Privacy Policy

1. Introduction

INFINITEMIND TECHNOLOGIES PTE LTD ("INFINITEMIND", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website or use our enterprise data intelligence platform and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Services and contact us to arrange deletion of any data we hold about you.

2. Who We Are

The data controller responsible for your personal data is:

We are registered as an organisation under the PDPA and have appointed a DPO who oversees our data protection obligations and serves as the primary point of contact for data-related enquiries.

3. Information We Collect

3.1 Information You Provide Directly

• Account & Identity Information: Full name, business email address, phone number, job title, and company name collected when you register for an account, submit a free trial request, or contact our sales team.
• Billing Information: Payment card details and billing address, processed exclusively through our PCI-DSS Level 1 certified payment provider. We do not store full payment card numbers on our systems.
• Communications: Content of messages you send us via support tickets, contact forms, live chat, or email, including any attachments.
• Survey & Feedback Data: Responses to product surveys, NPS questionnaires, and user research sessions you choose to participate in.

3.2 Information Collected Automatically

• Usage Data: Features accessed, queries executed, API call logs, dashboard interactions, pipeline configurations, and navigation patterns within the platform.
• Technical & Log Data: IP address, browser type and version, operating system, device identifiers, referral URL, time zone, and session duration.
• Performance & Diagnostic Data: Error logs, crash reports, query latency metrics, and system health data used to ensure platform reliability and improve performance.

3.3 Customer Data (Data You Upload)

Our platform processes data that you or your organisation load into or connect to the Services ("Customer Data"). You remain the sole data controller for Customer Data. We act only as a data processor, processing Customer Data strictly on your documented instructions as set out in the Data Processing Addendum (DPA) incorporated into our Terms of Service. We do not use Customer Data for any of our own purposes, including for training machine learning models, without your explicit written consent.

4. How We Use Your Information

We use personal data we collect for the following purposes:

• Providing & Improving the Services: To provision, operate, maintain, and enhance the platform, process trial requests, and manage your account lifecycle.
• Billing & Payments: To process transactions, issue invoices, and send payment-related notifications.
• Customer Support: To respond to your enquiries, investigate and resolve technical issues, and provide ongoing assistance.
• Security & Fraud Prevention: To detect, investigate, and prevent unauthorised access, fraudulent transactions, abuse of our Services, and other prohibited activities.
• Platform Analytics & Development: To analyse aggregated usage patterns, conduct product research, and develop new features. We use privacy-preserving techniques and pseudonymisation where practicable.
• Communications: To send service announcements, security alerts, maintenance notices, and administrative messages. Where you have given consent, to send marketing communications about our products, events, and industry insights. You may opt out of marketing communications at any time.
• Legal & Regulatory Compliance: To comply with applicable laws, respond to lawful requests from government authorities, enforce our agreements, and protect the rights of INFINITEMIND and third parties.

5. Legal Basis for Processing

Under the PDPA and, where applicable, the EU General Data Protection Regulation (GDPR) for processing relating to individuals in the European Economic Area, we rely on the following bases:

• Consent (PDPA s.13 / GDPR Art.6(1)(a)): Where you have given clear, affirmative consent, for example when you opt in to marketing communications or agree to optional data collection activities.
• Contractual Necessity (PDPA s.15 / GDPR Art.6(1)(b)): Where processing is necessary to perform a contract to which you are party, such as delivering the Services under our Terms of Service or processing a free trial request.
• Legitimate Interests (PDPA s.18 / GDPR Art.6(1)(f)): Where we have a legitimate business interest — including fraud prevention, network security, product improvement, and direct marketing to existing customers — that is not overridden by your fundamental rights and interests.
• Legal Obligation (PDPA s.17 / GDPR Art.6(1)(c)): Where processing is necessary to comply with a legal obligation under Singapore law or other applicable law, including tax, accounting, and regulatory requirements.

6. Sharing Your Information

We do not sell, rent, or trade your personal data to third parties. We may share information only in the following circumstances:

• Authorised Service Providers: Vetted third-party vendors who assist us in delivering the Services (e.g., cloud infrastructure, payment processing, email delivery, analytics). Each is bound by a data processing agreement requiring them to process data only on our instructions and to maintain appropriate security.
• Certified Partners: With your express consent, we may share contact information with certified resellers or implementation partners to help you deploy and optimise our platform.
• Professional Advisers: Lawyers, auditors, bankers, and insurers who require access in the course of providing professional services, subject to confidentiality obligations.
• Regulatory & Legal Authorities: Government bodies, law enforcement, courts, or regulators, where disclosure is required by applicable law, court order, or to protect the rights, safety, or property of INFINITEMIND, our users, or the public.
• Corporate Transactions: In connection with a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the relevant counterparty, subject to equivalent privacy protections. We will notify you of any such change.

