Last Updated: May 1, 2026

This Privacy Policy (“Policy”) explains how Boon Business Solutions, Inc. d/b/a Aboon and its affiliates (“Aboon,” “we,” or “us”) collect, use, disclose, and protect information when you interact with us through our website at aboon.com, our online platform, or any other products, services, or communications we offer (collectively, the “Services”). By accessing or using the Services, you agree to this Policy.

We may update this Policy from time to time. Any changes will be reflected on this page and will become effective upon posting.

1. Who This Policy Applies To

Certain provisions of this Policy may or may not apply to you depending on the relationship we have with you and how you interact with us. The information we collect and how we use it may differ depending on whether you are:

• A representative of a current, former, or prospective retirement plan sponsor (“Plan Sponsor”);
• A financial advisor, third-party administrator, or other service provider accessing the platform on behalf of a Plan Sponsor (“Authorized Representative”);
• A retirement plan participant whose data is submitted to us by a Plan Sponsor or Authorized Representative (“Participant”); or
• A general visitor to our website.

If you are a Participant, note that your plan sponsor, not Aboon, is your primary point of contact for questions about your retirement plan data. Aboon processes Participant data on behalf of Plan Sponsors as a service provider. If you have questions about how your data is handled or wish to exercise any data rights, contact your plan sponsor. See “ERISA-Regulated Data” below for more detail.

Our Services are intended for use by persons within the United States. We do not knowingly collect information from individuals outside the U.S. or from children under the age of 16.

2. Information We Collect

Information You Provide Directly

We collect information you provide to us, including:

• Contact information (name, email address, phone number)
• Account credentials
• Demographic and role information
• Business and employer information
• Payroll information
• Other information you provide through the platform, forms, surveys, emails, or uploads

Information from Integrations

If you connect third-party systems to our platform, we may receive information through those integrations, including:

• Information from API, webhook, or credentialed access to your HRIS or payroll provider

Information Collected Automatically

When you visit our website or use the platform, we automatically collect certain technical and usage information, including:

• Device information (type, operating system, browser)
• Usage information (pages viewed, interactions, time spent)
• IP address and general location
• Access dates and times

Cookies and Similar Technologies

We use cookies and similar tracking technologies to operate and improve our Services, keep you logged in, remember preferences, and analyze usage. You may manage cookie preferences through your browser settings, though disabling certain cookies may affect platform functionality.

Aggregated and Anonymized Data

We may use and share aggregated or anonymized data, which is data that has been processed to remove all direct and indirect identifiers such that it cannot reasonably be used to identify any individual or organization, for benchmarking, analytics, reporting, service improvement, and related purposes.

ERISA-Regulated Data

As a third-party administrator (TPA) for retirement plans, Aboon handles data subject to ERISA. For such data, we:

• Maintain records in accordance with ERISA record retention requirements
• Implement security measures appropriate for retirement plan data
• Limit access to ERISA-regulated data to authorized personnel only
• Provide necessary data to Plan Sponsors, government regulators, and others as required by law

Aboon processes Participant data on behalf of Plan Sponsors as a service provider. Aboon does not control the purposes for which Participant data is collected; that responsibility rests with the Plan Sponsor. Participants who wish to access, correct, or request deletion of their data should contact their Plan Sponsor directly.

3. How We Use Your Information

We use the information we collect to:

• Operate, maintain, and improve the Services
• Provide and deliver retirement plan administration services
• Send account-related communications, including confirmations, security alerts, and system updates
• Respond to questions and provide customer support
• Protect against fraudulent, unauthorized, or illegal activity
• Create aggregated or anonymized data for analytics, benchmarking, and reporting
• Comply with applicable laws and regulations, including ERISA

4. When We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• To comply with applicable laws, regulations, or lawful requests from government authorities
• To protect the rights, property, or safety of Aboon, our users, or others
• With service providers and professional advisors (such as technology vendors, auditors, and legal counsel) who need access to perform services on our behalf
• With other plan service providers as necessary to administer a retirement plan, consistent with Plan Sponsor instructions
• In connection with a merger, acquisition, or sale of business assets, subject to confidentiality obligations
• As otherwise directed by a Plan Sponsor or Authorized Representative

5. Data Security

Access Controls

• All data is encrypted at rest
• Secure logins and passwords are enforced
• Customer data access is audited and limited to employees on a least-privilege basis
• Access to production environments is limited based on business need
• Employees receive training on data protection
• All access is immediately revoked upon employee termination

Technical Safeguards

• All customer data is stored within Amazon Web Services (AWS) infrastructure
• Customer data is segregated to prevent exposure to other customers
• SSL/TLS security on all web requests
• Secure traffic management via Cloudflare
• Sensitive documents stored in private S3 buckets with authentication requirements
• No plain text storage of passwords, API keys, or credentials

Security Assessments

• Code review before implementation, including third-party tools
• Real-time error logging, system monitoring, and security alerts
• Annual vulnerability and security audits by independent third parties

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected customers and applicable regulators as required by law and take appropriate steps to investigate and mitigate the breach.

6. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or request deletion of your personal information, object to certain processing, or request data portability. If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, contact us at privacy@aboon.com. We will respond to requests consistent with applicable law.

If you are a Participant, contact your plan sponsor as described in “ERISA-Regulated Data” above.

7. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the legitimate business purposes for which the information was collected, to meet our legal obligations, or to protect or defend our legal rights. For data subject to ERISA record retention requirements, the applicable ERISA retention period (generally six years) controls.

8. Communications

We may send you communications that you are required to receive, such as account notices, security alerts, and service updates. You may customize your preferences for other communications. You may unsubscribe from marketing emails at any time by clicking the unsubscribe link in any marketing email or by contacting us at privacy@aboon.com.

9. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies before providing any information.

10. Contact

Contact us at privacy@aboon.com with any questions regarding this Policy.