Data Protection and Privacy Notice

Aegis Intelligence Pte Ltd

1. Statement

1.1 Introduction

We at Aegis Intelligence Pte Ltd ("Aegis", "we", "us", "our") respect the privacy and confidentiality of the personal data of our clients, customers, users, partners, and other individuals we interact with in the course of providing our products and services. We are committed to implementing policies, practices, and processes to safeguard the collection, use, and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act 2012 ("PDPA").

1.2 How Do We Collect Your Personal Data

Personal data refers to information that can uniquely identify an individual either (a) on its own (e.g. NRIC No., FIN No.), or (b) when combined with other information (e.g. full name and full address).

We collect your personal data when you:

  • -Visit our website and leave behind your contact information
  • -Register for an account on our platform
  • -Authorize us to access content from connected third-party services (Google Drive, Microsoft OneDrive, Atlassian Confluence)
  • -Submit KYC information, professional credentials, or compliance documents through the platform
  • -Communicate with us via email or other written correspondence
  • -Are contacted by, and respond to, our representatives and agents
  • -Are referred to us by an existing customer or business partner
  • -Respond to our requests for additional personal data
  • -Submit your personal data to us for any other reason

1.3 Why Do We Collect Your Personal Data

  • -Providing, operating, and maintaining the platform and our services
  • -Authenticating users and managing user accounts and access permissions
  • -Performing Know-Your-Customer (KYC) checks and onboarding due diligence
  • -Organizing, mapping, and presenting compliance evidence (including content imported from connected services at your direction)
  • -Responding to your queries, requests, and complaints
  • -Managing the infrastructure and business operations of Aegis and complying with internal policies and procedures
  • -Billing, invoicing, and processing payments
  • -Preventing, detecting, and investigating crime, including fraud and money-laundering, and analysing and managing other commercial risks
  • -Protecting and enforcing our contractual and legal rights and obligations
  • -Facilitating business asset transactions (which may extend to any merger, acquisition, or asset sale)
  • -Complying with applicable rules, laws, regulations, codes of practice, or guidelines, or to assist in law enforcement and investigations by relevant authorities
  • -Any other purpose relating to any of the above

1.4 Types of Personal Data We Collect

The types of personal data we collect about you include:

  • -Personal contact information (name, business email, phone number, business address)
  • -Account credentials (username, hashed password, authentication tokens)
  • -KYC and professional data (employment history, professional qualifications, certifications, licenses, banking and payment details where required)
  • -Compliance evidence and documents you upload or import (including from connected Google Drive, OneDrive, or Confluence accounts)
  • -Technical data (IP address, browser type and version, device type, operating system, time zone, country/region-level geolocation)
  • -Usage data (pages visited, features used, time spent, click paths)

1.5 How Do We Use Your Personal Data

We use the personal data you provide us for one or more of the following purposes:

  • -Provide and operate the Aegis platform and its features
  • -Investigate complaints, claims, and disputes
  • -Manage and improve our business and operations to serve you better
  • -Process onboarding, KYC, and customer due diligence
  • -Fulfil legal and regulatory requirements

1.6 Who Do We Disclose Your Personal Data To

We do not sell your personal data.

We only share your personal data in the following circumstances:

  • -Where you authorize it — including other users on the platform you choose to share with (e.g. when you engage a consultant, project-relevant information is shared with that consultant; when a consultant offers services to you, their CV, certifications, and professional credentials are shared with you for evaluation), and connected third-party services you authorize (Google, Microsoft, Atlassian).
  • -In order to fulfil our service to you — with our service providers acting on our behalf, such as cloud hosting (Google Cloud Platform — Singapore region), email delivery, payment processing, customer support tools, and analytics. These providers are bound by contract to safeguard your data and process it only on our instructions.
  • -Where required by law — to government authorities and law enforcement agencies where compelled by Singapore law, court order, or other lawful process.

