Whistleblower Policy

​

Purpose

Neuroscale is committed to operating with integrity and to maintaining a culture in which any person who suspects misconduct can raise the concern without fear of retaliation. This policy establishes the channels for reporting suspected violations of law, regulation, or Neuroscale policy; the protections available to good-faith reporters; and the process Neuroscale uses to investigate and resolve reports. This policy implements Neuroscale’s commitments under federal whistleblower-protection statutes including:

• Sarbanes-Oxley Act §806 (18 U.S.C. §1514A) — civil anti-retaliation protection for employees of publicly traded companies and their subsidiaries and contractors who report securities-law, mail-fraud, wire-fraud, bank-fraud, or shareholder-fraud concerns.
• 18 U.S.C. §1513(e) (criminal anti-retaliation, enacted by SOX §1107).
• Dodd-Frank Wall Street Reform and Consumer Protection Act §922 (15 U.S.C. §78u-6) and SEC Rule 21F-17 (17 C.F.R. §240.21F-17) — protection of communications with the SEC and prohibition on impeding such communications.
• Foreign Corrupt Practices Act-related retaliation prohibitions, including 18 U.S.C. §1513(e).
• Defend Trade Secrets Act of 2016 §7 (18 U.S.C. §1833(b)) — immunity for confidential disclosure of trade secrets to government officials or in court filings made under seal in retaliation suits.
• National Labor Relations Act §7 (29 U.S.C. §157) — right to engage in protected concerted activity.
• Occupational Safety and Health Act §11(c) (29 U.S.C. §660(c)) and other federal anti-retaliation provisions enforced by OSHA.
• Title VII of the Civil Rights Act, the ADA, the ADEA, the Equal Pay Act, the Fair Labor Standards Act, USERRA, GINA, and other federal anti-retaliation statutes that prohibit retaliation for protected activity.
• Analogous state whistleblower and anti-retaliation laws, including Cal. Lab. Code §1102.5, N.Y. Lab. Law §740, and equivalents.

This policy works alongside the Code of Conduct, the Anti-Bribery & Corruption Policy, the Insider Trading Policy, the Workplace Violence Prevention Policy, the Employee Privacy Policy, and the Incident Response Plan.

​

Scope

This policy applies to all Neuroscale employees, officers, directors, contractors, interns, temporary staff, advisors, and applicants, worldwide. It also extends — to the extent of available legal protections — to former employees, vendors, customers, and any other person who reports a concern about Neuroscale to a Neuroscale channel or to a government authority.

​

What to report

Any person should raise concerns under this policy if they reasonably believe any of the following has occurred, is occurring, or is about to occur:

• Securities, accounting, or financial misconduct — fraud, materially misleading financial statements, accounting irregularities, internal-controls failures, or violations of federal securities laws (Securities Act, Exchange Act, SOX, Dodd-Frank).
• Bribery, corruption, or kickbacks — see the Anti-Bribery & Corruption Policy.
• Insider trading or tipping — see the Insider Trading Policy.
• Trade-compliance violations — sanctions, export-control, or anti-boycott violations; see the Trade Compliance Policy.
• Discrimination, harassment, or retaliation — including violations of the Code of Conduct and Title VII / ADA / ADEA / state-law equivalents.
• Workplace violence, threats, or unsafe working conditions — see the Workplace Violence Prevention Policy and OSHA-protected concerns.
• Privacy or data-protection violations — including GDPR, CCPA/CPRA, and analogous state laws.
• Information-security violations or suspected breaches that are not being addressed through the Incident Response Plan.
• AI misuse — including violations of the AI Acceptable Use Policy.
• Conflicts of interest, self-dealing, or misuse of company assets.
• Any other violation of law, regulation, or Neuroscale policy, or any practice that the reporter reasonably believes is unethical.

A report does not have to be correct to be protected. Reports made in good faith — meaning the reporter has a reasonable belief in the truth of the report — are protected by this policy, even if subsequent investigation does not substantiate the concern.

