1. Information We Collect

1.1 Personal Information You Provide

When you voluntarily interact with Silia, we may collect:

• Full name and name of your company.

• Business or personal email address.

• Phone number.

• Role, department or job title.

• Information you share when requesting a demonstration, contacting us or subscribing to our communications.

1.2 Information Collected Automatically

When browsing our website or using our platform, we automatically collect:

• IP address and approximate geolocation data.

• Browser and operating system type and version.

• Pages visited, actions performed and time spent.

• Platform usage data: workflows executed, interactions with agents, performance events.

• Cookies and similar tracking technologies (see Section 5).

1.3 Data Processed through AI Agents

• Our platform orchestrates artificial intelligence agents that may process data provided by you or by your organization. This includes:

• Conversations and interactions with customer service, sales or internal operations agents.

• Structured and unstructured data transmitted from integrated systems (CRM, ERP, databases, APIs).

• Records of transactions, requests and responses processed by the agents.

• Key protection measure: Before transmitting any data to third-party large language models (LLMs), Silia applies anonymization and/or pseudonymization processes to remove or mask personally identifiable information (PII). Third-party LLMs receive only data in anonymized format that does not allow the individuals involved to be directly identified.

1.4 Data in Recruitment Processes and Job Applications

When you apply for a position at Silia or participate in a recruitment process, we collect:

• Curriculum vitae and cover letter.

• Contact information: name, email address, phone number, location.

• Professional, academic and skills history.

• Responses to tests, questionnaires or interviews conducted during the process.

• Professional references, when applicable.

Exclusive purpose: Data collected in recruitment processes is used only to evaluate your candidacy. It will not be shared with third parties outside the process or used for marketing purposes. If your candidacy is unsuccessful, we will retain your data for a maximum period of 12 months for future opportunities, unless you request its deletion.

2. How We Use Your Information

We process your personal data for the following legitimate purposes:

• Provision of the service: Operate, maintain and improve our AI agent platform and services.

• Customer service: Manage demonstration requests, inquiries and technical support.

• Personalization: Personalize the platform usage experience according to your preferences and settings.

• Analysis and optimization: Measure agent performance, identify bottlenecks and optimize workflows.

• Marketing communications: Send product updates, relevant content and commercial communications, always with your prior consent and with the option to unsubscribe at any time.

• Security and compliance: Detect and prevent fraudulent activities, unauthorized access and security vulnerabilities.

• Legal obligations: Comply with legal and regulatory obligations or requirements from competent authorities.

• Personnel selection: Evaluate candidacies and manage hiring processes.

3. Legal Bases for Processing

The processing of your personal data is based on the following legal bases, as applicable:

• Consent: When you provide data to receive a demonstration, subscribe to communications or apply for a position.

• Performance of a contract: When processing is necessary to provide the contracted services or carry out pre-contractual actions at your request.

• Legitimate interest: To protect the security of our platform, prevent fraud and comply with regulatory obligations.

• Legal obligation: When applicable law (including the LFPDPPP in Mexico) requires us to process certain data.

4. How We Share Your Information

Silia does not sell, lease or commercialize your personal data. We share information only in the following cases:

• Service providers: We use external providers for hosting services (cloud infrastructure), analytics, communications, support and customer success. These providers are subject to confidentiality agreements and may only use your data for the purposes we indicate to them.

• Language models (LLMs): Silia’s AI agents may send data to third-party language models to generate responses. Before such transmission, we apply anonymization processes so that the LLMs do not receive direct personally identifiable information.

• Legal requirements: When required by applicable legislation, a court order or competent authority.

• Business transitions: In the event of a merger, acquisition, reorganization or sale of assets, your data may be transferred to the successor entity under the same protection conditions.

• With your consent: With your prior and express consent, for any purpose not covered in this policy.

5. Cookies and Tracking Technologies

Silia uses cookies and similar technologies (tracking pixels, local storage) to:

• Ensure the proper functioning of the website and platform.

• Remember your preferences and session settings.

• Analyze user behavior and site performance.

• Support digital marketing campaigns (Google Analytics, Google Tag Manager and similar tools).

