Cookie Policy

1. Acceptance and Consent

This Policy describes the cookies and similar technologies used by Smadi, LLC ("Smadi," "we," or "us") on the Platform. Where Smadi adds new cookies or materially changes its cookie practices, your consent will be re-solicited before the new cookies are placed.

2. What Are Cookies and Similar Technologies

2.1 Cookies

A cookie is a small text file placed on your device (computer, smartphone, tablet, or smart TV) by a website or application when you visit it. Cookies allow the website to recognize your device on subsequent visits, remember your preferences, and collect information about how you use the site. Cookies may be set by Smadi ("first-party cookies") or by third-party service providers operating on Smadi's behalf ("third-party cookies").

2.2 Session Cookies vs. Persistent Cookies

Session cookies are temporary and are deleted from your device when you close your browser. They are used to maintain your session state during a single visit (for example, to keep you logged in as you navigate between pages). Persistent cookies remain on your device for a defined period after your session ends, or until you delete them manually. They are used to remember your preferences across multiple visits.

2.3 Similar Technologies

In addition to cookies, Smadi and its service providers may use the following similar technologies, which are subject to the same consent requirements as cookies under applicable law:

• Local Storage and Session Storage: browser-based key-value stores used to save session state and user preferences on your device. Used by the Platform for functionality purposes only.
• Web Beacons (Pixel Tags): small invisible images embedded in web pages or emails that communicate with a server when loaded, used to measure whether a page has been viewed or an email opened. Used by Smadi for analytics purposes only, where consented.
• Device Fingerprinting: the collection of technical characteristics of your device to create a unique identifier. Smadi does NOT use device fingerprinting for any purpose.
• Tracking Pixels (Third-Party): single-pixel images embedded in ad serving infrastructure to verify ad impression delivery. Deployed only where Advertiser tracking pixels have been disclosed and where User consent has been obtained, as described in Section 8.

3. Legal Framework and Applicable Law

3.1 EU/EEA Users — ePrivacy Directive and GDPR

For users in the European Union and European Economic Area, Smadi's use of cookies is governed by: (a) Directive 2002/58/EC (the ePrivacy Directive) as implemented in each EU Member State — this Directive requires prior informed consent for the placement of any cookie that is not strictly necessary; and (b) Regulation (EU) 2016/679 (GDPR), which governs the subsequent processing of personal data collected through cookies. Smadi's lead supervisory authority for GDPR purposes is the Comissão Nacional de Proteção de Dados (CNPD) in Portugal.

3.2 UK Users — PECR and UK GDPR

For users in the United Kingdom, Smadi's use of cookies is governed by the Privacy and Electronic Communications Regulations 2003 (PECR), which implement the ePrivacy Directive in UK law, and the UK General Data Protection Regulation (UK GDPR). UK users have the same consent rights as EU users. Smadi's supervisory authority for UK GDPR purposes is the Information Commissioner's Office (ICO).

3.3 U.S. Users — CCPA/CPRA and State Privacy Laws

For users in California, cookies that collect personal information may constitute "sharing" under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including for the purposes of cross-context behavioral advertising. Smadi does not currently use cookies for cross-context behavioral advertising. If this practice changes, Smadi will provide a "Do Not Sell or Share My Personal Information" opt-out mechanism. Users in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other U.S. states with applicable privacy legislation have equivalent rights under their applicable state law.

3.4 Consent Standard

Consent for non-essential cookies must be: freely given (not conditional on accessing the Platform); specific (granular by cookie category); informed (Users must have access to this Policy before consenting); and unambiguous (a clear affirmative action — scrolling, closing a banner, or inactivity does not constitute consent). Consent records are maintained by Smadi's Consent Management Platform (CMP) and include: the User's consent choice, the timestamp of consent, the version of this Cookie Policy in effect at the time of consent, and the specific categories consented to.

4. Cookie Categories and Legal Basis

Smadi uses cookies in the following categories. The legal basis for each category and whether consent is required before deployment is set out below:

Detailed descriptions of each category and the specific cookies deployed within each category are set out in Sections 5 through 8 of this Policy.

5. Strictly Necessary Cookies

Strictly necessary cookies are essential for the Platform to operate and cannot be disabled. They do not collect personal information for marketing purposes and are not used to track users across other websites. These cookies are placed on your device without prior consent, as they are required to deliver the service you have requested.

Note: Supabase cookie names include a project-specific identifier (e.g., sb-abcdefgh-auth-token). The exact cookie names will be confirmed once the Smadi production Supabase project identifier is finalized.

6. Functional and Preference Cookies

Functional and preference cookies enable the Platform to remember choices you have made to provide a more personalized experience. These cookies are not strictly necessary but significantly improve usability. They are placed only with your consent. You may withdraw consent at any time through the Cookie Settings tool.

7. Analytics and Performance Cookies

Analytics cookies help Smadi understand how visitors use the Platform — which pages are visited most, how long users stay, where they encounter errors, and what content drives engagement. This information is used to improve the Platform's performance and user experience. All analytics data is processed in aggregate or pseudonymized form. Analytics cookies are placed only with your consent.