​

How to report

Reporters may choose any of the following channels. There is no requirement to use the chain of command, and there is no requirement to identify the reporter. Reports involving the General Counsel route to the CHRO and the CEO. Reports involving the CHRO route to the General Counsel and the CEO. Reports involving the CEO route to the General Counsel and the Audit Committee (or Board). Reports involving an independent director or the Board chair may be made directly to the SEC, OSHA, or other appropriate government authority — see Right to report directly to the government below.

​

Right to report directly to the government

Nothing in this policy, in any agreement with Neuroscale (including any non-disclosure, non-disparagement, employment, severance, or release agreement), or in any internal procedure, prohibits or restricts any person from:

• Reporting possible violations of federal or state law or regulation to any government agency or self-regulatory organization, including the U.S. Securities and Exchange Commission (SEC), the U.S. Department of Justice (DOJ), the U.S. Equal Employment Opportunity Commission (EEOC), the U.S. National Labor Relations Board (NLRB), the U.S. Department of Labor (including OSHA), the Commodity Futures Trading Commission (CFTC), the Internal Revenue Service (IRS), the Office of Foreign Assets Control (OFAC), the Bureau of Industry and Security (BIS), any state Attorney General, or any other federal, state, or local agency or commission;
• Making other disclosures protected under any whistleblower provision of federal or state law or regulation, including SOX §806, Dodd-Frank §922, the False Claims Act, and analogous state laws;
• Participating in any investigation or proceeding conducted by such an agency, including providing documents or testimony;
• Receiving any whistleblower bounty, award, or other monetary recovery to which the person is entitled under SEC, CFTC, IRS, or other whistleblower programs.

No prior authorization from Neuroscale, and no notification to Neuroscale, is required, and Neuroscale will not retaliate against any person for engaging in any of the foregoing protected activity. Any contractual provision purporting to limit such activity is void and unenforceable to that extent.

​

Defend Trade Secrets Act notice (18 U.S.C. §1833(b))

Federal law provides immunity from criminal and civil liability under any federal or state trade-secret law for the disclosure of a trade secret that:

1. Is made in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney, and is made solely for the purpose of reporting or investigating a suspected violation of law; or
2. Is made in a complaint or other document filed in a lawsuit or other proceeding, if the filing is made under seal.

A person who files a lawsuit alleging retaliation by Neuroscale for reporting a suspected violation of law may disclose Neuroscale’s trade secrets to their attorney and use the trade-secret information in the court proceeding, provided the person files any document containing the trade secret under seal and does not disclose the trade secret except pursuant to court order.

​

Anti-retaliation

Neuroscale strictly prohibits retaliation against any person who, in good faith:

• Makes a report under this policy through any channel.
• Reports a possible violation of law to a government agency or self-regulatory organization.
• Provides information, testimony, or documents in connection with any internal or external investigation, hearing, or proceeding.
• Refuses to participate in conduct that the person reasonably believes is unlawful.
• Exercises any right or engages in any protected activity under any anti-retaliation, whistleblower, or labor statute.

Retaliation includes any adverse action against the reporter — termination, demotion, suspension, threats, harassment, discrimination, denial of benefits, exclusion from meetings or projects, negative performance reviews issued because of the report, blacklisting, or any other action that would dissuade a reasonable person from making or supporting a report. Retaliation is itself a serious violation of this policy and is independently actionable under federal and state whistleblower-protection law. Substantiated retaliation will result in disciplinary action up to and including termination, and may result in personal civil and criminal liability for the retaliator. “Good faith” means the reporter has reasonable grounds to believe the report is true. Reports made knowing they are false, or with reckless disregard for whether they are true or false, are not protected by this policy and may themselves be subject to discipline. Whether a report is in good faith is not measured by whether it is ultimately substantiated.

