Privacy Policy

Last updated: January 06, 2025

Personal Information Protection Policy

  1. Introduction

Welcome to use the Sphevolabs products and related services!

1.1 The content, services, ownership, and operation of the Sphevolabs products and related services (hereinafter referred to as “the Product”) are owned by Sphevo Labs LLC (“Company” or “we”). We are committed to protecting your personal information in compliance with applicable laws, including Singapore’s Personal Data Protection Act (PDPA), U.S. state privacy laws (e.g., CCPA, CPRA), and GDPR principles for international data transfers. We also adhere to the U.S. Department of State (USDS) Third-Party Risk Management (TPRM) framework to ensure secure data handling by vendors and partners.

1.2 Personal information refers to all kinds of information recorded electronically or otherwise that can identify a specific natural person or reflect the activities of a specific natural person, either alone or in combination with other information. By using the Product, you acknowledge acceptance of this Policy.

1.3 If you do not agree to this Policy, you may discontinue use. Continued use constitutes acceptance of updated terms.

1.4 This Policy applies to your access to and use of our products and services through our software applications, official websites, and other available services.

1.5 If you have any questions, comments or suggestions regarding this Policy, please contact us using the information provided in Section 9.1.

1.6 This Policy explains how the Service collects, uses, stores, protects, shares, and transfers (if applicable) your personal information; it also explains your rights regarding accessing, correcting, and deleting your personal information. Terms related to your rights are presented in bold typeface for emphasis.

1.7 This Policy includes the following sections:

  1. How we collect and use personal information;
  2. How we use cookies and similar technologies;
  3. How we share, transfer, and publicly disclose personal information;
  4. How we protect the security of personal information;
  5. How we manage your personal information;
  6. How we store personal information;
  7. How this Policy is updated;
  8. Your Rights and Choices;
  9. International Data Transfers
  1. How We Collect and Use Personal Information

2.1 We collect personal information you voluntarily provide when using the Service and information collected automatically through your interactions with the Service, in accordance with the methods specified in this Policy. We collect information for the purposes described below, including providing and improving the Service, communicating with you, and complying with legal obligations.

2.2 Registration, Login, and Identity Authentication

2.2.1 To secure your account, you must provide your mobile phone number or other related information when registering and logging into the Service. This information facilitates your registration. You may also provide additional information to complete your profile. This information may be required to comply with regulations in certain jurisdictions. Failure to provide this information may limit your access to the Service. The information you provide will be stored in the Republic of Singapore. Upon account deletion, we will anonymize or delete your personal information as required by applicable laws and regulations.

2.2.3 The aforementioned log information includes:

  1. Information We Collect Directly from You: This includes information you provide when registering, contacting customer support, applying for a job, or completing forms. Examples include your email address, phone number, and other contact details.

  2. Information We Receive from Customers: As a service provider, we receive information from our customers about their users. This may include social media handles, usernames, profile pictures, biographies, follower counts, website URLs, names (if provided), and messages or communications. We also collect contact information from individuals employed by our customers to provide our Service.

  3. Information Collected Automatically: We automatically collect information from your device when you visit our website or use our Service. This may include your IP address, device type, unique device identifiers, browser type, geographic location, third-party webpages accessed through the Service, and other technical information. We also collect information about your interaction with our website and Service. This information allows us to analyze usage patterns and improve our offerings.

  4. Information from Other Sources: This may include data from data brokers or resellers, social networks (with your permission), partners, and customers.

2.3.4 Notifications: We may request permission to send you notifications. Refusal will only disable this feature and will not affect other functionalities. You can manage notification permissions through your device settings. When you revoke this permission, we will no longer send notifications.

