Privacy Notice

Last updated: [31-10-2025]

This Privacy Notice explains how KAIgentic Pte. Ltd. (“KAIgentic”, “we”, “our”, “us”) collects, uses, discloses, and protects personal data in
accordance with Singapore’s Personal Data Protection Act 2012 (the PDPA) and related regulations.

By using our websites, apps, demos, and services (collectively, the “Services”), you agree to the practices described here. If you do not agree, please do not use the Services.

1) Who we are & how to contact us

Controller: KAIgentic Pte. Ltd. (UEN: [202537560E]) Registered office: 9 Straits View, #06-07, Marina One West Tower, Singapore 018937 Data Protection Officer (DPO): [insert name]
Email: dpo@kaigentic.com (or [insert]) Postal: Data Protection Officer, KAIgentic Pte. Ltd., 9 Straits View, #06-07, Marina One West Tower, Singapore 018937

2) What “personal data” means

Under the PDPA, personal data is any data (true or false), about an individual who can be identified from that data alone or with other information we have access to. Not personal data: business contact information (e.g., your work
email of the form name@company.com used solely for business purposes) is generally excluded.

3) What we collect

We collect personal data in three ways: directly from you, automatically, and from third parties (where lawful).

  • A. You provide it:
    • Identity & contact: name, email, phone, job title, employer, country.
    • Account & support: login credentials, preferences, support tickets, feedback.
    • Content you submit: forms, surveys, files you upload, demo inputs (see “AI features”).
    • Marketing choices: newsletter opt-in/out, event registrations.
  • B. Collected automatically:
    • Usage & device data: IP address, device identifiers, browser type, pages viewed, timestamps.
    • Cookies/SDKs: analytics and functional cookies (see Cookies below).
    • Logs: security, audit, and performance logs.
  • C. From third parties (where lawful):
    • Business partners, resellers, event organizers, public sources (e.g., LinkedIn profile you shared with us), and service providers that help verify or enrich business contact details.

We do not intentionally collect sensitive health, biometric, or children’s data via the website.

4) How we use personal data (purposes)

We process personal data for the following purposes (each tied to a PDPA legal basis—see Section 5):

  1. Operate the Services: run the site, enable features, deliver content.
  2. Customer engagement: respond to inquiries, schedule demos, provide support.
  3. Account & security: authenticate users, detect/prevent fraud and abuse, maintain audit trails.
  4. Communications: send service messages, updates, and—if you consent or where permitted—marketing.
  5. Analytics & improvement: measure usage, improve UX, content, and performance.
  6. AI features (demos, chat, forms): generate outputs, evaluate quality, and improve models/datasets (see Section 8).
  7. Legal & compliance: comply with laws, respond to lawful requests, enforce our Terms.
  8. Business operations: planning, reporting, due diligence for corporate transactions.

We may anonymize or aggregate data for research, statistics, and product improvement. Anonymized data is no longer personal data.

5) Our legal bases under PDPA

We rely on the following PDPA mechanisms:

  • Consent: when you opt in to marketing, submit forms, or use optional features.
  • Deemed consent by conduct: where it is reasonable you would voluntarily provide data for a requested service (e.g., contacting support).
  • Deemed consent by contractual necessity: when processing is reasonably necessary to perform a contract with you/your employer.
  • Legitimate Interests Exception (PDPA 2020 amendments): for purposes such as security, fraud prevention, and service improvement after conducting an assessment to ensure benefits outweigh residual
    privacy risks; with safeguards.
  • Notification of purpose & opt-out: where permitted, we may notify you of new uses and offer a reasonable opt-out.
  • Other PDPA exceptions: e.g., investigations, legal claims, or where required by law.

You may withdraw consent at any time (see Section 11). This does not affect processing already carried out.

6) Disclosures to third parties

We share personal data only as needed and with safeguards:

  • Vendors/Processors: hosting, cloud, analytics, security, email, CRM, customer support, document processing, and AI infrastructure providers.
  • Partners/Resellers: only to serve your organization (e.g., fulfilling a demo request).
  • Corporate transactions: mergers, acquisitions, financing, or sale of assets (with appropriate protections).
  • Legal/compliance: to comply with laws or lawful requests, or to enforce our rights.

We require recipients to protect personal data and use it only for instructed purposes.

7) Cross-border transfers

If personal data is transferred outside Singapore, we will ensure comparable protection under the PDPA’s Transfer Limitation obligation—e.g., by using contractual clauses, verifying recipient
protections, or other legally recognized safeguards.

8) AI features, demos, and automated outputs

Our website may offer AI-enabled demos, chat, or content generation.

  • No confidential/PII: Do not input sensitive, confidential, or personal data you are not authorized to share.
  • Purpose: We use inputs/outputs to provide the demo, monitor abuse, and improve quality (including human review under confidentiality obligations).
  • Limitations: Outputs may be inaccurate, incomplete, or biased and are provided as-is for evaluation/education; you must independently verify before relying on
    results.
  • Model providers: Where we use third-party AI platforms, we share only the data necessary and apply contractual controls.

9) Cookies & similar technologies

We use cookies and SDKs for:

  • Essential functions (security, session continuity)
  • Analytics (understand usage and improve)
  • Preferences (remember choices)

You can manage cookies via your browser settings and, where offered, our cookie banner. Blocking certain cookies may limit features.

10) Marketing, Spam Control Act, and DNC

  • We send marketing communications (email/SMS/WhatsApp, etc.) only with consent or where otherwise permitted.
  • You can unsubscribe anytime using the link in our messages or by contacting us.
  • We comply with Singapore’s Spam Control Act and Do Not Call (DNC) provisions. Where applicable, we check DNC registers or obtain clear consent before sending specified messages.

11) Your choices & rights

Subject to PDPA and exceptions, you have the right to:

  • Access: know what personal data we hold about you and how we use it.
  • Correction: correct or update inaccuracies.
  • Withdraw consent: for any consent-based processing (marketing, optional features).
  • Opt-out: of certain analytics/marketing cookies where offered.

How to request: Email the DPO with (i) your name, (ii) contact details, and (iii) a description of your request.
Response time: We aim to respond within 30 calendar days (or inform you if more time is needed).
Fees: A reasonable fee may apply for access requests to cover costs; we will tell you before proceeding.
Identity check: We may request information to verify your identity and protect your data.

12) Accuracy

We take reasonable steps to ensure personal data is accurate and complete. Please keep your information up to date and notify us of changes.

13) Protection (security)

We implement administrative, technical, and physical safeguards appropriate to the nature of the data and risks (e.g., access controls, encryption in transit/at rest where appropriate, logging, and staff training).
No method is 100% secure; residual risk remains.

14) Retention

We keep personal data only as long as needed for the purposes described, to meet legal/operational requirements, and to resolve disputes. When no longer needed, we anonymize or securely delete it.

15) Data breach notification

If a data breach occurs that results in, or is likely to result in, significant harm or affects a significant number of individuals, we will assess promptly and, where required, notify the
PDPC and affected individuals as required by law.

16) Third-party sites

Our Services may link to third-party websites or services. Their privacy practices are not ours; review their notices before providing personal data.

17) Children’s privacy

Our Services are intended for business users and are not directed to children. If you believe a child has provided personal data, contact the DPO and we will take appropriate action.

18) NRIC and national identifiers

We avoid collecting NRIC or full national identification numbers unless legally required or strictly necessary for verification with adequate safeguards.

19) Changes to this Notice

We may update this Notice from time to time. Changes take effect upon posting with a new “Last updated” date. Material changes will be highlighted on this page.

20) How to reach our DPO

Questions, requests, or complaints:
Data Protection Officer
KAIgentic Pte. Ltd.
Email: contact@kaigentic.com
Postal: 9 Straits View, #06-07, Marina One West Tower, Singapore 018937

If unresolved, you may contact the Personal Data Protection Commission (PDPC) in Singapore.