​

How reports are handled

1. Intake. Reports are received by the appropriate channel and logged. The General Counsel maintains the central register of reports (subject to access controls that protect the reporter’s identity).
2. Conflict screening. The General Counsel determines whether the matter implicates the General Counsel, CHRO, CEO, or any other person who must be walled off. Where a conflict exists, the matter is routed to the next conflict-free decision-maker per How to report above, or to outside counsel.
3. Investigator assignment. Investigations are assigned to the appropriate function — typically Legal, HR, Security, Finance, or outside counsel for sensitive or executive-level matters. The investigator does not have a personal interest in the outcome.
4. Investigation. Investigations are conducted promptly, fairly, and confidentially. Information is shared only on a need-to-know basis. Reporters and witnesses are interviewed; relevant records are preserved (a litigation hold is issued where appropriate per the Data Management Policy). Where the matter involves a privileged investigation, communications are conducted at the direction of counsel to preserve attorney-client privilege and work-product protection.
5. Acknowledgement and updates. Reporters who provide contact information receive a written acknowledgement, typically within five (5) business days, and an outcome summary at conclusion to the extent appropriate. Anonymous reporters may follow up via the hotline case ID.
6. Outcome. Substantiated violations result in remedial action — disciplinary measures, process changes, training, restitution, regulatory disclosure, or other action commensurate with the misconduct. Unsubstantiated reports made in good faith do not result in any adverse action against the reporter.
7. Board reporting. The General Counsel reports to the CEO and to the Audit Committee (or, in its absence, the Board) at least quarterly on the volume, nature, and disposition of reports. Material matters are escalated immediately.

​

Confidentiality

To the maximum extent consistent with conducting a thorough investigation and protecting safety, the identity of reporters and the substance of reports are kept confidential. Anonymous reports are accepted through the hotline and are handled with the same diligence as identified reports, recognizing the practical limits anonymity places on follow-up. Confidentiality protections do not override Neuroscale’s legal obligations to disclose information to government authorities, to comply with subpoenas or court orders, or to defend or prosecute legal actions. Reporters are advised — particularly under the DTSA notice above — of their independent right to communicate with government authorities.

​

Records and retention

The General Counsel maintains, in Microsoft SharePoint under restricted access, a register of reports and investigations. Records include the date and channel of receipt, a summary of the report (with the reporter’s identity protected as appropriate), the investigation steps taken, and the disposition. Records of whistleblower reports and investigations are retained for at least seven (7) years from the date of disposition, or longer where required by statute, contractual commitment, or active legal hold. Retention follows the Records Retention Schedule.

​

Training and communication

• At hire. All Neuroscale staff are introduced to this policy as part of Onboarding and acknowledge it via Vanta.
• Annually. All staff complete a refresher, assigned and tracked through Vanta.
• Posters and notices. Where required by state law, summary notices are posted in Neuroscale workspaces and provided to staff in writing.
• Targeted briefings. Managers receive enhanced training on recognizing retaliation, handling reports, and protecting reporter confidentiality.

​

EU Whistleblower Directive (Directive (EU) 2019/1937)

Where Neuroscale has 50 or more workers in any EU member state, the EU Whistleblower Directive imposes additional procedural obligations — including a written internal channel, acknowledgement within seven days, feedback within three months, and protection against retaliation under member-state implementing law. (todo: confirm with counsel — Neuroscale’s current EU headcount does not appear to trigger Directive 2019/1937; reassess on each material change in EU workforce.)

​

Coordination with other policies

• The Code of Conduct defines unacceptable conduct broadly. Reports of Code of Conduct violations are processed under this policy.
• The Anti-Bribery & Corruption Policy, Insider Trading Policy, and Trade Compliance Policy reference this policy as the channel for reports under those programs.
• The Workplace Violence Prevention Policy governs reports of threats or violence; imminent threats follow the 911 / security@neuroscale.ai path in that policy.
• The Incident Response Plan governs technical security events and breach reporting.
• The Employee Privacy Policy governs how reporter and witness personal information is processed.

​

Exceptions

There are no exceptions to the no-retaliation rule or to the right to communicate with government authorities. Procedural exceptions to other elements of this policy require written approval of the General Counsel.

​

Violations and enforcement

Violations of this policy — including retaliation, obstruction of an investigation, or knowing false reporting — result in disciplinary action up to and including termination, and may result in civil and criminal liability for the individual under the statutes referenced above. Neuroscale will, where appropriate, cooperate with government authorities and outside counsel in the investigation and prosecution of such violations.

​

Version history