2.4 Use of Information: We process information for the business purposes described in this Privacy Policy, including:

  1. Operating and improving the Site and Service;
  2. Providing the Service and other products and services;
  3. Evaluating user interests and needs;
  4. Recording chats, comments, interactions with customers, etc. (with consent where necessary);
  5. Evaluating offers, products, or services;
  6. Monitoring Service usage;
  7. Providing customer support;
  8. Creating aggregated data for internal analysis;
  9. Sending communications, including marketing materials (with your consent where required);
  10. Managing business needs, including compliance with legal obligations;
  11. Fulfilling other business purposes with your direction or consent.
  12. Using de-identified information for any purpose not prohibited by law.

2.5 Security and Risk Management: We may use and integrate your user information, transaction information, device information, web logs, and information shared by affiliates or partners (with your consent or as permitted by law) to assess risk, verify identity, detect and prevent security incidents, and comply with legal obligations.

2.6 Change of Purpose: We may adjust the Service’s features and offerings. We will only collect and use your personal information for purposes compatible with the original purpose or with your consent for new, incompatible purposes.

2.7 Exceptions to Obtaining Consent: We will obtain your consent before using information for purposes other than those outlined in this Policy. Exceptions to requiring consent, as permitted by law, include:

  1. National security or defense;
  2. Public safety, public health, or vital interests;
  3. Criminal investigations, prosecutions, trials, or judgments;
  4. Protecting your vital interests or those of others;
  5. Publicly disclosed information;
  6. Lawfully and publicly available information;
  7. Contractual necessity;
  8. Maintaining service operation;
  9. Legitimate journalism;
  10. De-identified research;
  11. Other legally permissible cases.

2.7.1 Service Cessation: If we cease operating the Service, we will stop collecting your personal information, notify you, and delete or anonymize your data.

2.8 Additional Disclosures for U.S. Compliance (CCPA/CPRA) Categories of Personal Information Collected: Identifiers (e.g., name, email), commercial data (e.g., transaction history), internet activity (e.g., IP address). Purposes: Analytics, customer support, fraud prevention, and service improvement. No Sale of Data: We do not sell personal information.

2.9 USDS TPRM Compliance To align with USDS TPRM requirements, we: Conduct annual third-party risk assessments for vendors handling personal data. Require vendors to demonstrate compliance with relevant audit standards. Implement Data Processing Agreements (DPAs) with third parties to enforce data minimization, encryption, and breach notification obligations.

2.10 Social Media Platform Integrations When you connect third-party social media accounts (e.g., Facebook, Instagram) to our Service: We collect access tokens, profile information, and analytics data solely to deliver platform functionality. Data usage is limited to the purposes disclosed in this Policy. We do not store social media credentials (e.g., passwords).

  1. How We Use Cookies and Similar Technologies

3.1 Cookies and similar technologies are used to collect and store information about your use of the Service. We use these technologies for the following purposes:

3.1.1 Service Operation: We use cookies for authentication, security, and to improve service efficiency.

3.1.2 User Experience: Cookies can personalize your experience and save you from repeating certain steps.

3.2 Managing Cookies:

3.2.1 You can manage cookies through your browser settings, but disabling cookies may affect functionality and personalize the advertisements you see.

3.2.2 You can clear browser cache data, which may impact your use of cookie-dependent features.

3.3 Do Not Track (DNT) Signals We respect browser “Do Not Track” signals.

3.4 Analytics Partners We use third-party analytics tools (e.g., Google Analytics) to analyze usage patterns. These partners may collect: IP addresses, device IDs, and interaction logs. Data is anonymized or pseudonymized where possible. You may opt out via browser settings or partner-specific mechanisms.

  1. How We Share, Transfer, and Publicly Disclose Personal Information

4.1 Principles of Sharing: We adhere to the following principles when sharing personal information:

4.1.1 Consent: We will not share your personal information without your consent unless the information is de-identified.

4.1.2 Legitimate Purpose and Minimization: Sharing must have a legitimate purpose and be limited to the necessary information.

4.1.3 Security and Prudence: We share information with authorized partners to provide services and enhance user experience, subject to strict confidentiality and security measures.

4.2 Information Shared to Implement Features or Services:

4.2.1 We may share information with affiliates or third parties to provide functionalities, conduct analytics, and improve services.

