This privacy policy (the Policy) describes how SPERE POWER LLC (we, us, or our) collects, uses, and protects information when authorized users of our business customers access the SPERE POWER application
(the App). The App is intended for commercial and industrial use and is not directed to consumers or
children.

1. Scope and Roles

The App is a business-to-business service. Organizations (each, a Customer) subscribe to the App and
decide which buildings, systems, and users are connected. In most cases, the Customer is the data controller for information submitted to or generated through the App, and we act as a processor or service
provider under our agreement with the Customer.

If you are an authorized user of a Customer account, this Policy explains how we handle your information
when you use the App. Your Customer may have its own privacy practices that also apply to you.

Customers may request a Data Processing Addendum (DPA) to govern our processing of personal information on their behalf. Contact us using the information in Section 12.

2. What We Collect

We collect the following categories of information:

• Account Information. Your email address and mobile phone number, provided by your Customer administrator when your account is created. We use these to authenticate you and to send alarm and
event notifications (for example, an alert that the temperature in a monitored space is outside of the
target range).

• Activity and Audit Data. Your IP address, browser and device details, and login events. We also log
specific actions you take in the App, including acknowledging an alarm, changing a temperature setpoint, activating or deactivating equipment (an override), and editing a schedule. We use this data to
maintain an audit trail of who did what and when, enforce role-based access controls, and investigate
incidents.

• Site Location Data. The zip code of each monitored site. We use this to retrieve weather and environmental data from the U.S. National Weather Service (NWS). We do not collect your personal location or GPS data.

• Support and Communications. Support tickets, emails, chat messages, and files you provide when
contacting us for help.

• Cookies and Session Data. Session cookies and security cookies required to keep you logged in and
protect against unauthorized access. See Section 10 for details.

3. How We Use Your Information

We use the information described above for the following purposes:

• Notifications. We send alarm and event notifications to your email address and mobile phone number
via SMS and push notifications. These notifications are operational — they alert you to conditions and
events that may require your attention. We do not use your contact information for marketing.

• Audit Trail. We log your IP address and device details alongside specific actions you take in the App so
that your organization has a record of operational changes and acknowledgments.

• Weather and Environmental Data. We use site zip codes to pull weather data from the NWS, which
supports the App’s monitoring and alerting functions.

• Security and Access Control. We use authentication credentials, session data, and audit logs to enforce role-based restrictions, detect unauthorized access, and maintain the integrity of building operations.

• Service Improvement. We may use aggregated or de-identified data to monitor performance, debug
errors, and improve features. We maintain de-identified information in a form that cannot reasonably
be linked to an identified or identifiable individual, and we do not attempt to re-identify it.

• Legal Compliance. We may use information as needed to comply with legal obligations, enforce our
agreements, and support Customer compliance requirements.

4. How We Share Your Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share your information only in the following circumstances:

• Customer Administrators. Your Customer’s administrators can manage user accounts, view audit
logs, and access data associated with their Customer account.

• Service Providers. We use third-party services to deliver notifications and operate the App. These include Twilio (for SMS notifications), our cloud infrastructure providers, and utility and retail electric provider APIs (including ERCOT and ONCOR integrations). These providers process your information only as
needed to perform services on our behalf and are contractually required to protect it.

• Legal Requirements. We may disclose your information if required by law, regulation, or legal process,
or if we reasonably believe disclosure is necessary to protect our rights, your safety, or the safety of
others.

• Business Transfers. If we are acquired, merge with another company, or sell substantially all of our
assets, your information may be transferred as part of that transaction. We will notify affected Customers of any such change.

5. Data Retention
We retain data based on the following categories:

• Account information: for as long as your Customer’s account is active, plus five (5) years after termination for compliance and security purposes.

• Audit trail data (IP address logs, action logs): twelve (12) months from the date of the event.

• Operational telemetry and trend data: per Customer configuration and contract; default twelve (12)
months.

• Support records: twelve (12) months from resolution.
We may retain aggregated or de-identified information for longer periods. When your information is no
longer needed, we will delete or de-identify it

6. Your Choices and Rights

• Notifications. You may opt out of SMS notifications at any time by replying STOP to any message. You
may also adjust your notification preferences within the App.

• Data Access, Correction, and Deletion. Because the App is a business service, requests to access, correct, or delete your personal information should be directed to your Customer administrator. We will
assist Customers with these requests consistent with our agreements and applicable law.

• State Privacy Rights. Residents of certain U.S. states may have additional rights regarding their personal information under applicable law, including the California Consumer Privacy Act (CCPA) and the
Texas Data Privacy and Security Act (TDPSA). These rights may include the right to know what personal
information we process, the right to access or obtain a copy of it, the right to correct inaccuracies, the
right to request deletion, the right to opt out of sale or sharing for targeted advertising (which we do not
engage in), the right to limit the use of sensitive personal information, and the right not to be discriminated against for exercising these rights. To exercise these rights, contact your Customer administrator
or reach out to us at the address in Section 12. We will respond consistent with applicable law and our
role as a service provider or processor for our Customers.

7. Security

We use administrative, technical, and organizational measures to protect your information, including:

• Access controls and role-based authorization

• Encryption in transit (TLS)

• Encryption at rest where supported by our infrastructure

• Salted and hashed password storage

• Logging, monitoring, and vulnerability management

• Regular backups

No system is perfectly secure. Customers should use strong passwords or single sign-on and restrict
access to authorized personnel.

8. Children’s Privacy

The App is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 16, we will
delete it promptly.

9. International Transfers

SPERE POWER operates in the United States and processes information within the United States. We do
not currently transfer personal information internationally. If our operations change, we will update this
Policy and implement appropriate safeguards (such as standard contractual clauses) as required by
applicable law.

10. Cookies

We use cookies to maintain your session and protect against unauthorized access. These are essential
cookies required for the App to function. We do not use advertising or tracking cookies.
If your Customer enables optional analytics features, we may use analytics cookies to understand how
users interact with the App. You can control cookies through your browser settings, but disabling essential cookies may prevent you from logging in.

11. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify Customers
through the App or by direct notice. Your continued use of the App after a change means you accept the
updated Policy.

12. Contact Us

If you have questions about this Policy, contact us at:

SPERE POWER LLC

11620 Airway Blvd #100

Roanoke, TX 76262

support@spere.io

800-998-6996

If you are an authorized user of a Customer account, you may also contact your Customer administrator
for questions about how your organization uses the App