Privacy Policy

IRONWOOD CAPITAL MANAGEMENT PRIVACY POLICY

Ironwood Capital Management,

General Partner, Manager or Investment Manager to:

Ironwood Partners L.P.

Ironwood International Ltd.

Ironwood Institutional Ltd.

Ironwood Institutional Multi-Strategy Fund LLC

Ironwood Multi-Strategy Fund LLC

(the “Advisory Clients”)

Effective Date: December 31, 2025

This Privacy Policy describes the kinds of personal information Ironwood Capital Management Corporation (“Ironwood”) may collect during your visit to our website (http://ironwoodpartners.com) (the “Site”), when you communicate with Ironwood, use our products and services (“Services”), how we use your information, how we protect your information, and how you can exercise options regarding your information.

Unless authorized by the specific client or former client, or as permitted by law, Ironwood will not disclose non-public personal information (such as name, address, social security number, tax identification number, net worth, total assets, income and other financial information necessary to determine required accreditation standards) about its clients or former clients to third parties other than affiliates and/or other third party firms that assist Ironwood in providing advisory services and/or effecting client transactions (such as brokers, fund administrators and compliance/operational support service providers). Instances in which Ironwood may, as authorized and as disclosed in its Privacy Policy, share its customers’ information with non-affiliated third parties include:

  1. disclosure to companies that provide services necessary to effect a transaction that you request or to service your account such as administrators, accountants, or mailing services.

  2. disclosure to government agencies, courts, parties to lawsuits, or regulators in response to subpoenas. In such cases, we share only the information that we are required or authorized to share.

This Privacy Policy forms part of our Terms of Use, which is available here (https://www.ironwoodpartners.com/terms-of-use/). By visiting our Site, and using our Services, you consent to our collecting and storing personal information as described in this Privacy Policy and in the Terms of Use. Please read these documents carefully.

We may revise this Privacy Policy at our discretion. Ironwood will inform investors of any changes as required by law, and will post any changes on this page and update the “Last Updated” date. Your continued use of our Site and Services after changes have been posted will constitute your acceptance of this Privacy Policy and any changes.

The sections of this Privacy Policy are as follows:

I. Types of Personal Information We Collect and How We Use and Share the Information
II. Sale/Share of Personal Information
III. Data Retention and Security
IV. International Data Transfers
V. Third Party Websites
VI. Your Privacy Rights
VII. How to Contact Us and Exercise Your Privacy Rights

I. Types of Personal Information We Collect and How We Use and Share the Information

When you interact with Ironwood, Ironwood may collect personal information about you. “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include deidentified or aggregate information or public information lawfully available from governmental records.

The following table categorizes the types of such information we have collected in the last 12 months and, for each category, provides the sources from which that information was collected, why we collected the information, and with whom we shared the information. We anticipate continuing to collect the information discussed in the table from the same sources, as well as continuing to use and share it as described below.

Identifiers, such as name, email address, address, phone number, tax identification number, facsimile number, social security number or other similar identifiers

  1. Sources from which PI was collected

    1. From our interactions with individuals seeking to obtain or obtaining our products and services or otherwise interacting with or contacting us (“You”)

    2. From your agents, representatives, consultants and advisers (“Agents and Representatives”)

    3. From government sources and records and other publicly-available information (“From government sources and records and other publicly-available information (“Public Information”)

  2. Purpose of collection

    1. Providing advisory services necessary and effecting client transactions, including: onboarding new investors and opening accounts, servicing existing accounts, including processing subscriptions, redemptions and transfers, responding to investor requests and concerns (“Advisory Services”)

    2. Carrying out our obligations arising under our contract with you and to enforce the same (“Contractual Obligations”)

    3. Verifying or authenticating your identity, including for access to our systems (“Identity Verification”)

    4. Protecting our facilities, systems, and personnel; preventing fraud, abuse and crime; responding to emergencies (“Protection and Defense”)

    5. Managing and fulfilling legal and regulatory requirements, responding to valid legal requests (“Regulatory and Compliance”)

