Privacy Notice

Effective Date: 22 April 2026 Last Updated: 22 April 2026

This Privacy Notice explains how Zenbase Technologies Pte. Ltd. (“we”, “us” or “our”) collects, uses, discloses, stores and otherwise processes personal data in connection with our website, voice and/or text-based regulatory information chatbot, related software, interfaces, dashboards, knowledge base and support services (collectively, the “Service”).

This Privacy Notice is intended to comply with the Personal Data Protection Act 2012 of Singapore (“PDPA”). By accessing or using the Service, submitting information to us, or otherwise interacting with us, you acknowledge that your personal data may be processed in the manner described in this Privacy Notice.

1. Who this Privacy Notice applies to

This Privacy Notice applies to personal data relating to:

  • visitors to our website;
  • persons who register for, trial, subscribe to or use the Service;
  • employees, salespersons, staff members, team members or contractors using the Service on behalf of a subscriber;
  • persons whose personal data is included in prompts, queries, audio, documents, support messages or other materials submitted to the Service;
  • persons who communicate with us by email, webform, phone, WhatsApp or other channels; and
  • other individuals whose personal data we may collect in the course of operating the Service.

2. Personal data we may collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

(a) Account and identity data

  • name;
  • business or agency name;
  • job title or role;
  • CEA licence or registration-related details where relevant;
  • email address;
  • phone number;
  • billing address; and
  • account login credentials or related account identifiers.

(b) Subscription and transaction data

  • subscription plan details;
  • package, seat and usage entitlement information;
  • payment status;
  • billing records;
  • invoices; and
  • transaction history.

(c) Service usage data

  • prompts, questions, commands and queries submitted to the Service;
  • chatbot responses and generated output;
  • uploaded documents, audio, transcripts, notes and metadata;
  • support requests and correspondence;
  • logs of usage activity, timestamps, device information, IP address, browser type and session information; and
  • dashboard activity, feature use and technical interactions with the Service.

(d) Voice and communication data

Where voice or audio features are used, we may collect:

  • call recordings;
  • audio files;
  • voice inputs;
  • transcripts;
  • call metadata; and
  • quality assurance notes.

(e) Technical and analytics data

  • website usage information;
  • cookies and similar technologies;
  • device identifiers;
  • network and diagnostic data;
  • crash reports;
  • performance logs; and
  • analytics relating to user behaviour and feature usage.

(f) Other information you provide

We may collect any other personal data you voluntarily submit to us, including through forms, emails, support tickets, feedback, surveys or chatbot interactions.

3. How we collect personal data

We may collect personal data:

  • directly from you when you register, subscribe, contact us, use the Service or submit information;
  • from your employer, agency, team leader or principal if they arrange access for you;
  • from authorised users acting on behalf of a subscriber;
  • through your use of the website or Service, including by automated technical means;
  • through cookies, analytics tools and log files;
  • from payment providers, vendors and service providers involved in supporting the Service; and
  • from third parties where permitted by law or authorised by you.

4. Purposes for which we use personal data

We may collect, use and disclose personal data for purposes including the following:

(a) Providing the Service

  • creating and managing accounts;
  • authenticating users;
  • processing subscriptions and payments;
  • enabling chatbot interactions and outputs;
  • providing dashboards, knowledge tools and support features; and
  • administering access rights, entitlements and service packages.

(b) Operating, maintaining and improving the Service

  • hosting, maintaining, troubleshooting and securing the Service;
  • diagnosing technical issues;
  • improving workflows, features, models and user experience;
  • testing, training and refining product functions;
  • carrying out service analytics, internal reporting and operational reviews; and
  • monitoring usage, capacity and performance.

(c) Communications and support

  • responding to enquiries and support requests;
  • sending service notices, invoices, reminders, alerts and updates;
  • communicating about subscription renewals, plan changes and administrative matters; and
  • contacting users regarding incidents, outages, misuse or security matters.

(d) Compliance, safety and enforcement

  • detecting misuse, abuse, fraud, security incidents and unlawful activity;
  • enforcing our contractual rights and policies;
  • maintaining audit trails and evidential records;
  • complying with Applicable Law, lawful requests, court orders or regulatory requirements; and
  • protecting our rights, property, systems, staff and users.

(e) Business operations

  • internal administration;
  • record-keeping;
  • business planning;
  • risk management;
  • dispute handling; and
  • legal and compliance review.

