SUPPLEMENTAL PRIVACY NOTICE FOR SIGMA PUBLIC

Last Updated: March 4, 2026

This Supplemental Privacy Notice for Sigma Public (“Supplemental Notice”) supplements the Sigma Privacy Notice (“Privacy Notice”) and describes how Sigma Computing, Inc., its subsidiaries, and its affiliates (collectively “Sigma”, “we”, or “us”) collect, use, transfer, and process Personal Data when you visit, use, or access Sigma Public. “Personal Data” means information that identifies, relates to, describes, or is reasonably capable of being associated, directly or indirectly, with you.

1. Introduction To Sigma Public.

1.1 Sigma Public. Sigma owns and provides a free-to-use cloud-based intelligence platform and related services (“Sigma Public”) at public.sigmacomputing.com (“Site(s)”). Your access to and use of Sigma Public and the Site is governed by the Sigma Public Terms of Service (“Public TOS”). Any capitalized terms not defined in this Supplemental Notice have the meaning given to them in the Public TOS.

1.2 Applicability of Supplemental Notice. This Supplemental Notice applies to both Users and Visitors.

• “Visitor” means anyone who visits, accesses, or uses Sigma Public or the Site without creating an account on Sigma Public (“Account”).  
• “User” means any Visitor who creates and registers an Account on Sigma Public.

1.3 User Personal Data. You may use Sigma Public to analyze, query, and/or interact with (“Query”) a particular dataset or other information. Sigma may provide sample or demo datasets, which you may Query using Sigma Public. You may, at your sole discretion, add, input, provide, or submit additional data to Sigma Public (“User Data”). IF YOU CHOOSE TO PROVIDE ANY USER DATA TO SIGMA, YOU DO SO VOLUNTARILY. YOU ARE SOLELY RESPONSIBLE FOR REMOVING ANY AND ALL PERSONAL DATA FROM THE USER DATA YOU PROVIDE US. YOU UNDERSTAND THAT YOUR USER DATA MAY BE PUBLICLY DISCLOSED AND PUBLICLY DISPLAYED ON THE SITE OR OTHERWISE THROUGH SIGMA PUBLIC. Any Personal Data that is included within User Data is “User Personal Data”. You control and determine what User Personal Data Sigma collects and processes.

1.4 Published Assets. Based on your Queries, you can create visualizations, charts, graphs, applications, or other artifacts within Sigma Public (“Developed Assets”). If you Query User Data, the resulting Developed Assets may include or reference the Queried User Data. You may, in your sole discretion, choose to publicly publish these Developed Assets through Sigma Public (“Published Assets”). PUBLISHED ASSETS ARE PUBLICLY DISPLAYED TO ALL VISITORS. ALL USERS ARE FREE TO VIEW, USE, COPY, DOWNLOAD, OR INTERACT WITH PUBLISHED ASSETS THROUGH SIGMA PUBLIC.

2. Personal Data We Collect and Process.

When you visit, access, or use Sigma Public, we collect and process the following types of Personal Data:

• Account Information. To allow you to create an Account on Sigma Public, we collect and process the following Account Information:        
  (a) Contact Information and Identifiers, such as your name and email address, and        
  (b) Access Credentials such as your password;
• Profile Information. We collect and process the Profile Information you add to your Sigma Public Profile. Profile Information includes (a) your name and email address, (b) additional Personal Data that you voluntarily add to your Profile, such as your location, organization details, photographs, links to your websites, and social media links, and (c) Personal Data included in the bio that you voluntarily add to your Profile about yourself;
• Communication Data. We collect and process Personal Data such as email address, phone number, mailing address, and marketing preferences from Visitors when they communicate with us, including when they report Prohibited Content under the Public TOS. We also collect and process the Personal Data that they voluntarily include as part of their communications;
• Developed Assets. Subject to Section 1.3, we collect and process Personal Data, including User Personal Data, contained in any Developed Assets created or generated by Users;
• Technical Data. We collect and process technical data from all Visitors, including data such as internet protocol (IP) addresses, browser type and version, operating system details, device IDs, MAC addresses, screen resolution, plug-ins, and add-ons; and
• Usage Data. We collect and analyze data and other information relating to your access and use of Sigma Public and the Sites, and the performance of the Sigma Public and the Sites, including technical logs, metadata, telemetry data, Technical Data, usage information about Developed Assets and Platform Assets.

