// legal

Privacy Policy

Effective date: 1 May 2025 · Last updated: 1 May 2025

NullAI data protection framework

1. Introduction

NullAI Pte. Ltd. ("NullAI", "we", "us", or "our") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 ("PDPA") of Singapore. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website at nullai.one, use our services, or interact with us.

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

NullAI Pte. Ltd.
71 Ayer Rajah Crescent #05-15
Singapore 139951
UEN: 201582937F
Email: [email protected]
Phone: +65 6872 3341

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Data you provide directly

  • Identity data: name, job title, company name
  • Contact data: email address, phone number, postal address
  • Communication data: messages sent through our contact form, email correspondence, support tickets
  • Business data: project requirements, technical specifications, billing information

3.2 Data collected automatically

  • Technical data: IP address, browser type and version, operating system, device identifiers
  • Usage data: pages visited, time spent on pages, referral sources, click patterns
  • Cookie data: preferences stored via essential and analytics cookies (see Section 8)

3.3 Data from third parties

  • Business contact information from publicly available sources or referrals
  • Authentication data from identity providers when you use SSO integrations

4. Purposes of Collection and Use

We collect and use your personal data for the following purposes:

  • To respond to enquiries and provide customer support
  • To deliver, maintain, and improve our API infrastructure services
  • To process transactions and manage billing
  • To send service-related communications, including updates and security notices
  • To comply with legal and regulatory obligations under Singapore law
  • To analyse website usage and improve user experience
  • To protect against fraud, unauthorised access, and security threats
  • To manage our business relationship with you and your organisation

We will not use your personal data for purposes other than those stated above unless we obtain your consent or are permitted or required to do so under the PDPA.

5. Legal Basis for Processing

Under the PDPA, we rely on the following bases for processing your personal data:

  • Consent: Where you have given clear consent for us to process your personal data for specific purposes, such as marketing communications or non-essential cookies.
  • Contractual necessity: Where processing is necessary to perform our contract with you or to take steps at your request before entering into a contract.
  • Legal obligation: Where processing is necessary to comply with applicable laws, regulations, or court orders.
  • Legitimate interests: Where processing is necessary for our legitimate business interests, such as improving our services, provided these interests are not overridden by your data protection rights.

6. Disclosure of Personal Data

We may disclose your personal data to the following categories of recipients:

  • Service providers and subcontractors who assist in delivering our services (hosting, email, analytics, payment processing)
  • Professional advisers including lawyers, accountants, and auditors
  • Government authorities, regulators, or law enforcement when required by law
  • Business partners with your explicit consent
  • Successors in the event of a merger, acquisition, or sale of assets

All third-party recipients are bound by contractual obligations to protect your personal data and use it only for the purposes we specify. We do not sell your personal data to third parties.

7. Cross-Border Data Transfers

Your personal data is primarily stored and processed in Singapore. Where we transfer personal data outside Singapore, we ensure that the recipient country provides a comparable standard of protection, or we implement appropriate safeguards such as standard contractual clauses approved under the PDPA.

Our API infrastructure services may process data in Singapore data centres. Specific data residency requirements can be configured as part of your service agreement.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies:

  • Essential cookies: Required for site functionality, including cookie consent preferences. These cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with our website. These are only activated with your consent.

You can manage cookie preferences through our cookie banner or your browser settings. Disabling certain cookies may affect website functionality.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact form submissions: 24 months from last interaction
  • Client account data: duration of the business relationship plus 7 years for legal and tax compliance
  • Website analytics data: 14 months
  • Marketing consent records: until consent is withdrawn plus 12 months

After the retention period, personal data is securely deleted or anonymised.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Access controls and authentication for all systems containing personal data
  • Regular security assessments and vulnerability testing
  • Employee training on data protection and PDPA compliance
  • Incident response procedures for data breaches

While we take reasonable steps to protect your data, no method of transmission over the Internet is completely secure. We cannot guarantee absolute security.

11. Your Rights Under the PDPA

Under the PDPA, you have the following rights regarding your personal data:

  • Access: Request access to the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Withdrawal of consent: Withdraw consent for processing where consent is the legal basis, subject to contractual and legal restrictions.
  • Portability: Request a copy of your personal data in a commonly used machine-readable format, where applicable.
  • Complaint: Lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore if you believe your rights have been violated.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may charge a reasonable fee for access requests as permitted under the PDPA.

12. Data Breach Notification

In the event of a data breach that is likely to result in significant harm or affect a significant number of individuals, we will notify the PDPC and affected individuals as soon as practicable, in accordance with the PDPA notification requirements.

13. Children's Data

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

14. Do Not Call Registry

If you have registered your Singapore telephone number with the Do Not Call Registry, we will not send marketing messages to that number unless you have provided clear and unambiguous consent or have an ongoing business relationship with us as defined under the PDPA.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via our website or direct notification. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Continued use of our services after changes constitutes acceptance of the updated policy.

16. Contact Us

For questions about this Privacy Policy or to exercise your data protection rights, contact our Data Protection Officer:

Data Protection Officer
NullAI Pte. Ltd.
71 Ayer Rajah Crescent #05-15, Singapore 139951
Email: [email protected]
Phone: +65 6872 3341