Privacy Policy

The Sia Storage Company, and our affiliates (collectively "Sia", "we", "us") care deeply about privacy, security, and online safety. This Privacy Policy ("Privacy Policy") is designed to inform you about how we collect, use, and disclose your Personal Information (as defined below), and our commitment to using the Personal Information we collect in a transparent and respectful manner.

This Privacy Policy applies to "Personal Information" we obtain from individuals ("you") through our website (collectively, our "Site") and when you sign up for storage services (collectively, the "Services"), as further described below. Please read this Privacy Policy carefully before you start to use our Services, whether online or offline.

Our Services, provided through an application made available to you by the Sia Foundation or other third party developers, enable users seeking to store data and materials ("Customers", "you") on a decentralized storage network (the "Storage Network") to do so. Please note that the application used to upload your data is not provided to you by The Sia Storage Company. It may be provided to you by The Sia Foundation ("Sia Foundation") or other third party developers and your use of such application is covered under the relevant Terms of Services. Customers' data and materials are stored across a decentralized network of third-party devices ("Hosts"). The data and materials uploaded by Customers to the Storage Network ("Your Content") is encrypted, preventing both Sia and Hosts from accessing Your Content. Sia acts as a service provider and you act as a data controller (i.e., responsible party) for purposes of the processing of Your Content.

When referenced in this Privacy Policy, the term "Personal Information" (i.e., Personal Data or other similar terms as defined by applicable law) includes any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including any information that is subject to applicable data protection laws. Sia is the data controller with respect to the Personal Information practices described in this Privacy Policy.

The types of Personal Information we collect about you depends on how you interact with us. Depending on the Services you use, the following are the categories and specific types of Personal Information that we may collect, or have collected in the preceding twelve months:

• Contact Information/Identifiers, including name, email address, postal address, phone number, username, business contact information, or other similar identifiers and account information (generally collected by our third-party processors).
• Usage Information, including information about how you use the Site and Services and other information collected through cookies and analytics.
• Device Information and Other Unique Identifiers, device identifier, internet protocol (IP) address, or similar unique identifiers.
• Payment Information, including credit or debit card number (processed by our third party payment processor).

If you do not provide us with certain Personal Information, we may not be able to fulfill the requested purpose of collection, such as to respond to your queries or request for customer service or to provide the full functionality of our Site or Services to you. However, unless otherwise specified, not providing your Personal Information will not result in legal or other consequences to you.

We collect your Personal Information in the following ways, pursuant to applicable law:

• Directly From You, such as when you use our Services; sign up with us to receive marketing communications; or otherwise reach out to us.
• Other Sources, including vendors and affiliates.

We use your Personal Information for the following business purposes ("Processing Purposes") associated with our general business operations. We may collect your Personal Information for the following Processing Purposes:

• To provide you the Services.
• To enable you to access and use our websites.
• To communicate with you and to respond to your requests, questions, comments, and other inquiries.
• To understand what partner resources you use, if any, and to connect you to additional resources at your request.
• To administer, maintain, evaluate, and improve our websites and Services, and to develop new products and services.
• To conduct research and analytics related to our websites and Services.
• We may use Personal Information to contact you about other services we provide.
• To manage our business operations, perform our obligations and exercise our rights under any agreement that you or your organization has with us.
• For other purposes with your consent, or as otherwise permitted or required by applicable law.
• We use Personal Information to comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.
• We use Personal Information to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions, attempts to manipulate or violate our policies, procedures, and terms and conditions, security incidents, and harm to the rights, property, or safety of Sia and our users, customers, employees, or others.
• We may also aggregate or deidentify Personal Information for internal business purposes. Deidentified information is generally not considered to be Personal Information under applicable laws.

To the extent that we use deidentified information, we commit to maintaining and using the information in deidentified form and we will not attempt to reidentify the information, except as permitted under the applicable law.

We respect the importance of privacy. Other than as provided in this Privacy Policy, we do not sell your Personal Information, nor do we share it with unaffiliated third parties for their own marketing use, unless we have your consent, or we are required by law to do so. Generally, we may disclose the Personal Information we collect to facilitate our communications with customers, to operate our business, to advertise or promote our Services, or with your consent. To the extent that we have collected or processed your Personal Information in the prior twelve (12) months, we may have disclosed the above-listed Personal Information as described below.

