SUMMIT LOGIC

Effective Date: March 22, 2026

Last Updated: March 22, 2026

Summit Logic, Inc. ("Summit Logic," "we," "our," or "us") provides marketing automation software and related services to business customers ("Services"). This Privacy Policy describes how we collect, use, disclose, and protect information when you access or use our Services, website, and any associated applications.

This Policy applies to business representatives and authorized users who interact with our platform on behalf of their organizations. By using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

1.1 Account and Contact Information

When you register for or use our Services, we collect information such as:

• Business name, address, and contact details

• Name, email address, and phone number of authorized users

• Billing and payment information

• Account credentials (usernames and passwords)

1.2 Usage and Platform Data

We automatically collect information about how you use our platform, including:

• Log data (IP addresses, browser type, operating system, access times)

• Feature usage patterns, campaign configurations, and workflow data

• API call logs and integration activity

• Device identifiers and session tokens

1.3 Customer-Provided Data

In the course of using our marketing automation platform, you may upload, input, or process data belonging to your own customers or prospects ("Customer Data"). We process Customer Data solely as a data processor on your behalf, under your instructions and applicable data processing agreements.

1.4 Communications

We collect the content of communications you send us, including support requests, feedback, and correspondence related to your account.

2. How We Use Your Information

We use information we collect for the following purposes:

• Providing, operating, and improving the Services

• Processing transactions and sending billing-related communications

• Authenticating users and maintaining account security

• Sending service notifications, product updates, and technical alerts

• Responding to support inquiries and troubleshooting issues

• Analyzing usage trends to improve platform performance and develop new features

• Enforcing our Terms of Service and other applicable agreements

• Complying with legal obligations and responding to lawful requests

• Sending marketing communications about Summit Logic products and services (you may opt out at any time)

3. Legal Bases for Processing

Where applicable law requires a legal basis for processing personal data, we rely on the following:

• Contract performance: Processing necessary to deliver the Services under our agreement with you

• Legitimate interests: Improving our Services, ensuring security, and preventing fraud

• Legal obligation: Complying with applicable laws and regulations

• Consent: Where you have provided explicit consent, such as for certain marketing communications

4. Sharing and Disclosure of Information

4.1 Service Providers

We engage third-party service providers who assist us in operating, maintaining, and improving the Services. These providers access information only to perform tasks on our behalf and are contractually obligated to protect it.

Service provider categories include: cloud infrastructure providers, payment processors, analytics vendors, customer support platforms, and email delivery services.

4.2 Business Transfers

In the event of a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify affected customers of any material change in ownership or use of personal information.

4.3 Legal Requirements

We may disclose information when required to do so by law or in response to valid legal process (e.g., subpoenas, court orders, regulatory requests). We will endeavor to provide notice where legally permissible.

4.4 Protection of Rights

We may disclose information when we believe, in good faith, that disclosure is necessary to protect the rights, property, or safety of Summit Logic, our customers, or the public.

4.5 Aggregated and De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you for industry research, marketing, or other business purposes.

5. Data Retention

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this Policy, and comply with our legal obligations. When an account is terminated, we will delete or anonymize personal information within a commercially reasonable period, unless retention is required by law.

Specific retention periods may be outlined in your service agreement or data processing addendum.

6. Data Security

Summit Logic implements industry-standard technical and organizational security measures to protect information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS) and at rest (AES-256)

• Role-based access controls and multi-factor authentication

• Regular security assessments and penetration testing

• Incident response and breach notification procedures

While we take reasonable steps to protect your information, no security system is impenetrable. You are responsible for maintaining the confidentiality of your account credentials.

7. International Data Transfers

Summit Logic operates in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate.

For customers in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate safeguards for cross-border transfers, including Standard Contractual Clauses (SCCs) as approved by the European Commission, where applicable.

8. GDPR Rights (EEA, UK, and Switzerland)

If you are located in the EEA, UK, or Switzerland and Summit Logic processes your personal data as a data controller, you may have the following rights under applicable data protection law:

• Right of access: Request a copy of personal data we hold about you

• Right to rectification: Request correction of inaccurate or incomplete data

• Right to erasure: Request deletion of personal data in certain circumstances

• Right to restriction: Request that we limit processing of your data

• Right to data portability: Receive your data in a machine-readable format

• Right to object: Object to processing based on legitimate interests or for direct marketing

• Right to withdraw consent: Withdraw consent at any time where processing is consent-based

To exercise these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law.

9. California Privacy Rights (CCPA/CPRA)

California residents who are natural persons (not businesses) interacting with Summit Logic may have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

• The right to know what personal information is collected, used, shared, or sold

• The right to delete personal information, subject to exceptions

• The right to opt out of the sale or sharing of personal information

• The right to non-discrimination for exercising privacy rights

Note: Summit Logic operates as a B2B provider. Our primary relationships are with business entities, and much of the data we process is handled under data processing agreements as a service provider. To submit a California privacy request, contact us at [email protected].

10. CAN-SPAM and Email Communications

Summit Logic complies with the CAN-SPAM Act. Marketing emails we send will include:

• Clear identification of Summit Logic as the sender

• A truthful subject line

• Our physical mailing address

• A clear mechanism to unsubscribe

Transactional and service-related emails (e.g., billing notices, security alerts) are not subject to opt-out under CAN-SPAM. You may opt out of marketing emails at any time by clicking the unsubscribe link or emailing [email protected].

11. Cookies and Tracking Technologies

Our website and platform use cookies, pixels, and similar tracking technologies to authenticate sessions, remember preferences, analyze usage, and support marketing activities. You may control cookie settings through your browser, though disabling certain cookies may affect platform functionality.

We do not currently respond to Do Not Track (DNT) signals, as no industry-wide standard has been established.

12. Third-Party Links and Integrations

Our Services may contain links to third-party websites or allow integration with third-party platforms (e.g., CRM systems, advertising platforms). This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you connect to Summit Logic.

13. Children's Privacy

The Services are intended solely for business use by individuals who are at least 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected information from a person under 18, we will promptly delete it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services. We will notify you of material changes by posting the updated Policy on our website with a revised effective date, and where appropriate, by email. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Summit Logic, Inc.

Attn: Privacy Team

Email: [email protected]

Website: www.summitlogic.com

This Privacy Policy is effective as of 07/28/2025 and governs the collection, use, and disclosure of information by N2Open Capital LLC d/b/a N2Open Digital.

+1 970 450-4430