HURST CAPITAL LTDA. ("HURST") and HURST SERVIÇOS DE INVESTIMENTO COLETIVO E SECURITIZAÇÃO S.A. ("HURST CROWDFUNDING") and, together with HURST ("HURST GROUP"), value and are committed to preserving the privacy, security, and transparency in the processing of personal data of their employees, customers, partners, and all other individuals with whom they have any relationship. Accordingly, this Privacy and Data Security Policy ("Policy") has been prepared in accordance with the General Personal Data Protection Law – LGPD (Law No. 13,709/18) and the Brazilian Civil Rights Framework for the Internet (Law No. 12,965/14). Furthermore, this Policy may be updated as a result of any regulatory updates.

The Privacy and Data Security Policy defines the guidelines for the use, storage, processing, and protection of personal data collected digitally and/or physically by the HURST GROUP, covering collection through various communication channels, such as websites, email, WhatsApp, social networks, points of sale, and events. Therefore, it is highly recommended that employees, customers, and other interested parties read this document carefully.

When using our services, employees, customers, and other interested parties are aware of the processing of their personal data as provided for by Brazilian law, in particular the General Personal Data Protection Law – LGPD (Law No. 13,709/18).

We clarify that this Policy applies when the HURST GROUP acts as the controller of personal data of employees, customers, and other interested parties.

Therefore, the HURST GROUP, in its role as Data Controller, is bound by the provisions of this Privacy Policy.

Personal data is processed for the following purposes:

The HURST GROUP may share all Personal Data collected with third parties. Such sharing may be done to comply with legal, regulatory, or tax requirements, as well as to fulfill the purposes mentioned above, and within the limits required and authorized by law:

In cases where your Data is shared with third parties, all subjects mentioned in the items above must use the shared Data consistently and in accordance with the purposes for which it was collected (or to which the User previously consented), as determined in this Privacy Policy, as well as observing other website or country privacy statements, and all applicable privacy and data protection laws.

In the event of data sharing, the third party will only receive the data necessary to provide the contracted services. It should be noted that our contracts are drafted in compliance with Brazilian data protection laws. However, our partners have their own Privacy Policies, which may differ from ours.

When you are redirected to a third-party application or website, you will no longer be governed by this Privacy Policy or our platform's Terms of Service. We are not responsible for the privacy practices of other websites and encourage you to read their privacy statements.

No documents and/or personal information will be sold. Furthermore, the personal information of Users (referred to as Data Subjects) will not be disclosed individually to third parties, except as set forth in this instrument or as required by law and by court order.

Some of the third parties with whom we share your data may be located or have facilities located in foreign countries. In any case, the HURST GROUP adopts appropriate prevention and security measures compatible with the nature of the personal data, the purpose of the processing, and the risks involved in the operation to ensure compliance with the principles, the rights of the data subject, and the personal data protection regime provided for in the LGPD.

The Personal Data of employees, customers, partners, and all other individuals who have any connection with the HURST GROUP are stored digitally and/or physically for the period necessary to provide the service or fulfill the purposes set forth in this document.

The data will be deleted when it no longer serves the purpose for which it was collected. Users may request the deletion of their personal data when the processing is based on their consent or if the data processed is excessive, unnecessary, or processed in violation of the LGPD.

Furthermore, the personal data of data subjects will only be retained after the end of its processing in the cases provided for in Article 16 of the LGPD, namely:

All data provided by employees, clients, partners and other individuals linked to GRUPO HURST will be treated confidentially and only for specific purposes. To keep personal information secure, we use physical, electronic (our servers) and managerial tools, oriented in accordance with our security policies and standards to protect your privacy.

These tools are applied taking into account the nature of the personal data collected, the context, the purpose of the processing and the risks that possible violations would generate for the rights and freedoms of the holder of the data collected and processed.