3. Sources of Personal Data.

• From you directly. We may collect Personal Data directly from you, such as when you voluntarily provide us with Personal Data (e.g., User Personal Data). We also collect your Technical Data and Usage Data automatically when you visit, access, or use Sigma Public or the Site.
• From third-parties. Sigma may use third-party service providers for the purposes of providing, operating, maintaining, or securing Sigma Public (“Service Providers”). These Service Providers may collect your Personal Data from publicly available sources, from you directly, or through third parties they work with. For example, we use Supabase to allow Account creation and to securely log in Users. Accordingly, Supabase collects your Account Information and Profile Information on our behalf, and shares it (or parts thereof) with us.
• Through our use of automated technologies. The Site may use cookies and other similar technologies (“Cookies”) to function effectively. We (or an authorized third party) automatically collect and store Technical Data through Cookies that may uniquely identify your browser, computer, and/or device. For more information about our use of Cookies, please review Section 2.2 and Section 2.3 of the Sigma Privacy Notice and Sigma’s Cookie Notice.

We may also combine Personal Data we have collected about you by the methods described above or in other contexts for our marketing and promotional purposes, such as to help us better determine what products, services, and/or events might be of interest to you.

4. Our Uses of Personal Data.

We collect and process your Personal Data for our legitimate business purposes, including: 

• For providing, administering, and maintaining Sigma Public, including to (a) create and manage of Accounts, (b) identify you as the creator of Published Assets, (c) to publicly display and allow use of Platform Content, (d) detect bugs, report errors, and monitor and measure your use of Sigma Public, (e) providing access to certain features Sigma Public, including the exporting or downloading of Platform Content, and (f) monitoring and removing Prohibited Content, (g) troubleshoot, test, support, and ensure internal quality control and safety of Sigma Public;
• To communicate with you, including to (a) respond to your reports or complaints regarding Prohibited Content, questions, (b) respond to your inquiries about Sigma’s products and services, (c) keep in contact with you regarding Sigma Public, (d) conduct surveys and receive your Feedback, and (e) send you a welcome e-mail to verify ownership of the e-mail address provided when your Account is created;
• For sales and marketing purposes, including to create and send you sales and marketing information regarding Sigma’s products and services, subject to your marketing preferences;
• For legal and compliance purposes, including to (a) monitor compliance with our contractual and legal obligations, (b) monitor your compliance with the Public TOS and applicable laws, (c) prevent Publishing of Prohibited Content or other fraudulent, unauthorized, infringing or illegal activity, (d) comply with lawful requests and legal process, including subpoenas or requests from government authorities, (e) protect and enforce the rights and property of Sigma, its customers, Service Providers, users, employees, or the public as required or permitted by applicable laws;
• For protecting our business and Sigma Public, including to (a) combat fraud, spam, malware or other network and/or information security risks, (b) maintain and monitor the safety, integrity, and security of Sigma Public, and Sigma’s systems, applications, and networks, and (c) prevent, detect, and investigate security incidents;
• For business analytics, operational, and reporting purposes, including to (a) conduct or participate in audits, investigations, mergers and acquisitions, or as required for maintaining business operational and reporting documentation, (b) measure performance and analyze key metrics relevant to our business, (c) conduct research, benchmarking, analysis, feedback collection, and assessment on our products, services, and business activities, and (d) improve and enhance our products, services and business activities, including by training, tuning, fine-tuning, or retraining artificial intelligence models and algorithms.

In general, we will only use the Personal Data we collect from you for the purposes described in this Supplemental Notice. However, we may also use your Personal Data for other purposes that are not incompatible with the purposes we have disclosed to you (such as in the public interest) where this is permitted by applicable data protection laws.

4. Disclosure of Personal Data.

We disclose your Personal Data as described in this Section 4 and as described elsewhere in this Supplemental Notice.

• The Public. Published Assets, as selected and made public by you on Sigma Public, are publicly available to all Users and Visitors. Any Personal Data included in Published Assets will also be publicly available. Further, your name and Profile Information (or parts thereof) will be publicly available, and you will be publicly identified as the publisher, creator, or developer of such Published Assets. Please note that ANY PERSONAL DATA THAT IS MADE PUBLICLY AVAILABLE ON THE SITE CAN BE INDEXED BY SEARCH ENGINES.
• Service Providers. We may disclose your Personal Data to third-party service providers in order for those providers to perform business functions on behalf of Sigma, including as required to maintain, secure, manage, and operate our Sigma Public and the Site (“Service Providers”).
• Affiliates. We may disclose your Personal Data to our Affiliates, as described in Section 4.1 of the Sigma Privacy Notice.
• Legal compliance. We may disclose your Personal Data to comply with our legal obligations, as described in Section 4.4 of the Sigma Privacy Notice.
• Corporate Restructuring. We will disclose or transfer your Personal Data in connection with or during a corporate restructuring, as described in Section 4.5 of the Sigma Privacy Notice.
• Legitimate and Vital Interests. We may disclose your Personal Data where it is necessary for our legitimate interests, or where necessary to protect your vital interests or the vital interests of another person.
• Other Disclosures. We may also disclose your Personal Data (a) to fulfill the purpose for which you provide it, (b) for any other purpose disclosed by us when you provide it, or (c) with your consent.

Further, we may disclose or use aggregated or de-identified information or data for any purpose. For example, we may share aggregated or de-identified information with prospects or partners for business or research.

5. Your Privacy Rights.

Please review Section 5 of the Sigma Privacy Notice to understand your rights with respect to your Personal Data, how to exercise your rights, and how Sigma will verify and honor your rights. Please email us at privacy@sigmacomputing.com or use this form to submit your privacy requests.

6. Your Choices and Controls.

We offer you certain controls and choices regarding the collection, use, and disclosure of your Personal Data, and we will respect the choices you make in accordance with applicable law.

• Account Information and Profile Information. You may review, update, correct, or delete the Personal Data associated with your Account and Profile through the settings in Sigma Public, or by exercising your privacy rights in accordance with Section 5 and filling this form or emailing us at privacy@sigmacomputing.com. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your request and limited Personal Data for our records, if and as required (or permitted) by applicable laws or for our legitimate business purposes.
• Opt-Out of Marketing. We may periodically send you marketing related communications, consistent with your choices. If you no longer want to receive marketing-related communications from us, you may opt out via the unsubscribe link (or unsubscribe instructions) included in such communications, or by filling out this form.

We will use commercially reasonable efforts to comply with your request(s) as soon as reasonably practicable. We may retain an archived copy of your request and limited Personal Data for our records, if and as required (or permitted) by applicable laws or for our legitimate business purposes.

6. International Data Transfers.

Your Personal Data may be transferred to, and processed in, countries other than the country where it was provided or where you are located. In particular, we may transfer your Personal Data to the United States of America and other countries where our Affiliates and Service Providers are located. These countries may have data protection laws that are different to the laws of the country where you are located or residing.

• In compliance with applicable data protection laws, Sigma ensures that appropriate or suitable safeguards are in place to protect the transferred Personal Data, including implementing the European Commission’s Standard Contractual Clauses (if applicable). To learn more about how Sigma ensures the protection of the transferred Personal Data, please review Section 7 of the Sigma Privacy Notice.
• Sigma Computing Inc. has also self-certified compliance with the EU-U.S. Data Privacy Framework, the UK extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework set forth by the U.S. Department of Commerce (collectively the “DPF”). To learn more about the DPF program and view our certification, please visit https://www.dataprivacyframework.gov/. Additionally, to learn more about Sigma’s DPF certification, visit our Data Privacy Framework Notice.

7. Additional Information.

(a) Data Retention. We retain your Personal Data only so long as reasonably necessary to fulfill the legitimate business purposes for which it was collected (as described in Section 4), or as otherwise required or permitted by law (for example, to comply with our legal and compliance requirements). Please review Section 8 of the Sigma Privacy Notice to understand our policies related to Data Retention.        
(b) Security. We have implemented reasonable technical and organizational measures designed to provide industry-standard security appropriate to the risk, in our effort to protect your Personal Data. Please review Section 9 of the Sigma Privacy Notice to understand how we protect your Personal Data against unauthorized, accidental, or unlawful access, destruction, loss, alteration, disclosure, or use.
(c) Third-Party Services. This Privacy Notice does not apply to, and we are not responsible for, the practices of any third parties, which have their own rules for how they collect and use your Personal Data. Links to third-party websites or services on the Site are not endorsements.        
(d) Use by Children. Sigma Public and the Site are intended for adults and are not directed at individuals under the age of 18. We do not knowingly collect Personal Data from anyone under the age of 18. If a parent or guardian becomes aware that their minor child has provided us with Personal Data without their consent, they should contact Sigma through our Privacy Request Form or by emailing us at privacy@sigmacomputing.com.

9. Changes to This Supplemental Notice.

We reserve the right to change this Supplemental Notice at any time. The “Last Updated” heading in this Supplemental Notice indicates when it was last revised. Any changes will be posted on this page with an updated revision date. It is your responsibility to periodically review this Supplemental Notice to remain informed about our collection, processing, and sharing of your Personal Data. We may, in our sole discretion, provide you communications, including via email, about changes to our Supplemental Notice; however, such communications do not abrogate or otherwise limit your responsibility to periodically review the Supplemental Notice to determine whether any amendments have been made hereto. 

8. Contact Us.

If you have any questions about this Privacy Notice or our privacy practices, or would like to access the information it contains in a different format, please contact us by

• Emailing us at: privacy@sigmacomputing.com, or
• Writing to us at: Sigma Computing, Inc., 116 New Montgomery St., Suite 700, San Francisco, CA 94105.

