Privacy and Cookie Policy

This Privacy and Cookie Policy (this “Policy”) describes the ways in which Anagram Ventures Inc. (“Provider”)
collects, uses, and discloses information about you, including personally identifiable information, in connection
with your use of the website anagramventures.com (the “System”). Throughout this Policy, “you”
refers to the individual or entity that is visiting the System. By using the System, you consent to the use
of your information as set forth in this Policy.

1. This Policy

Scope. Provider utilizes the System to provide certain investment management, investor
reporting, and communication services to you (the “Services”). In the course of providing the Services, Provider
may collect “Personal Information,” which means any information relating to an identified or identifiable natural
person (a “data subject”) (an identifiable natural person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural
or social identity of that natural person).

Changes to this Policy. Provider reserves the right to update this Policy from time to time by
posting a new Policy on this page, and in some cases where changes are material Provider may also contact you via
electronic mail or post a notice on the homepage to let you know of such changes. You are advised to consult this
Policy regularly for any changes. Your continued use of the System after such changes have been made constitutes
acceptance of those changes.

2. Collection of Information

Information that You Provide. Provider collects any information that you voluntarily provide,
including when you create an account on the System or when you use the Services available through the
System. Information that you may provide includes your email address, name, phone number, location, and
online social accounts. Provider may also collect information that you provide by electronic mail, telephone or
other means.

Automatically Collected Information. Provider may automatically collect certain technical
information from your computer or mobile device when you use the System, such as your Internet Protocol address,
your web browser type and version, the name and version of your operating system, the pages you view on the
System, the pages you view immediately before and after you access the System, and the search terms you enter on
the System. This information allows Provider to recognize you and personalize your experience if you return to the
System using the same computer or mobile device, and to improve the System and the Services.

Information about Legal and Other Materials. In addition, Provider may collect technical
information from your computer or mobile device concerning your receipt of communications, access to materials and
approval or execution of contracts, consents or other statements or agreements by means of the System, including
the System’s Terms of Use and this Policy.

Cookies. Provider may collect this information using “cookies,” which are small text files that
the System saves on your computer or mobile device, or similar technologies. You can disable cookies in your
browser settings, but doing so may affect the functionality of the System. Provider may also collect
information using “web beacons,” which are clear electronic images that can recognize certain types of information
on your computer, such as cookies, when you viewed a particular website tied to the web beacon, and a description
of a website tied to the web beacon or using unique links that can distinguish when individual users click the
link. Web beacons and unique links, alone or in conjunction with cookies, may help Provider compile information
about your interactions with electronic mail sent to you in connection with the Services. For further information,
see the Cookie Policy in Section 5 below.

Cross-Site Tracking. Provider does not utilize technical measures in the System to track your
activities across different web sites or online services, whether you configure your browser’s Do Not Track
feature or otherwise. The System does utilize third-party application programming interfaces controlled by third
parties, such as to display maps and graphs, that may attempt to track your activity across other sites that
utilize those interfaces.

Reviewing and Correcting Information. You may update or correct contact information and other
Personal Information stored about you on the System by accessing your account/profile page, or by sending a
written request to the Provider.

3. Use and Disclosure of Information

Provider may collect, use, share, and otherwise process your personal information for a number of purposes,
including, but not limited to:

Accessing the System and Providing the Services. Provider uses your Personal Information to
provide you with the Services, or products, services or information related to the System or the Services,
including: providing you with information about the System, Services or required notices; customizing your
experience when using the System, such as by providing interactive or personalized elements on the System; and
providing you with content based on your interests. The legal basis for such use are the System’s Terms of
Use and this Policy.

Analysis. Provider uses your Personal Information for improving the System and/or the Services,
including by (i) combining or aggregating any of the information collected through the System or elsewhere for
generating and analyzing statistics about your use of the System and user demographics and traffic patterns and
(ii) using anonymized data that may or may not be derived from Personal Information but does not personally
identify you, both for disclosure to third parties and for the purpose of enhancing the Services and developing
new Service offerings. The legal basis for such use are the System’s Terms of Use and this Policy and
Provider’s legitimate interest in improving the System and Services.

