This Privacy Policy sets forth the privacy practices of Taproot Management, L.P. (“Taproot,” “we,” “our,” or “us”) with respect to our collection, use, sharing, and disclosure of Personal Information, including, but not limited to, Personal Information collected through this website (the “Site”), how it is used, and the circumstances under which it may be shared and disclosed. This Privacy Policy constitutes a legally binding agreement between you and Taproot that conditions your use of the Site, where and as permitted by applicable law.

If you are a California resident, please review our California Privacy Notice below.

1. Personal Information We Collect

When you visit the Site or during our ordinary business activities, Taproot may collect or ask you to provide certain nonpublic personal information (“Personal Information”) in order to help us manage our relationship with you and serve your investment needs. The Personal Information we may collect from you may include personally identifiable information including names, residential or business addresses, or other contact details (including phone numbers for calling and SMS text messaging), signature, nationality, tax identification or passport number, date of birth, place of birth, photographs, copies of identification documents, bank account details, information about assets or net worth, credit history, information on investment activities, or other personal information, such as certain special categories of personal data (including, where relevant, information on political affiliations, ethnic origin, or criminal convictions), as specified under applicable law, that may be contained in the relevant materials, documents, or obtained through background searches.

For more information regarding our use of SMS text messaging, please view our SMS Privacy Policy.

2. Sources of Personal Information

We may collect Personal Information from:

• Your communications with us;
• Your transactions with us;
• Services providers; and
• Affiliates

3. How we Use Personal Information

We use Personal Information for the following business purposes:

• To provide our products and services and serve your investment needs;
• To provide customer service and process your requests and inquires;
• To offer new information, products and services;
• To open an advisory account or securities brokerage account;
• To process transactions for client accounts;
• For account maintenance;
• To communicate with you;
• To protect the security and integrity of the Site;
• To prevent or investigate fraud or other unlawful activity, and detect security incidents; and
• To comply with and enforce applicable legal requirements.

4. How we Share Personal Information

Your privacy is important to us. Taproot does not disclose any Personal Information to nonaffiliated third parties, except to service or manage a client’s account or as permitted or required by law. We do not sell any Personal Information.

Every client has the right to direct Taproot not to disclose the Personal Information about that client to a nonaffiliated third party. If a client would like to exercise its right to opt out of this Privacy Policy, each client must provide a written statement exercising that right. This right to opt out may be exercised at any time and will remain in effect until written notice revoking said right is received by Taproot from the client. However, in the event Taproot encounters circumstances where it is compelled by law to disclose a client’s Personal Information, Taproot must provide, to non-affiliated third parties, a client’s Personal Information even if the client has exercised its right to opt out. We reserve the right at all times to disclose any information as necessary to satisfy any law, regulation or governmental request, to avoid liability, or to protect our rights or property.

5. How we Protect Personal Information

Taproot seeks to carefully safeguard Personal Information. We will use commercially reasonable efforts to ensure that Personal Information is kept secure and safe from any loss or unauthorized disclosure or use. We restrict access to our client’s Personal Information to employees or other personnel requiring that Personal Information to provide our products or services. We will not retain personal information for longer than is necessary in relation to the purpose for which it is collected, subject to applicable laws.

6. Notice for Residents of the European Economic Area and United Kingdom

Taproot does not currently offer its products or services to natural persons resident in the European Union or the United Kingdom (“EEA/UK”) and, accordingly, is not required to comply with the EU General Data Protection Regulation (“GDPR”). Any personal data provided to us by you will be processed in the United States or other jurisdictions outside the EEA/UK which may not afford the same protections of personal data as under the GDPR or equivalent laws in the UK.

8. Cookies

Taproot and our third-party service providers may use cookies and similar technologies to support the operations of the Site. Cookies are pieces of information that a website places on the hard drive of your computer when you visit the website. Cookies may involve the transmission of information from us to you and from you to us, to another party on our behalf, or to another party in accordance with this privacy policy. We may also use cookies to bring together information we collect about you. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. If yourefuse a cookie when on this website, or if you delete cookies, you may experience some inconvenience in your use of our website.

9. Who to Contact About This Privacy Policy

If you have any questions about this Privacy Policy, please contact Taproot by email at compliance@taprootmanagement.com

Privacy Notice For California Consumers

Last updated February 2025

This notice contains disclosures required by the California Privacy Rights Act (“CPRA”). Terms defined in the CPRA have the same meaning when used in this notice. This notice is only relevant to California residents (“consumers” or “you”), who may include the following: prospective investors, representatives of entities we do business with, employees/job applicants, and users of our website. Consumers with disabilities may access this notice by contacting Taproot by email at compliance@taprootmanagement.com to request a copy of this notice in an alternative format, such as a .pdf version of this notice that is compatible with character recognition software.Information We Collect. In the past 12 months, we may have collected and shared for a business purpose the following categories of personal information (“Personal Information”) about California consumers:

Category	Examples	Shared for Business Purpose
Identifiers	A real name, alias, email address, postal address, Internet Protocol (IP) address, account name, Social Security number, driver’s license number, tax identifier or passport number, or other similar personal identifiers.	YES
Other personal information categories, as listed in the California Customer Records Statute	A signature, telephone number, employment, bank account number, information about assets or net worth, information on investment activities or any other financial information.	YES
Protected classification characteristics under California or federal law	Age (40 years or older), race, citizenship, marital status, sex, veteran or military status.	YES
Commercial information	Account activity, records of products or services purchased, obtained, or considered, or other purchasing histories.	YES
Internet or other similar network activity	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES
Professional or employment related-history	Current or past job history	YES
Inferences Drawn from other personal information	Profile reflecting a person’s preferences, characteristics and interests.	YES
Sensitive personal information	A consumer’s SS, driver’s license, state ID card, or passport number; account log-in or debit/credit card number in combination with any access code, password, or account credentials; precise geolocation; racial/ethnic origin, religious/philosophical beliefs, or union membership; contents of mail, email, and text messages; genetic data; biometric information; PHI; or sex life or sexual orientation.	YES

Personal Information does not include information that is publicly available, de-identified/ aggregated, or subject to HIPAA or GLBA.