Schedule 1

Additional Notice for California Residents.

This Schedule applies to residents of California or California consumers as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (Cal. Civ. Code §§ 1798.100 et seq.), and its implementing regulations (“CCPA”). “Personal Information” (as defined by the CCPA) is referred to as “Personal Data” in this Supplemental notice.

(a) Categories of Personal Data Collected. Sigma collects (and in the last 12 months has collected) the following categories of Personal Data, as further described in Section 2 of this Supplemental Notice.

• Account Information, such as your name, email address, and password or other access credentials;
• Profile Information, voluntarily added by Users to their Profile, as determined and controlled solely by Users. Profile Information may include
  ◦ Personal Data categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)), such as name, address, telephone number, or employment information. Please note that Personal Data in this category may overlap with other categories
  ◦ Identifiers and contact information, such as name and email address;
  ◦ Professional information, such as employer organization name or affiliated organization name;    
  ◦ Location data, such as the country and city from where you use Sigma Public;    
  ◦ Photographs;        
  ◦ Links to your website and social media links, and        
  ◦ Other Personal Data included in a User’s bio;
• Technical Data and Usage Data, including identifiers (e.g., IP address) and Internet or other electronic network activity (e.g., browsing history, search history, and information regarding your interactions with Sigma Public and the Site);
• Communications Data, including Identifiers (e.g., email address, phone number, mailing address) and other information shared with us in your communications with us.
• User Personal Data contained in Published Assets, as controlled and determined solely by Users.
• Inferences drawn from the preceding categories of Personal Data

(b) Categories of Personal Data Disclosed. The table below describes the categories of Personal Data that Sigma has disclosed to third-parties in the last 12 months, including the categories of third-parties it was disclosed to (Recipients), and the business purposes it was disclosed for.

(c) Sale/Sharing of Personal Data. Sigma does not “sell” or “share” (and has not sold or shared in the past 12 months) any Personal Data that is collected or processed in relation to Sigma Public, for monetary or other valuable consideration, or for targeted advertising purposes. Sigma may however, “sell” or “share” other Personal Data it collects from you, as detailed in Sigma’s Supplemental Notice for California Residents.        

(d) Sensitive Personal Information. Sigma doesn’t use or disclose your Sensitive Personal Information (as defined in CCPA) for purposes other than those described in CCPA.        

(e) Your Rights. In addition to the rights stated in Section 5 of the Sigma Privacy Notice, you have the right to non-discrimination. Sigma will not discriminate against you for exercising any privacy rights.

Schedule 2

Additional Notice for Individuals in the EU, UK, and Switzerland.

This Schedule 2 applies to individuals located in the European Union (“EU”), the United Kingdom (“UK”), or Switzerland.

(a) Legal Basis. Our legal basis for collecting and using your Personal Data will depend on the Personal Data we collect and the context in which we collect such Personal Data. In most cases, our processing of your Personal Data will be justified on one of the following bases:

• As necessary for the performance of a contract with you or to take steps at your request to enter a contract, such as the performance of our contractual duties under the Sigma Public Terms of Service;
• As necessary for the legitimate interests pursued by the Sigma, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Data, including the following interests (as further described in Section 4 of this Supplemental Notice):
  • For providing, administering, and maintaining Sigma Public;    
  • To communicate with you;    
  • For sales and marketing purposes;    
  • For legal and compliance purposes;    
  • For protecting our business and Sigma Public; and    
  • For business analytics, operational, and reporting purposes.
• In limited circumstances, we will rely on your consent for processing of your Personal Data.

(b) Your Rights. In addition to the rights stated in Section 5 of the Sigma Privacy Notice, you have the following privacy rights:

• You may ask us to provide you with your Personal Data in a structured, commonly used, and machine-readable format, and to have it transferred to another party, where technically feasible.
• When we process your Personal Data based on legitimate interests, you may object to this processing.
• You may ask us to restrict our processing of your Personal Data where (i) you contest the accuracy of the Personal Data until we have taken sufficient steps to correct or verify its accuracy; (ii) the processing is unlawful but you do not want us to erase your Personal Data; (iii) we no longer need the Personal Data for our legitimate business purposes, but you require it for the establishment, exercise, or defense of legal claims; or (iv) where you have objected to processing justified on legitimate interest grounds pending verification as to whether Sigma has compelling legitimate grounds to continue processing.
• You may lodge a complaint with your applicable supervisory authority if you consider that the processing of your Personal Data infringes applicable data protection laws. A list of supervisory authorities is available at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.