Smadi's analytics approach: Smadi prioritizes privacy-preserving analytics that do not require cross-site tracking or persistent identification of individual users. Where feasible, Smadi uses server-side analytics derived from Platform database events rather than client-side tracking cookies, reducing the need for analytics cookies on the User's device.

8. Advertising Cookies

8.1 Contextual Advertising — Current Approach

Smadi's current advertising model is contextual only. Advertising is targeted based on: (a) the content category of the Content currently being viewed; (b) the User's language preference; and (c) approximate geographic location derived from IP address at the country level. This contextual targeting does not require cookies or persistent identifiers for individual users.

Where contextual advertising is served through Smadi's ad serving infrastructure without any cookie being placed on the User's device, no cookie consent is required for the ad serving itself. However, if any cookie is placed on the User's device in connection with ad delivery — including impression counting cookies — that cookie requires consent under the ePrivacy Directive regardless of the advertising model.

8.2 Behavioral Advertising — Not Currently Deployed

Smadi does not currently deploy behavioral advertising cookies, interest-based targeting, cross-site tracking, or retargeting of any kind. This section is reserved for future use. If Smadi introduces behavioral advertising in a future Platform phase, this Cookie Policy will be updated, a separate consent mechanism will be presented to all Users, and behavioral advertising cookies will be activated only where the User has explicitly opted in.

9. Third-Party Service Provider Summary

The following third-party service providers may place cookies or similar technologies on your device in connection with the Platform. Each provider is bound by a data processing agreement with Smadi and is not permitted to use data collected through the Platform for their own independent commercial purposes.

10. Consent Management Platform and User Controls

10.1 Cookie Consent Banner

On your first visit to the Platform (or on any visit where a valid consent record does not exist for your device), Smadi will display a cookie consent banner. The banner presents the following options:

• Accept All Cookies: consents to all non-essential cookie categories (Functional, Analytics, Advertising Contextual). Strictly necessary cookies are deployed regardless.
• Accept Selected: opens the Cookie Settings panel where you can independently accept or decline each non-essential cookie category.
• Decline All Non-Essential Cookies: declines all cookie categories except strictly necessary. The Platform remains accessible but certain personalization and analytics features will not function.

The banner does not include a "continue without choosing" or "X to close" option that would be interpreted as consent. Inactivity, scrolling, or closing the banner does not constitute consent.

10.2 Cookie Settings Panel

You may access and modify your cookie consent choices at any time by clicking "Cookie Settings" in the footer of any page on the Platform. The Cookie Settings panel allows you to:

• View which cookie categories are currently active on your device;
• Toggle individual cookie categories on or off independently;
• View a summary of the specific cookies deployed within each category;
• Withdraw all consents and reset to strictly necessary cookies only;
• View the version of this Cookie Policy that was in effect when you last gave consent.

10.3 Withdrawal of Consent

You may withdraw consent for any non-essential cookie category at any time through the Cookie Settings panel. Withdrawal of consent takes effect immediately for future cookie placement. Cookies already placed on your device before withdrawal will remain until their natural expiry unless you manually delete them through your browser settings. Withdrawal of consent does not affect the lawfulness of cookie-based processing carried out on the basis of consent before its withdrawal.

10.4 Consent Record

Smadi maintains a consent record for each User through the smadi_cookie_consent cookie (a strictly necessary cookie). The consent record includes: the date and time of consent, the version of this Cookie Policy in effect, the specific categories consented to, and the Platform page on which consent was given. This record is used by Smadi to demonstrate compliance with applicable law and to ensure that the correct cookies are deployed based on your choices. The consent record is stored on your device and is not transmitted to Smadi's servers in personally identifiable form.

10.5 IAB Transparency and Consent Framework (TCF 2.2)

Smadi's Consent Management Platform is designed to be compatible with the IAB Europe Transparency and Consent Framework (TCF) version 2.2, which is the industry-standard framework for managing consent for digital advertising in the EU. TCF 2.2 compliance is required where Smadi works with IAB-registered advertising partners. The specific TCF 2.2 implementation details (including Smadi's registered CMP ID and Global Vendor List participation) will be documented here once the CMP integration is finalized before Platform launch.

11. Browser and Device Controls

11.1 Browser Cookie Settings

All major browsers allow you to control cookies through the browser's settings. Depending on your browser, you can: (a) block all cookies; (b) block third-party cookies only; (c) clear cookies that have already been placed; or (d) receive a notification before a cookie is placed. Instructions for managing cookies in the most widely used browsers are available at the following resources:

• Google Chrome: support.google.com/chrome/answer/95647
• Mozilla Firefox: support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Apple Safari: support.apple.com/en-gb/guide/safari/sfri11471
• Microsoft Edge: support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge
• Opera: help.opera.com/en/latest/web-preferences/#cookies

Note: blocking strictly necessary cookies through your browser may prevent the Platform from functioning correctly. Smadi cannot guarantee the functionality of the Platform if strictly necessary cookies are blocked.

