Novo Insurance, LLC., its affiliates, and its subsidiaries (collectively, the "Company", "Novo Insurance", "we" or "us") are a wholly owned subsidiary of Telenav, Inc. ("Telenav"). We own, operate, and provide the website located at https://www.novo.us and any parent or child site (the "Site"), the Novo Insurance mobile application (the "Mobile Application"). We refer herein to the Site and Mobile Applications collectively as the "Novo Insurance Platform."

At Novo Insurance, we are dedicated to protecting your privacy. We understand that you value your privacy and that you may have questions about how we use the data collected through our Novo Insurance Platform. This Privacy Notice applies to information we obtain about you in the course of providing access to and use of the Novo Insurance Platform.

By using or accessing the Novo Insurance Platform, you (a) accept how we may collect, use, disclose, and otherwise handle your information, as we specifically describe in this Privacy Notice, and (b) represent and warrant that you have the right, authority, and capacity to accept these conditions. By using or accessing the Novo Insurance Platform, you also accept the Terms of Use. You may not access or use the Novo Insurance Platform if you have not reached the age of majority in your state of residence. Specifically, if you are under the age of 13, do not access or use the Novo Insurance Platform and do not enter any personally identifiable information about you or anyone under the age of 13 into the Novo Insurance Platform. If you do not agree with all of the conditions of this Privacy Notice or Terms of Use, do not access and/or use the Novo Insurance Platform. If you are accepting on behalf of a company or other third party, you represent and warrant that you have full authority to act for and to bind that company or other party, in which case the term "you" refers to that company or other party.

In connection with the provision of the Novo Insurance Platform, we may collect and process information related to you, the Primary Named Insured ("PNI") driver, and/or any guest or non-PNI drivers. This includes, but is not limited to, the following categories of data:

• Contact and identification information, such as name, surname, home address, unique personal identifiers, email address, account username and password, telephone number, insurance policy number, account name, non-PNI drivers contact data (e.g., email), social security number, signature, gender, driver's license number, physical characteristics, date of birth, consumer status, and other similar identifiers. As part of the Novo Insurance Platform, including but not limited to the Novo Test Drive feature, we may also collect referral data. This may include referral codes you share or receive, identifiers of the referee (e.g., name or email address provided at registration), records of referrals sent, and referral status (such as registration or completion of a safety score).

• Driving and claims history, including information about any prior accidents or insurance claims.

• Vehicle information, such as a vehicle identification number (VIN), plate number, odometer, model, year of manufacture, primary use, ridesharing/delivery, model, and/or other relevant vehicle details, might be collected to determine the vehicle's eligibility for participation in the Novo Safety Program. This data shall be necessary to validate compatibility with the Program's technical requirements, ensure proper enrollment, and facilitate the accurate calculation of insurance rates and program benefits.

• Financial identifiers, such as a bank account number, credit card number, debit card number, or other financial information.

• Medical information, such as details involving the injuries sustained in a car accident, as well as health insurance information.

• Commercial information about consumer transactions and experiences with us and others, such as payment history, claims, coverage and vehicle changes.

• Website, mobile app usage, analytics and attribution data such as status of app permissions, such as location access and activity tracking, trips, motion and activity data for driving behavior analysis search and browsing history, online identifier(s), Internet Protocol address, search history, and information regarding how users interact with our websites, our apps, and online advertisements or cookies. In addition, when you use our mobile app, we may collect certain technical and usage data through third-party analytics and attribution providers, (as AppsFlyer). This data may include device identifiers, operating system, app version, and information about your interaction with the app in a fully anonymized/pseudonymized way.

• Device and Bluetooth connection data, such as mobile device ID, operating system, and app version. We may also capture Bluetooth ID, MAC address and connection logs such as the vehicle’s Bluetooth profile name, connection timestamps, disconnection timestamps, and Bluetooth signal strength to determine proximity to the vehicle.

• Location data. We may also collect information about your physical location from your device so we can provide services like finding a nearby POI.

• Audio, electronic, visual, or similar information, such as recorded statements, electronic signatures, photos of damaged vehicles, videos of accident locations, and calls made to our customer service centers, which may be recorded.

• Professional or employment-related information in the form of business contact information and education or employment history, which we only use as permitted by law.

• Ownership data, such as how many vehicles you own, primary use, who owns the car (whether it's you, or your company for example), who is (or will be) the registered keeper, when the car was bought, and your rough annual mileage.

• Characteristics of protected data subjects under California or federal law such as age, race, national origin, citizenship, religion, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information.

If the PNI chooses to enroll in the Novo Safety Program ("NSP"), whether mobile, in-car NSP, Bluetooth-based NSP or if the car user chooses to sign up for a free Test Drive ("Novo Test Drive/NTD") to get a Safety Score followed by an insurance quote. Based on the eligibility of their vehicle, the company may collect additional data related to the enrolled vehicle and its drivers, including any drivers other than the PNI/car user. This additional data collection is necessary to ensure the accurate functioning of the Program, including trip validation, safety score calculation, and compliance monitoring. In this respect, the PNI/car user shall be responsible for informing all other drivers of the enrolled vehicle about the data collection and processing practices associated with the NSP/Novo Test Drive Specifically, the PNI/car users must ensure that these drivers are aware of the relevant documentation and shall communicate the drivers' responsibilities within the Program, including any requirements to download and use the NSP/Novo Test Drive, grant necessary permissions, or maintain compliance with the Program's rules. For comprehensive details regarding how data is collected and processed including specific provisions for mobile and in-car applications, please refer to the:

• For the Novo Safety Program: NSP Safety Terms and Telematics Policy available on www.novo.us;

• For the Novo Test Drive: Terms and Test Drive conditions incorporated within Novo Privacy Policy and Telematics Policy available on www.novo.us;

Through the Novo Insurance Platform, we and our third-party marketing partners may also obtain other information relating to you, such as your operating system, your phone carrier, hardware you use, pages you viewed, your IP address, how often you use the Novo Insurance Platform, events that occur within the Novo Insurance Platform during your use, aggregated-usage information, performance data, the site and location from where you downloaded or otherwise accessed the Novo Insurance Platform, your browser type, your Internet service provider, the referring and exit pages, installed fonts, device IDs, language and time zone settings, and other information relating to your use of or access to the Novo Insurance Platform. We and our third-party marketing partners may also use in Novo Insurance Platform web beacons, clear gifs, pixel tags, locally shared objects, and similar technologies to collect information relating to your use of or access to products and services offered through the Novo Insurance Platform. In addition, the Novo Insurance Platform uses remarketing services to advertise on third party websites to previous visitors of the Novo Insurance Platform. For example, we may direct advertising (in the form of an advertisement on a search results page or other website) to a user who previously visited the Novo Insurance Platform, but didn't complete a task on our site, such as partially completing a contact form. These remarketing services enable Novo to tailor offers and communicate about our services to individuals who have shown interest in our products.

As part of our expanded offerings, the Novo Test Drive program provides a risk-free trial for individuals who are not currently policyholders. Novo Test Drive enables you to assess your driving habits using telematics technology and understand how these behaviors might impact a future insurance quote-all without requiring you to purchase a policy or make any commitment. The goal of this program is to give prospective customers the opportunity to determine if our telematics-based insurance product aligns with their needs. During the trial, you may earn rewards for safe driving, referring others, or completing a quote. Participation is entirely voluntary, and no insurance coverage is provided throughout the trial period. This Policy outlines how your personal and telematics data will be managed while you participate in Novo Test Drive. For further details about the program, please refer to the dedicated Terms & Conditions section.

By choosing to participate in one of our telematics product options, you consent to the collection, processing, and use of personal data related to your driving behavior, vehicle usage, and safety score. This includes data on trips made, mileage, speed, and driving behavior (e.g., braking and acceleration patterns), as well as vehicle-related information such as the make, model, and annual mileage. This data will be used solely for the purpose of calculating your insurance premium, adjusting your premium based on your driving behavior, and providing you with educational insights into how telematics works.

We also collect safety scores, which are derived from your driving behavior, to determine your eligibility for certain premium adjustments. These scores are an essential part of calculating your premium in the Monthly Variable ("Novo Flex") and Fixed Participation ("Novo Next") Options. For the Data Sharing ("Novo Classic") option, the safety score is used purely for educational purposes and not for premium calculation.

Additionally, we will also collect information and data according to our Telematics Policy available on www.novo.us, when you visit our website or use our products, or by third party vendors that may use cookies to serve advertisements based on an individual's past visit to our website. You can find more details regarding Cookies and the way we use them by consulting our Cookies Policy.

We may obtain your personal data:

• directly from you, i.e. when (i) applying for insurance, (ii) you or other users use or access the Novo Insurance Platform (iii) when you directly provide us with the information, either in writing (e.g., by filling out a form) or verbally (e.g., as a result of your telephone conversation) or (iv) by examining the interaction we have with you. For example, we will obtain your personal data when: (i) you buy any of our services, (ii) you enter into a service contract with us, (iii) you subscribe to receive commercial communications or other offers and information from us or our partners, (iv) you contact us through various channels or request information/offers regarding a service; (vi) visit or browse our website.

• from sources other than directly from you, such third parties may include government authorities, consumer reporting agencies, doctors or hospitals, insurance agencies, claims adjusters, actuarial data providers, and business partners who support our business across various layers, including marketing, analytics, and operational support. The information we may receive from third party providers, as consumer reporting agencies are referring to vehicle reports, claim reports, and/or credit information where permitted by law. When you ask for a rate quotation or opt to use the Novo Test Drive functionality, we may obtain credit information from other sources if permitted by applicable state law. Our sales and service representatives do not have access to the details of your credit information. Our inquiry will not affect your credit score or credit rating. If you are purchasing a commercial policy, we may also confirm the motor vehicle records of the employees you will have driving on your company's behalf.

If you "opt-in" for the collection of telematics information for the safety score, we will obtain additional information about you and your driving patterns as more fully described in the Telematics Policy and Novo Safety Terms. Please note that we may work with an affiliated or unaffiliated third party to provide driver scoring and your data will be shared with the third party for use solely in connection with providing the driver scoring to Novo. Furthermore, if you "opt-in" for the collection of telematics information, we collect additional information about you and any crash events involving your vehicle. Unless otherwise required by applicable law, we will only share this information with the insurance company and/or a third-party claims administration partner. Full details can be found in our Telematics Policy, following the link above.

