KOBO Privacy policy

Effective July 4, 2025.

Each Affiliate is responsible for keeping their Affiliate Information up to date and accurate and must immediately update any changes in their back office. It is particularly important that an Affiliate provides KOBO with their current email address, since email is one of the primary ways that KOBO and an Affiliate’s upline will communicate with the Affiliate. By agreeing to the Policies and Procedures, the Affiliate consents to the KOBO Privacy Policy and to receiving emails from KOBO as well as from their upline. Each Affiliate may modify their Affiliate Information (e.g., update an address, phone number or email address). Affiliate agrees that KOBO may share with Affiliate’s upline their name, telephone number, address, email address and select sales performance data for all Affiliates in their downline. No Social Security Number nor credit card number shall be shared with an Affiliate’s upline without separate express permission by Affiliate to allow such personal information sharing. By providing their email address and telephone number, Affiliate agrees to disclose their email address and telephone number to KOBO as well as to their upline. Affiliate further acknowledges that information provided to KOBO by Affiliate will be shared with and processed by KOBO corporate offices.

Expectation of Privacy

KOBO recognizes and respects the importance its Customers & Affiliates place on the privacy of their financial and personal information. KOBO will make reasonable efforts to safeguard the privacy of and maintain the confidentiality of its Customers’/Affiliates’ financial and account information and non-public personal information.

Employee Access to Information

KOBO limits the number of employees who have access to Customer’s/Affiliates nonpublic personal information.

Restrictions on the Disclosure of Account Information

KOBO will not share non-public personal information or financial information about current or former Customers & Affiliates with third parties, except as permitted or required by laws and regulations, court orders, or to serve the Customers’/Affiliates’ interests or to enforce its rights or obligations under these Policies and Procedures, the Affiliates Agreement, or with express written permission from the accountholder on file.

Security and Security Breaches

All Affiliates must adopt, implement, and maintain appropriate administrative, technical, and physical safeguards to protect against anticipated threats or hazards to the security of confidential information, including Customer & Affiliate Data. These safeguards must be appropriate to the sensitivity of the information.

Appropriate safeguards for electronic and paper records may include but are not limited to:

(i) encrypting data before electronically transmitting it.

(ii) storing records in a secure location; and

(iii) password-protecting computer files and securely shredding paper files containing confidential information.

Affiliates must keep confidential information secure from all persons who do not have legitimate business needs to see or use such information. Affiliates must ensure they obtain and maintain consent from prospective Customers & Affiliates and existing Customers & Affiliates before sharing such data with the KOBO.

Affiliates must comply with all applicable privacy and data security laws, including any security breach notification laws. Without limitation of the preceding sentence, in the event of an actual or suspected Security Breach affecting KOBO ’s data, the applicable Affiliates shall first promptly notify the KOBO Compliance Department in writing after becoming aware of such Security Breach, and if instructed by the Compliance Department, notify applicable Customers & Affiliates. Any such notification to Customers & Affiliates shall be made in compliance with applicable law and shall specify the following:

(i) the extent to which Customer/Affiliates Data was or was suspected to be disclosed or compromised.

(ii) the circumstances of the Security Breach;

(iii) the date or period of time on which it occurred;

(iv) a description of the information affected;

(v) a description of the steps taken to reduce the risk of harm from the Security Breach;

(vi) contact information for a person able to answer questions regarding the Security Breach;

(vii) any other information required by the applicable law; and

(viii) in the case of a notice to a privacy commissioner or other regulatory body, an assessment of the risk of harm to any affected persons and an estimate of the number of persons affected.

Affiliates shall promptly comply with all applicable information Security Breach disclosure laws. Affiliates, at their expense, shall cooperate with KOBO , any applicable privacy commissioner or other regulatory body and the applicable Customers & Affiliates and use their best efforts to mitigate any potential damage caused by a breach of their obligations under the Affiliates Agreement or any law applicable to confidential data, including by sending notice to the affected individuals, applicable agencies and consumer reporting agencies, if such notification is required the KOBO in its sole and absolute discretion.

Privacy and Confidentiality

All Affiliates are required to abide by the KOBO ’s Privacy Policy with regard to Affiliates and Customer information.

The Data Management Rule

The Data Management Rule (the “Rule”) is intended to protect the Line of Sponsorship (“LOS”) for the benefit of all Affiliates, as well as KOBO. LOS information is information compiled by KOBO that discloses or relates to all or part of the specific arrangement of sponsorship within the KOBO business, including, without limitation, Affiliates lists, sponsorship trees, and all Affiliates information generated therefrom, in its present and future forms. The KOBO LOS, constitutes a commercially advantageous, unique, and proprietary trade secret (“Proprietary Information”), which it keeps proprietary and confidential and treats as a trade secret. KOBO is the exclusive owner of all Proprietary Information, which is derived, compiled, configured, and maintained through the expenditure of considerable time, effort, and resources by KOBO and its Affiliates. Through this Rule, Affiliates are granted a personal, non-exclusive, non-transferable, and revocable right by KOBO to use Proprietary Information only as necessary to facilitate their business as contemplated under these Policies. KOBO reserves the right to deny or revoke this right, upon

reasonable notice to the Affiliates stating the reason(s) for such denial or revocation, whenever, in the reasonable opinion of KOBO, such is necessary to protect the confidentiality or value of Proprietary Information.

All Affiliates shall maintain Proprietary Information in strictest confidence and shall take all reasonable steps and appropriate measures to safeguard Proprietary Information and maintain the confidentiality thereof.