Data Breach Notification Policy

Version: 1.2

Effective Date: November 3, 2025 Last Updated Date: April 14, 2026

SOLIDUS AI TECH INC., operating under the trade name “AITECH Cloud Network” (“ACN”, “we”, “us”, or “our”), together with relevant entities within the AITECH Cloud Network (“ACN”) ecosystem and group structure, including the AITECH Cloud Network Foundation and Solidus AI Tech Digital (where applicable), is committed to safeguarding the security of personal data.

This Data Breach Notification Policy outlines the procedures and responsibilities applicable in the event of a personal data breach affecting users, customers, partners, systems, or services operated within the ACN ecosystem, as applicable based on the nature of the service, data processing activity, and relevant legal or regulatory requirements. Any references to “AITECH”, “AI Tech”, or similar terminology shall be interpreted as legacy references to the AITECH Cloud Network where applicable.

This Policy should be read in conjunction with our Privacy Policy, Cookie Notice, Marketing Consents Policy, and Opt-In/Out Communications Policy, which together form part of our broader data protection and compliance framework.

1. Definition of a Data Breach

A personal data breach is any security incident that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

Examples of a data breach include:

• Unauthorized access to customer data;

• Exposure of marketing consents or preferences;

• Loss or theft of devices containing personal data;

• Malware or ransomware attacks;

• Human error resulting in misdirected emails or data leakage.

2. Immediate Response & Containment

Upon discovering a suspected data breach, we will immediately:

• Initiate our internal Incident Response Procedure;

• Contain the breach to limit further exposure;

• Assess the extent and nature of the breach;

• Secure all affected systems and data sources;

• Notify senior compliance and security staff.

• Coordinate with relevant affiliated entities, internal divisions, processors, vendors, and incident response providers where necessary to contain and investigate the breach.

3. Assessment and Risk Analysis

We will conduct a risk assessment to determine:

• The type and sensitivity of the personal data involved;

• The number of individuals affected;

• Whether the breach is likely to result in a risk to individuals' rights and freedoms;

• Any potential for identity theft, financial fraud, reputational harm, or unauthorized marketing.

• Whether personal data processed by multiple entities, jurisdictions, or third-party processors is affected.

4. Notification Obligations

Notification responsibilities may be undertaken by the relevant controller, processor, or responsible entity within the AITECH Cloud Network (ACN) group depending on the affected service, legal obligations, and jurisdiction.

A. Supervisory Authorities

If required under applicable laws (e.g., Article 33 of the EU GDPR), we will notify the relevant data protection authority within 72 hours of becoming aware of the breach.

B. Affected Individuals

If the breach is likely to result in high risk to the rights and freedoms of individuals, we will notify the affected persons without undue delay. This may include:

• A description of the breach;

• Contact details for further inquiries;

• Recommended actions individuals can take to mitigate harm;

• Summary of the steps we are taking to remediate the incident.

Notifications may be sent via email, platform alerts, or public announcement depending on the scope and severity.

5. Communication and Marketing Impact

In the event that marketing data or communication preferences (including opt-in/out records or email addresses) are affected:

• We will inform impacted individuals of the possible misuse of their promotional communication preferences;

• We will honor all unsubscribe or opt-out requests that may have been compromised;

• Marketing activities will be suspended for affected users until proper re-consent is confirmed, if necessary.

6. Record-Keeping

All data breaches, regardless of severity, will be documented. Our records will include:

• Facts relating to the breach;

• Its effects and scope;

• Corrective actions taken;

• Regulatory notifications made;

• Incident records may be maintained centrally or by the relevant group entity, subject to confidentiality, retention obligations, and applicable law.

This documentation is kept in accordance with Article 33(5) of the GDPR and our internal security policies.

7. Preventive Measures

To prevent recurrence, the relevant entity within the AITECH Cloud Network group may:

• Update system security protocols and access controls;

• Provide staff training on data protection and breach response;

• Conduct security audits and penetration testing;

• Review and revise data processing agreements with third-party vendors.

8. Contact Information

If you believe your data has been compromised or have questions about a potential breach, please contact us:

Email: admin@aitech.io

Mailing Address: SOLIDUS AI TECH INC, PH The Century Tower, Office 317 Vía Ricardo J. Alfaro Corregimiento de Betania, Distrito de Panama, Panama City, Panama.