In connection with your initial insurance application or later renewal of insurance, we may, to the extent permitted by law and with your consent, review your credit report or obtain or use a credit-based insurance score, based on information contained in your credit report. An insurance score uses information from your credit report to help predict how often you are likely to file claims and how expensive those claims will be. We may rely on third parties to develop and provide such insurance scores. Typical items from a credit report that could affect an insurance score - and, thus, the scope or price of insurance we may make available to you - include, but are not limited to, payment history, number of revolving accounts, number of new accounts, the presence of collection accounts, bankruptcies and foreclosures. The information used to develop the insurance score comes from various credit reporting agencies. If we take an adverse action based on information contained in your credit report - such as declining to make insurance available to you or adjusting the scope or price based, in whole or in part, on the insurance score, we will:

• Provide you with the name, address and phone number of the credit reporting agency that supplied the report;

• A statement that the credit reporting agency did not make the adverse decision and cannot explain why the decision was made;

• Inform you of your right to obtain a free copy of the credit reporting agency's report if requested within sixty (60) days;

• Notify you of your right to dispute the accuracy or completeness of information provided by the credit reporting agency; and

• Inform you of your credit score, if a score was used.

Particularities for Novo Test Drive: Novo Test Drive allows users who are not yet policyholders to participate in a trial period, during which we collect personal and telematics data through the Novo mobile app. By enrolling in Test Drive, you directly agree to provide certain personal information such as your name, email address, date of birth, and vehicle details. In addition to personal information, we collect telematics data related to your driving behavior, including your speed, braking patterns, mileage, and location, all of which contribute to calculating your safety score and determining potential savings.

For the duration of the trial, we will also collect phone permissions and Bluetooth vehicle setup information. These are necessary for tracking your driving data and ensuring the accuracy of the safety score. The information you provide will be used solely for the purpose of evaluating your driving habits, offering you personalized quotes, and improving your overall experience with the Novo Test Drive program.

We may also obtain your data indirectly if you are referred to Novo by another user. In such cases, we process limited information (e.g., referral code, name, or email address you provide upon registration) to confirm eligibility and link the referral reward.

We may use the information we obtain in connection with the following activities (including those provided by our partners) and based on the following legal grounds:

3.1. Conclusion of insurance policies based on Driving Data via NovoAdapt

We collect and process telematics data (e.g., trip history, driving behavior, safety score) through our NovoAdapt program to provide personalized quotes and enable the conclusion of insurance policies. This includes analyzing driving patterns over a predefined evaluation period (e.g., during Test Drive) and using that data to generate accurate, risk-based pricing. If you accept the quote, the data informs you of the terms and conditions of your policy.

Legal basis: performance of a contract - processing is necessary to prepare and issue a tailored insurance policy at your request, based on behavioral risk indicators; consent - required to collect and process telematics data during the evaluation period (e.g., location, driving speed, braking); legitimate business purposes (limited) - to verify quote accuracy and ensure fair risk-based pricing, where not overridden by user rights; enhancing customer loyalty through personalized services; promoting road safety, preventing accidents; reducing insurance claims; legal obligation - in some cases, to comply with Know Your Customer (KYC), fraud detection, and other regulatory insurance requirements tied to quote and policy issuance.

3.2. Performance of the Contractual Relationship with You

We process your data to establish, execute, and manage the contractual relationship with You. This includes issuing insurance policies, handling billing, providing access to customer support, administering policy changes, processing claims, and communicating essential information about your coverage and participation in related programs (e.g., NovoAdapt, NTD/ or any of our NSP variations: Novo Next, Novo Flex or Novo Classic).

Legal basis: performance of a contract - necessary for delivering the services you’ve requested, including insurance coverage, claims processing, and policy management; legal obligation - for obligations such as consumer disclosures, insurance record-keeping, and fraud checks; consent - to collect and process location data, telematics data and implied/derived data; such telematics data is predicated upon explicit and informed customer consent, enabling Novo to refine risk assessment for potentially tailored premium structures; operational/business purposes - in maintaining accurate customer records, service efficiency, and ensuring business continuity, where processing is not strictly required under contract or law.

3.3. Enrollment in Our Programs (NSP)

We process your personal and vehicle data (e.g., make, model, Bluetooth/telematics capability) to determine your eligibility and facilitate your enrollment in our telematics-based insurance programs, including Novo Test Drive (NTD) and Novo Smart Pricing (NSP). This also involves verifying the correct setup of connected services and confirming your technical compatibility for participation.

Legal basis: performance of a contract - to enroll you in the programs that enable personalized pricing or benefits; consent - when participation requires the collection and sharing of telematics data; operational/business purposes - to ensure compatibility, validate eligibility, and maintain the integrity and proper function of the program; legal obligation - where verification or identification processes are required for compliance (e.g., fraud prevention, anti-money laundering/KYC depending on jurisdiction).

