Last updated: 23 October 2025
Sandbay AI Pte. Ltd. (“Sandbay AI”, “we”, “our”, “us”) is committed to protecting personal data in accordance with Singapore’s Personal Data Protection Act 2012 (“PDPA”). This Policy explains how we collect, use, disclose, protect, and retain personal data.
1. Scope
This Policy applies to personal data we handle through our websites, products, services, and business operations. It does not apply to anonymised data.
2. Personal Data We Collect
• Contact & account: name, email, phone, company, role, login/profile details.
• Usage: device/ browser information, IP address, cookies/analytics, interaction logs.
• Client/Project data: datasets, documents, and content you provide for analysis or delivery of services.
• Billing: payment and invoicing details.
• Recruitment: CVs, portfolios, and application information.
3. Purposes of Use
We collect and use personal data to:
1. provide, operate, and improve our products and services;
2. manage accounts, billing, support, and service communications;
3. perform research, analytics, and model improvement (using anonymised or aggregated data where feasible);
4. send updates or marketing where consent is given (you may opt out at any time);
5. comply with laws, regulations, audits, and enforce our terms.
We will seek consent for any new purpose not set out above unless an exemption applies.
4. Disclosure of Personal Data
We may disclose personal data to:
• service providers (e.g., hosting, security, email, analytics, payment processing);
• professional advisers, auditors, and insurers;
• governmental or regulatory authorities where required by law.
All third parties must protect personal data and use it only for authorised purposes.
5. Protection and Retention
We implement reasonable security arrangements (access controls, encryption where appropriate, least-privilege access, patching, and vendor due-diligence) to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks.
We retain personal data only for as long as necessary to fulfil the purposes above or to meet legal and business requirements, after which we securely delete or anonymise it.
6. Individual Rights
Subject to PDPA and applicable exceptions, you may:
• request access to personal data we hold about you;
• request correction of inaccuracies;
• withdraw consent to our collection, use, or disclosure of your personal data (this may affect our ability to provide services).
Please contact our DPO (Section 10). We aim to respond within a reasonable time.
7. Data Breach Notification
If a data breach results in, or is likely to result in, significant harm, or affects 500 or more individuals, we will notify the Personal Data Protection Commission (PDPC) and affected individuals as required.
8. Cookies and Analytics
We may use cookies and similar technologies to operate our site and understand usage. You can disable cookies in your browser; doing so may affect site functionality.
9. Transfers Outside Singapore
Where personal data is transferred outside Singapore, we ensure that the recipient provides a standard of protection comparable to the PDPA (e.g., by contract or other legally enforceable arrangements).
10. Contact — Data Protection Officer
For questions, requests, or complaints about personal data:
Data Protection Officer
Sandbay AI Pte. Ltd.
Email: rahulnandwani@sandbay.ai
11. Updates
We may update this Policy from time to time. The latest version will be published on this page.