Pearly Citizen App Privacy Policy Effective Date: 1st May 2026 Version: 2.0 Policy Name: Pearly Citizen App Privacy Policy Responsible Organizations / Joint Controllers: Prime Minister’s Office and TouchStar Robotics and AI 1. Introduction Pearly is a citizen engagement platform that allows residents, citizens, and visitors in Barbados to submit and track reports about public service issues, including road issues, burst mains, traffic obstructions, public infrastructure concerns, public safety concerns, and other service-related matters. This Privacy Policy explains how Pearly collects, uses, stores, shares, protects, and retains personal information submitted through the Pearly Citizen App, including the web and mobile versions of the app. It also explains the rights available to users under the Barbados Data Protection Act, 2019. This is a citizen-facing privacy notice. It must be read together with Pearly’s Terms of Use, Acceptable Use Policy and any service-specific notices shown in the app. 2. Definitions Personal Data Data relating to an individual who can be identified from that data, or from that data together with other information likely to come into the possession of the data controller. Sensitive Personal Data Personal data consisting of information on racial or ethnic origin, political opinions, religious or similar beliefs, political body membership, trade union membership, genetic data, biometric data, financial record or position, criminal record, or related proceedings. Health-related information is treated as sensitive. Data Controller The person who alone, jointly, or in common with others determines the purposes for which, and the manner in which, personal data is processed. Data Processor A person, other than an employee of the data controller, who processes personal data on behalf of the data controller. Processing Any operation performed on personal data, including collecting, storing, using, disclosing, routing, analyzing, correcting, restricting, deleting, or destroying it. Consent Any freely given, specific, informed, and unambiguous indication of a person’s wishes by which that person agrees to processing of personal data relating to them. 3. Privacy Policy Requirements 3.1 Scope 3.1.1 Application of This Privacy Policy This Privacy Policy applies to: Users of the Pearly Citizen App and related Pearly web and mobile services. Personal information submitted, uploaded, generated, or received through the app. Account creation, authentication, report submission, report tracking, notifications, and support interactions. Optional features such as browser or device location, alert preferences, and personalization where enabled 3.1.2 Matters Covered by This Privacy Policy This Privacy Policy covers: What information Pearly collects Why Pearly uses that information The lawful basis for processing How Pearly shares information Cross-border transfers Security safeguards Retention and deletion User rights How to contact Pearly about privacy matters 3.2 Department and Service Provider Involvement 3.2.1 Department Involvement Pearly may share relevant report information with government departments, emergency responders, or authorized service providers where necessary to receive, route, review, investigate, or resolve a report. 3.2.2 Service Provider Involvement Pearly may also use service providers for hosting, storage, authentication, messaging, notifications, mapping, security, analytics, and approved AI-assisted processing. 3.3 Information Pearly Collects 3.3.1 Categories of Information Collected Pearly may collect the following categories of information: Account and authentication data, such as email address, phone number, one-time passcode records, login timestamps, verification status, session data, and policy acceptance records Profile data, such as name, contact details, address, profile photo, and optional profile fields Report data, such as report title, description, category, parish, status, replies, timestamps, department assignment, and report history Location data, such as manually entered location, parish, map pin, latitude, longitude, and location accuracy Media uploads, such as photos, videos, PDFs, and other supported files Emergency report data, such as emergency category, description, contact details, location, evidence, and urgency information Device and technical data, such as IP address, browser type, device type, operating system, app version, and security or diagnostic logs Notification data, such as email, SMS, push notification tokens, topic subscriptions, and delivery records AI-assisted processing data, such as report text, classification outputs, routing suggestions, summaries, and follow-up prompts where enabled Optional preference data, such as alert subscriptions, transit preferences, or personalization settings where enabled 3.3.2 Unnecessary Sensitive Personal Information Pearly does not ask users to submit unnecessary, sensitive personal information. Users must avoid including unnecessary personal information about themselves or other persons unless it is genuinely needed to explain or evidence a report. 