We collect Personal Information from the sources provided in Section 2 of the general Privacy Notice above.

We do not knowingly collect, solicit or sell Personal Information from anyone under the age of 16 without the prior consent of a parent or guardian.

Use of Personal Information. We may use the Personal Information we collect as provided in Section 3 of the general Privacy Notice above.

Sharing Personal Information. We may disclose Personal Information as provided in Section 4 of the general Privacy Notice above.

In the past 12 months, we have not sold Personal Information to third parties, and we have shared the categories of personal information we collect only as set forth above.

Length of Time. We will keep your Personal Information for as long as necessary to comply with our regulatory obligations.

Rights of California Consumers. The CPRA provides a California consumer the following rights, subject to certain exceptions and limitations:

• The right to request: (a) the categories and specific pieces of Personal Information we collect about you; (b) the categories of sources from which we collect your Personal Information; (c) our purposes for collecting, selling or sharing your Personal Information; (d) the categories of Personal Information disclosed for a business purpose and the categories of persons to whom it was disclosed; (e) the categories of your Personal Information (if any) that we have either sold, shared, or disclosed.
• For certain categories of Personal Information, the right to request a list of what we disclosed to third parties for their own direct marketing purposes in the past 12 months and the names and addresses of those third parties.
• The right to request that we delete your Personal Information, subject to certain exceptions.
• The right to opt out of our sale(s) (if any) of your Personal Information.
• The right to request we correct any inaccurate Personal Information maintained about you.
• The right to limit our use of your sensitive personal information to only use that is necessary to perform the services expected or provide the goods reasonably expected.
• The right not to receive discriminatory treatment for exercising your CPRA rights.

You may submit requests relating to your CPRA rights to us via email:
compliance@taprootmanagement.com

You may only make a verifiable request for access or data portability twice within a 12-month period. All verifiable requests must provide (1) enough information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative and (2) sufficient detail that allows us to properly evaluate and respond to it.

We endeavor to respond to a verifiable request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.

You may designate an authorized agent to make a CPRA request on your behalf. In such case, we will ask the agent to provide proof that you have given the agent signed permission to act on your behalf. In addition, we will ask you to (1) verify your identity directly with us in the manner described above and (2) directly confirm with us that you have provided the agent permission to make the request on your behalf.

Questions

Please contact Taproot by email at compliance@taprootmanagement.com for any questions about this Notice or requests with regards to our handling of personal information.

SMS Privacy Policy

Last updated February 2025

At Taproot, we are committed to safeguarding your privacy and ensuring that your personal information remains secure. This SMS Privacy Policy outlines how we collect, use, and protect your phone number and other information when you opt-in to receive SMS text communications from us, which we make available to you through Global Relay, a third-party service provider. These policies only apply to individuals who opt-in to receiving SMS text communications from us and do not apply to any “non-consumers” (i.e., agents, representatives, or other individuals acting on behalf of a business, organization, or other entity).

1. Information We Collect

When you sign up to receive SMS messages from us, we may collect the following information:

• Your mobile phone number: This is the primary information we use to send you text messages.
• The text of messages that you send to us.
• Other information you provide: Such as preferences or communication opt-ins.

We only collect and store the minimum necessary information to provide you with SMS services and as required under applicable laws.

2. How We Use Your Information

We use the information we collect to communicate with you, provide services to you, and/or to process and respond to your inquiries.

3. Disclosure of Your Information

No mobile opt-in will be shared with third parties for marketing or promotional purposes. We do not share text messaging originator opt-in data and consent with third parties. However, we may share originator opt-in data and consent with our third-party text messaging platform provider as may be necessary to send you messages in the conduct of business. We reserve the right at all times to disclose any information as necessary to satisfy any law, regulation or governmental request, to avoid liability, or to protect our rights or property.

4. Opt-In Consent

By providing your phone number and subscribing to our SMS services, you consent to receiving SMS text messages from us. You may opt in to communicating with us via SMS text messages by:

• Verbal consent, for example in person or over a phone call; or
• Initiating SMS text messaging directly with Taproot personnel.

5. Opt-Out and Unsubscribing

You can opt out of receiving SMS messages at any time by replying "STOP" to any text message we send. After opting out, you will no longer receive SMS messages from us.If you opt out and later wish to receive SMS communications again, you must opt-in by providing your phone number through the appropriate channels.If at any time you forget what keywords are supported, just text "HELP" to any text we send for support or more information.

6. Message Frequency and Rates

The number of messages you receive will vary depending on your interactions with us and our services. Standard message and data rates from your mobile carrier may apply to all SMS communications sent or received through your mobile device. Please check with your carrier for more information. Taproot is not liable for the cost of any such messages.

7. Data Security

Taproot will use commercially reasonable efforts to ensure that personal information is kept secure and safe from any loss or unauthorized disclosure or use. However, please note that no method of transmission is 100% secure. We cannot guarantee that hackers or unauthorized personnel will not gain access to your personal information despite our efforts. You should note that in using SMS text messaging to communicate with us, your information will travel through third party infrastructures which are not under our control (such as a third party SMS delivery platform or your carrier network).

8. Contact Us

If you have any questions or concerns about this SMS Privacy Policy or wish to manage your SMS preferences, please contact us at compliance@taprootmanagement.com.