Privacy Policy

2. Data We Collect

We collect the following categories of personal data:

Identification Data

Name, email address, phone number, organization name, job title, and account credentials.

Account & Usage Data

Login information, activity logs, features used, interaction patterns with our AI systems, and service preferences.

Content Data

User prompts, documents, and other data you input into our AI systems for processing. We distinguish between temporary processing data and data retained for service improvement.

Technical Data

IP address, browser type, device identifiers, operating system, access times, and referrer URLs.

Communications Data

Emails, chat logs, support tickets, and feedback you provide to us.

3. How We Collect Data

We collect personal data through:

• Direct interactions (forms, sign-up, uploads, chats, feedback, support requests)
• Automated technologies (cookies, analytics, system logs)
• Third parties (business customers, partners, authentication providers)

When enterprise customers provide personal data about their end-users for AI integration, we act as a data intermediary and process such data according to their instructions in compliance with PDPA.

4. Purposes of Collection, Use, and Disclosure

Service Delivery

Providing, operating, and maintaining our AI products; processing your inputs to generate AI outputs; managing your account and subscription.

AI Model Development

Training, testing, and improving our AI models where we have consent or an applicable PDPA exception. We will clearly inform you if your data is used for model training and provide opt-out options.

Personalization

Customizing features, recommendations, and content based on your usage patterns and preferences.

Business Improvement

Analytics, product development, service quality monitoring, and fraud detection, relying on PDPA's business improvement exception where appropriate.

Communications

Sending service-related messages and, with your consent, marketing communications about our products and events.

Compliance & Security

Enforcing our terms, detecting and preventing abuse, security monitoring, and complying with legal obligations.

5. Cookies and Similar Technologies

We use cookies and similar technologies to enhance your experience. See our Cookie Policy for details on:

• Types of cookies we use (necessary, preferences, analytics, marketing)
• What data these cookies collect
• How to control cookies through browser settings
• Third-party cookies and their purposes

6. Third-Party Services

We work with trusted third parties who process personal data on our behalf:

• Cloud Infrastructure: Hosting and data storage providers
• AI Model Providers: Third-party AI APIs and model services
• Analytics: Service monitoring and usage analytics
• Payment Processors: Secure payment handling
• Support Tools: Customer service and ticketing systems

All third parties are contractually bound to implement adequate security and PDPA-comparable protections, especially for cross-border transfers.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes stated in this policy, plus any legally required retention period. Retention periods vary by data type:

• Account data: Duration of your account plus 7 years for legal/audit purposes
• Transaction data: 7 years for financial and tax compliance
• AI processing data: As specified in your service agreement
• Support communications: 3 years after resolution

You may request deletion of your data at any time, subject to our legal retention obligations.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in transit (TLS) and at rest
• Access controls and authentication
• Regular security assessments and audits
• Employee confidentiality obligations and training
• Incident response procedures
• Privacy-by-design in AI system development

9. AI and Automated Decision-Making

Our services use AI and automated decision-making. We are committed to transparency:

• We explain the function and purpose of AI features in our documentation
• We describe types of data used to generate AI outputs
• Significant decisions with legal or similarly significant effects involve human oversight
• You may contact us to understand the basis of AI-driven decisions or request human review

10. Your Rights Under PDPA

Under Singapore's PDPA, you have the following rights:

Right of Access

Request to know what personal data we hold about you and how it has been used or disclosed in the past year.

Right to Correction

Request corrections to inaccurate or incomplete personal data.

Data Portability

Request your data in a machine-readable format for transfer to another organization.

Withdrawal of Consent

Withdraw consent for specific uses (e.g., marketing, AI training). Note that withdrawal may affect our ability to provide certain services.

To exercise your rights, contact us at hello@worldcouncil.ai. We will respond within a reasonable time.

11. Cross-Border Data Transfers

Your personal data may be transferred to and processed in countries outside Singapore. We ensure that overseas recipients provide protection comparable to PDPA through:

• Contractual clauses requiring PDPA-equivalent protection
• Binding corporate rules for intra-group transfers
• Certification to recognized frameworks

12. Contact Us

For privacy inquiries or to exercise your rights:

If you are not satisfied with our response, you may lodge a complaint with Singapore's Personal Data Protection Commission (PDPC).

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via our website or email. Continued use of our services after changes constitutes acceptance of the updated policy.