Legal Information

This website (the “Website”) is operated by Threat Lattice S.L., trading as NNEAT (“NNEAT”), with Tax ID (CIF) B19348705, registered office at Calle Cardenal Gardoqui, 1 – 3, Bilbao (Bizkaia), Spain. You can contact us at info@threatlattice.com.

Purpose and Scope

This Legal Notice governs access to and use of the Website. By accessing or using the Website, you accept this Legal Notice in full. If you do not agree, please refrain from using the Website. Additional policies may apply to specific areas or services (e.g., the Privacy Policy and Cookie Policy), which form part of these terms by reference.

Terms of Use

• Lawful use: You agree to use the Website lawfully, in good faith, and in compliance with applicable regulations, this Legal Notice, and other policies published on the Website.
• Prohibited conduct: You must not engage in activities that may damage, disable, overload, or impair the Website; attempt to breach security; reverse engineer; or use the Website to transmit malicious code, unlawful content, or infringing materials.
• Accuracy of information provided by users: If you provide information via forms, you represent that it is accurate, current, and complete.

Intellectual and Industrial Property

All content on the Website—including, without limitation, texts, designs, interfaces, code, images, graphics, logos, trademarks, and trade names—is owned by Threat Lattice S.L. (trading as NNEAT) or licensed to it. Unauthorized reproduction, distribution, public communication, transformation, or any other use is prohibited unless expressly authorized in writing by the rights holder.

Links and Third-Party Services

The Website may include links to third-party sites or services. These links are provided solely for convenience and do not imply approval or control by NNEAT. We do not assume responsibility for the content, availability, accuracy, or security of third-party sites. Your use of third-party sites or services is at your own risk and subject to their terms and policies.

Responsibility

• Operation and availability: We endeavor to keep the Website available and secure, but do not guarantee uninterrupted, error-free, or virus-free operation. We will not be liable for interruptions, errors, or damages arising from network failures, maintenance, updates, or events beyond our reasonable control.
• Content: Although we seek to ensure that information on the Website is accurate and up to date, it may contain inaccuracies or omissions. We do not guarantee the completeness or timeliness of the content and reserve the right to modify or remove content at any time.
• User damages: NNEAT shall not be liable for damages resulting from improper, unlawful, or negligent use of the Website by users.

Personal Data and Cookies

The processing of personal data is governed by our Privacy Policy. Information about cookies is available in our Cookie Policy. You can manage your cookie preferences through the options provided on the Website.

Security

We implement appropriate technical and organizational measures designed to protect the security and integrity of the Website and the personal data we process. However, no online service can guarantee absolute security.

Governing Law and Jurisdiction

This Legal Notice is governed by Spanish law. Without prejudice to mandatory consumer fora where applicable, any disputes shall be submitted to the courts and tribunals of Bilbao, Spain.

Changes to this Legal Notice

We may update this Legal Notice to reflect legal, technical, or business developments. When we update it, we will indicate the new effective date below. We encourage you to review this page periodically.

Last updated: 22 September 2025.

Cookie Policy

This Cookie Policy explains what cookies are and how we use them on the website operated by NNEAT (the “Website”). It describes the types of cookies we use—namely, strictly necessary (technical) cookies and analytics cookies (Google Analytics)—the information we collect, how we use that information, and how you can manage your cookie preferences. For more details on how we process personal data, please refer to our Privacy Policy.

What is a cookie?

A cookie is any storage and retrieval device that is placed on your device to store and retrieve information. Cookies are small data files downloaded to your device when you visit the Website. They allow the Website to recognize your device on subsequent visits, ensure you receive the correct content, and remember your preferences or services you selected. Cookies do not damage your device.

How do we obtain your consent?

Non-essential cookies (e.g., analytics) are only set after you provide consent via our cookie banner or settings. You can accept, reject, or configure cookies at any time through the “Manage cookies” option on the Website. Essential technical cookies are always active as they are strictly necessary for the Website to function.

Types of cookies we use

1) Technical (strictly necessary) cookies

These cookies enable basic functions such as page navigation, session management, security, and access to areas of the site. The Website cannot function properly without these cookies. If you disable them, some content may not display correctly, or certain features may not be available.

2) Analytics cookies (Google Analytics)

These cookies help us understand how visitors interact with the Website by collecting information—often in aggregated form—about pages visited, time spent, and navigation patterns. We use this information to improve usability and content. Analytics cookies are only used with your consent.

Cookies used on this Website

Below is a list of cookies that are typically set on a WordPress-based site (technical) and by Google Analytics (analytics). Exact names and durations may vary slightly depending on your configuration and browser.

Cookie	Purpose	Provider	Duration
wordpress_test_cookie	Checks if the browser accepts cookies (technical).	First-party (NNEAT / WordPress)	Session
wordpress_logged_in_{hash}	Keeps you logged in when authentication applies (technical).	First-party (NNEAT / WordPress)	Session
wp-settings-{user_id}	Stores user interface preferences in WordPress (technical).	First-party (NNEAT / WordPress)	~1 year
wp-settings-time-{user_id}	Timestamp for the wp-settings cookie (technical).	First-party (NNEAT / WordPress)	~1 year
wp_lang	Stores language preferences for the session (technical).	First-party (NNEAT / WordPress)	Session
_ga	Distinguishes users for analytics.	Google Analytics	2 years
_gid	Distinguishes users for analytics (short-lived).	Google Analytics	24 hours
_ga_{container-id}	Persists session state for GA4 measurement.	Google Analytics	2 years

Note: Technical cookies may also be set by essential plugins used to operate the Website (e.g., to remember that a popup was closed or your cookie choices). These are considered necessary for the site to function properly.

