General Data Protection Regulation (GDPR) Compliance

Effective Date: February 12, 2026

Meetricks, LLC is committed to complying with the General Data Protection Regulation (GDPR — Regulation EU 2016/679) applicable since May 25, 2018, as well as applicable data protection laws. This page summarizes our commitments and your rights regarding personal data protection.

1. Our Commitments

SkyEntry is committed to respecting the six fundamental principles of the GDPR:

1.1 Lawfulness, Fairness, and Transparency

We process your data lawfully, fairly, and transparently. Each processing operation is based on a valid legal basis (performance of contract, consent, legitimate interest, or legal obligation). We clearly inform you about the purposes and methods of processing.

1.2 Purpose Limitation

Your data is collected for specified, explicit, and legitimate purposes. It is not further processed in a manner incompatible with those purposes.

1.3 Data Minimization

We only collect data strictly necessary for the purposes for which it is processed. For example, we only request your passport number for services that require it.

1.4 Accuracy

We take reasonable steps to ensure your data is accurate and kept up to date. You can update your information at any time from your personal account.

1.5 Storage Limitation

Your data is retained for no longer than necessary for the purposes of processing. Retention periods are detailed in our Privacy Policy.

1.6 Integrity and Confidentiality

We implement appropriate technical and organizational measures to ensure the security of your data, including protection against unauthorized or unlawful processing, loss, destruction, or accidental damage.

2. Your Rights

As a SkyEntry user, you have the following rights:

2.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether your data is being processed and, if so, access to that data along with various information (purposes, categories, recipients, retention period, etc.).

How to exercise it: From your personal account, go to "Settings > Personal Data > Export My Data." You will receive a complete file of all data we hold about you.

2.2 Right to Rectification (Article 16 GDPR)

You may request the correction of inaccurate data or the completion of incomplete data.

How to exercise it: Edit your information directly from your profile or contact us.

2.3 Right to Erasure — "Right to be Forgotten" (Article 17 GDPR)

You may request the deletion of your personal data, subject to legal retention obligations (accounting, regulatory compliance).

How to exercise it: From "Settings > Personal Data > Delete My Account." Your data will be irreversibly anonymized. Transactional data will be retained in anonymized form for the legally required duration.

2.4 Right to Restriction of Processing (Article 18 GDPR)

You may request restriction of processing of your data in certain cases (accuracy contested, unlawful processing, etc.).

2.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format (JSON), and to transmit it to another data controller.

How to exercise it: Use the "Export My Data" feature from your personal account. The exported file will contain all your personal data, bookings, invoices, and consents.

2.6 Right to Object (Article 21 GDPR)

You may object to processing based on legitimate interest, as well as processing for direct marketing purposes.

How to exercise it: Uncheck the "Marketing Communications" option in your profile settings, or click the unsubscribe link in our emails.

2.7 Right Not to be Subject to Automated Decision-Making (Article 22 GDPR)

SkyEntry does not use automated decision-making that produces legal or similarly significant effects on our users.

3. Data Protection Officer (DPO)

SkyEntry has designated a Data Protection Officer. For any questions regarding the protection of your data or to exercise your rights:

• Email: dpo@skyentry.co

• Mail: Meetricks, LLC — DPO — 1013 Centre Rd Suite 403A, Wilmington, DE 19805, USA

Response time: We commit to responding to any request within one (1) month. This period may be extended by two (2) months in case of complexity or a high number of requests.

4. Data Security

We implement the following measures to ensure data security:

• Encryption: All communications are encrypted via SSL/TLS (HTTPS). Payment data is processed by Stripe, PCI DSS Level 1 certified.

• Access control: Data access is limited to authorized personnel, on a need-to-know basis. Enhanced authentication for administrators.

• Anonymization: Upon account deletion, personal data is irreversibly anonymized while retaining aggregated statistical data.

• Monitoring: Continuous monitoring of access and security anomalies.

• Backup: Regular encrypted backups with disaster recovery plan.

5. Certified Subprocessors

Our technical subprocessors are selected for their GDPR compliance:

| Subprocessor | Role | Location | Guarantees | |---|---|---|---| | Stripe | Payments | Ireland / USA | PCI DSS, SCCs, DPF | | Railway | Hosting | USA | SOC 2, SCCs | | Resend | Emails | USA | SCCs | | Neon | Database | USA | SOC 2, SCCs |

All our subprocessors are bound by Data Processing Agreements (DPAs) compliant with Article 28 of the GDPR.

6. Data Breach Notification

In accordance with Articles 33 and 34 of the GDPR, in case of a personal data breach:

• We will notify the relevant supervisory authority within 72 hours of becoming aware of it

• If the breach is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay

• We will document any breach and the corrective measures taken

7. Complaints

If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with the relevant supervisory authority (e.g., CNIL in France: www.cnil.fr, 3 Place de Fontenoy — TSA 80715, 75334 Paris Cedex 07, Phone: +33 1 53 73 22 22).

We encourage you to contact us first to resolve any issue amicably.

8. Records of Processing Activities

In accordance with Article 30 of the GDPR, SkyEntry maintains a record of processing activities describing all implemented processing operations. This record is available upon request from our DPO.

9. Contact

For any questions or requests regarding the GDPR:

• DPO: dpo@skyentry.co

• Support: contact@skyentry.co

• Website: meetricks.com

• Address: Meetricks, LLC — 1013 Centre Rd Suite 403A, Wilmington, DE 19805, USA