Applicable Law  This Cookie Policy applies to all users who access the Yasi One web application or visit the portal https://yasi.one, regardless of their country or state of residence. It is primarily governed by the General Data Protection Regulation (EU) 2016/679 (GDPR), which constitutes the baseline standard for all users globally. Depending on your jurisdiction, additional rights may apply as described below. •          Users in the UAE and Gulf region: the ADGM Data Protection Regulations 2021 apply in addition to this Policy. Both frameworks are substantively aligned. •          Users in the United Kingdom: the UK GDPR and the Data Protection Act 2018 apply. Users in the UK may lodge complaints with the ICO at ico.org.uk. •          Users in the United States: there is no single federal privacy law of general application in the United States. My Aion applies the GDPR as its global baseline standard, which provides a level of protection consistent with or exceeding applicable US state privacy laws. To the extent that specific US state privacy laws apply, My Aion will comply with those requirements. For enquiries, contact privacy@aionai.io indicating your state of residence. •          Users in other jurisdictions may have additional rights under applicable local law. For jurisdiction-specific enquiries, contact us at privacy@aionai.io indicating your country of residence.

Data Controller	My Aion Inc., 257 Old Churchmans Road, 19720, Delaware (DE), United States of America — EIN: 92-3279708
Contact	privacy@aionai.io
DPO	Appointed. Contact: dpo@aionai.io
Applies to	https://yasi.one (portal and web application)
Reference	This Cookie Policy should be read alongside the Yasi One Privacy Notice, available at https://yasi.one/policies/cookie-policy/
Last updated	May 2026

1. What are cookies

Cookies are small data files created by a server and stored on the user’s device (computer, tablet or smartphone) when visiting a website or using a web application. They are used to collect information about the user’s navigation and to enable certain functions.

Cookies can be stored permanently on the user’s device for a variable duration (persistent cookies), or they can disappear when the browser is closed or have a limited duration (session cookies). Cookies can be set either by the owner of the website or web application visited (first-party cookies) or by third parties (third-party cookies).

2. Why we use cookies

We use cookies to ensure the correct functioning of our services, to understand how they are used, and to improve the experience for our users. We do not use cookies for third-party advertising purposes and we do not sell data collected through cookies to third parties.

3. Categories of cookies we use

When you visit https://yasi.one or use the Yasi One web application, the following categories of cookies may be installed.

3.1 Technical cookies (displayed as ‘Necessary’ in the consent banner – consent required)

Technical cookies are related to activities strictly necessary for the operation of the web application and the portal. They do not require your consent and are automatically installed when you access the service. Specifically, these include:

•          Session cookies: not stored persistently on the user’s device and disappear when the browser is closed. Used to enable safe and efficient navigation and to maintain authentication state during a session.

•          Persistent cookies: remain on the device until the user deletes them or their expiration date is reached. Used to store user preferences across visits.

•          Consent management cookie: set by our consent management platform (Cookiebot by Usercentrics) to store the user’s cookie consent preferences for a period of 12 months.

Full details of the technical cookies in use are available through the Cookiebot consent banner on the portal.

3.2 Statistics cookies (consent required)

Statistics cookies collect aggregated information primarily for statistical purposes, to help website owners understand how visitors interact with the portal and web application by collecting and reporting information anonymously. Their use requires your consent.

The analytics system used is Google Analytics 4, a web analytics platform provided by Google LLC. The configuration adopted complies with applicable data protection regulations:

•          IP addresses are anonymised (at least the last octet is masked before any processing).

•          Data sharing with Google for Google’s own purposes is disabled.

•          Data collected through Google Analytics is stored for a maximum of 14 months, after which it is automatically deleted.

Google LLC acts as a data processor for statistics purposes on our behalf, and may also act as an independent data controller for its own service improvement purposes in accordance with its own privacy policy. Full details of the specific statistics cookies in use are provided in the Cookiebot consent banner.