4.2.2 We may share information with affiliates or third parties for joint marketing activities with your consent.

4.3 Shared Information for Security and Analytics:

4.3.1 Security: We may share information with affiliates or service providers to protect accounts and prevent security risks.

4.3.2 Analytics: We may share aggregated, non-personally identifiable usage data with affiliates or third parties.

4.3.3 Research: We may share de-identified or anonymized data with research institutions for scientific purposes.

4.4 Transfer of Personal Information:

4.4.1 We will not transfer your personal information except with your consent or in the event of a merger, acquisition, or asset transfer, subject to legal requirements and data protection standards.

4.5 Public Disclosure of Personal Information:

4.5.1 We will not publicly disclose your personal information except with your consent, in response to legal violations, to protect safety, or if the information is already public.

4.6 Exceptions to Consent for Sharing, Transfer, and Public Disclosure: Exceptions to requiring consent include situations related to:

  1. National security or defense;
  2. Public safety, public health, or vital interests;
  3. Criminal investigations;
  4. Protecting vital interests;
  5. Publicly disclosed information;
  6. Lawfully and publicly available information.

4.6.2 Sharing de-identified information does not require consent.

4.7 Third-Party Risk Management (USDS TPRM) Vendor Due Diligence: Third parties (e.g., cloud providers, analytics tools) must comply with relevant standards. Data Processing Agreement (DPA): Contractual requirements for data minimization, encryption, and breach notification.

4.8 Cross-Border Data Transfers Data is stored in Singapore. Transfers to the U.S. or other regions use Standard Contractual Clauses (SCCs) or lawful mechanisms under GDPR and U.S. laws.

4.9 Vendor Audits Under USDS TPRM guidelines, we: Perform annual audits of critical vendors (e.g., cloud providers, payment processors). Require vendors to provide evidence of penetration testing and vulnerability remediation.

4.10 Cross-Border Data Transfers Data is stored primarily in Singapore. Transfers to the U.S. or other regions use GDPR-approved Standard Contractual Clauses (SCCs) or CPRA-compliant agreements.

  1. How We Protect the Security of Personal Information

5.1 We implement reasonable security measures, including technical and managerial safeguards and encryption technologies, to protect your personal information from unauthorized access, use, disclosure, alteration, damage, loss, or leakage.

5.2 We have a dedicated security department, security management system, and data security processes. We restrict access to personal information, conduct security audits, and provide security training to employees.

5.3 While we strive for maximum security, no system is completely impenetrable. We encourage you to take proactive security measures, such as using strong passwords and protecting your account information.

5.4 We have incident response plans to address security breaches and will promptly notify you and relevant authorities in the event of an incident, providing information about the incident and recommended actions.

5.5 If your account is compromised, please contact us immediately.

5.6 Enhanced Security Measures Encryption: We will ensure that our secure encrypted information transmissions meet standards. Breach Notification: Incidents affecting US users will be reported to the authorities in a timely manner.

5.7 Incident Response Security incidents affecting U.S. users will be reported to the authorities in a timely manner. Affected individuals receive breach details and mitigation steps via email or in-app notifications.

5.8 Employee Training Staff undergo annual cybersecurity training, including phishing simulations and TPRM protocols.

  1. How We Manage Your Personal Information

6.1 We are committed to respecting your rights regarding your personal information, including inquiry, access, modification, deletion, withdrawal of consent, and account cancellation.

6.2 Inquiry, Access, and Management: You have the right to inquire about, access, and manage your personal information, except as limited by law.

6.3 Correction, Addition, or Deletion: You have the right to request correction or addition of inaccurate or incomplete personal information.

6.4 Changing or Withdrawing Consent: You can change or withdraw your consent at any time, but this may affect the availability of certain features or services.

6.5 Automated Decision-Making: If automated decisions significantly affect your interests, you have the right to request an explanation and seek remedies.