3.4. For underwriting and rate purposes

We process your personal data to assess insurance risk, determine pricing, and calculate premiums tailored to your profile. This may include verifying the information you provide during application (such as driving history, vehicle data, or telematics results) and using behavioral insights where applicable (e.g., through Novo Test Drive or NovoAdapt). These activities ensure fair, accurate, and risk-based underwriting.

Legal basis: performance of a contract - to provide you with an insurance quote and issue or adjust your policy; operational/business purposes - to maintain pricing accuracy and underwriting integrity across our products; consent - where we rely on telematics or behavioral data you have agreed to share.

3.5. Carrying out business-related services

We process your personal data to support essential insurance operations. This includes handling applications, facilitating claims or service requests, conducting necessary investigations, executing policy-related transactions (such as renewals or endorsements), and maintaining or servicing your customer account throughout the policy lifecycle.

Legal basis: performance of a contract - to provide you with the insurance services you request; operational/business purposes - to operate and manage our services efficiently and effectively; manage your claims and keep proof of that; conduct investigations and ensure activity flows and to defend our interests and rights as well as your rights.

3.6. To determine eligibility for the NSP and NTD Program

We may collect and processes data based on various factors, including vehicle make and model, type, Bluetooth capabilities, and/or telematics compatibility. This ensures that only vehicles meeting the necessary technical and Program requirements are enrolled.

Legal basis: operational/business purposes - to ensure the technical suitability of enrolled vehicles; consent - when you provide this information voluntarily.

3.7. To calculate your driver score

We process your telematics data-including driving behavior, trip history, and vehicle usage-to generate a driver safety score. This score is used alongside traditional rating factors (such as age, location, and vehicle type) to determine your personalized insurance quote, the premium you pay for your current policy, and pricing at renewal or for future policies. The use of driver scoring enables fairer, more usage-based pricing that reflects your actual driving risk.

Legal basis: performance of a contract - as part of our insurance offering; Your consent; operational/business purposes - to ensure accurate and fair pricing based on usage.

3.8. To validate trip data and analyze telematics data

We process telematics data-including trip records, vehicle metrics, and app connectivity status-to ensure accurate mileage reporting, enable correct calculation of your safety score, and verify ongoing compliance with program requirements. This includes monitoring app permissions, OEM connectivity, Bluetooth or subscription status, and other technical criteria that determine your eligibility and participation in telematics-based insurance programs.

Legal basis: performance of a contract - to maintain program integrity and prevent misuse; performance of a contract - when necessary for delivering telematics-based features.

3.9. To understand how to interact with the Novo Insurance Platform

We collect and analyze data about how you use our digital platforms (e.g., website, app) to continuously improve the user experience, interface design, service quality, system performance, and security of our services. This may include usage patterns, feature engagement, technical diagnostics, and navigation behavior.

Legal basis: operational/business purposes - to enhance the usability, reliability, and safety of our platform; consent - when optional technologies like cookies or app trackers are involved.

3.10. To respond to your customer service requests or the requests of others who may be covered, administer your account, send you service-related correspondence

We process your personal data to provide full access to the Novo Insurance Platform and to deliver essential customer support. This includes responding to your inquiries (or those of covered individuals), managing your account, sending service-related communications, enabling policy updates or additions, handling claims, confirming your identity, and facilitating transactions related to your insurance coverage. It also includes participation in insurance support organizations and performing underwriting and rating activities.

Legal basis: performance of a contract - to support your policy and related services; legal obligation - where we are required to retain records or respond to lawful requests; operational/business purposes - to ensure responsive and accurate customer service, defend our and your rights and interests, keep proof of requests management, manage your complaints/requests accordingly, measure quality of support services.

3.11. To enhance user experience and deliver personalized content

We process data using cookies, tracking pixels, and analytics tools. This enables targeted advertising based on browsing behavior, app usage, and engagement with marketing communications. Additionally, performance tracking helps analyze website and app traffic, user interactions, and feature engagement to improve functionality. For more details, refer to our Cookie Policy.

Legal basis: consent - when legally required for cookies, tracking, or marketing activities; operational/business purposes - to optimize platform content and feature development, where permitted.

3.12. To send you newsletters, evaluate marketing campaigns, develop new products and services, market our products and services, analyze how users use the Novo Insurance Platform, send you notifications, and provide a more customized web or mobile experience

Throughout your participation in NTD, you will receive a variety of notifications and communications, both through the app and via email. These notifications include: welcome notifications upon successful registration and app setup, with instructions on how to begin using the app and tracking your driving behavior; trip notifications to inform you of completed trips and their impact on your safety score; weekly reports that summarize your driving habits, safety score, and overall progress; quote alerts when your driving data is sufficient to provide an accurate quote. You will also receive email communications, such as a welcome email after signup, updates on your driving performance, and notifications about the availability of a full quote once sufficient data has been collected.

Legal basis: consent - for sending marketing communications, newsletters, and notifications not strictly necessary for service delivery (e.g., promotional emails or feature announcements); performance of a contract - for essential communications related to your participation in the NSP/NTD program, such as setup instructions, trip summaries, quote alerts, and safety score updates; operational/business purposes - to improve products and services, analyze platform usage, personalize user experience, and evaluate the effectiveness of communications and campaigns (where consent is not strictly required, and processing does not override user rights or interests).

We may use specific contact data as mobile phone number and SMS interaction data, to assess the effectiveness of our marketing campaigns, and support the development and improvement of our products and services-such as new features; analyzing how users interact with the Novo Insurance Platform across web, app, and SMS channels; and delivering a seamless, customized experience tailored to your preferences and engagement history. Where applicable, this may involve using mobile communication (such as SMS) to follow up on quotes, send reminders, provide real-time support, and engage with users who explore telematics-based tools, even if they are not policyholders;

3.13. Participation in Referral and Rewards Program

If you choose to participate in our referral and reward program, we will process personal data necessary to administer the program. This includes generating and linking referral codes, tracking when referrals register and complete a safety score, awarding referral and safe driving points, notifying you and your referee of reward eligibility, and facilitating gift card redemption. We also process this data to detect and prevent fraud (e.g., limiting the number of referral awards per user).

Legal basis: performance of a contract - to administer the referral and reward program you voluntarily join; consent - where you opt in to share referral links or communications via third-party platforms; operational/business purposes - to prevent abuse of the referral system and ensure fairness.

3.14. To facilitate auditing, legal compliance, and law enforcement cooperation

We process your personal data to support internal and external audits, investigate potential fraud, respond to requests from regulators or law enforcement, comply with applicable laws (including subpoenas or court orders), and protect our legal rights or the safety of individuals.

Legal basis: legal obligation - to comply with legal, regulatory, or judicial requirements; operational/business purposes - to ensure lawful operations, protect legal rights, and respond appropriately to official investigations.

3.15. To establish or defend legal claims and allegations

We process data necessary to investigate, establish, exercise, or defend against legal claims or allegations that may arise during the course of business.

Legal basis: operational/business purposes - to protect our company against legal risk and ensure access to judicial remedies.

3.16. Identifying and preventing security incidents, and safeguarding against malicious, deceptive, fraudulent, or illegal activities, including money laundering and other criminal acts

We use technical and behavioral data to detect, prevent, and respond to fraud, unauthorized access, financial crimes (e.g., money laundering or terrorist financing), and other deceptive, malicious, or illegal conduct.

Legal basis: operational/business purposes - to protect our systems, users, and business from threats, management of security and confidentiality, conduct investigations, prevent and diminish risks; legal obligation - where required by financial crime, anti-terrorism, or fraud prevention regulations.

3.17. Internal research, debugging and technological development

We conduct internal analysis to drive innovation, improve existing technologies, identify and fix bugs, analyze performance issues and develop new products and services. This may involve aggregated or pseudonymized data.

Legal basis: operational/business purposes - to improve our offerings, remain competitive, and deliver value to customers; product and services development; ensure a good market position; enhancement of existing technologies; consent - where research uses identifiable or sensitive personal data beyond what's necessary for core service delivery.

3.18. Product and services development and delivery

We process data to enable all activities related to the creation, offering, delivery, and improvement of our insurance products and services, including testing, launching, or updating features.

Legal basis: performance of a contract - when related to your active use of our products or services; operational/business purposes - to ensure the continuous enhancement and relevance of our offerings.

3.19. Supporting legitimate business activities

We process data in support of broader internal operations that contribute to our efficiency, compliance, and long-term sustainability, provided such activities are lawful and proportionate.

Legal basis: operational/business purposes - to operate effectively, manage risk, and support overall business development within the boundaries of applicable laws and regulations.

3.20. Training of algorithms and machine learning

We may use personal data-preferably anonymized or pseudonymized-to train, test, or improve machine learning and algorithmic systems, such as those used for quote simulation, driver risk scoring, or fraud detection. This supports the development of fairer, more accurate, and efficient automated decision-making processes.

Legal basis: operational/business purposes - to enhance the performance and reliability of our algorithmic models while applying appropriate safeguards to protect individuals’ rights; consent - where non-anonymized or special category data is used beyond what is necessary for core services.

3.21. Service Personalization

We process interaction and usage data to personalize the user experience, including the layout of interfaces, the type and timing of notifications, and recommendations related to services or features. This helps ensure communications are relevant and the platform adapts to your needs.

Legal basis: operational/business purposes - to increase relevance and usability of services, where personalization does not rely on sensitive data; consent - where cookies, app tracking, or profiling require user opt-in under applicable law.

3.22. Business Continuity and Disaster Recovery

We store and back up personal data to maintain service continuity, enable system recovery, and restore access in case of outages, cyber incidents, or technical failures. This is a vital part of securing your data and maintaining platform availability.

Legal basis: operational/business purposes - to ensure system resilience and protect service integrity; legal obligation - where regulatory frameworks (e.g., in insurance or cybersecurity) require continuity planning.

3.23. Vendor and Third-Party Management

We share and manage data with authorized service providers, technology partners, and distribution platforms (e.g., telematics providers, analytics services, claims handlers, or insurance marketplaces such as The Zebra) who assist us in delivering, maintaining, and offering our services. These partners are contractually obligated to process your data solely on our behalf and in compliance with strict confidentiality, security, and data protection requirements.

Legal basis: performance of a contract - where third-party services are essential to providing the product or functionality you’ve requested; operational/business purposes - to manage an efficient and secure service delivery ecosystem; legal obligation - where third parties support compliance functions (e.g., fraud detection, or KYC).

3.24. Corporate Restructuring or Acquisition

In the event of a merger, acquisition, or sale of assets, we may transfer your personal data to the relevant parties, but only as necessary and with appropriate contractual and legal safeguards in place. You will be informed of any material changes to how your data is processed.

Legal basis: our operational/business purposes - to enable lawful business continuity or restructuring while protecting your rights; legal obligation - where notification or specific handling is required by law or supervisory authorities.

3.25. Optimization of customer service

We use a chatbot to optimize the customer service support in relation with our potential/existing customers. When you initiate a conversation through our chatbot interface embedded on our website you may be asked to provide certain personal data before the chat session begins.

This includes, but is not limited to: (i) first name and last name, (ii) email address and (iii) any personal data you voluntarily submit during the conversation (e.g., account-related inquiries, policy details, complaint information, or identification data).

We collect and process this information via the chatbot in order to:

• Identify you and facilitate secure communication;

• Respond to your queries, requests, or complaints;

• Redirect you to appropriate customer support channels or departments;

• Maintain logs for quality assurance, training, fraud prevention, and security monitoring; or

• Any other purpose listed in our privacy policy depending on your request/query or complaint.

Legal basis: our operational/business purposes - to provide efficient, secure, optimized, and personalized customer service, as well as to troubleshoot technical issues in a timely manner. By continuing to use our chatbot, you provide implied consent for the processing of your data for these purposes. Depending on the specific nature of your request, additional legal grounds may apply (e.g., if you report an error in our services through the chatbot, your data will also be processed for technical troubleshooting, analytics, and contract performance).

Prior to beginning the conversation, you will be presented with a notice confirming that your data will be processed in accordance with this Privacy Policy. By continuing to use our chatbot, you confirm that you have read and understood this Policy. The chatbot session will proceed based on this acknowledgment.

Please note that chatbot interactions are logged and may be reviewed internally for quality control, audit, and compliance purposes. If your request contains sensitive personal information or if we require further verification, you may be redirected to our human support agents or invited to continue the conversation through a more secure channel.

Each data collected via the chatbot will be retained in accordance with the purposes for which such is processed on a case by case as described in this Privacy Policy.

The personal and technical data we request is either necessary to (i) enter into or perform your insurance contract with us, (ii) comply with legal obligations, or (iii) pursue our legitimate business interests as described in this Privacy Policy.

If you choose not to provide certain required information, we may not be able to: offer you a personalized quote or insurance product (e.g., through Novo Test Drive or NovoAdapt); enroll you in telematics-based programs (such as NSP/NTD); process your claims, manage your policy, or deliver key account services; comply with regulatory requirements such as identity verification or fraud prevention; enable core app features or functionality that rely on connected vehicle data or mobile permissions.

In cases where optional data is requested (e.g., for marketing preferences or personalization), we will make it clear that the information is voluntary, and your refusal will not affect access to core services.

We may share the information we obtain from you with third parties, such as our partners, in connection with the following activities:

• With your consent: for any purpose to which you expressly consent.

• Business Transactions: to facilitate a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g., due diligence).

• Legitimate Business Activities: to conduct any other legitimate business activities not otherwise prohibited by law, or with your consent.

• Legal obligation: in addition, we reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to: (i) satisfy any applicable law, regulation, legal process, subpoena or governmental request; (ii) investigate potential violations of your agreement(s) with us; (iii) detect, prevent, or otherwise address fraud, security or technical issues; (iv) cooperate with law enforcement authorities; (v) respond to user support requests; or (vi) protect our, our users' or the public's rights, property or safety.

• Service Providers: the third parties with whom we may share information for these purposes include the underwriting insurance company(-ies), claims assessment and processing, insurance agents, companies that perform payment processing, insurance rating partners, marketing, driver scoring or other services on our behalf and our business partners, businesses that assist in analyzing and improving websites and mobile applications, other insurance companies that play a role in an insurance transaction with you, those who request information pursuant to a subpoena or court order, government authorities, consumer reporting agencies, doctors, hospitals, insurance agencies, claims adjusters, actuarial data providers, and other business partners. EVEN IF THESE SERVICE PROVIDERS ARE CONTRACTUALLY OBLIGATED TO MAINTAIN THE CONFIDENTIALITY AND SECURITY OF YOUR INFORMATION, WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES OF THIRD PARTIES.

• Other Insurance Companies: We may share your information with other insurance companies involved in your insurance transactions, such as reinsurers.

• Sharing Data for Marketing and / or Targeted Advertising: as a general practice, Novo does not sell or share personal information. However, as part of our Targeted Advertising Service, we may process certain personal information, such as device identifiers, to deliver relevant, interest-based advertising, develop advertising models, and evaluate the effectiveness of our marketing campaigns. We do not share personal information with third parties for this purpose without your consent.
  
