Privacy Policy

Introduction

AI CTO ("we," "us," or "our") operates ai-cto.com and provides Managed AI as a Service to small and medium-sized enterprises (SMEs) in Singapore. We are committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, sign up for our services, subscribe to our WhatsApp newsletter, or engage one of our managed service functions.

This Policy complies with Singapore's Personal Data Protection Act (PDPA).

Who We Are

AI CTO is operated by Hypeworkz Pte Ltd, a company registered in Singapore.

For all data protection matters, our Data Protection Officer is Terence Ng, contactable at terence@hypeworkz.com.

Information We Collect

Information You Provide Directly

When you sign up for the SME AI Brief (WhatsApp newsletter):

• Name
• Mobile number
• Consent to receive WhatsApp messages

When you sign up for the Sales Hunter pilot:

• Name and company name
• Email address and mobile number
• Role within your company
• Description of your target market
• Information about your current sales activities
• Indication of whether you have a personal LinkedIn profile and company LinkedIn page

When you book a call with us:

• Name, email, and any details you choose to provide via Cal.com
• Calendar availability information

When you become an active customer:

• Business profile information (industry, customers, value proposition)
• Brand guidelines and outreach preferences
• LinkedIn account access (see "LinkedIn Account Access" section below)
• Payment and billing information (processed via our third-party payment provider)
• Communication and feedback during onboarding and ongoing service

Information About Your Prospects (Stored on Your Behalf)

When you use Sales Hunter, our included CRM stores information about prospects we identify and engage with on your behalf. This includes:

• Publicly available LinkedIn profile information (name, job title, company)
• Buying signals we have identified (e.g., role changes, hiring activity, public posts)
• Outreach messages sent and replies received
• Status, notes, and conversation history

For this prospect data, you are the data controller and we act as your data processor. See the "Data Processor Role" section below.

Information Collected Automatically

• Website Usage Data: IP address, browser type, device information, pages visited, time spent on pages
• Cookies and Tracking Technologies: We use cookies to improve website functionality and analyse usage patterns

How We Use Your Information

We use your personal data for the following purposes:

• Service Delivery: To deliver the services you have engaged us for, including Sales Hunter and any other catalogue functions you subscribe to
• WhatsApp Communication: To send the SME AI Brief newsletter (if subscribed) and to communicate about your active engagement with us
• Pilot and Retainer Onboarding: To set up your service, define your ideal customer profile, and configure outreach
• CRM Operations: To manage your prospects, signals, messages, and replies
• Service Improvement: To enhance our service quality and platform features (using anonymised, aggregated data only for this purpose)
• Customer Support: To respond to your enquiries and provide support
• Billing and Administration: To process payments and manage your account
• Analytics: To understand user behaviour, measure engagement, and improve our website

LinkedIn Account Access

To deliver Sales Hunter, we require access to your personal LinkedIn account.

How we obtain access:

• You sign in to your LinkedIn account once through our secure system
• This is done with your explicit permission and only after you have actively engaged Sales Hunter

How we use the access:

• Solely to send connection requests, messages, and follow-ups on your behalf, in line with the campaigns we have agreed
• Only during the term of your active engagement
• We do not browse, read, or interact with content unrelated to agreed outreach activity

How we protect the access:

• Credentials are stored securely and not retrievable in plain text
• Access is restricted to the minimum personnel required to operate the service
• Access can be revoked by you at any time, which immediately ends Sales Hunter activity on your account

Legal Basis for Processing (PDPA Compliance)

Under Singapore's PDPA, we process your data based on:

• Consent: You provide explicit consent when subscribing to the SME AI Brief, signing up for a pilot, or engaging our services
• Contractual Necessity: To fulfil our service obligations to you
• Legitimate Interests: To deliver the services you requested, communicate about your engagement, and improve our platform

How We Share Your Information

We do not sell your personal data. We may share your information with:

Service Providers

• WhatsApp Business API (Meta): For message delivery and the SME AI Brief
• Cloud Infrastructure: We host our infrastructure on DigitalOcean Kubernetes Service (DOKS) with data primarily stored in Singapore
• Cal.com: For appointment scheduling
• Payment Processors: For processing pilot and retainer payments
• Analytics Providers: For website usage analysis (e.g., Google Analytics)

Within Hypeworkz Pte Ltd

Authorised employees and contractors of Hypeworkz Pte Ltd who require access to deliver your service.

Legal Compliance

We may disclose your information if required by law, court order, or government authority, or to protect our rights and safety.

What We Do Not Share

• We do not share your data with third-party advertisers
• We do not share your prospect data with anyone other than as required to deliver your engagement
• We do not share your LinkedIn credentials with any third party

Data Processor Role (For Prospect Data)

When you use Sales Hunter, you are the data controller for the prospect data we manage on your behalf. We act as your data processor.

This means:

• You determine what prospect data is collected and how it is used
• We process prospect data only on your documented instructions (the agreed campaign scope)
• You are responsible for ensuring your use of prospect data complies with applicable data protection laws
• You may request export or deletion of your prospect data at any time
• We will assist you in responding to data subject requests from prospects, where reasonably required

Data Retention

• SME AI Brief Subscribers: Retained while you remain subscribed and for 12 months after unsubscription
• Pilot Sign-Up Data: Retained for 24 months from the date of signup
• Active Customer Data: Retained for the duration of your engagement and for 36 months after termination, for analytics, billing records, and legal compliance
• Prospect Data (CRM): Retained for the duration of your engagement; we will export and delete on request after termination
• WhatsApp Messages: Retained for 24 months for service quality and compliance purposes
• Website Analytics: Retained for 14 months
• Billing Records: Retained for 7 years to comply with Singapore tax and accounting regulations

Your Privacy Rights

Under PDPA, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Withdraw Consent: Withdraw your consent for data processing at any time
• Data Portability: Request your data in a structured, commonly used format
• Opt-Out of Marketing: Unsubscribe from the SME AI Brief by sending UNSUB 2233 via WhatsApp

The "UNSUB 2233" keyword applies only to the SME AI Brief newsletter. If you have an active engagement with us (pilot or retainer), service-related communications will continue until that engagement ends.

How to Exercise Your Rights

To exercise any of your privacy rights, contact our Data Protection Officer:

• DPO Email: terence@hypeworkz.com
• General Email: hello@ai-cto.com
• Newsletter Opt-Out: Send UNSUB 2233 via WhatsApp

We will respond to your request within 30 days.

Data Security

We implement industry-standard security measures to protect your personal data:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Secure infrastructure on DigitalOcean Kubernetes Service in Singapore
• Regular security reviews

LinkedIn account credentials are stored using one-way encryption and are not retrievable in plain text by anyone, including our team.

However, no method of transmission over the internet is 100% secure. We encourage users not to share highly sensitive business information via WhatsApp.

Cookies Policy

We use the following types of cookies:

• Essential Cookies: Required for website functionality
• Analytics Cookies: To understand how visitors use our site (e.g., Google Analytics)
• Marketing Cookies: To track campaign effectiveness and acquisition sources

You can manage cookie preferences through your browser settings.

Third-Party Links

Our website and communications may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact our DPO.

International Data Transfers

Your data is primarily stored and processed in Singapore on DigitalOcean Kubernetes Service.

Where we use third-party services that operate outside Singapore (such as WhatsApp Business API, Cal.com, or analytics providers), we ensure appropriate safeguards are in place to protect your information in compliance with PDPA requirements.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending notification via email for significant changes that affect active engagements

Your continued use of our services after changes indicates acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices: