Privacy-first design and responsible data handling by Auralithe

Privacy Policy Overview

This Privacy Policy explains how Auralithe collects, uses, discloses, and safeguards personal data in the context of our AI software development and business integration services. We detail categories of data processed, the purposes of processing, legal bases where applicable, third-party recipients, retention practices, and the rights available to individuals. The policy is written for clarity and to assist clients and users in making informed decisions about engagement with our services.

2026-03-25 Auralithe New Upper Changi Road, Singapore, 467351 [email protected]
01

Key Definitions

To help you understand this policy, below are concise definitions of terms used throughout. These provide context for the data types, actors, and technical components referenced in our privacy practices.

Personal data means any information that identifies or can be used to identify an individual directly or indirectly, such as name, email address, phone number, professional identifiers, or any combination of attributes that can be linked to a person. Processing refers to any operation performed on personal data, whether automated or manual, including collection, storage, retrieval, use, pseudonymisation, analysis, disclosure, or deletion. User refers to any individual who interacts with Auralithe services, including clients, prospective clients, subcontractors, platform users, and visitors to our online resources. Service denotes the suite of AI software development, integration, consultation, and related platform capabilities offered by Auralithe to organizations and users. Cookies are small text files placed on a device by a website that store information about the user’s visit. We may also use similar technologies such as web beacons and local storage for diagnostic and functional purposes.
02

Data We Collect

We collect data necessary to deliver our services, maintain security, and improve product reliability. Collection is limited to what is relevant and proportionate to each purpose.

Data You Provide Directly

When you engage with Auralithe or use our platforms, you may supply data required for identification, communication, contracting, and project delivery. Examples include:

  • Contact details such as full name, business email address, and phone number used for client onboarding and communication.
  • Organizational information including company name, role, business identifiers, and contractual details needed to deliver professional services.
  • Project inputs and professional data, such as technical specifications, datasets, code artifacts, and system documentation provided for development and integration tasks.
  • Authentication and account data when registering for Auralithe platforms, including usernames, hashed passwords, and multi-factor authentication settings.
  • Transactional records, billing details, invoices, and correspondence necessary to administer contractual relationships and payments.
  • Feedback and support requests submitted through helpdesk channels to diagnose issues and improve service delivery.

Data Collected Automatically

When you access our websites or use our services, some information is collected automatically to enable functionality, improve performance, and maintain security.

  • Technical logs and telemetry such as IP addresses, browser or client type, device identifiers, and session timestamps used for diagnostics and security monitoring.
  • Usage metrics including feature interactions, API call patterns, and performance data to support product improvement and capacity planning.
  • Error reports and crash logs that help our engineering teams identify and resolve defects in deployed systems.
  • Security and access logs that record authentication events, privilege changes, and administrative activity to support incident response.
  • Cookie identifiers and similar tracking vouchers that enable preferences, load balancing, and analytics on our public and client portals.
  • Aggregated and anonymized datasets derived from the above items for trend analysis and product research.

Third-party Sources of Data

In some cases we obtain data from third parties to support onboarding, verification, or integration tasks. We limit such use to reputable partners and contractually require appropriate safeguards.

  • Identity verification providers used to confirm business credentials and reduce fraud in commercial engagements.
  • Cloud service providers and infrastructure partners that process telemetry and store project artifacts on our behalf.
  • Integration partners and client systems that provide datasets or event streams necessary for solution development and deployment.
03

Purposes of Processing

We process personal data only for specific, explicit, and legitimate purposes. Processing is constrained to what is necessary for each purpose and described below.

  • Service delivery: to design, develop, test, and deploy AI software and integrations requested by clients.
  • Client support and operations: to provide technical support, manage incidents, and communicate project status.
  • Security and fraud prevention: to detect, contribute, and protect against security incidents or unauthorized access.
  • Billing and administration: to issue invoices, process payments, and manage contractual obligations.
  • Compliance and legal obligations: to meet regulatory requirements, respond to lawful requests, and enforce our terms of service.
  • Product improvement: to analyze anonymized usage data for reliability, performance, and feature optimization.
  • Research and development: to evaluate prototype behavior and improve AI models using appropriate safeguards and data minimisation.
  • Client-requested integrations: to connect and maintain interfaces with client systems under explicit project scopes and security controls.

Legal Bases for Processing

Where applicable, we rely on recognized legal bases for processing personal data. For business-to-business relationships, performance of a contract and legitimate interest are common bases.

  • Performance of a contract: processing necessary to fulfill obligations under service agreements and statements of work.
  • Legitimate interests: processing for security, fraud prevention, platform reliability, and product improvement, balanced against individual rights.
  • Legal compliance: processing required to comply with statutory or regulatory obligations.
  • Consent: where consent is expressly collected for specific activities such as certain marketing communications or optional analytics features.

Data Subject Rights (GDPR-style Overview)

Although Auralithe primarily serves corporate clients, we respect data protection principles consistent with GDPR-style frameworks. The following lists describe rights commonly provided to data subjects and how to exercise them.

  • Right to access: individuals can request information about whether we process their personal data and obtain a copy of that data when appropriate.
  • Right to rectification: individuals may request correction of inaccurate or incomplete personal data held by us.
  • Right to erasure: in specific circumstances individuals may request deletion of their personal data when it is no longer necessary for the original purpose.
  • Right to restrict processing: individuals can request limitation of processing where contested accuracy or legal basis exists.
  • Right to data portability: where processing is based on consent or contract and is carried out by automated means, individuals may request a structured, commonly used format for their data.
  • Right to object: individuals may object to processing based on legitimate interests, including profiling, subject to our assessment of compelling grounds.
04

Cookies and Tracking Technologies

We use cookies and similar technologies to enable core functionality, enhance security, and collect analytics data. You can manage your preferences through browser settings or the cookie controls on our site.

