Privacy Policy

1. WHAT INFORMATION WE COLLECT ABOUT YOU
   1. We collect the following types of information about you:
      1. account and profile information that you provide when you register for an account or sign up for our products or services, for example your name, email address, job title, company name, username or similar identifier (collectively, "Account Data");
      2. information you provide through support channels, for example when you report a problem to us or interact with our support team, including any contact information, documentation, or screenshots (collectively, "Support Data");
      3. communication, marketing, and other preferences that you set when you set up your account or profile, or when you participate in a survey or a questionnaire that we send you (collectively, "Preference Data");
      4. information about your device or connection, for example your IP address, browser/device information, log data and information we collect through cookies and other data collection technologies (please read our Cookies Policy for details) (collectively, "Technical Data"); and
      5. Information about your use of or visit to our Platform, for example Technical Data including IP addresses, browser types, and device identifiers and Usage Data regarding how users interact with our software applications (such as page views, feature engagement, and session duration) (collectively, "Usage Data").
   2. We may also receive information about you from other sources, including:
      1. Third-Party Linked Services, for example, if you "Sign up with Google, Microsoft, or LinkedIn", we receive your name, email, and profile picture from those services;
      2. Business Partners and Service Providers based in Hong Kong, Singapore, United States, and Mainland China who provide technical services, raw market data feeds, and analytics.
   3. We do not collect sensitive data or special category data about you. This includes details about your race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, or sexual orientation.
2. HOW WE USE INFORMATION WE COLLECT
   1. We only use your personal information where the law allows us to, specifically:
      1. Contract Necessity: we need to perform the contract we have entered into (or are about to enter into) with you, including to operate our products or services, to provide customer support and personalised features, and to protect the safety and security of our Platform;
      2. Legitimate Interests: it satisfies a legitimate interest which is not overridden by your fundamental rights or data protection interests, for example for research and development, and in order to protect our legal rights and interests;
      3. Consent: you've given us consent to do so for a specific purpose, for example we may send you direct marketing materials or publish your information as part of our testimonials or customer stories to promote our products or services with your permission; or
      4. Legal Obligation: we need to comply with a legal or regulatory obligation.
   2. If you have given us consent to use your personal information for a specific purpose, you have the right to withdraw your consent any time by contacting us (please refer to paragraph 9. for contact information), but please note this will not affect any use of your information that has already taken place.
   3. We do not share your personal information with any company outside our group for marketing purpose, unless with your express specific consent to do so.
   4. For visitors to or users of our Platform who are located in the European Union, we have set out our legal bases for processing your information in the Legal Bases Table at the end of this policy.
3. HOW WE SHARE INFORMATION WE COLLECT
   1. We share information with third parties that help us operate, provide, support, improve, and market our products and services, for example third-party service providers who provide data processing, cloud hosting, operations, billing, customer support, business analytics, and other services.
   2. Third-party service providers have access to your personal information only for the purpose of performing their services and in compliance with applicable laws and regulations. We require these third-party service providers to maintain confidentiality and security of all personal information that they process on our behalf and to implement and maintain reasonable security measures to protect the confidentiality, integrity, and availability of your personal information.
   3. We take reasonable steps to confirm that all third-party service providers that we engage process personal information in the manner that provides at least the same level of protection as is provided under this policy. Where any third-party provider is unable to satisfy our requirements, we will require them to notify us immediately and we will take reasonable steps to prevent or stop non-compliant processing.
   4. We may share personal information on aggregated or de-identified basis with third parties for research and analysis, profiling, and similar purposes to help us improve our products and services.
   5. If you use any third-party software in connection with our products or services, for example any third-party software that our Platform integrates with, you might give the third-party software provider access to your account and information. Policies and procedures of third-party software providers are not controlled by us, and this policy does not cover how your information is collected or used by third-party software providers. We encourage you to review the privacy policies of third-party software providers before you use the third-party software.
   6. Our Platform may contain links to third-party websites over which we have no control. If you follow a link to any of these websites or submit information to them, your information will be governed by their policies. We encourage you to review the privacy policies of third-party websites before you submit information to them.
   7. We may share your information with government and law enforcement officials to comply with applicable laws or regulations, for example when we respond to claims, legal processes, law enforcement, or national security requests.
   8. If we are acquired by a third party as a result of a merger, acquisition, or business transfer, your personal information may be disclosed and/or transferred to a third party in connection with such transaction. We will notify you if such transaction takes place and inform you of any choices you may have regarding your information.
4. HOW WE STORE AND SECURE INFORMATION WE COLLECT
   1. We use data hosting service providers based in Singapore to host the information we collect.
   2. We have adopted the following measures to protect the security and integrity of your personal information:
      1. information is encrypted using TLS/SSL technology;
      2. access to your personal information is restricted to personnel or service providers on a strictly need-to-know basis, who will only process your information on our instructions and who are subject to a duty of confidentiality; and
      3. our information collection, storage, and processing practices are reviewed regularly.
   3. To enhance account security, we use "Magic Link" authentication for Platform access. Instead of a traditional password, a unique, time-sensitive access link is sent directly to your registered email address.
      1. This method ensures that your account access is as secure as your email account.
      2. You are responsible for maintaining the security of your email account. We are not responsible for any unauthorised access to your account or data breaches resulting from your email account being compromised or hacked.
   4. While we implement safeguards designed to protect your information, please note that no transmission of information on the Internet is completely secure. We cannot guarantee that your information, during transmission through the Internet or while stored on our systems or processed by us, is absolutely safe and secure.
   5. We retain your data for as long as is necessary to fulfil the purposes we collected it for, including legal, accounting, or reporting requirements. Account Data is retained for as long as your account is active plus two years. After such time, we will delete or anonymize your information, or if this is not possible, we will securely store your information and isolate it from further use.
5. HOW WE TRANSFER INFORMATION INTERNATIONALLY
   1. We collect information globally and primarily store that information in Singapore. We transfer, process, and store your information outside your country of residence where we or our service providers operate for the purpose of providing our products and services to you.
   2. Some of the countries in which our companies or service providers are located may not have the privacy and data protection laws that are equivalent to those in your country of residence. When we share information with these companies or service providers, we make use of contractual clauses, corporate rules, and other appropriate mechanisms to safeguard the transfer of information.
6. YOUR RIGHTS
   1. You have the right to:
      1. be informed of what we do with your personal information;
      2. request a copy of personal information we hold about you;
      3. require us to correct any inaccuracy or error in any personal information we hold about you;
      4. request erasure of your personal information (note, however, that we may not always be able to comply with your request of erasure for record keeping purposes, to complete transactions, or to comply with our legal obligations);
      5. object to or restrict the processing by us of your personal information (including for marketing purposes);
      6. request to receive some of your personal information in a structured, commonly used, and machine readable format, and request that we transfer such information to another party; and
      7. withdraw your consent at any time where we are relying on consent to process your personal information (although this will not affect the lawfulness of any processing carried out before you withdraw your consent).
   2. Our Platform enables you to update certain information about yourself, for example by updating their user profile or changing settings on your platform.
   3. You may opt out of marketing communications by emailing dpo@aivift.com or by adjusting your Account Settings on the platform. All requests are processed free of charge. Please note that even if you opt out, you will continue to receive essential service-related emails regarding account security and beta updates.
   4. As a security measure, we may need specific information from you to help us confirm your identity when processing your privacy requests or when you exercise your rights.
   5. Any request under paragraph 6.1 will normally be addressed free of charge. However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive, or excessive.
   6. We will respond to all legitimate requests within one (1) month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests.
7. CHANGES TO THIS POLICY
   1. We may amend this policy from time to time by posting the updated policy on our Platform. By continuing to use our Platform after the changes come into effect, you agree to be bound by the revised policy.
8. POLICY TOWARDS CHILDREN
   1. Our products and services are not directed to individuals under 18. We do not knowingly collect personal information from individuals under 18. If we become aware that an individual under 18 has provided us with personal information, we will take steps to delete such information. Contact us if you believe that we have mistakenly or unintentionally collected information from an individual under 18.
9. CONTACT US
   1. Please contact us at dpo@aivift.com or submit any written request to:
      

      AIVI Technologies Limited

      18A, Harvard Commercial Building, 105-111 Thomson Road, Wanchai, Hong Kong

      Attn: The Data Protection Officer (DPO)

   2. Please contact us in the first instance if you have any questions or concerns. If you have unresolved concerns, you have the right to file a complaint with a data protection authority in the country where you live or work or where you feel your rights have been infringed.
10. COOKIES POLICY
    1. Cookies are small text files that are placed on your device by a web server when you access our Platform. We use cookies to identify your access and monitor usage and web traffic on our Platform to customise and improve our products and services.
    2. We use both persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our Site or a partner site that uses our services. Session cookies only last for as long as the session lasts (usually the current visit to a website or a browser session).
    3. We use the following types of cookies:
       1. Strictly necessary cookies – these are cookies that are required for the operation of our site. They include, for example, cookies that manage your Magic Link authentication sessions and enable you to log into secure areas of our website. Without these, the Platform cannot function.
       2. Analytical/Performance Cookies – these allow us to recognize and count the number of visitors and see how users move around our Platform. This helps us improve the way our software works, ensuring users find the information they need efficiently.
       3. Functionality Cookies – these are used to recognize you when you return to our Platform. This enables us to personalize our content for you, such as remembering your regional preferences, language settings, or dashboard layout.
    4. You can block cookies by activating the setting on your browser that allows you to refuse the use of all or some cookies. However, if you do so, you may not be able to access all or parts of our site. Because our Magic Link system relies on strictly necessary cookies for security, blocking all cookies will prevent you from logging into the Platform.
11. LEGAL BASES TABLE

    Processing purpose	Type of data processed	Legal basis
    Platform Access: To manage user accounts and provide the services.	Account Data, Technical Data	(2) Contract
    Analytics & Intelligence: To process raw public news for entity recognition and company-level analysis.	Publicly Sourced Identifiers (Names/Titles)	(6) Legitimate Interests
    Security & Optimization: To protect against scraping/attacks and fix bugs in the platform.	Technical Data, Usage Data	(6) Legitimate Interests

By continuing to use the Services, you confirm your acceptance of this Privacy Policy.