Privacy Policy

Effective date: 11 April 2026

This Privacy Policy explains how ai4tax(“we”, “us” or “our”) collects, uses, discloses, and protects personal data in accordance with the Singapore Personal Data Protection Act 2012(“PDPA”) and the guidelines issued by the Personal Data Protection Commission (“PDPC”). By using our website, services, or the ai4tax program (collectively, the “Services”), you consent to the collection, use, and disclosure of your personal data as described in this Policy.

1. Personal Data We Collect

“Personal data” means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access. We may collect the following categories of personal data:

• Identity and contact data: full name, job title, employer, business email, business phone number, and country of residence.
• Professional data: information about your role, tax function, organisation, and use cases you share with us when enquiring about or enrolling in the ai4tax program.
• Usage data: information about how you interact with our website and Services, including IP address, browser type, device identifiers, pages visited, and timestamps.
• Communications: the content of emails, messages, and other correspondence you send to us.
• Inputs to our agentic AI systems: prompts, documents, files, and other content you submit to our AI agents in connection with the Services.

2. How We Collect Personal Data

We collect personal data directly from you when you:

• Visit our website or interact with our content;
• Submit an enquiry, request a demo, or apply to join the ai4tax program;
• Communicate with us via email, phone, or messaging platforms;
• Use our agentic AI systems or other Services.

We may also collect personal data from third parties, such as your employer, publicly available sources, and service providers who assist us in providing the Services.

3. Purposes for Which We Use Personal Data

In accordance with sections 13 and 18 of the PDPA, we collect, use, and disclose your personal data only for purposes that a reasonable person would consider appropriate in the circumstances and that have been notified to you. These purposes include:

• Responding to your enquiries and providing requested information;
• Evaluating, onboarding, and administering your participation in the ai4tax program;
• Delivering, operating, maintaining, and improving our Services and agentic AI systems;
• Conducting research and analytics to improve model quality and user experience;
• Sending service communications, updates, and (where permitted) marketing materials;
• Complying with legal, regulatory, and professional obligations;
• Protecting the security and integrity of our Services and detecting fraud or misuse;
• Any other purpose that we notify you of at the time of collection.

4. Consent

We will obtain your consent before collecting, using, or disclosing your personal data, except where the PDPA or other applicable law permits us to do so without consent (for example, where disclosure is necessary for legitimate interests, business improvement, legal compliance, or where the data is publicly available). You may withdraw your consent at any time by contacting our Data Protection Officer using the details in section 12. Upon withdrawal, we will cease the relevant collection, use, or disclosure within a reasonable time, although this may affect our ability to provide certain Services to you.

5. Disclosure of Personal Data

We may disclose your personal data to the following categories of recipients:

• Service providers and processors who support our business, including cloud hosting, analytics, communications, payment, and AI infrastructure providers;
• AI model providers who process inputs on our behalf to power our agentic AI Services, subject to confidentiality and data protection obligations;
• Professional advisers such as auditors, lawyers, and consultants;
• Government authorities and regulators where required by law or legal process; and
• Successors in interest in connection with a merger, acquisition, or sale of assets.

We require our service providers and processors to implement appropriate safeguards to protect personal data and to process it only for authorised purposes.

6. Transfers of Personal Data Outside Singapore

Where we transfer personal data outside Singapore, we will comply with section 26 of the PDPA and the Personal Data Protection Regulations 2021. This means we will take reasonable steps to ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection comparable to that under the PDPA, including through contractual clauses, binding corporate rules, or other lawful transfer mechanisms.

7. Protection of Personal Data

We implement reasonable administrative, technical, and physical security measures to protect personal data in our possession or under our control against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. These measures include access controls, encryption in transit and at rest where appropriate, logging, and regular security reviews. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Retention of Personal Data

We will not retain your personal data, or any part of it, longer than is necessary to fulfil the purposes for which it was collected or as required by applicable law. When personal data is no longer needed, we will securely delete or anonymise it.

9. Your Rights Under the PDPA

Subject to the PDPA and applicable exceptions, you have the right to:

• Access the personal data we hold about you and information about how it has been used or disclosed in the past year;
• Correct any error or omission in your personal data;
• Withdraw consent to the collection, use, or disclosure of your personal data;
• Request information about our data protection policies and practices.

We may charge a reasonable fee for access requests as permitted by the PDPA and will respond to your request within the timelines prescribed under the PDPA.

10. Agentic AI and Automated Processing

Our Services include agentic AI systems that may process personal data to generate outputs such as analyses, recommendations, draft documents, or automated actions. Where permitted, we may use de-identified or aggregated data derived from Service usage to evaluate and improve our AI systems. We do not sell personal data. Inputs that you submit to our agents are handled in accordance with this Policy and any additional terms you agree to when using the Services.

11. Cookies and Similar Technologies

Our website may use cookies and similar technologies to operate the site, remember your preferences, and analyse usage. You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our website.

12. Data Protection Officer

As required under section 11(3) of the PDPA, we have designated a Data Protection Officer (“DPO”) who is responsible for ensuring our compliance with the PDPA. If you have any questions, feedback, or requests concerning this Policy or your personal data, please contact our DPO at:

• Email: dpo@ai4tax.com
• Postal address:ai4tax — Data Protection Officer, Singapore

If you are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commission of Singapore (www.pdpc.gov.sg).

13. Changes to this Policy

We may update this Policy from time to time. The latest version will be posted on this page with a revised effective date. Your continued use of the Services after any changes become effective constitutes your acceptance of the updated Policy.