1.7 How Do We Manage the Collection, Use and Disclosure of Your Personal Data

1.7.1 Obtaining Consent

Before we collect, use, or disclose your personal data, we will notify you of the purpose. We will obtain your consent where required by the PDPA. We will not collect more personal data than is necessary for the stated purpose, and we will seek fresh consent from you if the original purpose for the collection, use, or disclosure has changed.

Under certain circumstances, we may rely on deemed consent or other exceptions to consent permitted under the PDPA, for example when you voluntarily provide your personal data for a stated purpose.

1.7.2 Withdrawal of Consent

You can withdraw consent directly through the platform. Deleting your account will remove your personal data in accordance with our retention policy (section 1.11).

If you need to withdraw consent for something that is not configurable in the platform, contact our Data Protection Officer (section 1.14). We will advise you of any consequences of withdrawal, which may include our inability to continue providing the service to you.

1.7.3 Use of Cookies

We may use cookies and similar technologies to collect information about your activity on our platform. A cookie is a small text file created by the website that is stored in your browser to recognise you and remember your preferences. Most cookies we use are session cookies, which are deleted at the end of your session.

You may choose not to accept cookies by turning off this feature in your browser. Disabling cookies may impair some functions of the platform.

1.8 How Do We Ensure the Accuracy of Your Personal Data

We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, and kept up to date. From time to time we may ask you to verify or update your personal data. Where you are in an ongoing relationship with us, please notify us of any changes (such as a change in your business email or address).

1.9 How Do We Protect Your Personal Data

We have implemented appropriate administrative, technical, and physical safeguards to protect the personal data we hold about you against loss, misuse, destruction, unauthorised alteration or modification, access, disclosure, or similar risks. These include encryption in transit (TLS), encryption at rest, access controls on a need-to-know basis, a web application firewall on our public endpoints, and regular security testing.

We educate our personnel on data protection and information security responsibilities. No system is perfectly secure; we encourage you to use strong, unique passwords and to enable multi-factor authentication where available.

1.10 Data Breach Notification

If we become aware of a personal data breach that is likely to result in significant harm to you or to affect a significant number of individuals, we will notify the Personal Data Protection Commission and affected individuals as required under the PDPA, generally within 72 hours of the breach being assessed.

1.11 How Do We Retain Your Personal Data

We retain your personal data only as long as needed to fulfil the purposes for which it was collected, plus a reasonable period to meet applicable legal, accounting, and audit requirements. When personal data is no longer needed for any business or legal purpose, we dispose of or anonymise it in a proper and secure manner.

1.12 How You Can Access and Make Correction to Your Personal Data

You can view and correct your personal data directly through the platform.

For data not available in the platform UI, contact our Data Protection Officer (section 1.14). We may need to verify your identity, and we will respond within 30 days.

1.13 Transfers of Personal Data Outside Singapore

Our primary data centres are located in Singapore. Where personal data is transferred outside of Singapore (for example, to a service provider based in another jurisdiction), we will ensure that the recipient is bound to protect the data to a standard comparable to the PDPA, by means of contractual safeguards, applicable certifications, or other lawful transfer mechanisms permitted under the Personal Data Protection (Transfer of Personal Data Outside Singapore) Regulations.

1.14 Contacting Us

If you have any query, feedback, complaint, or access/correction request regarding this Privacy Notice or how we manage your personal data, please contact our Data Protection Officer:

Data Protection Officer Email

dpo@aegis-intel.sg

We treat such matters seriously, handle them confidentially, and will respond within a reasonable time.

1.15 Changes to this Privacy Notice

We may update this Privacy Notice from time to time. We will notify you of changes by posting the latest version at this URL. Please visit this page periodically. Changes take effect when posted.

1.16 More Information on PDPA

For more information about the PDPA, please visit the Personal Data Protection Commission of Singapore at https://www.pdpc.gov.sg.

Last Updated Date: 2026-05-16

Version: 1.0