Ezement Biometric & Privacy Disclosure

Last updated: July 1, 2025

Solid Earth

PRIVACY POLICY

Tribus LLC d/b/a Solid Earth (the “Company”) has instituted the following biometric information privacy policy:

Definitions:

As used in this policy, “biometric data” and “biometric identifier” are defined as follows:

“Biometric Data” means one or more biometric identifiers that are used or intended to be used, singly or in combination with each other or with other personal data, for identification purposes. “Biometric Data” does not include the following unless the biometric data is used for identification purposes: (a) a digital or physical photograph; (b) an audio or voice recording; or (c) any data generated from a digital or physical photograph or an audio or voice recording.

“Biometric Identifier” means data generated by the technological processing, measurement, or analysis of a consumer’s biological, physical or behavioral characteristics, which data can be processed for the purpose of uniquely identifying an individual. “Biometric Identifier” includes: (a) a fingerprint; (b) a voiceprint; (c) a scan or record of an eye retina or iris; (d) a facial map, facial geometry, or facial template; or (e) other unique biological, physical, or behavioral patterns or characteristics.

Purpose for Use of Biometric Data

The Company and its vendors and agents, and/or the licensee of the Company’s “Solid Earth” identity provider platform indirectly collect and use biometric data solely for platform user identification, user authentication, fraud prevention, and the granting of user access to the Solid Earth platform. The Company does not store any biometric data. When the user accesses the platform, the user may, on their own device, access the platform by using their device’s FaceID or TouchID. When the user initiates their account with the Company, the Company connects to the user’s device and requests permission to use the device’s FaceID or TouchID (typically a face scan or a fingerprint) as a way to login using a Passkey API. The user’s device then ultimately returns a token to the Company that the Company uses to confirm every subsequent login of the user to the platform. Thus, the Company is never in possession of any biometric data but biometric data is used in generating the token the Company uses to authenticate the user. The token is a string of many random numbers and letters. The Company keeps the token for the user until the user’s MLS ceases to license the platform, or until the MLS or the user informs the Company that the user needs to be deactivated. The Company will retain the token for such a canceled user for six months. At the six month mark from user deactivation, the Company destroys the token.

Retention, Data Security, and Deletion

To the extent that the Company, its vendors and agents, and/or the licensee of the Company’s “Solid Earth” identity provider platform control or process one or more biometric identifiers relating to a user or potential user (collectively “user) of the Solid Earth platform, the Company has the following written policy:

Retention Schedule. The Company does not retain any biometric identifiers or biometric data.

Data Security Protocol and Notification. In the case of a data security incident that may compromise the security of biometric identifiers or biometric data, the Company would conduct a prompt investigation to determine the likelihood that any biometric data has been or will be misused, would work with all relevant parties as necessary, and would notify the user, and any other required parties, as soon as possible that the security of the user’s biometric identifier or biometric data has been breached.

Deletion of Biometric Identifiers. The Company does not retain any biometric identifiers.

Requirements to Collect and Process Biometric Identifiers

To the extent that the Company, its vendors and agents, and/or the licensee of the Company’s “Solid Earth” identity provider platform collect or process a biometric identifier relating to a user of the Solid Earth platform, the Company must first:

(a) Identify the categories of biometric data collected or processed, the purposes of processing that data, how users may exercise their rights related to that data, and any categories of biometric data shared with third parties and the categories of those third parties.

(b) Inform the user or the user’s legally authorized representative in a clear, reasonably accessible, and understandable manner that a biometric identifier is being collected;

(c) Inform the user or the user’s legally authorized representative in a clear, reasonably accessible, and understandable manner of the specific purpose for which a biometric identifier is being collected and the length of time that the Company, its vendors and agents, and/or the licensee of the Company’s “Solid Earth” identity provider platform will retain the biometric identifier; and

(d) Inform the user or the user’s legally authorized representative in a clear, reasonably accessible, and understandable manner if the biometric identifier will be disclosed, redisclosed, or otherwise disseminated to the Company's vendors and agents, and/or the licensee of the Company’s “Solid Earth” identity provider platform and the specific purpose for which the biometric identifier is being shared with those parties.

The Company, its vendors and agents, and/or the licensee of the Company’s “Solid Earth” identity provider platform will not sell, lease, trade, or otherwise profit from users’ biometric data; provided, however, that the Company, its vendors, and/or the licensee of the Company’s “Solid Earth” identity provider platform may be paid for products or services used or provided by the Company that utilize such biometric data.

Disclosure Requirements

The Company will not sell, lease, or trade the biometric identifier with any entity or disclose, redisclose, or otherwise disseminate the biometric identifier unless:

(a) The user or the user’s legally authorized representative consents to the disclosure, redisclosure, or other dissemination; or

(b) The disclosure, redisclosure, or other dissemination is to a processor and is necessary for the purpose for which the biometric identifier was collected and to which the user or the user’s legally authorized representative consented; or

Data Storage

The Company shall take reasonable measures to secure any biometric data stored or used from unauthorized acquisition. The Company will use the same protective measures it uses to to secure other confidential and sensitive information.

Solid Earth

PRIVACY POLICY - USER ACKNOWLEDGEMENT FORM

TRIBUS LLC d/b/a “Solid Earth” (the “Company”) furnishes a single sign-on identity platform to which the undersigned individual (the “user”) requests access. The user named below has been advised and understands that the Company, its vendors and agents, and/or the licensee of the Company’s “Solid Earth” identity provider platform may collect, retain, and use biometric data for the purpose of user identification, user authentication, fraud prevention, and the granting of user access to the Solid Earth platform.

“Biometric data” and “biometric identifier” are defined as follows:

The user understands that he or she is free to decline to provide biometric identifiers and biometric data to the Company, its vendors and agents, and/or the licensee of the Company’s “Solid Earth” identity provider platform without any adverse action.

The Company shall retain user biometric data only until, and shall permanently destroy such data when, and shall request that its vendors and agents and the licensee of the Company’s “Solid Earth” identity provider platform permanently destroy such data when, the first of the following occurs:

The initial purpose for collecting the biometric identifier has been satisfied, or

The user has not interacted with the Company for twenty-four months, or

The earliest reasonably feasible date, which date must be no more than forty-five days after the Company determines that storage of the biometric identifier is no longer necessary, adequate, or relevant to the express processing purpose identified by a review conducted by the controller at least once annually. The Company may extend the forty-five day period by up to forty-five additional days if such an extension is reasonably necessary, taking into account the complexity and number of biometric identifiers required to be deleted.

The user or a user’s authorized agent may exercise any applicable rights provided by law and may revoke the consent provided in this user acknowledgement form at any time by notifying the Company in writing to: TRIBUS, Attn: Revocation of Consent, 231 South Bemiston Ave. Suite 850, Box 33454, St. Louis MO 63105, or by email to: support@solidearth.com.

By your continued acceptance of these terms and your continued use of the tools provided by Tribus and Solid Earth, you confirm that you have received the above Biometric Information Privacy Policy, and that you voluntarily consents to the Company’s, its vendors’, agents’, and/or the licensee of the Company’s “Solid Earth” identity provider platform’s collection, storage, and use of biometric data through various biometric sign-in measures, including to the extent that it utilizes the user’s biometric identifiers or biometric data, and voluntarily consents to the Company providing such biometric data to its vendors and agents, and/or the licensee of the Company’s “Solid Earth” identity provider platform.