SUNNY VALLEY CYBER SECURITY INC.
(d.b.a. Zenarmor)
DATA PRIVACY FRAMEWORK NOTICE

Last Updated: November 20, 2025

Sunny Valley Cyber Security Inc. (“Sunny Valley,” “Zenarmor,” “we,” “us,” or “our”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Sunny Valley has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

To learn more about the Data Privacy Framework program and to view our certification, please visit the U.S. Department of Commerce’s DPF List at https://www.dataprivacyframework.gov/

1. Scope

This Notice applies to personal data received from the European Union and United Kingdom (and Gibraltar), in reliance on the respective Data Privacy Frameworks. It covers data collected and processed by Sunny Valley in the context of providing our products and services to customers, including through the Zenarmor platform.




2. Data Processing Purposes

Sunny Valley processes personal data in accordance with the purposes described in our Privacy Policy, including:

• provide, maintain, and improve our products and services
• To communicate with customers and users
• To ensure the security and integrity of our services
• To comply with legal obligations



3. Third-Party Transfers

Sunny Valley may transfer personal data to third-party service providers that process data on our behalf in accordance with our instructions. In such cases, Sunny Valley remains responsible for the processing of personal data it receives and subsequently transfers to a third party under the DPF, and may be liable under the DPF Principles if the third party processes such personal data in a manner inconsistent with those Principles, unless Sunny Valley proves that it is not responsible for the event giving rise to the damage.




In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.




4. Disclosure of Personal Information to Third Parties

We may disclose personal information received in reliance on the EU U.S. DPF and the UK Extension to the EU U.S. DPF to third-party service providers that support our business operations. These disclosures are made only for purposes that are consistent with the reason the data was originally collected or later authorized by the individual. This includes support for functions such as information technology services, analytics, marketing assistance, and customer support.




For a full list of our third-party service providers and the purposes for which personal information may be shared with them, please visit our Third Party Service Providers page at https://www.zenarmor.com/third-party-service-providers




Additional information about how we disclose personal information can also be found in our Privacy Policy at https://www.zenarmor.com/legal/privacy-policy , under the sections titled “Disclosure of Personal Information” and “List of Third Party Service Providers”.




We require all third parties that receive personal information from us to provide the same level of protection required by the DPF Principles and to process the data only for limited and specified purposes on our behalf.




5. Independent Recourse Mechanism

In compliance with the DPF Principles, Sunny Valley commits to resolving complaints about our collection or use of your personal data. Individuals with inquiries or complaints should first contact us at:




Sunny Valley Cybersecurity Inc. 10080 N. Wolfe Rd., Suite SW3-200, Cupertino, California 95014 United States




Sunny Valley has further committed to refer unresolved complaints concerning our handling of personal data received in reliance on the DPF to BBB National Programs, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit: https://bbbprograms.org/dpf-complaints or more information or to file a complaint. This service is provided at no cost to you.




6. U.S. Federal Trade Commission (FTC) Enforcement

Sunny Valley is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) with respect to compliance with the Data Privacy Framework.




7. Arbitration

Under certain conditions, you may invoke binding arbitration for complaints regarding DPF compliance not resolved by other mechanisms. For details, see: https://www.dataprivacyframework.gov/program-articles/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization%E2%80%99s-Compliance-with-the-DPF-Principles




8. Access, Correction, and Choice

You have the right to access personal data we hold about you, and to request correction, amendment, or deletion of inaccurate information. We will also provide you with opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To exercise these rights, contact us at




9. Changes to this Notice

We may update this Notice from time to time. When we do, we will revise the “Effective Date” above. If material changes are made, we will provide a prominent notice (e.g., by email or on our website).