3.4 How Pearly Uses Information 3.4.1 Approved Uses of Personal Information Pearly uses personal information only for approved service, operational, legal, and security purposes, including: Authentication and secure access Report submission, review, categorization, routing, tracking, and resolution Communication with users, including updates and follow-up questions Location-based routing and emergency handling Platform security, abuse prevention, fraud detection, and malicious upload handling Audit logging and accountability Legal, regulatory, and retention obligations Service improvement Approved AI-assisted support functions where enabled 3.4.2 No Sale or Third-Party Marketing Use Pearly does not sell citizen personal information and does not use citizen contact details for third-party marketing. 3.5 Lawful Basis for Processing 3.5.1 Lawful Basis Requirement Pearly processes personal information only where there is a lawful basis to do so. Pearly does not rely on consent for every use of personal information. 3.5.2 Lawful Bases Relied Upon Depending on the feature or service involved, Pearly may rely on: Providing the Pearly service, such as creating an account, sending one-time passcodes, receiving reports, and showing report status Performance of public service or official reporting functions, such as routing reports to the appropriate public department or responder Compliance with legal or regulatory obligations, such as record retention, audit, investigation, or legal hold Protection of vital interests, such as handling emergency or urgent safety-related reports Legitimate operational interests, such as securing the platform, preventing misuse, diagnosing issues, and improving service reliability Consent for optional features, such as browser geolocation, optional notifications, or other features where consent is required 3.6 Location Data and Uploaded Media 3.6.1 Location Data Pearly may collect manually entered location data or, where a user chooses to enable it, device or browser location data. Location information is used only for report handling, routing, emergency response, auditability, and service improvement. It is not used for unrelated tracking or third-party marketing. 3.6.2 Uploaded Media Users may upload photos, videos, PDFs, or other supported files to explain a report. Uploaded files may contain personal information about the user or other persons and so users must avoid uploading unnecessary images of uninvolved persons, children, medical or identity documents, private interiors, or unlawful content. 3.6.3 File Review and Restriction Pearly may scan, restrict, remove, or refuse files that appear unsafe, unlawful, abusive, malicious, or unnecessary for report handling. 3.7 Sharing and International Transfers 3.7.1 Sharing of Personal Information Pearly may share personal information only where necessary for the purposes described in this Privacy Policy. 3.7.2 Categories of Recipients This may include sharing with: Government departments and public agencies Emergency responders Hosting and cloud providers Email and SMS providers Push notification providers Mapping services Approved AI and automation providers Security and monitoring providers Legal, regulatory, or audit bodies where disclosure is required by law or authorized process 3.7.3 International Transfers Some service providers used by Pearly may process or store personal information outside Barbados. Where personal information is transferred or processed outside Barbados, Pearly will take reasonable steps to ensure that appropriate contractual, legal, and security safeguards are in place in accordance with applicable law. 3.8 Security Safeguards 3.8.1 Use of Safeguards Pearly uses technical, organizational, and administrative safeguards to protect personal information. 3.8.2 Types of Safeguards These safeguards may include: Encryption in transit Encryption at rest in approved production systems Role-based access control Audit logging Secure storage controls Rate limiting and abuse controls Controlled export processes Vendor security requirements 3.8.3 User Responsibility for Personal Security No system can guarantee complete security. Users must protect their devices, email accounts, phone numbers, and one-time passcodes. 3.9 Data Retention and Deletion 3.9.1 Retention Principles Pearly keeps personal information only for as long as necessary for service delivery, security, audit, legal, regulatory, and operational purposes. 3.9.2 Suspension of Deletion Pearly may suspend deletion where records are subject to legal hold, investigation, audit, regulatory request, court order, or other lawful requirement. 