Privacy Statement

This privacy notice for FifthBoston Holdings Corp (doing business as FifthBoston.Services) ("Company," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

• Visit our website at fifthboston.services, or any website of ours that links to this privacy notice.
• Engage with us in other related ways, including sales, marketing, events, or use of our AI Platforms and Autonomous Agents.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at info@fifthboston.net.

1. WHAT INFORMATION DO WE COLLECT?

Personal Information You Disclose to Us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• Names and Contact Data (phone numbers, email addresses, mailing addresses).
• Credentials (usernames, passwords, password hints, and similar security information).
• Payment Data (stored securely via our payment processor, Stripe).
• AI Interactions: Prompts, queries, and file uploads you provide to our AI models and agents.
• Voice & Media Data: If you use our voice or video generation tools, we process audio recordings, image inputs, and generated outputs.

Information Automatically Collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Autonomous Agent Logs

When you utilize our Autonomous Agents to perform tasks on your behalf (e.g., executing code, browsing the web, managing infrastructure), we collect detailed logs of the agent's actions, decisions ("Chain of Thought"), and tool usage. This data is critical for:

• Safety & Auditing: Ensuring agents act within defined safe boundaries.
• Debugging: Diagnosing errors in agent logic or execution.
• Optimization: Improving the efficiency and accuracy of agent capabilities.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

Specific to AI Services:

• Service Delivery: We use your Inputs (prompts, data) to generate Outputs (text, code, images, video) via our AI models.
• Model Improvement (Opt-Out Available): While we do not use your proprietary, Confidential Information to train our public foundational models without your consent, we may use anonymized, aggregated usage data and non-sensitive interaction patterns to refine our system prompts and agent orchestration layers. Enterprise clients may opt out of all data usage for improvement via specific Data Processing Addendums (DPAs).
• Third-Party Model Processors: To provide state-of-the-art capabilities, we may transmit your anonymized prompts to third-party Large Language Model (LLM) providers (such as OpenAI, Anthropic, or Google Platform). These transmissions are governed by strict enterprise privacy agreements that prohibit those providers from training on your data.

3. MEDIA & GENERATIVE CONTENT POLICY

As part of our specialized AI workflow services, we may offer image, video, and audio generation capabilities.

4. SHARING YOUR INFORMATION

We may share information in the following situations:

• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition.
• Affiliates: We may share your information with our affiliates, including our parent company FifthBoston Holdings, in which case we will require those affiliates to honor this privacy notice.
• Business Partners: We may share your information with our business partners to offer you certain products, services, or promotions.
• Legal Obligations: We may disclose information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

5. SECURITY OF YOUR INFORMATION

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process.

For AI & Data Center Clients:

• All data in transit is encrypted via TLS 1.3.
• Data at rest within our infrastructure is encrypted using AES-256 standards.
• Access to "Bare Metal" or dedicated inference clusters is strictly controlled via multi-factor authentication (MFA) and restricted IP allow-lists.

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

6. DATA RETENTION

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, or as required by law.

• Account Data: Retained as long as your account is active plus a grace period for reactivation.
• AI Logs: Agent execution logs are typically retained for 30-90 days for debugging and auditing purposes, then anonymized or deleted, unless a longer retention period is mandated by an Enterprise engagement.

7. YOUR PRIVACY RIGHTS

Depending on your location (e.g., EEA, UK, California), you may have specific rights regarding your personal information, including the right to request access, correction, or deletion of your data.

To exercise these rights, specifically regarding data used in our AI systems, please submit a Data Subject Access Request (DSAR) to privacy@fifthboston.net.

8. UPDATES TO THIS NOTICE

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.