← Back to sign in

aZaaS Privacy Policy

Effective date: 28 June 2026 · Last updated: 28 June 2026

aZaaS Pte. Ltd. and its affiliates ("aZaaS", "we", "us") are committed to protecting personal data and to handling it responsibly and transparently. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in line with the Singapore Personal Data Protection Act 2012, as amended (the "PDPA"), the advisory guidelines of the Personal Data Protection Commission ("PDPC"), and the accountability practices of the Data Protection Trustmark (DPTM / SS 714:2025).

1. Scope

This Policy applies to personal data we handle in two capacities:

  • As an organisation (controller): personal data we collect through our website, enquiries, events, marketing, partnerships, and the administration of our customer relationships.
  • As a data intermediary (processor): personal data processed within our products and services — including BOA, the ionTone intelligence engine, and the HyperB platform — on behalf of and under the instructions of our business customers (see Section 10).

Business contact information used solely for business-to-business dealings (for example, a name, job title, business address, business phone, and corporate email) is treated in accordance with the PDPA's business-contact-information provisions.

2. Personal Data We Collect

Depending on your interaction with us, we may collect: business contact details (name, job title, company, business address, contact number, corporate email); account and authentication details for users of our products; enquiry, support, and feedback content; transaction and billing information; and technical, usage, and device data collected through our website and products (see Section 9 on cookies). For personal data processed inside our products on behalf of customers, the categories are determined by the customer (see Section 10).

3. How We Use Personal Data

We use personal data to: respond to enquiries and provide our services; create and administer accounts; deliver, secure, support, and improve our products; process payments; conduct statistical and operational analysis using aggregated or de-identified data; send updates, invitations, and marketing where permitted (you may opt out at any time); and comply with legal, regulatory, and contractual obligations.

Legal bases. We rely on your consent; deemed consent (including by notification or where processing is reasonably necessary to fulfil a contract with you); and the PDPA exceptions for legitimate interests and business improvement, where applicable. Where we rely on legitimate interests, we conduct an assessment to ensure the benefit is not outweighed by adverse effect on individuals.

4. Automated Processing and AI Personalisation

Our products use AI to assist users. The ionTone engine builds intelligence that is personalised to each customer's own organisation. We do not use customer personal data to train shared or foundation AI models that serve other customers, and we do not sell personal data. We may use aggregated and de-identified information to operate and improve our services. AI-assisted outputs may be inaccurate and are not a substitute for human judgement.

5. Disclosure of Personal Data

We keep personal data confidential and disclose it only as needed for the purposes above, to: service providers and subprocessors acting on our behalf under confidentiality and data-protection obligations; payment and financial institutions to process transactions; professional advisers; and government or regulatory authorities where required by law. We require third parties that process personal data on our behalf to provide a standard of protection comparable to the PDPA.

6. Consent and Withdrawal

You may withdraw consent for our collection, use, or disclosure of your personal data at any time by writing to our Data Protection Officer at dpo@azaas.com. We will verify your identity, explain the likely consequences of withdrawal, and process your request within ten (10) business days (we will inform you if more time is needed). Withdrawal may affect our ability to provide certain services.

7. Access, Correction, and Portability

You may request access to, or correction of, your personal data by writing to dpo@azaas.com. We will respond as soon as practicable and in any case within 30 days (if we cannot, we will inform you of the time needed). Where the data-portability provisions apply once in force, we will honour valid portability requests in accordance with the PDPA. We may charge a reasonable fee for access requests as permitted.

8. Accuracy, Protection, Retention, and Disposal

We take reasonable steps to keep personal data accurate and up to date, and ask that you inform us of changes. We apply administrative, physical, technical, and organisational safeguards — including access controls, encryption in transit where appropriate, and need-to-know access — to protect personal data against loss, misuse, and unauthorised access, disclosure, or alteration. We retain personal data only for as long as necessary for the purposes notified to you or as required by law, in line with our Retention and Destruction Policy, after which we securely dispose of or anonymise it.

9. Cookies and Analytics

Our website uses cookies and similar technologies for functionality, performance, and analytics (including third-party tools such as web analytics and advertising tags). You can manage cookies through your browser settings; disabling some cookies may affect website functionality. For full details, please refer to our Cookie Notice available on our website.

Note for DPO/counsel: Insert a direct link to your Cookie Notice / cookie consent banner here before publishing.

10. Personal Data Processed Within Our Products (Data Intermediary)

When we process personal data within BOA, ionTone, or HyperB on behalf of a business customer, the customer is the controller and aZaaS acts as a data intermediary. In that role we: process personal data only on the customer's documented instructions and the applicable agreement and Data Processing Addendum; apply the PDPA Protection and Retention obligations; engage subprocessors under comparable obligations; assist the customer in responding to individuals' requests; and do not use that personal data for our own purposes except aggregated/de-identified service improvement.

11. Overseas Transfer

Where we transfer personal data outside Singapore, we ensure the overseas recipient is bound by legally enforceable obligations to provide a standard of protection comparable to the PDPA (for example, through contractual clauses), in accordance with the Transfer Limitation Obligation.

12. Data Breach Notification

We maintain a data breach management plan. If we assess that a breach is notifiable — that is, it is likely to result in significant harm to affected individuals, or is of significant scale (affecting 500 or more individuals) — we will notify the PDPC as soon as practicable, and in any case no later than 3 calendar days after making that assessment, and will notify affected individuals where the breach is likely to result in significant harm. We will also notify other regulators where required.

13. Marketing and Do Not Call

Where we send marketing messages, we do so only with the appropriate consent or as permitted by law, and every message includes an opt-out. We comply with the PDPA's Do Not Call provisions for telemarketing to Singapore telephone numbers.

14. Governance and Accountability

We have appointed a Data Protection Officer and maintain internal data protection policies and practices — including risk assessments, the data breach management plan, the retention and destruction policy, and staff training — which we review periodically. Our DPO's contact details are published below and are operational during Singapore business hours.

15. Complaints

If you have a concern about how we handle personal data, please contact our DPO at dpo@azaas.com. We will investigate and respond. You also have the right to lodge a complaint with the PDPC.

16. Changes to This Policy

We may update this Policy from time to time; the current version will be posted on this page with its effective date. Material changes will be communicated where appropriate.

17. Contact — Data Protection Officer

Data Protection Officer, aZaaS Pte. Ltd. Email: dpo@azaas.com 9 Straits View, Marina One West Tower, #05-07, Singapore 018937 Tel: +65 3159 5015