Types of cookies we use include essential cookies for authentication and session management, performance cookies for analytics, and functional cookies for user preferences.

Cookie categories: Essential (required for service operation), Performance (analytics and monitoring), Functional (preferences and UI), and Optional (third-party integrations).

You can manage cookies by adjusting browser settings to block or delete cookies. Disabling certain cookies may affect functionality of some Auralithe services or client portals.

View our Cookie Policy for detailed information on cookies and how to manage them.

When We Share Data

We share personal data only as required to fulfill our services, comply with legal obligations, or with consent. Shared data is limited to what is necessary and governed by contractual protections.

  • Service providers: cloud hosts, analytics providers, and monitoring vendors who process data under our instructions.
  • Professional advisors: legal, accounting, or audit firms engaged to support corporate operations or compliance matters.
  • Integration partners: third-party platforms or client-authorized services necessary for solution interoperability.
  • Regulators and law enforcement: when required by applicable law, court order, or to respond to lawful requests.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, data may be transferred subject to confidentiality protections.
  • Aggregated reporting: anonymized or de-identified data shared for benchmarking and research without identifying individuals.

International Data Transfers

Auralithe operates with global cloud and service providers; personal data may be transferred to jurisdictions outside Singapore when necessary for service delivery. Transfers are carried out in accordance with applicable law and documented safeguards.

Safeguards for international transfers include standard contractual clauses, vendor assessments, and technical controls such as encryption and role-based access, applied according to the sensitivity of the data.

Data Retention

We retain personal data only for as long as necessary to provide services, meet contractual and legal obligations, and for legitimate operational needs. Retention periods are proportionate and reviewed periodically.

Account information and contractual records are retained for the duration of the client relationship and for a reasonable period thereafter to satisfy accounting, legal, and audit requirements.

Support tickets, correspondence, and project communications are retained for operational support and knowledge continuity, typically aligned with the project lifecycle unless a different period is required by law.

Security and access logs are retained according to incident response and compliance requirements; retention balances forensic needs with privacy and typically follows industry best practices.

When retention periods expire or upon successful deletion requests where applicable, we securely dispose of or anonymize personal data so it can no longer be linked to an individual.

Security Measures

Auralithe employs technical, organisational, and administrative safeguards to protect personal data from unauthorized access, disclosure, alteration, or destruction. Security is implemented according to risk assessments and aligned with industry standards.

  • Technical controls such as encryption at rest and in transit, identity and access management, and network segmentation.
  • Operational practices including least-privilege access, change management, regular vulnerability scanning, and incident response procedures.
  • Contractual and organisational measures: vendor due diligence, confidentiality agreements, staff training, and periodic security reviews.
05

Your Privacy Rights

Depending on jurisdiction and context, individuals may have rights regarding their personal data. We provide mechanisms to exercise these rights promptly and transparently.

  • Access: request confirmation of processing and obtain a copy of personal data when applicable.
  • Rectification: request correction of inaccurate personal data.
  • Erasure and restriction: request deletion or limitation of processing subject to legal and contractual constraints.
  • Portability: request export of personal data in a structured, commonly used format where applicable.
  • Objection and complaint: object to processing based on legitimate interests and lodge a complaint with a supervisory authority if unresolved.
  • Right to withdraw consent for specific processing activities related to marketing or profiling; requests will be processed in accordance with applicable Singapore data protection practice.
  • Right to data portability where applicable, enabling users to request a structured, commonly used, machine-readable copy of personal data provided to Auralithe.
  • Right to object to processing based on legitimate interests or direct marketing, which Auralithe will assess and respond to promptly and in line with legal obligations.

How to exercise your privacy rights

To exercise any privacy right, submit a request to our Data Protection Officer with a clear description of the information or action you require. Include sufficient verification information so we can authenticate your identity. We accept requests by email and postal mail; see contact details below. We will provide an initial acknowledgement and outline any follow-up steps necessary to handle complex requests.

[email protected]

Auralithe aims to acknowledge requests within five business days and provide a substantive response within 30 calendar days for routine requests. Complex or multi-part requests may require additional time; you will be informed of any necessary extension and its rationale.

Marketing communications and choices

We occasionally send communications about product updates, research, events, and services tailored to business audiences in Singapore and relevant jurisdictions. Communications are based on user preferences, contractual relationships, and permitted legitimate interests. Marketing messages include clear opt-out instructions and are sent only to recipients who have a lawful basis for receiving them.

To stop receiving marketing communications, use the unsubscribe link in any marketing email or contact [email protected] with the subject 'Unsubscribe'. Processing of unsubscribe requests is typically completed within five business days.

Children and personal data

Auralithe develops enterprise-grade AI software and business integration services directed at organizations and professionals. We do not knowingly collect personal data from children under the age of 16 in the course of our business services. If you believe we have collected personal data about a child, contact us and we will contribute and take appropriate actions.

External links and third-party services

Our website and service interfaces may include links to third-party sites, integrations, or developer tools. These external services have their own privacy practices; Auralithe is not responsible for their content or data handling. We recommend reviewing third-party privacy notices before providing personal data or authorizing integrations.

Changes to this privacy policy

We review and update our privacy policy periodically to reflect changes to business practices, technology, or legal requirements. Material changes will be communicated through the Auralithe website and, where appropriate, direct notification to affected clients. The policy effective date is stated on the relevant page.