  As a standard practice for marketing or promotional purposes, mobile phone numbers and mobile-related data are not shared with any third parties or affiliates, except for text messaging originator opt-in data and user consent records (i.e., evidence that someone agreed to receive SMS), which shall be excluded from any sharing activities. Mobile phone interactions at Novo are specifically intended to support essential functional interactions as well as marketing initiatives, including but not limited to quote follow-ups, abandoned quote reminders, and customer support services. For all marketing communications, users are expressly provided with the option to opt out of communications on each channel individually, ensuring full control over their preferred means of contact. Any disclosure of mobile-related data shall be strictly limited to operational needs or legal obligations-such as facilitating customer service interactions or ensuring compliance with regulatory requirements. We may use third-party pixels and other tracking technologies on our website that enable the collection and sharing of user data with external partners for the purpose of delivering interest-based advertising. This type of advertising-referred to as cross-context behavioral advertising under the California Consumer Privacy Act (CCPA) or targeted advertising under similar state laws-allows for personalized ads based on your interactions across various websites and digital platforms. You may limit some of the marketing of our or our affiliates' products and services to you by contacting us at privacy@novo.us, clicking the "Unsubscribe" link in marketing emails, or adjusting your account settings. Your choice will apply to all people listed on your policy.

• Sharing data for Analytics and Attribution purposes: we may share technical and usage data-including device identifiers, app version, OS, and in-app event metrics-with third-party analytics and attribution partners (for example, AppsFlyer, Amplitude, and similar providers). These vendors process data on our behalf to support analytics, attribution, and statistical marketing measurements. These providers are contractually obligated to process your information only as necessary to provide the services agreed and to maintain appropriate confidentiality and security safeguards.

We may include third-party links on the Novo Insurance Platform. We have no control over, and assume no responsibility for, the content, privacy policies or practices of any third-party websites. By including a link to a third-party website, we do not endorse or recommend any products or services offered or information contained at the third-party website. Such third parties may have privacy notices different from ours, and third-party websites may provide less protection than our websites. If you decide to visit a third-party website via a link contained on the Novo Insurance Platform, please ensure that you read their privacy notice, as we are not responsible for these third-party sites.

We maintain reasonable physical, electronic and procedural safeguards to preserve the integrity and security of the collected information. In the event of a breach, we will notify you in accordance with the laws applicable in the state and/or states where such breach occurred.

You may request to review your personal information in our records by contacting us at any time, as provided in the "Contact Us" section below. If you believe that the information is incomplete or inaccurate, you can request that we correct it. We may not, however, be able to provide information relating to investigations, claims, litigation, or other matters. We will be happy to make corrections whenever possible. We will respond to your requests within a reasonable timeframe.

Please note that some web browsers and devices permit you to broadcast a preference to websites and online services that they "do not track" your online activities. At this time, we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received.

Regarding cookies, you have the ability to accept or decline cookies using your web browser settings. If you choose not to accept cookies from our website, you may not be able to take full advantage of its features or to receive some of the services that it provides. To learn more about cookies and your ability to opt-out of certain advertising cookies, please visit the following websites: http://www.aboutads.info/choices or http://www.networkadvertising.org/choices. To find out how to opt out on a mobile device, please visit the following website: https://www.networkadvertising.org/mobile-choices.

If you’d like to opt out of analytics and attribution data collection in our mobile app, please contact us at privacy@novo.us, or adjust your device settings to limit data sharing. Please note that doing so may affect the functionality of certain app features.

Novo.us is committed to protecting your privacy and responsibly managing your personal information. We retain your information only as long as necessary to fulfill the purposes outlined in our Privacy Policy, maintain active accounts or relationships, and comply with our Global Record Retention Schedule, which is annually reviewed to align with business needs and legal requirements. We prioritize data minimization and offer you the right to access and delete your information. Novo follows a comprehensive data retention policy, balancing business needs with legal and regulatory requirements while ensuring transparency and accountability in our data handling practices. However, in connection with the Novo Insurance Platform, we strive to provide our drivers a seamless and efficient experience. Therefore, if a policy is canceled due to non-payment or other administrative reasons not initiated by the insured, we maintain a 30-day buffer during which data collection and tracking continue, independent of the policy’s deactivation.

The data collected through Novo Test Drive, including both personal and telematics data, will be retained based on your engagement with Novo Insurance:

• If you do not become a Novo Insurance policyholder, your personal data will be retained for up to 1 year after your last activity within the Novo Test Drive. After this period, the data will be pseudonymized or anonymized to ensure it can no longer be linked to you. The anonymized data may be retained indefinitely for research, statistical analysis, and product development, provided it cannot be used to re-identify any individual.

• If you later become a Novo Insurance policyholder, your Test Drive data will either be (a) merged into your insurance account and retained for the duration of your policy plus a 7-year statutory period after policy termination, or (b) retained separately for up to 1 year after becoming a policyholder, then pseudonymized or anonymized and retained for long-term use in a non-identifiable format.

If you opt out or discontinue your participation in Novo Test Drive, data collection will cease immediately, and any previously collected data will be retained in accordance with the applicable scenario above, unless deletion is legally required. Data relating to your participation in the referral and rewards program will be retained for up to 3 (three) years after your last activity in the program, or as required by applicable financial and accounting regulations. After this period, referral and reward data will be pseudonymized or anonymized for analytical and fraud-prevention purposes.

