OUTSET PRIVACY POLICY

Last Updated: March 13, 2026

This Privacy Policy describes how Parnassus Labs, Inc. d/b/a Outset ("Outset," "we," or "us") processes information we collect when you access or use our websites and other online products and services that link to this Privacy Policy (the "Services"), or when you otherwise interact with us, such as through our customer support channels.

Where we process personal information in the course of providing our research platform, we do so pursuant to our agreements with our customers rather than this Privacy Policy.

This Privacy Policy is effective as of the "Last Updated" date above. We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the "Last Updated" date. Where required by law, we will provide you with additional notice (such as by adding a statement to the Services or sending you a notification).

COLLECTION OF INFORMATION

Information You Provide to Us

We collect information directly from you when you create an account, request customer support, or otherwise communicate with us. The categories of information we collect include contact information like your name, email address, and phone number as well as information about your role and employer. We also collect information included in your communications with us. We may also collect any other information you choose to provide.

Information We Collect Automatically

We automatically collect the following categories of information:

• Internet Activity Information: we collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, and browser type. We also collect information about your activity on our Services and interaction with our communications, such as access times, pages viewed, links clicked, keystrokes, mouse movements, and the page you visited before navigating to our Services.
• Information Collected by Cookies and Similar Tracking Technologies: we use tracking technologies, such as cookies and pixels, to collect information about your interactions with our Services and communications. These technologies help us improve our Services and communications, see which areas and features of our Services are popular, count visits, and track clicks. You may be able to adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Services.

Information We Collect from Other Sources

We obtain information from other sources. For example, we may collect information from advertising networks and data analytics providers. This information includes your name and contact information. We may also collect information you share when you interact with us on social media platforms like X or LinkedIn.

Derived Information

We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address.

USE OF INFORMATION

We use information for the following purposes:

• Service Delivery: we use information to provide and maintain our Services.
• Communication: we use information to communicate with you about Outset and our Services, including to send you newsletters, respond to your questions, inform you of price or Services changes, and send you other transactional or relationship messages.
• Marketing and Advertising: we use information for marketing and advertising purposes, including to send direct marketing messages (including via email) and target advertisements to you on third-party platforms and websites as described in the "Targeted Advertising and Analytics" section below. You can opt out of direct marketing messages we send by clicking "unsubscribe" in the emails.
• Research and Development: we use information to monitor and analyze Services trends, usage, and activities, improve our products and services, develop new products and services, and generate de-identified data.
• Protection and Compliance: we use information to detect, investigate, and help prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity, help protect the rights and property of Outset and others, and comply with our legal and financial obligations.
• Notice/Consent: we may also use information in other circumstances after giving you notice and/or getting your consent.

TARGETED ADVERTISING AND ANALYTICS

We engage others to provide analytics services, serve advertisements, and perform related services across the web and in mobile applications. These entities may use cookies, web beacons, device identifiers, and other technologies to collect information about your use of our Services, including your IP address, web browser and mobile network information, pages viewed, time spent on pages, and links clicked. This information may be used to deliver advertising targeted to your interests on other companies' websites or mobile apps and to analyze and track data, determine the popularity of certain content, and better understand your activity.

You can also learn more about interest-based ads, or opt out of having your web browsing information used for behavioral advertising purposes by companies that participate in the Digital Advertising Alliance, by visiting www.aboutads.info/choices.

DISCLOSURE OF INFORMATION

We disclose information as follows:

• Vendors: we disclose information to vendors, service providers, contractors and consultants that need this information to provide services to us, such as companies that assist us with web hosting, payment processing, fraud prevention, customer service, data enrichment, analytics, and marketing and advertising.
• Advertising Partners: we disclose information to third parties for the purposes described in the "Marketing and Advertising" subsection above.
• Professional Advisors: we disclose information to our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
• Legal Authorities and Others Involved in Legal Proceedings: we may disclose information to legal authorities and others for the purposes described in the "Protection and Compliance" subsection above, including if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements and if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Outset, our users, the public, or others.
• Corporate Transactions: we reserve the right to disclose information in connection with, or during negotiations of certain corporate transactions, including the merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
• Affiliates: we reserve the right to disclose information between and among Outset and any current or future parents, affiliates, subsidiaries, and other companies under common control and ownership.
• Consent: we may disclose information when we have your consent or you direct us to do so.

We also disclose de-identified information that cannot reasonably be used to identify you.

APPLICANT INFORMATION

When you apply for a position with Outset, we collect the information that you provide in connection with your application. This includes name, contact information, professional credentials and skills, educational and work history, and other information that may be included in a resume or provided during interviews (which may be recorded). This may also include demographic information. We may also conduct background checks and receive related information.

We use applicants' information to facilitate our recruitment activities and process applications, including evaluating candidates and monitoring recruitment and hiring statistics. We use successful candidates' information to administer the employment or independent contractor relationship. We may also use and disclose applicants' information (a) to improve our Services, (b) as otherwise necessary to comply with applicable laws, (c) to respond to subpoenas or warrants served on Outset, and (d) to protect and defend the rights or property of Outset or others.

INDIVIDUALS IN EUROPE

This section supplements this Privacy Notice if you are in the European Economic Area ("EEA"), the United Kingdom, or Switzerland.

Legal Basis for Processing

When we process your personal information as described above, we do so in reliance on the following lawful bases:

• To perform our responsibilities under our contract with you (e.g., providing the Services).
• When we have a legitimate interest in processing your personal information to operate our business or protect our interests (e.g., to provide, maintain, and improve our Services, conduct data analytics, and communicate with you).
• To comply with our legal obligations (e.g., to maintain a record of your consents and track those who have opted out of marketing communications).
• When we have your consent to do so (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing your personal information, you may withdraw such consent at any time.

Data Subject Requests

You have the right to request access to or deletion or correction of your personal information. In addition, you have the right to object to certain processing or request we restrict certain processing. To exercise any of these rights, please contact us through the "Contact Us" section below.

If you have a concern about our processing of personal information that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:

• For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
• For individuals in the UK: https://ico.org.uk/global/contact-us/
• For individuals in Switzerland: https://www.edoeb.admin.ch/de/kontakt

Data Transfers

We may transfer personal information from the EEA, the United Kingdom, or Switzerland to non-adequate countries like the United States. We rely on appropriate safeguards such as the standard contractual clauses ("SCCs") to do so, and you may obtain a redacted copy of the SCCs by contacting us through the "Contact Us" section below.

Data Retention

We store personal information for as long as necessary to carry out the purposes for which we originally collected it and for other business purposes explained in this Privacy Notice.

CONTACT US

If you have any questions about this Privacy Policy, please contact us at info@outset.ai.