You may configure your browser to reject or delete cookies. Please note that some site functions may not be available if cookies are disabled. To learn more about how we manage cookies, write to us at contact@silia.com.

6. Data Retention

We retain your personal data only for the time necessary to fulfill the purposes for which it was collected:

• Data of clients and active platform users: during the term of the service contract and up to 5 years after its termination.

• Data of employment candidates: up to 12 months from the closing of the process, unless you request its deletion earlier.

• Data of website visitors (cookies/analytics): according to the parameters of the tools used, with a maximum of 26 months.

• Data required by legal obligation (tax, accounting): as established by applicable legislation

After these periods have elapsed, the data will be securely deleted or irreversibly anonymized.

7. Information Security

Silia implements technical, organizational and administrative measures to protect your personal data, including:

• Encryption of data in transit (TLS/HTTPS) and at rest.

• Role-based access control (RBAC) with secure authentication.

• Complete audit log of actions performed by agents and users.

• Anonymization of PII before its transmission to external language models.

• Continuous monitoring of the platform to detect unauthorized access or anomalous behavior.

• Backup and disaster recovery processes.

No data transmission over the internet is completely secure. By using our services, you acknowledge that you assume a residual level of risk inherent to the technology. In the event of a security breach affecting your data, we will notify you according to the timeframes established by applicable legislation.

8. Artificial Intelligence and Automated Decision-Making

Silia is an AI agent orchestration platform. In this context:

• AI agents interact with end users to automate business processes (customer service, sales, internal operations, among others).

• Interactions with agents may be recorded for continuous improvement, auditing and traceability purposes.

• Before sending any data to third-party LLMs, Silia applies anonymization techniques to protect the privacy of the individuals involved.

• Workflows that involve decisions with significant impact on individuals (approvals, rejections, escalations) are designed with configurable human intervention.

If you or your organization wish to know how the agents that interact with your data work, you may request it at contact@silia.com.

9. Your Rights over Your Personal Data

In accordance with Mexico’s Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and other applicable legislation, you have the right to:

• Access: Know what personal data we hold about you.

• Rectification: Request the correction of inaccurate or incomplete data.

• Cancellation: Request that we delete your data when it is no longer necessary or when you withdraw your consent.

• Objection: Object to the processing of your data for specific purposes.

• Revocation of consent: Withdraw previously granted consent, without affecting the lawfulness of processing carried out before such withdrawal.

• Marketing cancellation: Opt out of marketing communications or newsletters at any time.

• To exercise any of these rights, send us a request at: contact@silia.com

To exercise any of these rights, send us a request at: contact@silia.com

We will respond to your request within a maximum period of 20 business days, in accordance with the provisions of the LFPDPPP.

10. International Data Transfers

Silia may use cloud infrastructure and service providers located outside Mexico (for example, in the United States or Europe). In these cases, we guarantee that:

• Transfers are made to countries or entities that have adequate levels of data protection.

• The necessary contractual agreements are entered into (standard contractual clauses or other valid mechanisms) to protect your data at all times.

• Anonymized data sent to LLMs does not constitute transfers of personal data, as it has been processed to remove any identifier.

To exercise any of these rights, send us a request at: contact@silia.com

We will respond to your request within a maximum period of 20 business days, in accordance with the provisions of the LFPDPPP.

11. Minors

Our services are directed exclusively to companies and professionals. We do not intentionally collect personal data from minors under 18 years of age. If we identify that we have received data from a minor without the appropriate consent, we will delete it immediately.

12. Links to Third-Party Sites

Our website and platform may contain links to third-party websites or services. Silia is not responsible for the privacy practices of such sites. We recommend reviewing their privacy policies before providing them with any personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our services, technology or applicable legislation. When we make substantial changes:

• We will publish the new version on our website with the update date.

• We will notify you by email if we are your active service provider.

Continued use of our services after the publication of changes constitutes your acceptance of the updated policy.

14. Contact and Data Controller

For any question, request regarding ARCO rights, report of privacy incidents or inquiry about this Policy, contact us:

Silia S.A. de C.V.

Mexico City, Mexico

Privacy email: contact@silia.com

Website: www.silia.com

We commit to responding to any privacy-related request within a maximum period of 20 business days.

© 2026 Silia. All rights reserved.