Organizational Conflict of Interest Policy

Aliff Solutions FZC ("Aliff Solutions") is committed to maintaining the highest standards of integrity and fairness in the government contracting marketplace. This Organizational Conflict of Interest ("OCI") Policy describes the measures we take to identify, avoid, mitigate, and disclose potential conflicts of interest arising from our role as a service provider to multiple government contractors.

This policy is informed by the principles and requirements of the Federal Acquisition Regulation (FAR) Subpart 9.5 — Organizational and Consultant Conflicts of Interest, and is designed to ensure that our services do not create an unfair competitive advantage for any client or compromise the integrity of any government procurement process.

While Aliff Solutions is not a direct government contractor, we recognize that our platform and advisory services may provide information and analysis used by our clients in connection with government procurements. We therefore adopt proactive OCI safeguards to protect all parties.

This policy applies to all services provided by Aliff Solutions, including:

• The Aliff Solutions SaaS platform and all analytical engines
• Aliff Copilot AI advisory services
• GovCon readiness assessments and consulting engagements
• Strategic advisory and discovery sessions
• Any white-glove consulting services delivered under individual MSAs/SOWs

This policy covers all interactions with all clients, including scenarios where multiple clients may be competing for the same government contract opportunity.

Aliff Solutions recognizes three primary categories of OCI as defined by FAR 9.5:

Aliff Solutions implements the following technical information barriers to prevent cross-client data exposure:

• Multi-tenant row-level security (RLS): All database tables containing client data are protected by PostgreSQL row-level security policies scoped to the client's organization_id. These policies are enforced at the database layer, not the application layer, preventing any cross-tenant data queries regardless of application behavior
• Organization-scoped API endpoints: Every API endpoint that accesses client data includes organization_id isolation, verified against the authenticated user's organizational membership. Requests cannot access data belonging to other organizations
• No cross-tenant data queries: The platform architecture does not support queries that span multiple organizations. There is no administrative interface or API that aggregates or compares proprietary data across clients
• Staff access controls: Internal staff access to client data is restricted to authorized support personnel, logged in audit trails, and subject to least-privilege principles. Staff cannot view client bid strategies, pricing models, or competitive intelligence without explicit authorization
• AI model isolation: Aliff Copilot conversations are scoped to the requesting organization. The AI model does not have access to other clients' proprietary data during inference. Any data used for model improvement is anonymized and aggregated as described in our AI Terms of Service

Aliff Solutions may serve multiple clients who compete for the same government contract opportunities. In such cases:

• Identical platform features: All clients receive access to the same platform features, analytical engines, and AI capabilities. No client receives preferential treatment, enhanced algorithms, or additional data sources based on their competitive position
• No client-specific competitor intelligence sharing: Aliff Solutions will never share one client's proprietary data, bid strategies, pricing models, teaming arrangements, or competitive intelligence with another client — directly or indirectly through AI model outputs or platform features
• Public data only: All competitive intelligence provided through the platform is derived from publicly available sources (SAM.gov, FPDS, USAspending.gov, Federal Register, etc.). Proprietary client data is never incorporated into competitive analysis for other clients
• Conflict notification: If Aliff Solutions identifies a direct conflict that cannot be adequately mitigated through technical controls — for example, if a white-glove consulting engagement requires Aliff Solutions personnel to have access to multiple competing clients' detailed bid strategies for the same solicitation — Aliff Solutions will notify the affected clients and work to resolve the conflict, which may include declining one engagement

Proactive disclosure: Aliff Solutions will disclose the existence of this OCI policy and the nature of our information barrier controls to any client upon request and during the onboarding process.

Annual review: This OCI policy is reviewed at least annually by Aliff Solutions leadership. Reviews assess:

• Effectiveness of technical information barriers
• Any OCI incidents or near-misses reported during the review period
• Changes in client base that may create new conflict scenarios
• Updates to FAR or other applicable regulations
• Improvements to platform architecture that affect data isolation

Record keeping: Records of OCI assessments, disclosures, and mitigation actions are maintained for a minimum of three (3) years.

If you have questions about this OCI policy, wish to report a potential conflict of interest, or need to request an OCI disclosure for a specific procurement, please contact us.

All OCI concerns will be reviewed promptly and taken seriously. We are committed to transparency and to maintaining the trust of all our clients.

Entity: Aliff Solutions FZC, Ras Al Khaimah, United Arab Emirates