1. Scope and application

This Privacy Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
It applies to:

• Visitors to our websites, web applications and other online services.
• Individual representatives, employees, directors, officers and beneficial owners of our corporate clients, vendors, partners and prospects.
• Any other individuals whose personal data we may collect in connection with our B2B data analytics, IT and software development services.

This Privacy Policy does not apply to information that cannot reasonably identify an individual (such as anonymised or aggregated data).


2. Personal data we collect

“Personal data” means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.
Depending on your relationship with us and the nature of your interactions, we may collect and process the following categories of personal data:

• Identification and contact details: name, title, position, company name, business address, email address, telephone and mobile numbers, unique identifiers assigned by us.
• Business relationship information: information relating to your role, department, decision-making authority, communication preferences and records of your interactions with us (e.g. emails, meeting notes, support tickets).
• Technical and usage data: IP address, browser type, operating system, device identifiers, access times, pages viewed, clickstream data, referring website addresses and other information collected via cookies and similar technologies.
• Account and authentication data: usernames, hashed passwords, account settings and roles for our platforms or applications, where applicable.
• Payment and billing data (limited): invoice information, bank account or payment information relating to corporate clients, to the extent it constitutes personal data of individuals (e.g. sole proprietors).
• Marketing and communications data: your preferences in receiving marketing from us, your responses to surveys, event registrations and related correspondence.
• Any other information you voluntarily provide to us: information contained in forms you submit, documents you upload, or feedback you provide in relation to our Services.

Where you provide us with personal data of another individual (for example, your colleague), you represent and warrant that you have obtained that individual’s consent for the collection, use and disclosure of their personal data in accordance with this Privacy Policy.


3. How we collect personal data

We may collect personal data in various ways, including:

• Directly from you: when you contact us (via email, phone or online forms), request a demo, sign a contract, create an account, participate in meetings or events, subscribe to our updates, or provide feedback.
• Through your use of our Services: when you access our websites, platforms or applications, we automatically collect technical and usage data via cookies, log files and similar technologies.
• From your organisation: where your employer or another organisation designates you as a point of contact or user of our Services, or provides your data as part of client onboarding or project delivery.
• From third parties: such as service providers, business partners, publicly available sources, or digital platforms, where permitted by applicable law.

We generally do not collect personal data without your knowledge; where collection without consent is allowed under the PDPA, we may do so strictly in accordance with the PDPA’s exceptions.


4. Purposes for which we collect, use and disclose personal data

We may collect, use and disclose your personal data for the following purposes:
4.1 Service provision and business operations

• To provide, operate, maintain and support our data analytics, IT and software development Services.
• To set up and manage user accounts and access rights for our platforms.
• To perform data processing, reporting, dashboarding and related B2B analytics activities as instructed by our clients.
• To manage our relationship with you and your organisation, including contract negotiation, project management, billing and collections.

4.2 Communication and customer support

• To respond to queries, requests, feedback or complaints.
• To send you important administrative, security or service-related notices.
• To provide technical and customer support in connection with our Services.

4.3 Marketing, events and business development

• To inform you about updates, new features, events, promotions or market insights related to our Services, in accordance with applicable consent requirements.
• To invite you to participate in surveys, research or beta programmes.
• To analyse and improve the reach and effectiveness of our marketing activities.

You may opt out of receiving non-transactional marketing communications at any time by using the unsubscribe mechanism in our communications or contacting us (see Section 11).
4.4 Analytics, service improvement and security

• To monitor, analyse and improve the performance, functionality and user experience of our websites and Services.
• To conduct troubleshooting, testing, research and development.
• To detect, prevent and address security incidents, fraud, abuse or technical issues.

4.5 Legal, regulatory and compliance purposes

• To comply with applicable laws, regulations, codes of practice, guidelines or rules, or to assist in law enforcement and investigations by relevant authorities.
• To enforce or defend our contractual or legal rights, or to manage any complaints, claims or disputes.
• For internal audit, risk management and record-keeping purposes.

Where we intend to use your personal data for any other purposes not listed above, we will notify you of such purposes and obtain your consent where required by the PDPA.