3.9.3 Account Deletion Limitations Deleting or closing a Pearly account does not automatically delete all report records. Where deletion cannot be completed because retention is legally or operationally required, Pearly will explain the reason where appropriate. 3.9.4 Partial Deletion or Restriction Where possible, Pearly may apply partial deletion, deactivation, anonymization, or restriction of non-essential data. 3.10 Your Rights 3.10.1 Available Rights Subject to applicable law and valid exceptions, users may have rights including: Access Correction Restriction of processing Deletion or erasure where applicable Objection where applicable Withdrawal of consent for optional consent-based features Complaint to Pearly or the relevant data protection authority 3.10.2 Identity Verification Pearly may need to verify a user’s identity before responding to a rights request. 3.11 Changes to This Privacy Policy 3.11.1 Right to Update This Privacy Policy Pearly may update this Privacy Policy to reflect changes in law, technology, security controls, vendors, features, or operational practices. 3.11.2 Notice of Material Changes Material changes will be communicated through the app, website, or another appropriate method before or when the updated policy takes effect. 4. Contact Information For questions, privacy requests, or concerns about this Privacy Policy, contact: Pearly Team Controller: TouchStar Robotics and AI Email: Support@pearly.bb

Pearly Citizen App – Terms of Use Effective Date: 1st May 2026 Version: 1.0 Responsible Organizations / Joint Controllers: Prime Minister’s Office and TouchStar Robotics and AI 1. Introduction These Terms of Use (“Terms”) govern your access to and use of the Pearly Citizen App, including the web and mobile versions of the app (“Pearly”, “we”, “us”, or “the App”). Pearly is provided to allow residents, citizens, and visitors in Barbados to submit, track, and receive updates about public service issues and related reports. By accessing or using Pearly, you agree to comply with these Terms. If you do not agree, you must not use the App. These Terms must be read together with Pearly’s Privacy Policy and Acceptable Use Policy, which are incorporated by reference. 2. Definitions User Any person using the Pearly Citizen App. Institution Any government department, public agency, emergency responder, contractor, service provider, or other authorized body that may receive, review, process, or act on reports submitted through Pearly. Content Any text, description, image, video, document, location information, reply, or other material submitted through Pearly. Report Any complaint, issue report, emergency report, suggestion, reply, or other submission made through Pearly. 3. Terms of Use Requirements 3.1 Eligibility and Access 3.1.1 Intended Users Pearly is intended for use by residents, citizens, and visitors in Barbados to submit reports concerning public service issues and related matters supported by the app. 3.1.2 Authentication Requirement To access certain features, users may be required to authenticate using a valid email address or mobile phone number and a one-time passcode. 3.1.3 User Confirmation By using Pearly, the user confirms that: the information provided is accurate and truthful the user is using Pearly only for lawful and legitimate purposes the user will comply with these Terms and the Acceptable Use Policy 3.2 User Accounts and Authentication 3.2.1 OTP-Based Access Authentication is completed using a one-time passcode sent to the phone number or email address provided by the user. 3.2.2 User Responsibility for Access Security Users are responsible for safeguarding access to their email account, phone number, device, and any one-time passcode sent to them. Anyone with access to the user’s email or phone may be able to access that user’s Pearly account. 3.2.3 Prohibited Authentication Conduct Users must not: share a one-time passcode with another person allow another person to use their account to submit reports attempt to access another person’s account 3.2.4 Compromise Reporting Users must notify Pearly promptly if they believe their account, device, phone number, or email account has been compromised or used without authorization. 3.3 Permitted Use 3.3.1 Legitimate Public Service Use Only Users may use Pearly only for legitimate public service purposes supported by the app. 3.3.2 Permitted Activities Permitted use includes: submitting reports relating to public infrastructure, utilities, traffic, safety, or other supported public service concerns providing relevant descriptions, location details, and supporting evidence where appropriate tracking the status of the user’s own reports replying to follow-up questions or updates relating to the user’s reports using optional alert, notification, or public information features where available 3.3.3 Good-Faith Reporting Requirement Reports must be made honestly, accurately, and in good faith. 