  3. Categories of entities with which PI was shared

    1. Service providers, e.g., cloud storage provider, anti-money laundering screening provider, fund administrator, transfer agent, custodian or broker-dealer (“Service Providers”)

    2. Advisors and consultants including accountants, prime brokers, accountants, banks, attorneys, or other administrators (“Advisors”)

    3. Fraud prevention agencies and law enforcement agencies; courts, governmental and non-governmental regulators and ombudsmen (including, without limitation, to report tax related information to tax authorities in order to comply with a legal obligation); parties to lawsuits; other competent authorities (including tax authorities), courts and bodies as required by law or requested (“Competent Authorities”)

    4. Affiliates

Characteristics of protected classes and demographic information, such as age, sex, marital status

  1. Sources from which PI was collected

    1. You

    2. Agents and Representatives

    3. Public Information

  2. Purpose of collection

    1. Investor Services

    2. Identity Verification

    3. Protection and Defense

    4. Regulatory and Compliance

  3. Categories of entities with which PI was shared

    1. Service Providers

    2. Advisors

    3. Competent Authorities

    4. Affiliates

Commercial and financial information, such as records of personal property, products or services purchased, obtained, or considered, information on investments, assets, net worth, tax status, holdings, account balances, transaction history, bank account details, wire transfer instructions

  1. Sources from which PI was collected

    1. You

    2. Agents and Representatives

    3. Public Information

  2. Purpose of collection

    1. Investor Services

    2. Identity Verification

    3. Contractual Obligations

    4. Regulatory and Compliance

  3. Categories of entities with which PI was shared

    1. Service Providers

    2. Advisors

    3. Competent Authorities

    4. Affiliates

Internet or other electronic activity information, including information regarding an individual’s interaction with the Site, emails sent and received

  1. Sources from which PI was collected

    1. e-Traffic

    2. From emails sent and received by Ironwood employees

  2. Purpose of collection

    1. Investor Services

    2. Identity Verification

    3. Protection and Defense

    4. Regulatory and Compliance

  3. Categories of entities with which PI was shared

    1. Service Providers

    2. Advisors

    3. Competent Authorities

    4. Affiliates

Electronic, or visual information, such as copies of drivers’ license, passport or other photograph identification

  1. Sources from which PI was collected

    1. You

    2. Agents and Representatives

    3. Public Information

  2. Purpose of collection

    1. Investor Services

    2. Identity Verification

    3. Protection and Defense

    4. Regulatory and Compliance

  3. Categories of entities with which PI was shared

    1. Service Providers

    2. Advisors

    3. Competent Authorities

    4. Affiliates

Associations and affiliations, such as whether an investor or its personnel are related to someone who is employed in the securities industry, information about related parties to an account, and beneficiaries

  1. Sources from which PI was collected

    1. You

    2. Agents and Representatives

    3. Public Information

  2. Purpose of collection

    1. Investor Services

    2. Identity Verification

    3. Regulatory and Compliance

  3. Categories of entities with which PI was shared

    1. Service Providers

    2. Advisors

    3. Competent Authorities

    4. Affiliates

In addition to the categories of entities to whom we share information identified above, we will also disclose your personal information if you direct us to do so. We may also disclose your personal information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also disclose your personal information to third parties to help detect and protect against fraud or data security vulnerabilities. And we may disclose or transfer your personal information to a third party in the event of an actual or potential sale, merger, reorganization of our entity or other restructuring.

In the last 12 months we have not sold any Personal Information. Ironwood does not and will not sell Personal Information to third parties.

II. Sale/Share of Personal Information

We do not sell Personal Information and we do not share Personal Information for cross-context behavioral advertising.

III. Data Retention and Security

We retain the categories of personal information we collect for the length of time necessary to provide our services and to comply with legal obligations or to protect our legal rights.

Ironwood has established and maintains reasonable security measures that cover its use of computers and other technologies and are intended to maintain the confidentiality of personal information. Nevertheless, no security measures are infallible and security incidents can occur for reasons beyond our control.

IV. International Data Transfers

We are based in the United States. The information you submit to us and that we collect as a result of using our Site or Services will be transferred to the United States. By using our Site or Services, you consent to the collection, international transfer, storage, and processing of your information. If it is illegal to access our Site or Services or transfer your data to the United States, please do not use our Site or Services.

V. Third Party Websites

Our Sites may contain links to third-party websites, including social media buttons that link to social media platforms. This Policy does not govern how those third parties or social media platforms collect or use personal information and we do not endorse or have control over their practices. The privacy policies and terms of use for those third parties’ websites/apps or social media platforms govern those companies’ privacy practices. We are not responsible for the content or privacy practices of any third-party websites/apps or platforms.

VI. Your Privacy Rights

A. Rights Under Federal Law and State Financial Privacy Laws

The personal information we collect from and about you in connection with our provision of our Services and your inquiries to us about our Services is governed by the federal Gramm-Leach-Bliley Act (“GLBA”) and financial privacy laws in certain states, such as the California Financial Information Privacy Act.

We refer to the personal information governed by these laws as “nonpublic personal information” or “NPI.” We do not use NPI in a manner that would give rise to any rights under financial privacy laws to limit or opt out of our use or sharing of NPI. As described above, we do not share NPI with nonaffiliated third parties for purposes other than to assist in the delivery of our Services requested by you and to respond to governmental or other legal inquiries.

B. Rights Under State Law (California)

If you are a resident of California, you may have rights under the California Consumer Privacy Act of 2018 (“CCPA”) with respect to personal information we collect other than NPI. These rights are:

Right to request disclosure of information we collect and share about you. You can submit a request to us for the following categories of personal information we have collected since January 1, 2022:

  • The categories of personal information we’ve collected about you.

  • The categories of sources from which we collected the personal information.

  • The categories of personal information that the business sold or disclosed for a business purpose about the consumer.

  • The business or commercial purposes for which we collected the personal information.

  • The categories of third parties with which we shared the personal information.

  • The specific pieces of personal information we collected.

Right to request the deletion of personal information we have collected from you. Upon request, we will delete the personal information we have collected about you that is covered by the CCPA, except where we are permitted or required to retain it under applicable law.

Right to request correction of personal information. You may request that we correct inaccuracies in the personal information we maintain about you.

Non-Discrimination. If you exercise any of the rights explained in this Privacy Policy, we will continue to treat you fairly.

VII. How to Contact Us and Exercise Your Privacy Rights

To exercise any of the rights above, or to ask a question about our use of your personal information, please contact us at 1-415-777-2400 or investorservices@ironwoodpartners.com. Alternatively, inquiries may be mailed to the following address:

Ironwood Capital Management

One Market Plaza

Steuart Tower, Suite 2500

San Francisco, CA 94105

Note that we endeavor to make our communications accessible to people with disabilities and welcome accessibility-related requests or reports of barriers in respect thereof.

A. How we will handle a request to exercise your rights.

For requests for access, deletion, or correction, we will first acknowledge receipt of your request within 10 days of receipt of your request. We provide a substantive response within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we’ll let you know.

B. How We Will Verify Your Identity When You Submit an Access or Deletion Request.

We will verify your requests under CCPA or other applicable law as follows:

Requests for specific pieces of Personal Information. We will verify your identity through our standard authentication practices, which may include asking you for multiple pieces of personal information and endeavoring to match those to information we maintain about you. Additionally, we require that you provide a declaration attesting to your identity, signed under penalty of perjury.

If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial.

Requests for categories of Personal Information collected about you. We will verify your identity through our standard authentication practices, which may include asking you for multiple pieces of Personal Information and endeavoring to match those to information we maintain about you.

If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.

Requests for deletion or correction of Personal Information we have collected from you. We will verify your identity through our standard authentication practices, which may include asking you for multiple pieces of Personal Information and endeavoring to match those to information we maintain about you.

If we are unable to verify your identity with the degree of certainty required before providing you with the information requested, we will notify you to explain the basis of our denial.

Authorized agents – additional verification required. You may designate an agent to submit requests on your behalf. The agent can be a natural person or a business entity.

If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. The agent will need to provide us with your signed permission indicating the agent has been authorized to submit the request on your behalf. You will also be required to verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request.