11.2 Mobile Device Settings

Most mobile operating systems provide privacy settings that allow you to limit ad tracking and clear browser cookies. For iOS devices, refer to Apple's privacy settings documentation. For Android devices, refer to Google's privacy settings documentation. These device-level settings apply to all apps and browsers on your device and are independent of Smadi's Cookie Settings panel.

11.3 Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal that requests that websites not track user browsing activity. There is currently no legally binding standard requiring websites to honor DNT signals. Smadi acknowledges DNT signals but cannot guarantee that all third-party service providers whose cookies are deployed on the Platform will honor such signals. If you wish to limit tracking on Smadi, the most effective mechanism is to decline non-essential cookies through the Cookie Settings panel.

11.4 Third-Party Opt-Out Tools

The following industry opt-out tools may be used to limit interest-based advertising from participating advertising networks:

• EU/EEA: Your Online Choices — youronlinechoices.eu
• UK: Your Online Choices — youronlinechoices.com/uk
• USA: Digital Advertising Alliance — optout.aboutads.info
• USA: Network Advertising Initiative — optout.networkadvertising.org

12. International Data Transfers Through Cookies

Some of the third-party providers whose cookies are deployed on the Platform are based outside the European Economic Area. Where cookies result in the transfer of personal data to non-EEA countries, Smadi ensures that appropriate safeguards are in place in accordance with Chapter V of the GDPR. The transfer mechanisms used are:

• Standard Contractual Clauses (SCCs) approved by the European Commission (Commission Implementing Decision 2021/914), incorporated into data processing agreements with each third-party provider;
• The EU-U.S. Data Privacy Framework (DPF), where the recipient provider is certified thereunder;
• UK International Data Transfer Agreements (IDTAs) for transfers from the UK to non-UK countries, where applicable.

A full list of the international transfer mechanisms applicable to each third-party cookie provider is available on request from support@smadi.tv.

13. Cookie Retention Periods

Cookie retention periods are specified in the cookie inventory tables in Sections 5 through 8. The following general principles apply:

• Session cookies are automatically deleted when you close your browser or end your session on the Platform.
• Persistent cookies expire at the end of their specified duration, or when you manually delete them through your browser or device settings, or when you withdraw consent through the Cookie Settings panel.
• The smadi_cookie_consent cookie (which records your consent choices) is retained for one (1) year. After this period, your consent preferences will be re-solicited through the cookie consent banner.
• Analytics cookies are retained for the periods specified in Section 7. Raw analytics data associated with cookie identifiers is retained for a maximum of thirty-six (36) months in pseudonymized form.
• Consent records maintained by Smadi are retained for five (5) years from the date of consent to enable compliance verification.

14. U.S. User Rights in Connection with Cookies

14.1 California Rights (CCPA/CPRA)

California residents have the right to: (a) know what personal information is collected through cookies and how it is used; (b) opt out of the "sale" or "sharing" of personal information collected through cookies for cross-context behavioral advertising purposes (Smadi does not currently engage in this practice); (c) request deletion of personal information collected through cookies, subject to applicable exceptions; and (d) non-discrimination for exercising any of these rights. To exercise these rights, contact support@smadi.tv.

14.2 Global Privacy Control (GPC)

Smadi recognizes the Global Privacy Control (GPC) signal as an opt-out of the sale or sharing of personal information for California users and as a preference signal for users in other jurisdictions with applicable privacy laws. Where the Platform detects a GPC signal from your browser, Smadi will treat this as a request not to deploy non-essential tracking cookies for advertising purposes during your session. To make this a persistent preference, please also update your Cookie Settings through the Cookie Settings panel.

14.3 Other State Rights

Users in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Texas (TDPSA) have the right to opt out of the processing of personal data collected through cookies for targeted advertising purposes. Contact support@smadi.tv to exercise these rights.

15. Updates to This Cookie Policy

Smadi will update this Cookie Policy whenever: (a) a new cookie or similar technology is deployed on the Platform; (b) an existing cookie's purpose, provider, or retention period materially changes; (c) Smadi's legal basis for any cookie category changes; or (d) applicable law or supervisory authority guidance requires an update to Smadi's cookie practices.

Material updates to this Policy will be communicated to registered Users via email at least fourteen (14) days before taking effect. Where an update results in Smadi deploying new non-essential cookies that were not previously consented to, a new consent banner will be presented to all Users before the new cookies are activated. The version number and effective date at the top of this Policy identify the current version.

A version history of this Cookie Policy is maintained by Smadi and is available on request from support@smadi.tv.

16. Contact and Complaints

For any questions, concerns, or requests relating to this Cookie Policy or Smadi's use of cookies, please contact:

Privacy and Cookie Inquiries: support@smadi.tv
Data Protection Officer: legal@smadi.tv
Registered Address: 300 Colonial Center Parkway, Suite 100, Roswell, GA 30076

EU and UK Users who are not satisfied with Smadi's response to a cookie-related complaint have the right to lodge a complaint with the relevant supervisory authority: for EU Users, the CNPD (cnpd.pt); for UK Users, the ICO (ico.org.uk).