6.6 Responding to Requests:

6.6.1 You can submit requests related to your personal information by contacting us. You may need to verify your identity.

6.6.2 We may charge a fee for excessive or repetitive requests. We may refuse requests that are unreasonable, technically infeasible, or infringe on the rights of others.

6.6.3 We may not be able to respond to requests in certain situations, such as those related to legal obligations, national security, public safety, or legal proceedings.

6.7 U.S. User Rights (CCPA/CPRA) Right to Know: Request details of personal information collected in the past 12 months. Right to Delete: Request deletion, subject to legal exceptions. Opt-Out of Sharing: For analytics partners, opt-out by contact us. Non-Discrimination: No penalty for exercising rights.

6.8 Data Subject Request Process Submit requests via email, in-app forms, or customer support. Verification requires government-issued ID or account-specific authentication.

  1. How We Store Personal Information

7.1 We store your personal information in the Republic of Singapore. We will comply with relevant regulations for any international data transfers.

7.2 We retain your personal information for as long as necessary to provide the Service and comply with legal obligations. We will delete or anonymize your information when it is no longer needed.

7.3 Retention Periods Account data retained until deletion request. Logs retained for 12 months unless legally required.

7.4 Data Retention for Legal Holds Data may be retained beyond standard periods to comply with eDiscovery requests, litigation holds, or regulatory investigations.

  1. How This Policy Is Updated

8.1 We may revise this Policy from time to time. Revisions will be posted within the Product with the update time and communicated through various channels.

8.2 We will not reduce your rights without your consent.

8.3 Major changes will be prominently notified. Major changes include, but are not limited to:

  1. Changes to data processing purposes, types of data, or usage methods;
  2. Changes in ownership structure;
  3. Changes in data sharing practices;
  4. Changes to your rights;
  5. Changes to contact information or complaint channels;
  6. High-risk findings in impact assessments.

8.4 Updated Policy terms will be effective upon notification, unless otherwise required by law. Continued use of the Service after an update constitutes acceptance of the revised Policy.

8.5 Notification of Changes Material updates (e.g., new data uses, third-party additions) will be notified ,eg. email or in-product banners.

8.6 TPRM Policy Updates Material changes to third-party risk practices are disclosed in Section 4.9 and notified via email.

  1. Others

9.1 Contact us through customer service or your sales representative for questions or complaints.

9.2 If you are dissatisfied with our response, you may pursue legal remedies.

9.3 Dispute Resolution U.S. users may resolve disputes via binding arbitration (AAA rules) or file claims in California courts.

9.4 Children’s Privacy Services are not directed to individuals under 16. We do not knowingly collect data from minors.

9.5 USDS TPRM Contact

For third-party risk inquiries, contact support@sphevolabs.com

  1. Your Rights and Choices

10.1 Accessing and Correcting Your Information You have the right to access and correct your personal information.

10.2 Deleting Your Information You can request deletion of your personal information, subject to legal exceptions.

10.3 Objecting to Processing You have the right to object to the processing of your personal information in certain circumstances.

10.4 Restricting Processing You can request restriction of processing of your personal information.

10.5 Data Portability You have the right to receive your personal information in a portable format and transfer it to another controller.

10.6 Withdrawing Consent You can withdraw your consent at any time.

10.7 Right to Opt-Out of Profiling Object to automated decision-making (e.g., analytics-driven insights) by contacting us.

10.8 Non-Discrimination Exercising rights under CCPA/CPRA will not result in denial of services, price changes, or reduced quality

  1. Third-Party Links and Services

11.1 External Platforms Our Service may link to third-party sites (e.g., social media platforms). Their privacy practices are governed by their policies. We advise reviewing third-party policies before interacting with linked services.

11.2 Integration-Specific Disclosures Facebook/Instagram: Data shared via Meta APIs is subject to Meta’s Platform Terms and Developer Policies. TikTok: Adheres to TikTok’s Data Processing Terms for business accounts.

This Personal Information Protection Policy is valid indefinitely.