Among the measures we have adopted, we highlight the following:

GRUPO HURST is committed to adopting the best measures to avoid security incidents. However, it should be noted that no transmission of information is totally secure and risk-free, and is susceptible to technical failures, viruses or similar actions. It is possible that, despite all our security protocols, problems may occur that are the sole fault of third parties, such as cyber attacks by hackers, or due to the negligence or recklessness of the user/customer themselves.

In the event of a security incident that may pose a risk or cause significant damage to the owners of personal data, the HURST GROUP undertakes to make every effort to remedy the consequences of the event. In addition, we will notify those affected and the National Data Protection Authority about the incident, in accordance with the provisions of the General Personal Data Protection Law – LGPD (Law No. 13,709/18).

The HURST GROUP guarantees the rights set forth in Article 18 of the General Personal Data Protection Law – LGPD (Law No. 13,709/18). Thus, the Personal Data Owner may, free of charge and at any time:

To exercise the rights provided for in the LGPD, the Personal Data Subject must contact the HURST GROUP via the following email address:

De forma a garantir a sua correta identificação como titular dos dados pessoais, é possível que solicitemos documentos ou demais comprovações que possam comprovar sua identidade. Nessa hipótese, você será informado previamente.

The customer/user guarantees and is responsible for the truthfulness, accuracy, validity and authenticity of the information they provide in order to purchase our products or services. GRUPO HURST accepts no liability whatsoever in the event of false data being entered or if any inaccuracies are detected.

The HURST GROUP has appointed a data officer, namely: DPO Oficial, a registered trademark of Vetaluti – Consultoria e Assessoria Ltda., a private legal entity, registered with the CNPJ under number 37.781.826/0001-45 and/or LGPDfit Consultoria e Serviços Ltda., registered with the CNPJ under number 53.049.872/0001-00, whose legal representative is Mr. Tarcisio Teixeira and whose technical manager is Ms. Ruth Maria Guerreiro da Fonseca Armelin.

The current version of the Privacy Policy was last updated on September 17, 2025.

We reserve the right to modify this Privacy Policy at any time, mainly in order to adapt it to any changes made to our website or in the legislative sphere.

Any changes will come into force as soon as they are published on our website.

The HURST GROUP provides for the responsibility of agents involved in data processing, in accordance with Articles 42 to 45 of the General Personal Data Protection Law – LGPD (Law No. 13,709/18).

GRUPO HURST is responsible for the security of the data processing processes and the fulfillment of the purposes described in this instrument.

GRUPO HURST undertakes to keep this Privacy Policy up to date, observing its provisions and ensuring compliance with it.

In addition, it undertakes to seek technical and organizational conditions that are certainly capable of protecting the entire data processing process. In addition, if the National Data Protection Authority (ANPD) requires the adoption of measures in relation to the data processing carried out by GRUPO HURST, we undertake to follow them.

Cookies are files installed on users' electronic devices to collect information about the website for various purposes, such as ensuring the website's functionality, monitoring performance, or displaying advertisements.

The HURST GROUP website uses necessary cookies, which, if disabled, prevent the website from functioning or users from using its services, as well as non-necessary cookies, with features that are not essential to the service, which can be disabled by users without affecting the functioning of the website.

Functionality cookies: These are necessary cookies used to provide the basic services requested by users.

Quantity: 16

Analytical or performance cookies: These are non-essential cookies that collect data and information about how users use the website, which pages they visit most frequently, and the occurrence of errors or information about the performance of the website or application itself.

Quantity: 19

Advertising cookies: These are non-essential cookies used to collect information about the user's browsing habits in order to build profiles and display personalized ads based on their interests.

Quantity: 5

Others: Cookies with unknown purpose.

Quantity: 11

The HURST GROUP has no control over the functioning of third-party cookies, as they are created by another domain.

For more information and settings, users can access the privacy policies of each third party to find out which cookies are used and how personal data is processed.

How do I configure cookies on the website or in my browser?

Cookies retain user data for the periods mentioned above and may be transferred outside Brazil.

Users have the option to change permissions, block, or refuse cookies at any time by configuring or using the tools provided by their browser; however, this may impair the use of the website. For more information, see the links below: