main Policy. We collect directly from you wherever practicable. Where we collect from third parties (for example, our service providers), we do so as described in Section 3.3.

We use and disclose your personal information only for the primary purpose of collection or for a related secondary purpose that you would reasonably expect, except as you consent or as permitted by law.

We may use your personal information for direct marketing only where you have consented or where you would reasonably expect us to do so. You can opt out at any time using the methods described in Section 10 of the main Policy.

We may disclose your personal information to recipients in the United States and other countries. We take reasonable steps to ensure that overseas recipients do not breach the APPs. By using the Platform, you acknowledge that your personal information will be transferred to and processed in the United States and other countries where our service providers operate.

Where we rely on your consent for cross-border disclosure under APP 8.2(b), you acknowledge that we will not be accountable under APP 8.1 for an act or practice of an overseas recipient that breaches the APPs.

We do not adopt, use, or disclose any government-related identifier (such as Tax File Numbers or Medicare numbers) as our own identifier of you.

We take reasonable steps to ensure that personal information is accurate, up-to-date, and complete (APP 10) and to protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure (APP 11). See Section 11 of the main Policy.

You have the right to request access to and correction of your personal information. Email info@even.biz to make a request. We will respond within a reasonable period (generally within 30 days). We may charge a reasonable fee for providing access where permitted; we do not charge for correction.

If we experience an eligible data breach as defined under the Notifiable Data Breaches scheme, we will notify the Office of the Australian Information Commissioner ("OAIC") and affected individuals as required by law.

If you have a complaint, contact us first at info@even.biz. If you are not satisfied with our response, you may lodge a complaint with the OAIC:

Website: https://www.oaic.gov.au/ Phone: 1300 363 992 Mail: Office of the Australian Information Commissioner, GPO Box 5288, Sydney NSW 2001

This Addendum applies to residents of the Philippines under the Data Privacy Act of 2012 (Republic Act No. 10173, "DPA") and its Implementing Rules and Regulations.

Our Data Protection Officer ("DPO") for the Philippines can be contacted at:

Email: info@even.biz (Attn: DPO Philippines) Mail: EVEN Labs Inc., Attn: DPO Philippines, 313 N Plankinton Ave., Milwaukee, WI 53203, USA

Under Section 16 of the DPA, you have the following rights:

To exercise these rights, email info@even.biz.

We process personal information based on the criteria for lawful processing in Sections 12 and 13 of the DPA, including consent, contract performance, legal obligation, vital interests, public authority, and legitimate interests.

We obtain consent for processing sensitive personal information and privileged information as required by Section 13.

We transfer personal information outside the Philippines. We ensure that transferred personal information receives appropriate protection through contractual safeguards and other measures, in accordance with Section 21 of the DPA and NPC issuances.

We implement reasonable and appropriate organizational, physical, and technical measures to protect personal information, in accordance with Section 20 of the DPA.

If we experience a personal data breach that is likely to give rise to a real risk of serious harm to affected data subjects, we will notify the NPC and affected data subjects within 72 hours of becoming aware of the breach, in accordance with NPC rules.

You may file a complaint with the National Privacy Commission:

Website: https://privacy.gov.ph/ Email: complaints@privacy.gov.ph Address: National Privacy Commission, 5th Floor, Philippine International Convention Center, Vicente Sotto St., Pasay City 1300

This Addendum applies to residents of South Africa under the Protection of Personal Information Act, 4 of 2013 ("POPIA").

EVEN's Information Officer for South Africa can be contacted at:

Email: info@even.biz (Attn: Information Officer) Mail: EVEN Labs Inc., Attn: Information Officer, 313 N Plankinton Ave., Milwaukee, WI 53203, USA

We process personal information in accordance with the eight conditions for lawful processing under POPIA:

You have the right to:

The 2025 amended POPIA regulations require that objections to processing be free of charge and submittable through multiple accessible channels including hand delivery, post, email, SMS, WhatsApp, or other expedient means.

We will not process your personal information for direct marketing without your consent or, in the case of existing customers, without giving you a reasonable opportunity to object. You have an unconditional right to object to direct marketing at any time, free of charge.

We transfer personal information outside South Africa to the United States and other countries. We rely on the grounds in Section 72 of POPIA, including:

If we experience a security compromise (data breach), we will notify the Information Regulator and affected data subjects as soon as reasonably possible, through the Information Regulator's eServices Portal.

You may file a complaint with the Information Regulator:

Website: https://inforegulator.org.za/ Email: complaints.IR@inforegulator.org.za Address: Information Regulator (South Africa), JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

END OF PRIVACY POLICY

This Privacy Policy was last updated on [DATE]. Previous versions are available on request by emailing info@even.biz.