We may disclose each category of Personal Information listed above to third parties in the following ways:

• Service Providers. We may disclose Personal Information to authorized third parties who perform services for us (including cloud services, data storage, sales, human resources, and marketing). Our contracts with our service providers include commitments that they agree to limit their use of Personal Information and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.
• Affiliated Companies. We may disclose such Personal Information to subsidiaries, affiliates or strategic partners as needed to provide our products and services and generally as necessary in the administration of a global organization. Remember that if you provide Personal Information directly to a third party, such as to a Host, that processing is typically based on their standards.
• Corporate Transaction. We may disclose your Personal Information in connection with a proposed or actual corporate merger, acquisition, consolidation, sale of assets, bankruptcy, insolvency or other corporate change. Such recipient will be bound by terms and conditions reasonably similar to those set out in this Privacy Policy.
• Other Parties. We may disclose your Personal Information to legal, governmental, or judicial authorities, as instructed or required by those authorities or applicable laws, or in relation to a legal activity, such as in response to a subpoena or an investigation of suspected illicit activity. We may also disclose such Personal Information if we believe disclosure is necessary to prevent physical, financial, or other harm, injury, or loss.
• Deidentified Personal Information. We may disclose or use aggregated or deidentified data for any lawful purpose.
• Additional Disclosures. From time to time, we disclose your information to our attorneys, banks, auditors, securities brokers and other professional service providers and advisors in connection with the purposes described above.
• Other Disclosures With Your Consent. We may disclose your Personal Information with your consent to other unaffiliated third parties who are not described elsewhere in this Privacy Policy.

Sia relies on the following legal grounds for the collection, processing, and use of your Personal Information:

• As necessary to provide a service or perform a transaction (such as when we respond to your requests);
• Consent (where you have provided consent as appropriate under applicable law);
• As necessary for legitimate interests (such as when we act to maintain our global business generally, including maintaining the safety and security of the Site); and
• Compliance with legal obligations, particularly in the area of labor and employment law, social security and protection law, data protection law, tax law, and corporate compliance laws.

The provision of your Personal Information is partly a statutory requirement and partly a contractual obligation.

With regard to our processing of Personal Information, we have implemented generally accepted security standards to protect Personal Information from loss, misuse, alteration or destruction. Despite these protections, however, we cannot guarantee the safety of your Personal Information. In case there is unauthorized access to or use of your Personal Information, we may notify you of such access or use, including by electronic means if permitted by law.

Sia does not knowingly collect Personal Information from children under the age of 13 (or other relevant age of majority) without first obtaining parental consent in accordance with applicable laws. Users under the age of 13 should not submit any Personal Information to us. If you believe we have collected Personal Information from your child in error or have questions or concerns about our practices relating to children, please notify us using the details in the "Contact Us" section below. We will take prompt steps to remove the Personal Information from our systems.

Sia is headquartered in the United States and we have operations, entities, and service providers both in the United States and throughout the world. As such, we and our service providers may transfer your Personal Information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your Personal Information receives an adequate level of protection in the jurisdictions in which we process it. If you are located in the European Economic Area, Switzerland or the UK, we provide adequate protection for the transfer of Personal Information to countries outside of these areas, such as through the use of authorized EU Standard Contractual Clauses, the UK Standard Contractual Clauses, or the UK Addendum to the EU Standard Contractual Clauses. Depending on your location, you may have the right to request a copy of such appropriate safeguards by contacting us as set out at the end of this Privacy Policy.

Every time you come to the website, our website's web server automatically collects information, including, in some instances, Personal Information, through cookies, web beacons, and other similar tracking technologies (collectively "cookies"). Cookies are small text files that are placed on your computer or mobile device when you visit a website. Cookies help the website remember information about your visit, which can make it easier to visit the website again and make the website more useful to you. Some cookies are deleted once you close your browser (session cookies), while other cookies are retained even after you close your browser so that you can be recognized when you return to a website (persistent cookies). More information about cookies and how they work is available at www.allaboutcookies.org. Generally, your email address and all other Personal Information is collected only when you voluntarily provide that data.

Cookies on our website are generally divided into the following categories:

We may use the information collected through cookies and related tracking technologies for the following purposes:

• To make our website easier to use and generally improve its performance.
• To gather metrics about how you interact with our website.
• For security reasons.