7. International Data Transfers

Our primary production data centres are located in Singapore. Some of our service providers operate servers in other jurisdictions, including the United States, Japan, and the European Union.

Where personal data is transferred outside Singapore, we ensure that adequate protections are in place as required by Part IX of the PDPA and the PDPC's advisory guidelines on cross-border data transfers, including:

• Binding data processing agreements incorporating PDPC-approved standard contractual clauses or equivalent safeguards;
• Transfers only to countries that the PDPC recognises as providing an adequate level of data protection; or
• Your explicit consent for the specific transfer, where required.

An up-to-date list of our sub-processors and their processing locations is available upon written request to our DPO.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by applicable law:

• Account & contract data: Retained for the duration of the contractual relationship and for five (5) years thereafter, to meet legal and accounting obligations under the Singapore Companies Act.
• Support & correspondence records: Retained for three (3) years from the date the issue is resolved or correspondence concluded.
• Usage and diagnostic logs: Retained for thirteen (13) months, then purged or irreversibly anonymised.
• Marketing preference data: Retained until consent is withdrawn or you unsubscribe, plus a short period thereafter to honour suppression lists.

Customer Data loaded into the platform is deleted within ninety (90) calendar days following contract termination or account closure, unless a longer retention period is agreed in writing or required by applicable law. You may request earlier deletion via our support portal.

9. Security Measures

We apply a comprehensive set of technical and organisational security measures proportionate to the risks posed by the processing:

• AES-256 encryption for all data at rest; TLS 1.2 or higher for all data in transit;
• Role-based access control (RBAC) and mandatory multi-factor authentication (MFA) for all platform access;
• Network segmentation, DDoS mitigation, and Web Application Firewall (WAF) protection;
• Annual third-party penetration testing and continuous vulnerability management;
• SOC 2 Type II certified operations and ISO 27001-aligned information security management system;
• A formal Incident Response Plan and designated security incident response team.

10. Your Rights

Under the PDPA, you have the following rights in relation to your personal data:

• Right of Access (PDPA s.21): To request confirmation of whether we hold personal data about you and to receive a copy, along with information about how it is being used.
• Right of Correction (PDPA s.22): To request correction of any inaccurate or incomplete personal data we hold about you.
• Right to Withdraw Consent (PDPA s.16): To withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Right to Data Portability (PDPA s.26H): To request a copy of your personal data in a commonly used, machine-readable format and to have it transmitted to another organisation, where technically feasible.
• Right to Cease Processing: To request that we stop or restrict processing of your data in certain circumstances (e.g., where data is no longer necessary for the original purpose and no other legal basis applies).

To exercise any of these rights, submit a written Data Subject Request to dpo@infinitemind-ai.com. We will acknowledge receipt within five (5) business days and respond substantively within thirty (30) calendar days. A reasonable administrative fee may apply for excessive or manifestly unfounded requests, in accordance with the PDPA.

If you believe your rights under the PDPA have not been adequately addressed, you may lodge a complaint with the Personal Data Protection Commission (PDPC): www.pdpc.gov.sg.

11. Cookies & Tracking Technologies

We use cookies and similar technologies (including pixel tags and local storage) to operate our website and platform, remember your preferences, and gather analytics data.

• Strictly Necessary Cookies: Essential for platform operation (e.g., session authentication, security tokens, load balancing). These cannot be disabled without impairing platform functionality.
• Functional Cookies: Remember your settings, language preferences, and customisations to provide a personalised experience.
• Analytics Cookies: Collect aggregated, anonymised information about how visitors interact with our website. We use privacy-preserving analytics tools that do not share data with advertising networks.
• Third-Party Cookies: Where embedded third-party features (such as video or support chat) are present, those providers may set their own cookies, subject to their respective privacy policies.

You can manage cookie preferences through your browser settings or via our consent banner displayed on first visit. Disabling strictly necessary cookies may prevent you from using certain features of the Services.

12. Children's Privacy

Our Services are designed for enterprise business users and are not directed to individuals under the age of 18. We do not knowingly collect, solicit, or retain personal data from children. If you have reason to believe that we have inadvertently obtained personal data from or about a child under 18, please contact our DPO immediately at dpo@infinitemind-ai.com and we will promptly delete such data.

13. Changes to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our data practices, the Services, or applicable law. When we make material changes, we will:

• Post the revised Policy on our website with an updated "Last Updated" date;
• Send an in-platform notification and/or email to registered account holders at least thirty (30) days before the revised Policy takes effect; and
• Where required by law, seek fresh consent for any new processing purposes.

Your continued use of the Services after the effective date of the revised Policy constitutes acceptance of the changes. If you do not agree to the revised Policy, you must stop using the Services and notify us to arrange data deletion.

14. Contact & DPO

For any questions about this Privacy Policy, to exercise your data rights, or to report a privacy concern, please contact our Data Protection Officer:

This Privacy Policy is governed by the laws of the Republic of Singapore. Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Singapore.