(f) De-identified and aggregated use

We may use aggregated, anonymised or de-identified data, usage telemetry and interaction patterns for analytics, benchmarking, service improvement, product development, safety review and commercial planning, provided such data is not used to identify you personally.

5. Voice recordings and transcripts

If the Service includes voice or audio functionality, calls and voice interactions may be recorded, transcribed, analysed and quality-reviewed for purposes including:

  • providing the Service;
  • generating outputs;
  • quality assurance;
  • troubleshooting;
  • training and improving workflows;
  • monitoring misuse or abuse; and
  • legal and compliance purposes.

If you enable or use such features, you are responsible for ensuring that any notices and consents required from your personnel, clients or other relevant individuals are obtained where applicable.

6. Cookies and similar technologies

Our website and Service may use cookies and similar technologies to:

  • remember preferences and login sessions;
  • analyse website traffic and usage patterns;
  • improve functionality and performance;
  • support security and fraud prevention; and
  • personalise user experience where applicable.

You may be able to control cookies through your browser settings. However, disabling certain cookies may affect the functionality of the website or Service.

7. Disclosure of personal data

We may disclose personal data to the following categories of recipients where reasonably necessary:

  • our employees, officers, contractors and authorised personnel;
  • hosting providers, cloud service providers and infrastructure vendors;
  • speech-to-text, telephony, analytics, messaging and software vendors;
  • payment processors and billing service providers;
  • professional advisers including lawyers, auditors and insurers;
  • regulators, authorities, courts, tribunals or law enforcement agencies where required or permitted by law;
  • related corporations or affiliates; and
  • other service providers or processors engaged to support the Service.

Some of these recipients may be located outside Singapore. Where personal data is transferred outside Singapore, we will take steps required by the PDPA to ensure that the transferred data is protected to a standard comparable to that under Singapore law.

8. Retention of personal data

We may retain personal data, prompts, transcripts, logs and related records for as long as reasonably necessary for:

  • providing the Service;
  • operational analysis;
  • service improvement;
  • dispute management;
  • evidential purposes;
  • security and fraud prevention;
  • backup and business continuity; and
  • legal or regulatory compliance.

Retention periods may vary depending on the nature of the data, the purpose for which it was collected, the applicable subscription package, and any legal or operational requirements. When personal data is no longer required, we will take reasonable steps to cease retention or anonymise it, unless continued retention is required or authorised by law.

9. Accuracy and data minimisation

We generally rely on personal data provided by users, subscribers and authorised persons. You should ensure that personal data submitted to us is accurate, complete and not misleading, and that only personal data reasonably necessary for the relevant purpose is submitted.

Users should avoid submitting highly sensitive or high-risk data unless clearly permitted under the applicable service package or a separate written arrangement.

10. Security

We may implement technical and organisational security measures that we consider appropriate to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

However, no method of transmission over the internet and no electronic storage system is completely secure. Accordingly, while we take reasonable steps to protect personal data, we do not guarantee absolute security.

Users are responsible for maintaining the confidentiality of their account credentials, securing their own devices and networks, and practising appropriate data hygiene when using the Service.

11. Your rights under the PDPA

Subject to the PDPA and applicable exceptions, you may have the right to:

  • request access to personal data we hold about you;
  • request correction of personal data that is inaccurate or incomplete;
  • withdraw consent for certain collections, uses or disclosures of personal data; and
  • make enquiries or complaints about our handling of personal data.

Please note that if you withdraw consent, we may not be able to continue providing some or all of the Service to you.

We may require sufficient information to verify your identity before responding to a request. We also reserve the right to charge a reasonable administrative fee for access requests where permitted by law.

12. Third-party services and links

The Service may rely on third-party systems and vendors, including hosting providers, payment gateways, messaging channels, analytics tools, speech-processing providers and other infrastructure. We are not responsible for the privacy practices of independent third-party websites, services or platforms not controlled by us.

Where our website or Service contains links to third-party sites or tools, you should review their own privacy notices separately.

13. Children and minors

The Service is intended for business and professional use and is not directed at children. Users should not submit minors’ personal data except where strictly necessary and lawful, and only with appropriate authority and safeguards.

14. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Any revised version will be posted on our website or otherwise made available through the Service, and the updated version will take effect from the date stated in the revised notice unless otherwise specified.

15. Contact us

If you have any questions, requests or complaints relating to this Privacy Notice or our handling of personal data, please contact us at the address used for general correspondence with us.

Version 2026-04-22 · Effective 2026-04-22