Security. Provider may use your Personal Information for safety and security
purposes, including sharing of your information for such purposes, when it is necessary to pursue Provider’s
legitimate interests in ensuring the security of the System and Services, including detecting, preventing and
responding to fraud, intellectual property infringement, violations of the System’s Terms of Use, violations of
law or other misuse of the System; and when Provider believes in good faith that disclosure is necessary (A) to
protect Provider’s rights, the rights of other users of the System, the integrity of the System, or your safety or
the safety of others, or (B) to detect, prevent or respond to fraud, intellectual property infringement,
violations of the System’s Terms of Use, violations of law or other misuse of the System.

Service Providers. Provider engages third-party service providers (such as payment processors,
hosting providers and analytics and security providers) to assist in operating and marketing the System.
Provider’s engagement of third-party service providers is often necessary for Provider to provide the Services to
you, particularly where such third-party service providers ensure that the System and Services are operating and
secure. In other cases, Provider has a legitimate interest in third-party service providers that can help improve
the System and the Service.

Other Disclosure. Provider may disclose Personal Information about you to others: (a) with your
valid consent to do so; (b) to comply with a valid subpoena, legal order, court order, legal process, or other
legal obligation; (c) to enforce any of the terms and conditions or policies; or (d) as necessary to pursue
available legal remedies or defend legal claims. Provider may also transfer your Personal Information to an
affiliate, a subsidiary or a third party in the event of any reorganization, merger, acquisition or sale, joint
venture, assignment, transfer or other disposition of all or any portion of Provider’s business, assets or
stock, including, without limitation, in connection with any bankruptcy or similar proceeding, provided that any
such entity that Provider transfer Personal Information to will not be permitted to process your Personal
Information other than as described in this Policy without providing you notice and, if required by applicable
laws, obtaining your consent.

Marketing. If you submit your information to a Provider via Juniper Square, Provider may provide
you with information about the System, Services or required notices. In addition, Provider may use collected
information for delivering marketing communications that may be of interest to you. You have the right to ask
Provider not to process your Personal Information for marketing purposes.

4. Storage

Jurisdiction. Information collected through the System will be stored in, processed in and
subject to the laws of the United States, which may not provide the same level of protection for your information
as your home country, and may be available to the United States government or its agencies under a lawful order
made in the United States. By using the System, you consent to such transfer to, storage in and processing within
the United States.

Security. Provider is committed to protecting your information from unauthorized access, use or
disclosure. The system and its operators maintain administrative, technical and physical safeguards designed to
protect the information collected through the System. For example, all information you transmit to the System is
encrypted using Transport Layer Security technology (TLS). However, no information or communication system can be
100% secure, so Provider cannot guarantee the absolute security of your information. In addition, Provider is not
responsible for the security of information that you transmit to the System over networks that Provider does not
control, including the Internet and wireless networks.

Retention. Provider will not retain data longer than is necessary to fulfill the purposes for
which it was collected or as required by applicable laws or regulations. If you wish to access or correct any
information Provider holds about you, you may have your data deleted, blocked or corrected (as long as compliant
with applicable law). Provider also collects and retains information through the System in an anonymized form,
i.e. tracking the pages you visit and how long was spent on each page.

5. Cookie Policy

This section provides Provider’s cookie policy and describes how Provider uses Cookies and similar technologies.
For more information on Provider’s general data privacy practices, please see the full Policy.

Cookies. Cookies are small pieces of data that are stored on your computer, mobile phone, or
other device when you first visit a page. Provider uses cookies, web beacons and similar technologies (“Cookies”)
to enhance your user experience, understand your usage of the System and Services and to perform analytics.
Cookies may also be set by other websites or services that run content on the page you are visiting. The provision
of your data via Cookies is voluntary except for those Cookies that Provider places on your device because it is
necessary for the performance of the System or Services. Provider uses “session cookies” and “persistent cookies.”
Session Cookies are temporary Cookies that remain on your device until you leave the System or Services. A
persistent Cookie may remain on your device for much longer until you manually delete it.

Use. Cookies can contain the following information about you and your use of the System: browser
type, search preferences, data relating to which pages of the System that you have visited and the date and time
of your use. Provider uses Cookies for the following purposes.