3.4 Prohibited Use 3.4.1 Prohibited Conduct Users must not use Pearly to: submit false, misleading, fraudulent, or bad-faith reports abuse emergency or urgent reporting features spam the platform with duplicate, irrelevant, or nuisance submissions harass, threaten, defame, or abuse another person upload malicious files, malware, phishing material, or harmful content post offensive, unlawful, or discriminatory content submit unnecessary personal information about other people upload intrusive or unnecessary images or videos of uninvolved people, children, or private spaces attempt unauthorized access to the Pearly Staff App, application programming interfaces, restricted systems, or another user’s account interfere with, attack, bypass, or disrupt Pearly’s operation or security controls misuse AI-assisted, public alert, notification, or other features where enabled 3.4.2 Additional Conduct Rules Additional conduct rules are set out in the Pearly Acceptable Use Policy. 3.4.3 Enforcement Rights Violations may result in content removal, restriction, suspension, termination of access, investigation, or legal action where appropriate. 3.5 Ownership of Content 3.5.1 User Ownership Users retain ownership of the content they submit, including descriptions, images, and videos. 3.5.2 License to Pearly and Relevant Institutions By submitting a report, a user grants Pearly and the relevant institutions a non-exclusive, royalty-free, worldwide license to use, process, and share the content solely for the purpose of receiving, reviewing, routing, investigating, and resolving public service issues. 3.5.3 Pearly Intellectual Property Pearly, its trademarks, branding, and associated platform assets remain the exclusive property of the Pearly Team or its licensors. 3.6 Privacy and Data Handling 3.6.1 Privacy Policy Applies Use of Pearly is also governed by the Pearly Privacy Policy. 3.6.2 User Acknowledgment of Privacy Handling By using Pearly, the user acknowledges that Pearly may collect, use, share, retain, and protect personal information in accordance with the Privacy Policy, including for authentication, report handling, routing, notifications, security, legal compliance, and related operational purposes. 3.6.3 Optional Features Where optional features are enabled, Pearly may also use location, notifications, preferences, AI-assisted tools, or similar functionality as described in the Privacy Policy. 3.7 Service Availability and Disclaimer 3.7.1 No Guarantee of Outcome Pearly facilitates communication between users and relevant institutions, but Pearly does not guarantee that: every issue reported will be resolved every report will be resolved within a particular timeframe every feature will always be available every institution will act on a report in a particular way 3.7.2 Service Interruptions Pearly may be unavailable from time to time due to maintenance, upgrades, emergencies, technical issues, third-party service failures, or other operational reasons. 3.7.3 As-Is Basis To the fullest extent permitted by law, Pearly is provided on an “as is” and “as available” basis without warranties of any kind. 3.8 Limitation of Liability 3.8.1 Limitation of Platform Liability To the fullest extent permitted by law, Pearly and its operators are not liable for indirect, incidental, special, consequential, or similar losses arising from or connected with the user’s use of the app. 3.8.2 Institutional Actions Not Controlled by Pearly Pearly is not responsible for delays, omissions, failures, or decisions of institutions, responders, departments, or authorized third parties in relation to submitted reports. 3.8.3 Non-Excludable Liability Nothing in these Terms excludes liability where liability cannot lawfully be excluded. 3.9 Suspension and Termination 3.9.1 Right to Restrict or Suspend Use Pearly may restrict, suspend, or terminate access to the app where: the user violates these Terms the user violates the Acceptable Use Policy the user engages in unlawful, abusive, fraudulent, or malicious activity the user’s conduct creates a security, privacy, legal, or operational risk 3.9.2 Content Restrictions Pearly may remove or restrict content where reasonably necessary for security, privacy, legal, operational, or public-interest reasons. 3.10 Governing Law and Jurisdiction 3.10.1 Governing Law These Terms are governed by the laws of Barbados. 3.10.2 Jurisdiction Any dispute arising from or relating to these Terms or the user’s use of Pearly shall be subject to the exclusive jurisdiction of the courts of Barbados, unless applicable law requires otherwise. 3.11 Changes to Terms 3.11.1 Right to Update Terms Pearly may update these Terms from time to time to reflect changes in law, policy, technology, app features, operational requirements, or service design. 3.11.2 Notice of Material Changes Material changes will be communicated through the app, website, or another appropriate method. 3.11.3 Continued Use After Changes Continued use of Pearly after updated Terms take effect means the user accepts the revised Terms.