Third-party information (Google Analytics)

Google Analytics is a web analytics service provided by Google LLC (US) and/or its affiliates. Data may be processed outside the EEA subject to appropriate safeguards. For information about how Google uses cookies and processes data, please review Google’s cookie and privacy documentation available from Google.

How to manage or withdraw your consent

You can change your cookie preferences at any time via the “Manage cookies” option on the Website. You can also configure your browser to block or delete cookies. If you block cookies, you may still use the Website, but some services or features may be limited, and your experience may be less satisfactory.

• Most browsers allow you to accept, refuse, or delete cookies via their settings.
• You can typically find these options under “Privacy” or “Security” settings.

Contact

If you have any questions, comments, or requests regarding this Cookie Policy, please contact us at info@threatlattice.com.

Changes to this Cookie Policy

We may update this Cookie Policy due to changes in regulatory guidance, legislation, or technical implementations on the Website. We recommend reviewing this policy periodically to stay informed about how and why we use cookies.

Last version: 22 September 2025.

Privacy Policy

NNEAT (hereinafter, “NNEAT”) wishes to inform the users (hereinafter, the “Users”) of its website (hereinafter, the “Website”) of this Privacy Policy, in which we transparently and simply provide all the information about the processing of personal data. This Privacy Policy will always be available to Users on the Website.

Who is the Data Controller?

NNEAT S.L., a company incorporated under Spanish law, with registered office at Calle Cardenal Gardoqui, 1 – 3, Bilbao (Bizkaia), is the Data Controller of the personal data collected through the Website.

If you have any questions regarding how we process your personal data, you can contact us at: info@threatlattice.com.

What is Personal Data and Data Processing?

Personal data means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to that person’s identity. Data processing means any operation or set of operations performed on personal data, such as collection, recording, storage, use, or disclosure.

How Do We Collect Your Personal Data?

• Through forms completed by the User on the Website.
• Through interaction with our contact or user support services.
• Through the use of cookies and similar technologies.

What Processing Do We Carry Out and For What Purpose?

User Account Management (if applicable)

Purposes:

• To register, create, and manage a user account on the Website.
• To provide support in password recovery processes and any issues related to the account.
• To detect and prevent fraud or unlawful actions.
• To comply with legal obligations applicable to NNEAT.

Data processed: name, username, email address, role or position, password.

Legal basis: performance of the Terms of Use accepted by the User.

Retention: while the User maintains an account or until the User requests deletion. Thereafter, data will be kept blocked for the legally prescribed limitation periods and then deleted or anonymized.

User Support

Purposes:

• To provide a user support service and resolve queries or requests.

Data processed: name, email, role, username, any information voluntarily provided in communications.

Legal basis: performance of the Terms of Use, NNEAT’s legitimate interest in providing support, and compliance with legal obligations.

Retention: for the time necessary to resolve the request or query and, subsequently, blocked for the applicable limitation periods.

Website Usage Analysis and Improvement

Purposes:

• Recognize Users when they return to the Website.
• Maintain security and prevent malicious use of the Website.
• Adapt the Website to the type of device used.
• Apply personalization criteria chosen by Users.
• Ensure correct display of content and requested features.
• Analyze use of the Website to optimize usability and implement improvements.

Data processed: IP address, browsing data (pages visited, session duration, browser and device information).

Legal basis: User’s consent for analytical/advertising cookies; NNEAT’s legitimate interest for technical cookies necessary for operation.

Retention: as specified in the Cookie Policy, or until consent is withdrawn. Thereafter, data will be blocked for the applicable limitation periods and then deleted or anonymized.

Your Rights

• Access: to know if we process your data and which ones.
• Rectification: to correct inaccurate or incomplete data.
• Objection: to oppose processing in legally established cases, including withdrawal of consent.
• Erasure: to request deletion of your data, subject to legal obligations.
• Portability: to receive your data or request its transfer to another controller.
• Restriction: to request suspension of processing in certain circumstances.

You may exercise your rights free of charge at any time by emailing info@threatlattice.com, specifying the right exercised. If we cannot identify you, we may ask for ID. If you consider that NNEAT has not handled your request properly, you may file a complaint with the Spanish Data Protection Agency (https://www.aepd.es).

Who Do We Share Your Data With?

We may disclose data when legally required or when necessary to comply with obligations, or in pursuit of a legitimate interest such as legal defense. Recipients may include:

• Legal advisors
• Courts and Tribunals
• Tax authorities
• Spanish Data Protection Agency
• Government and public administration bodies
• Law enforcement agencies

In the event of a merger, acquisition, or transfer of assets, user data may be transferred as part of the business assets.

Access by Service Providers and International Transfers

We may engage third-party service providers who will act as data processors. Contracts with such providers comply with applicable data protection laws.

Data Security

NNEAT applies appropriate procedures and technical and organizational security measures to ensure an adequate level of protection of personal data. Information is stored on secure servers, and strict security procedures are applied to prevent unauthorized access. We also ensure that our service providers maintain appropriate security standards.

Changes to this Privacy Policy

This Privacy Policy may be updated over time due to changes in criteria by data protection authorities, legislative modifications, or case law. NNEAT therefore reserves the right to modify this Privacy Policy to adapt it to such changes.

Last version: 22 September 2025.