Privacy Policy

Last updated: 24 June 2026

1. Introduction & Scope

Draconis Infrastructure, LLC ("Draconis", "we", "us", or "our") is a digital infrastructure holding company. This Privacy Policy explains how we handle personal information collected through this corporate website (the "Site"). It applies to visitors who browse the Site, contact us through our forms, or otherwise interact with us in connection with our corporate and business-to-business activities.

This corporate Site does not sell products or service packages directly. Customer-facing sales are operated by our specialised sub-brands through their own separate websites, which may publish their own privacy notices. Where Draconis Infrastructure, LLC acts as the central payment processor on behalf of its brands (for example, for business-to-business billing), this Policy describes how we handle the limited personal information involved in that role. For questions about a specific brand's products, please refer to that brand's own privacy notice.

For the purposes of the EU and UK General Data Protection Regulation ("GDPR"), Draconis Infrastructure, LLC is the data controller in respect of personal information processed through this Site. For the purposes of the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), Draconis Infrastructure, LLC is the business responsible for the personal information described below.

2. Information We Collect

We aim to collect only the information we genuinely need. The categories of personal information we process are:

2.1 Information you provide through our contact form

When you submit our contact form, we collect the information you choose to provide, which typically includes:

• Name — so we can address you appropriately;
• Email address — so we can respond to your enquiry;
• Company / organisation name — to understand the business context of your enquiry;
• Subject — the topic of your enquiry, to help us route it correctly;
• Message content — the details, questions, or request you send us.

You are not required to provide any special categories of data (such as health, biometric, or political information), and we ask that you do not include such information in your message.

2.2 Usage and analytics data

When you visit the Site, we may automatically collect technical and usage information, such as your approximate location (derived from IP address), browser type and version, device type, operating system, referring URLs, the pages you view, and the dates and times of your visits. This information helps us understand how the Site is used and how to improve it.

2.3 Cookies and similar technologies

We and our service providers use cookies and similar technologies to operate the Site and to gather the analytics data described above. See the "Cookies & Analytics" section below and our Cookie Policy for details, including how to manage your preferences.

3. How We Use Your Information & Legal Bases (GDPR)

We use the personal information described above for the following purposes. Where GDPR applies, we rely on the corresponding legal bases:

• To respond to your enquiries and communicate with you — for example, replying to a message submitted through our contact form. Legal basis: our legitimate interests in responding to and managing communications, and/or taking steps at your request prior to entering into a contract.
• To operate, maintain, and secure the Site — including protecting against fraud, abuse, and security incidents. Legal basis: our legitimate interests in running a secure and reliable website, and compliance with our legal obligations where applicable.
• To understand and improve how the Site is used — through analytics. Legal basis: your consent, where required for non-essential cookies and analytics, and otherwise our legitimate interests in improving our services.
• To process central payments and business-to-business billing on behalf of our brands — where you transact with us in that capacity. Legal basis: performance of a contract, compliance with legal obligations (including accounting and tax requirements), and our legitimate interests in administering payments.
• To comply with the law and enforce our terms — including responding to lawful requests from authorities. Legal basis: compliance with a legal obligation and our legitimate interests in protecting our rights.

Where we rely on legitimate interests, we balance those interests against your rights and freedoms. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Cookies & Analytics

The Site uses essential cookies that are necessary for it to function, and may use non-essential analytics cookies to measure traffic and usage. Non-essential cookies are only set where permitted by your choices, in line with applicable law. We use analytics to understand aggregate trends, not to build individual marketing profiles.

You can control cookies through your browser settings and, where offered, through our cookie controls. For a full description of the cookies we use, their purposes, durations, and how to manage them, please see our Cookie Policy.

5. Third Parties & Processors

We do not sell your personal information. We share it only with service providers ("processors") who help us operate the Site and our business, and only to the extent necessary for them to perform their services on our behalf under appropriate contractual safeguards. Our key providers include:

• Google Analytics (Google LLC / Google Ireland Limited) — website analytics and usage measurement.
• Google Translate (Google LLC / Google Ireland Limited) — optional automated translation of Site content for convenience. Translations are provided "as is" and the English version remains authoritative.
• Stripe (Stripe, Inc. / Stripe Payments Europe, Ltd.) — secure processing of payments and business-to-business billing where Draconis processes payments centrally on behalf of its brands. Stripe handles cardholder data as an independent processor/controller in accordance with its own terms and privacy policy.
• Web hosting and infrastructure providers — to host the Site, store contact-form submissions, and deliver content securely and reliably.

We may also disclose personal information where required to comply with applicable law, regulation, legal process, or an enforceable governmental request, or to protect the rights, property, or safety of Draconis, our users, or others. In the event of a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to this Policy or a successor notice.

6. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. In practice:

• Contact-form submissions are retained for as long as needed to handle your enquiry and any related follow-up, and thereafter for a reasonable period to maintain a record of our communications, after which they are deleted or anonymised.
• Analytics data is retained for the limited periods configured in our analytics tools, typically in aggregated or pseudonymised form.
• Payment and billing records are retained for the periods required by applicable tax, accounting, and anti-fraud laws.

When personal information is no longer required, we securely delete or anonymise it.

7. Data Security

We implement appropriate technical and organisational measures designed to protect personal information against unauthorised access, disclosure, alteration, and destruction. These measures include encryption of data in transit (HTTPS/TLS), access controls, the use of reputable service providers, and the principle of collecting only the data we need. No method of transmission over the internet or method of electronic storage is completely secure, however, and we cannot guarantee absolute security. If we become aware of a personal data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority and affected individuals where required by law.

8. International Transfers

Draconis Infrastructure, LLC is established in the United States, and some of our service providers may process personal information in the United States or other countries outside your own. Where we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been deemed to provide an adequate level of protection, we put in place appropriate safeguards, such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), together with supplementary measures as needed. You may request more information about these safeguards using the contact details below.

9. Your Rights Under GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights in respect of your personal information, subject to applicable conditions and exemptions:

• Access — to obtain confirmation of whether we process your personal information and a copy of it;
• Rectification — to have inaccurate or incomplete personal information corrected;
• Erasure — to request deletion of your personal information ("right to be forgotten") in certain circumstances;
• Restriction — to request that we limit the processing of your personal information in certain circumstances;
• Portability — to receive certain personal information in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another controller;
• Objection — to object to processing based on our legitimate interests, including any direct marketing;
• Withdrawal of consent — to withdraw your consent at any time where we rely on consent, without affecting the lawfulness of prior processing;
• Complaint — to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, please contact us using the details in the "Contact" section below. We will respond within the timeframes required by applicable law. We do not charge a fee unless your request is manifestly unfounded or excessive, and we may need to verify your identity before acting on a request.

10. Your Rights Under CCPA/CPRA

If you are a California resident, you have the following rights under the CCPA/CPRA, subject to applicable conditions and exemptions:

• Right to know — to request disclosure of the categories and specific pieces of personal information we have collected, the sources, the purposes for collection, and the categories of third parties with whom we share it;
• Right to delete — to request deletion of personal information we have collected from you;
• Right to correct — to request correction of inaccurate personal information;
• Right to opt out of the sale or sharing of personal information;
• Right to non-discrimination — to not receive discriminatory treatment for exercising your privacy rights.

We do not sell your personal information, and we do not "share" it for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA. Because we do not sell or share personal information in this sense, no opt-out is necessary; however, you may still exercise your other rights at any time. To submit a request, contact us using the details below. You may use an authorised agent to make a request on your behalf, and we may take reasonable steps to verify your identity and the agent's authority before responding.

11. Children's Privacy

This Site is intended for businesses and adults and is not directed to children. We do not knowingly collect personal information from children under the age of 16. If you believe a child has provided us with personal information, please contact us and we will take reasonable steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date above and, where the changes are material, take additional steps to notify you as required by law. We encourage you to review this Policy periodically.

13. Contact & Data Protection Contact

If you have any questions about this Privacy Policy, or wish to exercise your rights, please contact us:

• Email: info@draconisinfrastructure.com (general) or support@draconisinfrastructure.com (support)
• Entity: Draconis Infrastructure, LLC
• Registered office: 131 Continental Dr, Suite 305, Newark, DE 19713, United States
• Company registration: Delaware, USA — File No. 7800123
• Phone: +1 (302) 488-1540

If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

This document is provided in English, which is the authoritative version; automated translations are for convenience only.