Effective Date: 29 November 2025 This Privacy Policy describes how Aero‑Dash (“we,” “us,” “our”) collects, uses, discloses and protects personal information when you visit our website, use our mobile applications or interact with our peer‑to‑peer delivery platform (collectively, the “Platform”). We are committed to protecting your privacy and complying with applicable data protection laws, including the Australian Privacy Act 1988 and, where applicable, the EU General Data Protection Regulation (GDPR). By using the Platform, you consent to the practices described in this Policy. 1. Information We Collect We collect information in three primary ways: (a) information you provide directly; (b) information we collect automatically when you use the Platform; and (c) information from third‑party sources. 1.1 Information You Provide • Account Information: When you create an account, you provide your name, email address, phone number, address, date of birth and password. You may also provide a profile photo and other personal details. • Identity Verification: To increase trust, we may collect copies of identification documents (e.g., passport, driver’s licence), travel itinerary details, and biometric data (e.g., selfies) for verification purposes. • Transaction Information: When you post or accept a delivery request, you provide details about the item, pickup/destination addresses, delivery instructions and payment details (processed by a third‑party payment provider). • Communications: We collect any communications you send through the Platform, including messages between Senders and Pilots and feedback. • Customer Support: If you contact us, we collect information you provide to help resolve your request. 1.2 Information Collected Automatically • Usage Data: We collect information about how you interact with the Platform, such as pages visited, features used, time spent, clicks, search queries and referral source. • Device & Log Data: We may collect your device’s IP address, browser type, operating system, device identifiers, crash logs and other diagnostic data. • Location Data: When you enable location services, we collect precise geolocation data to facilitate delivery matching and tracking. You can disable location permissions via your device settings, but this may affect functionality. • Cookies & Tracking Technologies: We use cookies, pixels and similar technologies to remember your preferences, deliver personalised content, provide analytics and improve our services. You can manage cookie preferences in your browser settings. 1.3 Information from Third Parties • Payment Processors: We receive confirmation of payment status from our payment partners (e.g., whether payment was successful), but we do not store full credit card details. • Identity Verification Services: To verify your identity, we may receive results from third‑party verification providers (e.g., verification status, document authenticity). • Analytics Providers: We may receive aggregated analytics data from service providers that help us understand usage patterns. 2. How We Use Information We use personal information for the following purposes: 1. Provide & Improve Services. To operate, maintain and improve the Platform, match Senders with Pilots, process transactions, provide customer support and personalise your experience. 2. Verification & Security. To verify users’ identities, prevent fraud, protect the integrity of our Platform and ensure compliance with applicable laws. 3. Communications. To send transactional messages (e.g., confirmations, updates), respond to inquiries, provide service announcements and send marketing communications (subject to your consent where required). 4. Analytics & Research. To analyse usage patterns, measure the effectiveness of our Platform, develop new features and perform research. 5. Legal Compliance. To comply with legal obligations, regulatory requirements and law enforcement requests; to enforce our Terms & Conditions; and to protect our rights, property and safety and that of our users. 3. Legal Bases for Processing (GDPR) If the GDPR applies, our legal bases for processing your personal information include: (a) Performance of a contract (to provide our services); (b) Consent (for certain marketing communications and location data); (c) Legitimate interests (e.g., to improve our services, prevent fraud); and (d) Legal obligations. 4. Sharing & Disclosure We do not sell your personal information. We may share information as follows: 1. With Other Users. When you arrange a delivery, certain information (e.g., first name, initial, rating, pickup/destination addresses) is shared with the counterparty to facilitate the transaction. 2. Service Providers. We share information with trusted third parties that perform services on our behalf, such as payment processing, identity verification, hosting, analytics and customer support. These providers may only use your information to perform services for us. 3. Legal & Safety. We may disclose information if we believe it is necessary to comply with law, respond to legal processes, prevent fraud or protect the rights, property or safety of Aero‑Dash, our users or the public. 4. Business Transfers. In connection with a merger, acquisition or sale of assets, your information may be transferred to the successor entity, subject to this Policy. 5. International Data Transfers Our servers and some of our service providers are located outside of Australia. As a result, your information may be transferred to and stored in other countries. We take steps to ensure that such transfers comply with applicable data protection laws and that your data remains protected. 6. Data Retention We retain personal information for as long as necessary to provide the services, comply with our legal obligations, resolve disputes and enforce our agreements. When data is no longer required, we will securely delete or anonymise it. 7. Your Rights & Choices Depending on your location, you may have the following rights regarding your personal information: • Access & Correction: You may request access to your personal information and ask us to correct inaccurate or incomplete data. • Deletion: You may request deletion of your personal information, subject to certain exceptions (e.g., when we need to keep data to comply with legal obligations). • Objection & Restriction: You may object to or request restriction of processing under certain circumstances. • Portability: You may request that we provide your information in a structured, commonly used and machine‑readable format. • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time. To exercise these rights, contact us at privacy@aero‑dash.com. We may need to verify your identity before fulfilling your request. 8. Security We implement technical and organisational measures to protect your information against unauthorised access, loss, misuse or alteration. However, no method of transmission or storage is completely secure. We cannot guarantee absolute security. 9. Children’s Privacy Our Platform is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected personal information from a child under 18, we will delete it. 10. Changes to This Policy We may modify this Privacy Policy from time to time. Material changes will be communicated via email or through the Platform. Continued use of the Platform after changes constitutes acceptance of the updated Policy. 11. Contact Us If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: privacy@aero‑dash.com. ________________________________________