Product Safety Advisors — Privacy Policy

Effective Date: May 23, 2026 Last Updated: June 12, 2026

Product Safety Advisors is a consulting practice management service and client portal operated by RFBrenner LLC (“Company,” “we,” “our,” or “us”). We respect your privacy and are committed to protecting it through this Privacy Policy. This policy explains how we collect, use, disclose, and safeguard your information when you use the Product Safety Advisors services and client portal, visit our website, or otherwise interact with us.

This policy applies to Product Safety Advisors and its supporting websites, clients.productsafetyadvisors.com, productsafetyadvisors.com, and rfbrennerllc.com.

1. Information We Collect

We collect personal and business information that you voluntarily provide to us, including:

• Identity and contact information (name, email address, mobile phone number, employer, job title)
• Account credentials (encrypted passwords, multi-factor authentication factors)
• Business information (company name, industry, address, EIN where required)
• Payment information (billing address, payment method tokens — full card numbers are not stored by us; they are tokenized by our payment processor)
• Content you upload to our platforms (documents, reports, evidence files, communications)
• Communications with us (emails, support tickets, meeting notes)

We also collect non-personal information automatically when you use our platforms or visit our websites, including:

• Device and browser information (operating system, browser type, IP address)
• Usage data (pages viewed, features used, time stamps)
• Cookies and similar tracking technologies (see Section 8)

2. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain our consulting services and platforms
• Authenticate users, including via multi-factor authentication (see Section 4)
• Communicate with you about your account, our services, billing, and support
• Process payments and manage invoicing
• Improve our services, develop new features, and analyze platform usage
• Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service
• Comply with legal obligations, respond to lawful requests, and enforce our agreements

3. Information Sharing

We do not sell or rent your personal information to third parties. We may share your information only as described below:

• Service providers: Trusted third-party vendors that help us operate our platforms (cloud hosting, email delivery, payment processing, multi-factor authentication delivery, analytics). These providers are contractually bound to use your information only to provide services to us and to protect it in accordance with this policy and applicable law. Our current sub-processors are listed in our public Sub-processor Register.
• Legal compliance: When required by law, subpoena, court order, or to protect the rights, property, or safety of RFBrenner LLC, our customers, or others.
• Business transfers: In connection with a merger, acquisition, financing, or sale of assets, your information may be transferred — subject to standard confidentiality protections and continued application of this policy.
• With your consent: Any other sharing requires your explicit consent.

4. SMS Communications and Mobile Phone Numbers

If you choose to enable text-message (SMS) multi-factor authentication, we collect your mobile phone number for that purpose. The following terms apply:

• No mobile-number sharing. We do not share, sell, rent, or otherwise disclose your mobile phone number, or any information collected through SMS communications, to third parties or affiliates for marketing or promotional purposes. Mobile phone numbers and SMS opt-in data are used only to deliver the verification codes you have requested via our SMS delivery provider.
• Message frequency. Message frequency varies based on your account activity. For multi-factor authentication, you will typically receive one message per sign-in attempt or sensitive action that requires verification.
• Message and data rates. Message and data rates may apply, as charged by your mobile carrier. Product Safety Advisors does not charge you for sending or receiving SMS messages.
• Opt-in. You opt in to SMS communications when you select SMS as your multi-factor authentication method during account setup or in your account security settings, and provide your mobile phone number at that time. Providing your phone number in that context constitutes your explicit consent to receive SMS verification codes from Product Safety Advisors.
• Opt-out. You can opt out of SMS communications at any time by disabling SMS multi-factor authentication in your account security settings, or by replying STOP to any message we send you. After opting out, you may continue to use other multi-factor authentication methods (such as an authenticator app) or sign in without multi-factor authentication if your account permits.
• Help. Reply HELP to any message, or contact us at rick.brenner@rfbrennerllc.com (see Section 12), for assistance.
• Carriers and delivery. SMS messages are delivered by our telecommunications partner. Carriers are not liable for delayed or undelivered messages.

5. Data Security

We implement appropriate technical, administrative, and physical safeguards to protect your information from unauthorized access, use, alteration, or disclosure. These include encryption in transit (TLS), encryption at rest, role-based access controls, audit logging, multi-factor authentication for administrative accounts, vendor security review, and an Information Security Management System (ISMS) aligned with ISO 27001. Details of our security posture are available on request via our public Security Posture Summary.

No system can be guaranteed 100% secure. We will notify affected individuals and applicable regulators of any security incident affecting personal information as required by applicable law.

6. Your Rights

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information, subject to legal and contractual retention requirements
• Object to or restrict certain processing of your information
• Withdraw consent at any time where processing is based on consent (such as SMS communications)
• Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at the address in Section 12. We will respond within the timeframes required by applicable law (typically 30 days).

If you are a resident of the European Economic Area, United Kingdom, or another jurisdiction with similar laws (such as California, Quebec, or Brazil), additional rights may apply. Contact us for details.

7. Data Retention

We retain personal information for as long as your account is active, or as long as needed to provide our services. After account closure, we retain information only as long as required for legitimate business purposes (such as resolving disputes, complying with legal obligations, or enforcing our agreements). Our retention practices follow our internal Records Retention and Deletion Policy.

8. Cookies and Tracking Technologies

Our websites and platforms use cookies and similar technologies (web storage, session tokens) to:

• Maintain your signed-in session
• Remember your preferences
• Analyze traffic and improve our services
• Detect security anomalies

You may disable cookies in your browser settings, but some features (including signing in) will not function without them. We do not use third-party advertising or behavioral-targeting cookies.

9. Children’s Privacy

Our services are designed for business use and are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

10. International Users

RFBrenner LLC is based in the United States. If you access our services from outside the United States, your information will be transferred to, stored, and processed in the United States. By using our services, you consent to this transfer. Where required by law, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) to protect cross-border transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Last Updated” date at the top of this policy and, where appropriate, by email or in-app notice. Continued use of our services after changes indicates acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, or to exercise any of your rights under Section 6, please contact us:

RFBrenner LLC Attn: Rick Brenner, CISO Scarsdale, NY, United States Email: rick.brenner@rfbrennerllc.com

For SMS-specific questions, including opt-out assistance, you may also reply HELP to any message we send you, or contact us at the email above.