Privacy Policy

Effective date: 1 May 2025 · Last reviewed: 1 May 2025

This Privacy Policy ("Policy") is issued by ArchonAI Pte. Ltd. (UEN 201938472A) ("ArchonAI", "we", "us", or "our"), a company incorporated in Singapore with its registered office at 1 Raffles Place #20-61, One Raffles Place, Singapore 048616. This Policy explains how we collect, use, disclose, and protect personal data in accordance with the Personal Data Protection Act 2012 ("PDPA") of Singapore, including the PDPA (Amendment) Act 2020 and subsidiary legislation in force as at May 2025.

1. Scope and Application

This Policy applies to personal data collected through our website at archonai.life, our advisory and technology services, marketing communications, events, and any other channels where we act as a data organisation under the PDPA. It does not apply to personal data processed by our clients in their capacity as data organisations using our solutions; such processing is governed by separate agreements between our clients and their data subjects.

2. Personal Data We Collect

We may collect the following categories of personal data depending on your interaction with us:

• Identity and contact data: name, business title, organisation, business email address, telephone number, and postal address.
• Enquiry and correspondence data: information you provide in contact forms, email correspondence, governance audit requests, and advisory consultations.
• Technical and usage data: IP address, browser type, device identifiers, pages visited, referring URLs, session duration, and cookie preferences stored via localStorage.
• Marketing preferences: your subscription status, event attendance records, and communication preferences.
• Contractual and billing data: where applicable, purchase order references, invoicing details, and payment-related information processed through secure third-party providers.

3. Purposes of Collection, Use, and Disclosure

We collect, use, and disclose personal data for the following purposes, and we will not use your personal data for purposes incompatible with those for which it was collected without obtaining your consent or relying on another valid basis under the PDPA:

• Responding to enquiries, governance audit requests, and solution demonstrations;
• Delivering advisory services, technology solutions, and contractual obligations;
• Managing client relationships, account administration, and billing;
• Improving our website, services, and user experience through analytics;
• Sending marketing communications where you have provided consent or where permitted under the PDPA;
• Complying with legal and regulatory obligations, including record-keeping requirements;
• Protecting our legal rights, preventing fraud, and ensuring network and information security;
• Conducting internal audits, risk assessments, and quality assurance.

4. Consent and Deemed Consent

Where consent is required under the PDPA, we obtain your consent before collecting, using, or disclosing your personal data, except where another legal basis applies. By submitting our contact form and ticking the consent checkbox, you provide express consent for the purposes stated at the point of collection.

Under Sections 15A and 15B of the PDPA (as amended), we may rely on deemed consent by notification where we provide you reasonable opportunity to opt out, and on deemed consent by contractual necessity where processing is reasonably necessary to perform a contract with you.

5. Cookies and Similar Technologies

Our website uses essential cookies necessary for site functionality and, with your consent, analytics cookies to understand usage patterns. Cookie preferences are stored in your browser's localStorage under the key archonai_cookie_consent. You may accept all cookies, select essential cookies only, or adjust browser settings to block cookies. Blocking essential cookies may affect site functionality.

6. Disclosure of Personal Data

We may disclose personal data to the following categories of recipients, subject to appropriate contractual safeguards and the PDPA's transfer requirements:

• Professional advisers including lawyers, auditors, and insurers bound by confidentiality obligations;
• Technology service providers hosting our infrastructure, email systems, and analytics platforms;
• Regulatory authorities, law enforcement, or courts where required by applicable law;
• Affiliated entities within our corporate group for internal administration purposes.

We do not sell personal data to third parties.

7. Cross-Border Transfers

Where personal data is transferred outside Singapore, we ensure that the recipient country provides a standard of protection comparable to the PDPA, or we implement legally recognised transfer mechanisms including binding contractual clauses approved under the PDPA's transfer regime effective May 2025. You may contact our Data Protection Officer for details of specific transfer safeguards.

8. Data Protection and Retention

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of personal data, including access controls, encryption in transit and at rest where applicable, employee confidentiality obligations, and regular security assessments. Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law—typically seven years for business records following the conclusion of a client relationship.

9. Accuracy and Access

We take reasonable steps to ensure personal data is accurate and complete. Under the PDPA, you have the right to request access to and correction of your personal data held by us. Access requests should be directed to our Data Protection Officer. We will respond within thirty days unless an extension is permitted under the PDPA. A reasonable administrative fee may apply for access requests as permitted by law.

10. Withdrawal of Consent

You may withdraw consent for any purpose of collection, use, or disclosure by notifying our Data Protection Officer in writing. Upon withdrawal, we will cease processing your personal data for that purpose unless another legal basis applies or retention is required by law. Withdrawal of consent may affect our ability to provide services to you.

11. Do Not Call Registry

Where we send marketing messages to Singapore telephone numbers, we check against the Do Not Call Registry maintained by the Personal Data Protection Commission ("PDPC") unless an applicable exception under the PDPA applies, including existing business relationships with appropriate consent records.

12. Data Breach Notification

In the event of a data breach that is likely to result in significant harm to affected individuals or is of significant scale, we will notify the PDPC and affected individuals in accordance with the data breach notification obligations under the PDPA (Amendment) Act 2020, within the prescribed timelines effective May 2025.

13. Children's Data

Our services are directed at business professionals and enterprises. We do not knowingly collect personal data from individuals under eighteen years of age without parental or guardian consent.

14. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies independently.

15. Data Protection Officer

Our Data Protection Officer may be contacted at:

• Email: [email protected] (subject line: Data Protection Enquiry)
• Address: Data Protection Officer, ArchonAI Pte. Ltd., 1 Raffles Place #20-61, One Raffles Place, Singapore 048616
• Telephone: +65 6812 3847

16. Complaints to the PDPC

If you are dissatisfied with our response to a data protection enquiry, you may lodge a complaint with the Personal Data Protection Commission at www.pdpc.gov.sg. We encourage you to contact us first so we may address your concerns directly.

17. Amendments

We may update this Policy from time to time to reflect changes in law, regulation, or our practices. Material changes will be published on this page with an updated effective date. Continued use of our website or services after publication constitutes notice of the updated Policy where permitted by law.