Your privacy is paramount.

We collect information you provide directly to us when you create an account, including your name, email address, and payment information. We also collect information about how you use our services, including log data, device information, and usage statistics. We collect the following categories of data: • Account data: name, email, organization name • Usage data: features accessed, queries made, alerts configured • Payment data: processed by Stripe — we do not store card numbers We do not use third-party analytics or tracking scripts (such as Google Analytics, Mixpanel, or similar services). We do not set analytics cookies.

We use your information to: • Provide, maintain, and improve our services • Process transactions and send related information • Send technical notices, security alerts, and support messages • Send email notifications you have configured (alerts, weekly briefs) • Respond to your comments and questions • Monitor aggregate platform usage via internal server-side metrics We do not sell your personal information to third parties.

ConflictRadar aggregates data from publicly available sources including: • ACLED (Armed Conflict Location & Event Data Project) — acleddata.com • GDELT Project — gdeltproject.org • NASA FIRMS — firms.modaps.eosdis.nasa.gov • AISStream.io — vessel position data • The OpenSky Network — opensky-network.org • Metaculus — metaculus.com • Polymarket — polymarket.com All source data is attributed within the platform. We do not represent this data as our own original intelligence.

We use a small number of cookies, all essential for platform operation: • __session / __clerk — Clerk authentication session cookies • cr_csrf — CSRF protection token (24-hour expiry, not HttpOnly so client JS can read it) • cr_journalist — privacy-mode flag for journalist users (HttpOnly, Secure) We also store non-sensitive preferences in your browser's localStorage: • cr_cookie_consent — your cookie consent choice • cr:theme — light/dark theme preference • cr:notification-prefs — notification display preferences • Saved map views, sidebar state, recent searches, and other UI preferences No personally identifiable information (PII) is stored in localStorage. We do not use any third-party analytics or advertising cookies.

We retain your data for as long as your account is active or as needed to provide services. Retention periods by plan: • Free: 24 hours of event history • Citizen: 30 days • Analyst: 180 days • Operator: 365 days (configurable) • Command: Unlimited You may request deletion of your account and associated data at any time from Settings > Privacy, or by contacting privacy@conflictradar.co.

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, API key hashing (SHA-256), and access controls. Enterprise customers have access to audit logs for all account activity. Journalist privacy mode is available on all plans. When enabled, we do not log IP addresses, user agents, or behavioral metadata in audit trails. However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

We use the following third-party services: • Clerk — authentication and user management (clerk.com) • Supabase — database hosting (supabase.com) • Stripe — payment processing (stripe.com) • Upstash — Redis caching (upstash.com) • Vercel — hosting and deployment (vercel.com) • Resend — transactional email delivery (resend.com) • Google Gemini — AI enrichment for event analysis (ai.google.dev) • Inngest — background job processing (inngest.com) We do not use any third-party analytics, advertising, or tracking services. Each service provider listed above has their own privacy policy governing their data practices.

Depending on your location, you may have the following rights: • Access: request a copy of your personal data (available via Settings > Privacy > Export Data) • Correction: request correction of inaccurate data • Deletion: delete your account and data (available via Settings > Privacy > Delete Account) • Portability: receive your data in a machine-readable JSON format • Objection: object to certain processing of your data Self-service data export and account deletion are available at any time from your dashboard. You may also contact privacy@conflictradar.co.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA): • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you. • Right to Delete: You may request deletion of your personal information, subject to certain exceptions. • Right to Opt-Out of Sale: We do not sell your personal information. We do not share personal information for cross-context behavioral advertising. • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. To exercise these rights, contact privacy@conflictradar.co or use the self-service options in Settings > Privacy. We will respond to verifiable requests within 45 days. Categories of personal information we collect: identifiers (name, email), commercial information (subscription plan, payment history via Stripe), internet activity (features accessed, queries made), and geolocation data (only if you enable location-based features).

ConflictRadar is hosted in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses and your explicit consent as legal mechanisms for international data transfers where required.

For privacy-related inquiries: Email: privacy@conflictradar.co Address: ConflictRadar / conflictradar.co