KRAT

Short-Term Investment Strategies

Privacy Policy

This Privacy Policy describes how KRAT Capital collects, uses, discloses, and protects personal information when you visit our website, contact us, or become a client. It explains categories of information we process, the legal bases for processing when applicable, how long we retain information, and your rights regarding personal data. Our aim is to be transparent and to provide practical information about choices and safeguards. The policy covers visitors, prospective clients, and existing clients. For questions about this policy or to exercise privacy rights, contact our Data Protection Officer at [email protected] or at the address listed below.

Office documents and privacy review

Data controller

KRAT Capital, 350 Fifth Avenue, Suite 700, New York, NY 10118, United States. Email: [email protected]. Phone: +1 212 736 3100.

Information we collect and why

We collect information that you provide directly, information collected automatically when you use our website, and information from third parties in limited circumstances. Information you provide may include name, contact details, employer, role, correspondence content, and documents or identifiers necessary for onboarding and regulatory compliance. Automatically collected data may include IP addresses, browser and device characteristics, pages visited, and usage patterns used for analytics and security. We collect such information to respond to inquiries, perform onboarding, provide services, meet regulatory obligations such as anti-money laundering and know-your-customer checks, and to improve site performance and security. Where required by law or contract, we retain transactional and identity information to satisfy regulatory reporting and auditing requirements. We limit collection to what is necessary for these purposes and retain data only as required by law or as reasonably necessary to fulfil the purpose for which it was collected.

How we use and share information

We use personal information to provide and administer our services, communicate with you, conduct identity and background checks required for regulatory compliance, handle requests and disputes, and to operate, secure, and analyze our website. We may share information with service providers who perform functions on our behalf such as custody, trade execution, analytics, hosting, and legal or compliance advisors. When sharing, we require vendors to maintain appropriate confidentiality and security measures and to process data only as directed. We may also disclose information to comply with legal obligations, respond to lawful requests from regulators or law enforcement, or to protect the rights, property, or safety of KRAT or others. Transfers of data to jurisdictions outside your country may occur; in such cases we use standard contractual protections or equivalent safeguards to ensure an adequate level of protection consistent with applicable law.

Security, retention, and data minimization

KRAT employs administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, loss, or disclosure. Controls include access restrictions, encryption in transit and at rest where feasible, multi-factor authentication for critical systems, and routine monitoring of systems and vendor security practices. We retain personal data only as long as necessary to fulfil the purpose for which it was collected, to satisfy legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data category and legal requirement; for example, transaction and onboarding records necessary for regulatory compliance may be retained for several years. We apply data minimization principles when collecting and processing information, and we periodically review retention schedules and delete or anonymize data when it is no longer necessary.

Your rights and choices

Depending on your jurisdiction, you may have rights to access personal information we hold about you, to request correction, deletion, or restriction of processing, and to object to certain processing activities. You can withdraw consent for processing where consent is the legal basis. To exercise rights, please contact [email protected] and provide details to help us locate the records. We will verify requests to protect the privacy and security of individuals. If you are unsatisfied with our response, you may have the right to lodge a complaint with a supervisory authority in your jurisdiction. We do not sell personal information for monetary consideration. Where we rely on automated decision-making that produces legal or similarly significant effects, we will provide meaningful information about the logic involved and safeguards; automated decision-making is not used for core investment decisions affecting client mandates without human review and oversight.

Changes to this policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be posted on this page with an updated effective date. For significant changes that affect how personal data is processed for existing clients, we will provide direct notice as required. We encourage you to review this policy periodically. Continued use of our services or website after updates will indicate acceptance of the revised terms where applicable. If you have questions about changes, contact [email protected] and we will explain the revisions and their practical effects on your data.