Most web browsers automatically accept cookies, but you can usually change your browser settings to prevent this. If you disable cookies, your ability to use some features of the Site may be limited. For mobile devices, you may be able to manage certain cookies using your built-in mobile device settings and controls. Any choices concerning cookies are browser and/or device specific. If you clear your cookies from your browser on any of your devices, your choices will need to be reset. You should check how to do this on your device(s) and operating systems.

Our Site may contain links to other websites for your convenience and information. These websites may be operated by companies not affiliated with Sia. Linked websites may have their own privacy policies or notices, which we recommend you review if you visit those websites. This Privacy Policy only applies to Personal Information collected on this Site. We have no control over third-party websites and are not responsible or liable for the content, privacy practices, or use of any websites that are not affiliated with Sia. However, we may include links on our Site to Sia.Tech, the use of which is governed by the Sia Foundation and which is affiliated with Sia.

Depending on where you are located (e.g., California, Colorado, the European Union, or United Kingdom), you may have certain rights regarding your Personal Information.

• Right to access: You may have the right to obtain from us confirmation as to whether Personal Information concerning you is being processed, and, where that is the case, to request access to the Personal Information. You may also have the right to request a list of third parties that have received Personal Information from us, depending on where you are located.
• Right to rectification (right to correct inaccurate information): You may have the right to request that we correct any Personal Information about you that is inaccurate. Depending on the purpose of the processing, you also have the right to request that we complete the Personal Information we hold about you where you believe it is incomplete, including by means of providing a supplementary statement.
• Right to erasure (right to be forgotten): You may have the right to request that we erase your Personal Information, under certain conditions.
• Right to restrict processing: You may have the right to request that we restrict the processing of your Personal Information, under certain conditions. In such case, the respective data will be marked and may only be processed by us for certain purposes.
• Right to object to processing: You may have the right to object to our processing of your Personal Information, under certain conditions, and we can be required to no longer process your Personal Information. Such right to object may especially apply if we collect and process your Personal Information through automated decision making, such as profiling, to better understand your interests in our products and services or for direct marketing. If you have a right to object and you exercise this right, your Personal Information will no longer be processed by us for such purposes. Such a right to object may, in particular, not exist if the processing of your Personal Information is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
• Right to data portability: You may have the right to request that we transfer the Personal Information we have collected about you to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
• Right to withdraw consent: Where we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
• Right to know what Personal Information is sold or shared and to whom, and right to prohibit the sale or sharing of Personal Information: We do not and have not in the preceding 12 months, sold your Personal Information.
• Right of non-discrimination/retaliation: We do not discriminate against individuals who exercise any of their rights described in this Privacy Policy, nor do we retaliate against individuals who exercise these rights.

Please note that many of the above rights are subject to exceptions and limitations. Your rights and our responses will vary based on the circumstances of the request. If you choose to assert any of these rights under applicable law, we will respond within the time period prescribed by such law.

If you are located in the State of California in the United States, a person authorized to act on your behalf may make a verifiable request related to your personal information. If you designate an authorized person to submit requests to exercise certain privacy rights on your behalf, we will require verification that you provided the authorized agent permission to make a request on your behalf.

In any circumstances, your request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative of that person; and (ii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

To exercise your rights, please contact us as stated in the "Contact Us" section of this Privacy Policy.

Sia does not currently recognize Do Not Track signals.

As Sia grows and our business changes, we may modify, expand, or update this Privacy Policy at any time as we deem appropriate to reflect those changes. When we make changes to this Privacy Policy, we will post the updated Privacy Policy on the Site and update the Privacy Policy's "last updated" date below. It is important that you check back from time to time and make sure that you have reviewed the most current version of this Privacy Policy. If you do not agree with the changes, then you should stop using our Site and Services and notify us that you do not want your Personal Information used in accordance with the changes.

If you have questions or comments regarding this Privacy Policy or our privacy practices, please contact us by using the information below. You may also have a right to lodge a complaint with a data protection supervisory authority.

221 W 9th St, PMB 1038
Wilmington Delaware 19801
United States

Email: [email protected]

This Privacy Policy includes an "effective" and "last updated" date. The effective date refers to the date that the current version took effect. The last updated date refers to the date that the current version was last substantively modified.

Effective Date: March 18, 2026
Last Updated: March 17, 2026