To enable and support security features, prevent fraud, and protect your data from unauthorized access.
To enable features and help us provide you with personalized content.
To analyze how you use the System and to monitor site performance. These Cookies help us to identify and fix
errors, understand and improve services, research and test out different features, and monitor how you reached
the System.

Third-Party Cookies. Provider uses the following third-party Cookies on the System:

Google Maps and Google Charts. The System includes mapping and charting services from Google. These services
use cookies in their internal operations. See https://policies.google.com/privacy for details.
DocuSign (if applicable). The System provides the option to execute agreements via DocuSign. If you interact
with DocuSign via the System, you may encounter cookies used by DocuSign in their internal operations. See
https://www.docusign.com/company/privacy-policy for details
Wistia, YouTube, and Vimeo. The System provides a capability to embed video from Wistia, YouTube, or Vimeo as
part of offering marketing materials. If you view marketing materials containing embedded video, the video
player may use cookies in its internal operations, including functions such as tracking how many visitors play
the video, and how much of the video they play. In addition, Wistia hosts the video content embedded in the
System’s help center. See https://wistia.com/privacy, https://policies.google.com/privacy, and
https://vimeo.com/privacy for details.
Zendesk. Provider provides help materials via an integration with Zendesk. When you use the help center, you
may encounter cookies used by Zendesk in their internal operations. See
https://www.zendesk.com/company/customers-partners/privacy-policy/ for details

Opting Out. You can control and/or delete cookies as you wish – for details, see
https://www.aboutcookies.org/. You can delete all cookies that are already on your computer and you can set most
browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some
preferences every time you visit a site and some services and functionalities may not work as intended by
Provider:

6. GDPR

If you are a resident of the European Union, Provider will process your Personal Information in compliance with
the EU General Data Protection Regulation (“GDPR”). For information submitted using the System, Provider is the
data controller, as defined under GDPR. In accordance with GDPR, as a data subject you will be accorded with any
applicable rights, which may include the following.

right of confirmation;
right of access;
right of rectification;
right of erasure;
right of restriction of processing;
right of data portability;
right of object;
right to withdraw data protection consent; and;
the right to lodge a complaint with a supervisory authority;

7. CCPA

The CCPA provide consumers (California residents) with specific rights regarding their personal information. This
section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights. You have the right to request that
Anagram Ventures disclose certain information to you about our collection and use of your personal information
over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data
Portability, and Deletion Rights), we will disclose to you:

The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling that personal information.
The categories of third parties with whom we share that personal information.
The specific pieces of personal information we collected about you (also called a data portability request).
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
sales, identifying the personal information categories that each category of recipient purchased; and;
disclosures for a business purpose, identifying the personal information categories that each category of
recipient obtained.

Exercising Access, Data Portability, and Deletion Rights: To Exercise access, data portability,
and deletion rights described above, please submit a verifiable consumer request to us by:

Emailing us at info@anagramventures.com

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf,
may make a verifiable consumer request related to your personal information. You may also make a verifiable
consumer request for access or data portability twice within a 12-month period. The verifiable consumer request
must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collect
personal information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to
it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or
authority to make the request and confirm the personal information relates to you. Making a verifiable consumer
request does not require you to create an account with us. However, we do consider requests made through your
password protected account sufficiently verified when the request relates to personal information associated with
that specific account. We will only use personal information provided in a verifiable consumer request to verify
the requestor’s identity or authority to make the request.

8. Third-Party Websites

The System and communications from Provider may contain links to websites operated by third parties. You
acknowledge and agree that Provider is not responsible for the collection and use of your information by such
websites that are not under Provider’s control. Provider encourages you to review the privacy policies of each
website you visit.

9. Children’s Information

The System is not directed to, nor does Provider knowingly collect information from, children under the age of
13. If you become aware that your child or any child under your care has provided information without your
consent, please contact Provider immediately using the contact information provided below.

10. Other Agreements

You may from time to time enter into binding legal agreements relating to certain Services available through the
System, which may have terms that are different from those of this Policy. In the event of any inconsistency, the
terms of such other agreement shall control with respect to such Services.

11. Contact Information

If you have any questions about this Policy or the collection or use of information about you, please write to
Provider at info@anagramventures.com.