Privacy Policy

1. Scope of Application

1. This privacy policy applies to the collection, processing, use, international transfer, and retention of your personal data when you use the Company's services on this Website.
2. This policy does not apply to third-party websites or services linked from the Website. When you click external links and leave the Website, please read the privacy policy of that third-party website independently.
3. If you are an employee or authorized personnel of an enterprise using the Company's AI-EAP service through an enterprise subscription, the processing of your personal data is governed separately by the "AI-EAP Enterprise User Subscription Agreement" and its Annex 1 "Data Processing Agreement".

2. Categories of Personal Data Collected

To provide you with a complete service experience, the Company may collect your personal data in the following scenarios:

1. Data you actively provide:
   1. Registration and account management: name, email address, company name, job title, business registration number, contact phone, etc.;
   2. Form submissions: data provided in trial applications, inquiry forms, and event registrations;
   3. Payment information: payment data necessary to complete subscription services (actual credit card numbers are processed by payment service providers; the Company does not store full card numbers);
   4. Customer service communications: data and communication records provided when contacting the Company's customer service.
2. Data automatically collected when using the Website:
   1. Technical data: IP address, browser type and version, operating system, device identifiers;
   2. Usage behavior: pages visited, time spent, click patterns, referrer URL;
   3. Cookies and similar technology records (see Section 7).

3. Purposes of Collection

The Company collects your personal data primarily for the following purposes (in accordance with Singapore's Personal Data Protection Act):

1. To provide and maintain the Website and AI-EAP related services;
2. To process your trial applications, subscription purchases, and payments;
3. To respond to your customer service inquiries or messages;
4. To send service notifications, system updates, invoices, important policy change notices, and other emails;
5. To send product updates, marketing activities, newsletters, and similar communications (with your consent; you may unsubscribe at any time);
6. To detect, prevent, and address information security threats, fraud, abuse, or other illegal activities;
7. To improve services, conduct internal statistical analysis, and research (using de-identified data);
8. To comply with legal requirements or respond to lawful requests from regulatory authorities.

4. Use of Personal Data

1. The Company will use your personal data only to the extent reasonably necessary to achieve the purposes set out in the previous section.
2. Except with your prior consent, as required by law, or upon lawful request from regulatory authorities, the Company will not disclose your personal data to third parties.
3. The Company may engage third-party service providers (such as cloud computing, payment processing, email delivery, customer service systems, data analytics, and similar providers, collectively referred to as "Data Processors") to assist in processing your personal data. The Company will enter into contracts with Data Processors requiring them to adopt appropriate security measures and process your data only for purposes specified by the Company.
4. The Company may transfer your personal data to regions outside Singapore where necessary and permitted by law (such as offshore data centers operated by cloud service providers). The Company will ensure that any international transfer complies with Singapore's Personal Data Protection Act and other applicable laws. Your personal data may be processed by affiliated entities in Taiwan (Bamboo Technology Ltd.) for service delivery purposes.

5. Period, Location, and Recipients of Data Use

1. Period of use: From the date you provide the data until you request deletion, your account is terminated, or the retention period required by law expires. Certain data (such as accounting records and transaction records) must be retained for specified periods under applicable law; these will be retained in accordance with legal requirements.
2. Locations of use: Singapore and locations of Data Processors engaged by the Company, which may include offshore locations.
3. Recipients: The Company, the Company's affiliated entities (including Bamboo Technology Ltd. in Taiwan), Data Processors, and third parties as required by law or with your consent.
4. Methods of use: Your personal data may be processed and used in electronic, written, automated, or other non-automated forms within the periods, locations, and among the recipients specified above.

6. Data Security Measures

1. The Company implements reasonable technical and organizational security measures to protect your personal data from unauthorized access, use, disclosure, alteration, damage, or loss, including but not limited to:
   1. Transmission encryption (HTTPS/TLS);
   2. Access control and authentication;
   3. Hashing or encryption of sensitive fields;
   4. System event logging and regular audits;
   5. Confidentiality obligations and training for personnel;
   6. Backup and disaster recovery mechanisms.
2. Despite the above measures, the inherent risks of internet transmission cannot be completely eliminated. You should properly protect your account credentials and log out after using the Website on public computers.

7. Cookies and Similar Technologies

1. The Website uses Cookies and similar technologies (such as Local Storage, Session Storage, web beacons, etc.) to provide the following functions:
   1. Essential Cookies: Maintain your login status, remember your language preferences, and other functions necessary for the Website to function properly;
   2. Functional Cookies: Remember your previous settings to provide a more personalized user experience;
   3. Analytics Cookies: Collect de-identified statistics on Website usage (such as through Google Analytics) to help the Company improve services;
   4. Marketing Cookies: When advertising services are enabled, provide personalized advertisements within the scope of your consent.
2. You can refuse or delete Cookies through your browser settings. However, if you refuse essential Cookies, some Website functions (such as login and checkout) may not function properly.

8. Your Rights

Under Singapore's Personal Data Protection Act, you have the right to exercise the following rights regarding your personal data held by the Company:

1. Access and request to view your personal data;
2. Request a copy of your personal data;
3. Request correction or supplementation of inaccurate or incomplete data;
4. Request that the Company cease collection, processing, or use of your data;
5. Request deletion of your personal data.

You may submit such requests through the contact information provided at the end of this policy. The Company will process and respond to your request within a reasonable period. However, the Company may legally defer or refuse such requests if required by law (such as tax law requirements for retention of records) or for legitimate reasons (such as dispute resolution or account reconciliation), and will explain the reasons to you.

9. Privacy of Minors and Children

1. The Website primarily provides enterprise plan management and subscription services for adults. The Company does not intentionally collect personal data from users under the age of 18.
2. If the Company discovers that it has inadvertently collected personal data from users under 18 without parental or legal guardian consent, the Company will promptly delete such data.
3. If you are a parent or legal guardian and discover that your minor child has provided personal data to the Company without your consent, please contact the Company through the contact information in Section 12.

10. Third-Party Website Links

The Website may contain links to other third-party websites (such as social media, partners, research references, etc.). These third-party websites have independent privacy policies, and the Company is not responsible for the content or privacy practices of such third-party websites. We recommend that you read the privacy policy of the third-party website before leaving the Website.

11. Modifications to the Privacy Policy

1. The Company may modify this privacy policy from time to time in response to changes in laws, service adjustments, or other necessary reasons.
2. Modified policies will be posted on the Website and take effect within 10 days after posting. If modifications involve material matters (such as expanding the scope of data collection or changing recipients), the Company will notify you via email or prominent notice on the Website.
3. Your continued use of the services after the effective date of any modification will be deemed as your acceptance of the modifications. If you do not agree with the modifications, please stop using the services and request deletion of your personal data in accordance with Section 8.

12. Contact Us

If you have any questions, comments, or requests regarding this privacy policy (including exercising your rights under Section 8), please contact the Company through the following methods:

13. Governing Law and Jurisdiction

This privacy policy shall be governed by and construed in accordance with the laws of Singapore. Any disputes arising from or related to this policy shall be resolved in accordance with Singapore law, and the District Court of Singapore shall have exclusive jurisdiction over such disputes.