For further details regarding our data collection, usage, and retention practices-particularly those related to telematics and associated technologies-you are encouraged to consult our Telematics Policy and all related documentation, available at www.novo.us.

We do not target the Novo Insurance Platform to anyone under age 13. If you are under age 13, do not enter any personally identifiable information about you or anyone under the age of 13 into the Novo Insurance Platform. If you are a parent or a guardian who has discovered that your child under age 13 has submitted his or her personally identifiable information to us without your permission or consent, we will make reasonable efforts to remove the information from our database, at your written request. To request the removal of your child's information, please contact us as described in the "Contact Us" section below and include in your message your child's name and the email address that your child submitted.

We are a Delaware limited liability company engaged in activities as a licensed insurance agency in various states, although we currently only sell policies in a more limited number of states listed in our FAQs. We sell auto insurance policies which are underwritten by KnightBrook Insurance Company ("KBIC").

KBIC is an insurer under the laws of the State of Delaware. Activities such as claims processing, roadside assistance (if available), etc. are handled by KBIC and/or their services providers and are not provided by Novo Insurance, LLC.

Depending on your state of residence, you may have specific privacy rights regarding your personal information as per applicable privacy legislation. These rights, subject to certain exceptions, include:

Right to Know: You have the right to request details about the personal information we have collected, used, disclosed, and sold/shared about you over the past twelve (12) months. This includes categories of personal information, the sources from which it was collected, the business or commercial purpose for collecting or selling the information, and the categories of third parties with whom we share that information.

Right to Delete: You can request the deletion of certain personal information that we have collected about you. This includes the right to have your personal information erased from our records and directing our service providers to do the same, subject to certain exceptions.

Right to Correct: You have the right to request corrections to any inaccurate personal information we hold about you. This ensures that the information we maintain is accurate and up to date.

Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the sale or sharing of your personal information with third parties. This means you can instruct us not to sell your personal information to third parties.

At any time during the Novo Test Drive program, you have the right to opt out. If you choose to opt out, either by logging out of the app or deleting your account, the collection of your telematics data will stop immediately. However, you will retain access to any data that was collected during the trial period, such as your safety scores and trip details.

If you decide to delete your account, your personal data will be deleted from our systems in accordance with our data retention policy, unless retention is required for legal reasons. After opting out, you will not be able to participate in further data collection or receive any additional reports or updates from the Novo Test Drive program.

Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to request that we limit the use and disclosure of your sensitive personal information to what is necessary to perform the services or provide the goods you have requested.

Novo does not discriminate against any individual who exercises their legal rights, such as denying you products and services, charging you different rates or prices, or suggesting or providing a different level of service to you.

To submit a request, please visit https://www.novo.us or call us at 1-866-862-7757. To process your request and ensure the protection of your privacy and security, we will verify your identity before granting access to your personal information or fulfilling your request. This may involve asking you for additional personal information for verification purposes. If you are making a request on behalf of someone else, we will need to confirm your authority to do so.

For any questions regarding these rights or to appeal a response received from us, please call 1-866-862-7757 or email us at support@novo.us. By understanding and exercising your privacy rights, you help ensure that we handle your personal information responsibly and transparently, in accordance with the applicable privacy legislation.

We host the information we collect from the Novo Insurance Platform in the United States. If you are using or accessing the Novo Insurance Platform from outside the United States or any other region with laws or regulations governing personal data collection, use and disclosure that differ from the United States laws, please be advised that through your use of the Novo Insurance Platform, which is governed by U.S. law, you are transferring information to and from the United States and you consent to that transfer.

The laws of the State of Delaware and applicable United States law govern all matters arising out of or relating to this Privacy Notice, including, without limitation, interpretation, construction, performance, and enforcement, without giving effect to such state's conflicts of law principles or rules of construction concerning the drafter hereof. You hereby irrevocably and unconditionally submit to the jurisdiction of the federal and state courts located in New Castle County, Delaware for the purpose of any suit, action, or other proceeding arising out of or based upon this Privacy Notice, your access to or your use of the Novo Insurance Platform, which courts are the exclusive forum for any such suit, action, or other proceeding.

You may not transfer or assign any rights and permissions you grant to us hereunder. However, we may transfer or assign those same rights and permissions without restriction.

If we decide to sell, buy, merge or otherwise reorganize our businesses in certain countries, this may involve us disclosing your information to prospective or actual purchasers and their advisers, or receiving information from sellers and their advisers. In the event of such disclosures of information, we will comply with applicable legal requirements.

We reserve the right at our discretion to change the Privacy Notice at any time. We will post the most current version of the Privacy Notice to our website at https://www.novo.us. Any changes will be published on our dedicated page on https://www.novo.us and will be effective as of the date of publication (which will also be noted on our website).

By participating in the NTD and NSP Programs, you confirm that you have read, understood, and agreed to the terms outlined in this Privacy Policy, including the collection, use, and retention of your personal and telematics data as described above.

Please feel free to contact us if you have any questions regarding this Privacy Policy or our practices. You may contact us using the following information:

Legal Department – Privacy Request
Novo Insurance, LLC
1881 W Traverse Parkway Ste E #613
Lehi, UT 84043
privacy@novo.us or legal@novo.us.