Privacy Policy

Introduction

Thoughtloom is committed to protecting your privacy and handling your personal data responsibly. This privacy policy explains how we collect, use, store, and protect information when you interact with our services, visit our website, or engage with our AI solutions.

We operate in accordance with Singapore's Personal Data Protection Act 2012 and international privacy standards. For questions about this policy, contact us at [email protected].

Data Collection

Information We Collect

When you interact with Thoughtloom, we may collect:

• Contact information including name, email address, phone number, and business details when you submit enquiries or engage our services
• Communication records including emails, messages, and call notes when corresponding about our services
• Website usage data including IP address, browser type, pages visited, and access times through analytics tools
• Project-specific data during service delivery, as defined in individual engagement agreements

Legal Basis for Processing

We process personal data based on:

• Consent: When you voluntarily provide information through our contact forms or service enquiries
• Contract: When necessary to deliver services you have engaged us to provide
• Legitimate Interest: For business operations, service improvement, and communication about relevant services

Data Retention

We retain personal data for:

• Contact enquiries: 24 months from last communication
• Client engagement data: Duration of project plus 5 years for records
• Website analytics: 26 months in aggregated form
• Legal and accounting records: 7 years as required by Singapore law

Data Usage

We use collected information to:

• Respond to service enquiries and provide requested information about our AI solutions
• Deliver contracted services including conversational intelligence platforms, synthetic data generation, and AI literacy programmes
• Communicate about project progress, deliverables, and post-deployment support
• Analyse website usage to improve user experience and content relevance
• Comply with legal and regulatory requirements
• Send occasional updates about our services, which you may opt out of at any time

Third-Party Services

We may share data with:

• Website analytics providers for usage statistics (Google Analytics)
• Email service providers for communication management
• Cloud infrastructure providers for secure data storage
• Professional service providers including legal and accounting firms

All third parties are contractually bound to protect your data and use it only for specified purposes.

Data Protection Measures

We implement comprehensive security measures:

• Encryption of data in transit using TLS protocols
• Encryption of sensitive data at rest
• Access controls limiting data access to authorised personnel only
• Regular security audits and vulnerability assessments
• Staff training on data protection responsibilities
• Incident response procedures for potential data breaches

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by applicable regulations.

Cookies and Tracking

Our website uses cookies and similar technologies. Essential cookies are necessary for site functionality, while optional cookies help us understand usage patterns. You can manage cookie preferences through our Cookie Policy page or your browser settings.

For detailed information about cookie types and management, please see our Cookie Policy.

Your Rights

Under Singapore's Personal Data Protection Act and international privacy standards, you have rights to:

• Access your personal data and receive a copy
• Correct inaccurate or incomplete data
• Request deletion of your data (subject to legal retention requirements)
• Object to processing for marketing purposes
• Withdraw consent where processing is based on consent
• Data portability for data you provided to us
• Lodge a complaint with Singapore's Personal Data Protection Commission

To exercise these rights, contact [email protected]. We will respond within 30 days of receiving your request.

International Data Transfers

While our operations are based in Singapore, some service providers may process data outside Singapore. When data is transferred internationally, we ensure appropriate safeguards including standard contractual clauses and adequacy decisions where applicable.

Children's Privacy

Our services are intended for business organisations and professional audiences. We do not knowingly collect information from individuals under 18 years of age. If you believe we have collected such information, please contact us immediately for deletion.

Policy Updates

We may update this privacy policy to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised date. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Information

For questions about this privacy policy or our data practices: