Artyql — Consumer Intelligence Platform

1. Data Controller

Artyql, operated on behalf of Dammar and Partners Pte Ltd. (UEN 202510485Z) ("Artyql", "we", "us") is the data controller for the personal data described in this Privacy Policy. We are a company incorporated in the Republic of Singapore.

Data Controller:

Dammar and Partners Pte Ltd.

160 Robinson Road, #14-04, Singapore Business Federation Center, Singapore 068914

Email: privacy@artyql.com

EU Representative (GDPR Article 27):

[Pending — contact legal@artyql.com]

Contact: privacy@artyql.com

Data Protection Officer (DPO):

Contact: dpo@artyql.com

Note: As a Singapore-based company processing personal data of individuals in the European Union, we comply with both the EU General Data Protection Regulation (GDPR) and Singapore's Personal Data Protection Act 2012 (PDPA).

2. Personal Data We Collect

2.1 Account Data

When you create an account, we collect: full name, work email address, job title/position, phone number (optional), company name, company address, and profile photo (optional).

2.2 Usage Data

We automatically collect: IP address, browser type and version, operating system, device information, pages visited and features used, timestamps of access, referral URLs, and session duration.

2.3 Customer Data (Processor Role)

When you use the Service, you may input data about your customers, suppliers, products, and operations. Where this data includes personal data (e.g., contact names and emails of your suppliers or customers), we process it as a data processor on your behalf under our Data Processing Agreement. This Privacy Policy applies to Artyql as a data controller; our role as processor is governed by the DPA.

2.4 Payment Data

Payment information (credit card numbers, bank details) is collected and processed by our third-party payment processor. We do not store full payment card numbers on our systems. We retain only the last four digits of your card, card type, and billing address for record-keeping purposes.

2.5 Communication Data

When you contact us via email or support channels, we collect the content of your communications, metadata (timestamps, subject lines), and any attachments you provide.

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal bases:

Purpose	Legal Basis	GDPR Article
Providing the Service	Performance of contract	Art. 6(1)(b)
Account management	Performance of contract	Art. 6(1)(b)
Billing and payments	Performance of contract	Art. 6(1)(b)
Security and fraud prevention	Legitimate interest	Art. 6(1)(f)
Service improvement and analytics	Legitimate interest	Art. 6(1)(f)
Customer support	Performance of contract	Art. 6(1)(b)
Marketing communications	Consent	Art. 6(1)(a)
Legal compliance	Legal obligation	Art. 6(1)(c)
Tax and accounting records	Legal obligation	Art. 6(1)(c)

Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interest at any time by contacting privacy@artyql.com.

4. How We Use Your Data

We use your personal data to: provide, maintain, and improve the Service; process payments and manage subscriptions; send transactional communications (account confirmations, password resets, security alerts); provide customer support; monitor and analyze usage patterns to improve the Service; detect, prevent, and address security threats; comply with legal obligations; and send marketing communications (only with your consent, which you may withdraw at any time).

We do not sell your personal data. We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects.

5. Data Sharing

We share your personal data only in the following circumstances:

5.1 Service Providers (Sub-processors)

We engage third-party service providers to assist in operating the Service. Each sub-processor is bound by data processing agreements that impose obligations equivalent to those in our DPA. Current sub-processors include:

Provider	Purpose	Location
Neon	Database hosting (PostgreSQL)	Frankfurt, Germany (EU)
Vercel	Application hosting and CDN	Global (EU edge)
Stripe	Payment processing	Ireland (EU)
Resend / Postmark	Transactional email	USA (SCCs in place)

We will notify you before adding new sub-processors that process your personal data, giving you the opportunity to object.

5.2 Legal Requirements

We may disclose your personal data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Artyql, our users, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity, subject to this Privacy Policy.

6. International Data Transfers

Artyql is based in Singapore. Your Customer Data is stored on servers in Frankfurt, Germany (EU) operated by Neon. However, certain processing activities may involve transfers of personal data outside the EEA.

Where personal data is transferred outside the EEA, we ensure adequate protection through one or more of the following mechanisms:

EU Standard Contractual Clauses (SCCs) as approved by European Commission Implementing Decision (EU) 2021/914; transfers to countries recognized by the European Commission as providing an adequate level of data protection (adequacy decisions); and, where applicable, binding corporate rules or other approved transfer mechanisms under GDPR Article 46.

Singapore has been recognized by the European Commission under the EU-Singapore Digital Partnership as having comparable data protection standards, though a full adequacy decision is pending. We supplement transfers with SCCs and technical measures (encryption) as recommended by the European Data Protection Board (EDPB).

7. Data Retention

We retain your personal data only as long as necessary for the purposes described in this Policy:

Data Category	Retention Period
Account data	Duration of account + 90 days after deletion
Customer Data	Duration of account + 90 days (export available for 30 days)
Usage / analytics data	26 months
Billing records	7 years (legal obligation — tax/accounting)
Audit logs	3 years
Support communications	2 years after ticket closure
Marketing consent records	Duration of consent + 3 years

8. Your Rights (GDPR Chapter III)

Under the GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15)

You may request a copy of your personal data we process, along with information about the purposes, categories, recipients, and retention periods.

Right to rectification (Art. 16)

You may request correction of inaccurate or incomplete personal data. You can also update your Account information directly through the Service.

Right to erasure (Art. 17)

You may request deletion of your personal data where it is no longer necessary, you withdraw consent, or the data was unlawfully processed. This right is subject to legal retention obligations.

Right to restrict processing (Art. 18)

You may request that we limit the processing of your personal data in certain circumstances, such as while we verify its accuracy or assess an objection.

Right to data portability (Art. 20)

You may request your personal data in a structured, commonly used, machine-readable format (JSON or CSV) and transmit it to another controller.

Right to object (Art. 21)

You may object to processing based on legitimate interest. You have an absolute right to object to processing for direct marketing purposes.

Right to withdraw consent (Art. 7(3))

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Right to lodge a complaint (Art. 77)

You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of these rights, contact us at privacy@artyql.com. We will respond within 30 days (extendable by two further months for complex requests, with notice). We may request verification of your identity before processing your request.

9. Cookies and Tracking Technologies

We use cookies and similar technologies as described in our Cookie Policy. We use strictly necessary cookies that are essential for the Service to function (session management, security tokens). We do not use advertising or tracking cookies.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete it promptly.

11. Security Measures

We implement appropriate technical and organizational measures including: encryption in transit (TLS 1.3) and at rest (AES-256); role-based access control with granular permissions; multi-factor authentication; regular penetration testing and vulnerability assessments; employee security training; incident response procedures; and secure software development lifecycle (SSDLC).

12. Singapore PDPA Compliance

In addition to GDPR compliance, we comply with Singapore's Personal Data Protection Act 2012 (PDPA). Under the PDPA: we have appointed a Data Protection Officer (dpo@artyql.com); we obtain consent before collecting, using, or disclosing personal data; we protect personal data with reasonable security arrangements; we limit the collection of personal data to what is necessary; and we provide access and correction rights to individuals.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect by email and by posting a notice within the Service. The "Effective" date at the top of this page indicates when it was last updated.

14. Contact Us

Artyql, on behalf of Dammar and Partners Pte Ltd.

Privacy: privacy@artyql.com

DPO: dpo@artyql.com

General: mail@artyql.com

EU Representative (GDPR Art. 27): [Pending — contact legal@artyql.com]