MIOURI AUTOMOTIVE GROUP INC.

PRIVACY POLICY AND DATA PROCESSING ADDENDUM

Effective Date: 01/20/2026

PRIVACY POLICY

1. Introduction

Miouri Automotive Group Inc. (“Miouri,” “we,” “our,” or “us”) is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you interact with our websites, products, services, facilities, and communications.

By accessing or using any Miouri service, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

• Contact information (name, email address, phone number, mailing address)

• Account information (username, password, profile details)

• Vehicle build preferences, service requests, and order details

• Payment information (processed through secure third‑party providers)

• Communications with Miouri (emails, forms, support requests)

• Employment or partnership application information

2.2 Information Collected Automatically

• Device information (browser type, operating system, hardware model)

• IP address and general location

• Usage data (pages visited, time spent, referring URLs)

• Cookies, analytics tags, and similar technologies

2.3 Information from Third Parties

• Payment processors

• Marketing and analytics partners

• Social media platforms

• Vendors, service providers, and business partners

3. How We Use Personal Information

• To operate, maintain, and improve Miouri products, services, and facilities

• To process orders, payments, and service requests

• To communicate about builds, updates, events, and support

• To personalize user experience

• To conduct analytics, research, and product development

• To maintain security, prevent fraud, and ensure compliance

• To fulfill legal, regulatory, and contractual obligations

4. How We Share Personal Information

4.1 Service Provider

Trusted vendors assisting with:

• Payment processing

• Website hosting and analytics

• Marketing and communications

• Manufacturing, logistics, and customer support

4.2 Business Partners

Shared only when necessary to fulfill a service, order, or collaboration.

4.3 Legal and Compliance

We may disclose information to:

• Comply with applicable laws or legal processes

• Respond to lawful requests from government authorities

• Protect Miouri’s rights, property, and safety

• Prevent fraud or security threats

4.4 Corporate Transactions

Personal information may be transferred as part of a merger, acquisition, financing, or asset transfer.

5. Cookies and Tracking Technologies

Miouri uses cookies and similar technologies to enable functionality, analyze usage, improve user experience, and support marketing. Users may adjust browser settings to limit or block cookies.

6. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction.

7. Data Retention

Personal information is retained only as long as necessary to provide services, fulfill legal obligations, resolve disputes, and enforce agreements.

8. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, or restrict the use of your personal information. Contact us using Section 12 to exercise these rights.

9. Children’s Privacy

We do not knowingly collect personal information from children under 13. If such information is discovered, it will be deleted promptly

10. Third‑Party Links

Miouri is not responsible for the privacy practices of third‑party websites or tools linked 

from our services.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. The Effective Date indicates when changes take effect.

12. Contact Information

Miouri Automotive Group Inc.

3556 S 5600 W #1-668

Salt Lake City, Utah 84120

joshevans@miouri.com

503-798-7119

DATA PROCESSING ADDENDUM (DPA)

This Data Processing Addendum (“Addendum”) forms part of any agreement between Miouri Automotive Group Inc. (“Miouri”) and any vendor, contractor, consultant, or service provider (“Processor”) that processes personal information on behalf of Miouri.

This Addendum ensures compliance with applicable privacy and data protection laws.

1. Definitions

• “Personal Information” means any information relating to an identified or identifiable individual processed by Processor on behalf of Miouri.

• “Processing” means any operation performed on Personal Information, including collection, storage, use, disclosure, or deletion.

• “Applicable Laws” includes all privacy, data protection, and security laws relevant to the Processing.

2. Scope and Purpose of Processing

Processor shall process Personal Information solely:

• For the purpose of providing contracted services to Miouri

• In accordance with Miouri’s documented instructions

• For no other purpose unless required by law

Processor shall not sell, rent, disclose, or use Personal Information for its own benefit.

3. Miouri Instructions

Processor shall process Personal Information only on documented instructions from Miouri. If Processor believes an instruction violates Applicable Laws, it must notify Miouri immediately.

4. Confidentiality

Processor shall ensure that all personnel with access to Personal Information

• Are bound by confidentiality obligations

• Receive appropriate training on data protection and security

5. Security Measures

The Processor shall implement appropriate technical and organizational measures to protect 

Personal Information, including:

• Access controls

• Encryption in transit and at rest where appropriate

• Secure storage and transmission

• Incident detection and response procedures

6. Sub‑Processors

Processor may not engage sub‑processors without Miouri’s prior written authorization.

Approved sub‑processors must be bound by obligations no less protective than those in this Addendum.

7. Data Breach Notification

Processor shall notify Miouri without undue delay, and no later than 48 hours, after becoming aware of any actual or suspected breach involving Personal Information.

Notification must include:

• Nature of the breach

• Categories and approximate number of affected individuals

• Likely consequences

• Measures taken or proposed to address the breach

8. Data Subject Requests

Processor shall promptly assist Miouri in responding to requests from individuals 

exercising their privacy rights, including:

• Access

• Correction

• Deletion

• Restriction

• Portability

Processor shall not respond directly unless authorized by Miouri.

9. Data Transfers

Processor shall not transfer Personal Information outside the United States without Miouri’s prior written approval and appropriate safeguards.

10. Audits and Assessments

Miouri may audit Processor’s compliance with this Addendum upon reasonable notice.

Processor shall provide access to relevant records, systems, and personnel as necessary.

11. Return or Deletion of Data

Upon termination of services, Processor shall, at Miouri’s direction:

• Return all Personal Information to Miouri, or

• Securely delete all Personal Information

Processor shall certify deletion upon request.

12. Liability

Processor shall be liable for damages, losses, or regulatory penalties arising from its failure to comply with this Addendum.

13. Governing Law

This Addendum is governed by the laws of the State of Utah, without regard to conflict‑of‑law principles.

14. Order of Precedence

If any conflict exists between this Addendum and any underlying agreement, this Addendum shall control with respect to data protection obligations.