Cookie name	Provider	Purpose	Duration	Type
_ga	Google Analytics	Distinguishes unique users by assigning a randomly generated number as a client identifier	2 years	Analytics — 3rd party
_ga_*	Google Analytics	Used to persist session state	2 years	Analytics — 3rd party
_gid	Google Analytics	Distinguishes users	24 hours	Analytics — 3rd party
_gat	Google Analytics	Throttles request rate	1 minute	Analytics — 3rd party

3.3 Preference cookies (consent required)

Preference cookies allow the website to remember information that changes the way the website behaves or looks, such as your preferred language or region. This category is currently configured in the consent management platform but no preference cookies are active at this time. Full details will be provided in the Cookiebot consent banner when preference cookies are activated.

3.4 Marketing cookies (consent required)

Marketing cookies are used to track visitors across websites in order to display advertisements that are relevant and engaging for the individual user. This category is currently configured in the consent management platform but no marketing cookies are active at this time. Full details will be provided in the Cookiebot consent banner when marketing cookies are activated. Their use requires your consent.

3.5 Unclassified cookies

Unclassified cookies are cookies that are in the process of being classified, together with the providers of individual cookies. Full details are available through the Cookiebot consent banner on the portal.

4. Managing cookie preferences

Technical cookies do not require user consent and are automatically installed when accessing the portal or web application.

Other cookies can be enabled or disabled by the user, either by category or individually, through the Cookiebot consent banner displayed on first visit. Users can update their cookie preferences at any time via the consent banner or by accessing the preference centre.

Users can also manage their cookie preferences directly within their browser settings, including accepting, rejecting, or deleting cookies already stored on their device. The methods for managing cookies vary depending on the browser used; please refer to the support or help section of your specific browser for more details. Please note that disabling all cookies may impact the proper functioning of some parts of the portal or web application.

5. Do not track (DNT)

Some browsers include a “Do Not Track” (DNT) feature that allows users to signal their preference not to be tracked for profiling or analytics purposes. While this mechanism is not universally recognised as a valid means of expressing consent under applicable law, this portal, where technically possible, commits to honouring such a preference by refraining from installing non-essential cookies when the DNT signal has been enabled and detected from the user’s browser. Users can in any case manage their preferences at any time through the cookie banner and this Cookie Policy.

6. Mandatory nature of data provision

Browsing data is processed during navigation through the installation of technical cookies, which are necessary to ensure the proper functioning of the portal and web application. Users may choose whether or not to consent to the installation of statistics, marketing, and other optional cookies. Personal data will only be processed through these optional cookies if the user has expressly provided consent.

7. Recipients of cookie data

Browsing data may be communicated to third parties acting as independent data controllers, including supervisory and regulatory authorities and any public or private entities legally entitled to request such data.

Browsing data may also be processed, on behalf of My Aion, by external parties designated as data processors, including companies providing web application management and maintenance services, IT system providers, and analytics providers. We do not sell cookie data to third parties and we do not share it with third parties for their own advertising or marketing purposes.

8. International transfers

My Aion Inc. is incorporated in the United States (Delaware). The primary infrastructure is located in the United Arab Emirates. Where personal data collected through cookies is transferred outside the European Economic Area to countries not recognised as adequate by the European Commission, such transfers are made only by implementing appropriate safeguards in accordance with Chapter V GDPR, including Standard Contractual Clauses (EU SCC 2021) and Transfer Impact Assessments where required.

For further information on international transfers, please refer to Section 6 of the Yasi One Privacy Notice, available at https://yasi.one/policies/.

9. Your rights

By contacting My Aion at privacy@aionai.io, users may exercise their rights under the GDPR (Articles 15–22), including:

•          The right to access their personal data processed through cookies.

•          The right to request rectification or erasure of such data.

•          The right to obtain restriction of processing or to object to processing.

•          The right to withdraw consent at any time, without prejudice to the lawfulness of processing carried out before withdrawal.

Users located in the European Union have the right to lodge a complaint with the supervisory authority of their country of residence. Users located in the UAE may lodge a complaint with the ADGM Commissioner for Data Protection.

10. Cookie policy updates

My Aion reserves the right to update this Cookie Policy to reflect regulatory and technological changes or to align with business needs. Any changes will be published on the portal along with the date of the update. Where changes are material, users will be notified in accordance with the Yasi One Privacy Notice (Article 12). We encourage you to review this Cookie Policy periodically.