5. Legal basis for processing (outside Singapore)

Our primary legal framework is the PDPA of Singapore. However, where we process personal data of individuals located in other jurisdictions (for example, in the European Economic Area or the United Kingdom), we may also rely on additional legal bases such as consent, performance of a contract, legitimate interests, or compliance with legal obligations, in line with applicable laws.


6. Cookies and similar technologies

We use cookies and similar technologies on our websites and platforms to enable core functionality, improve performance, understand usage and deliver a better user experience.
Cookies we may use include:

• Strictly necessary cookies: required for basic site operation, security and login.
• Performance and analytics cookies: to understand how visitors use our site and improve content and navigation.
• Functionality cookies: to remember your preferences and settings.

You may manage or disable cookies by adjusting your browser settings, although some features of our websites or Services may not function properly if you do so. Where required by law, we will obtain your consent before using non-essential cookies.


7. Disclosure of personal data to third parties

We may disclose or share your personal data with the following categories of third parties, for the purposes set out in Section 4:

• Our group companies and affiliates, to the extent necessary to provide and support our Services.
• Service providers and vendors, such as data hosting providers, cloud infrastructure providers, email and SMS platforms, analytics tools, payment processors, consultants and professional advisers, who process personal data on our behalf and under our instructions.
• Our business partners and resellers, where reasonably necessary to support joint offerings or client engagements.
• Government authorities, regulators, law enforcement agencies or other parties where required or permitted by law, court order or regulatory request.
• Actual or prospective assignees, transferees, participants or parties to any merger, acquisition, asset sale, corporate restructuring or financing, subject to appropriate confidentiality safeguards.

We do not sell your personal data. Any third party engaged by us is required to provide at least a comparable standard of protection for personal data as that under the PDPA.


8. Cross-border transfers of personal data

We may transfer, store and process your personal data outside Singapore, including in countries where our servers, cloud services, group companies or service providers are located.
When we transfer personal data outside Singapore, we will ensure that such transfers comply with the PDPA and any applicable data protection laws, and that the recipient provides a standard of protection comparable to that under the PDPA. This may include entering into appropriate data transfer agreements or relying on other permitted transfer mechanisms.


9. Data security

We take reasonable technical, organisational and physical measures to protect personal data that we hold from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
Such measures may include:

• Access controls and role-based permissions.
• Encryption in transit and/or at rest where appropriate.
• Network and system security safeguards such as firewalls and monitoring.
• Secure development and deployment practices for our software.
• Policies, procedures and training for our personnel regarding confidentiality and data protection.

However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.


10. Retention of personal data

We retain personal data for as long as is reasonably necessary to fulfil the purposes for which it was collected, and to satisfy legal, regulatory, contractual, accounting or reporting requirements.
We will cease to retain, or remove the means by which the personal data can be associated with particular individuals, when it is no longer necessary for any business or legal purpose.


11. Your rights and how to exercise them

Subject to applicable laws, you may have the following rights in relation to your personal data:

• Right of access: You may request access to personal data which we hold about you, and information about how we have used or disclosed it in the past year.
• Right of correction: You may request correction of any personal data that is inaccurate or incomplete.
• Right to withdraw consent: You may withdraw your consent for our collection, use and/or disclosure of your personal data, subject to legal and contractual restrictions and reasonable notice.
• Right to opt out of marketing: You may opt out of receiving marketing communications from us at any time.

If you withdraw your consent, we will inform you of the likely consequences, including how it may affect the provision of our Services. Depending on the extent of your withdrawal, it may mean that we are no longer able to continue providing certain Services to you or your organisation.
To exercise any of your rights or to raise any question about this Privacy Policy, please contact us using the details in the Company details section above (attention: “Privacy Contact”).


12. Third-party sites and services

Our websites or Services may contain links to third-party websites, applications or services that are not operated by us. We are not responsible for the privacy practices of these third parties, and you are encouraged to review the privacy policies of those third parties before providing any personal data to them.


13. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. Any updates will be posted on our website with a revised “Last updated” date, and, where required by law, we will notify you and/or seek your consent to material changes.
Your continued use of our Services or continued interaction with us after any changes to this Privacy Policy will constitute your acknowledgement and acceptance of such changes.