Published: February 16, 2026
PRIVACY POLICY
Effective: February 16, 2026
1. INTRODUCTION
1.1 Overview. This Privacy Policy explains how Permalogica Pte. Ltd., a company incorporated in Singapore with its registered address at 68 Circular Road, #02-01, 049422, Singapore ("Permalogica", "we", "us", or "our"), collects, uses, discloses, stores, and protects personal data in connection with your use of our website located at www.permalogica.com (the "Website"), our application platform (the "Platform"), and our AI-based design assistant "Ada" (collectively, the "Services").
1.2 Commitment to Data Protection. We are committed to protecting your privacy and complying with applicable data protection laws and regulations, including but not limited to:
(a) Singapore Personal Data Protection Act 2012 (PDPA);
(b) European Union General Data Protection Regulation (EU GDPR), where applicable;
(c) United Kingdom General Data Protection Regulation (UK GDPR), where applicable; and
(d) Applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), where relevant.
1.3 Scope. This Privacy Policy applies to all users of the Services, regardless of geographic location. By accessing or using the Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal data as described in this Privacy Policy.
1.4 Contact Information. For any privacy-related inquiries, questions, or requests, please contact our Data Protection Officer at:
Email: support@permalogica.com
Address: Permalogica Pte. Ltd., 68 Circular Road, #02-01, 049422, Singapore
2. PERSONAL DATA WE COLLECT
We may collect and process the following categories of personal data about you:
2.1 Account Information
(a) Full name
(b) Email address
(c) Login credentials (username and encrypted password)
(d) Account preferences and settings
(e) Profile information (if provided)
2.2 Project and Land Data
(a) Geospatial coordinates and location data
(b) Project-specific inputs, parameters, and configurations
(c) Files uploaded by you (including images, documents, and data files)
(d) Generated outputs, including KMZ files, analytical reports, and visualizations
(e) Land data aggregated from third-party sources
2.3 AI Interaction Data
(a) Text prompts and queries submitted to Ada
(b) AI-generated responses and recommendations
(c) Conversation history and interaction logs within your Projects
(d) Feedback provided on AI outputs (if applicable)
2.4 Payment and Billing Information
(a) Payment transactions are processed by our third-party payment processor, Stripe, Inc.
(b) We collect and store: billing name, billing email, transaction amounts, transaction dates, and Subscription status
(c) We do NOT store full credit card numbers, CVV codes, or other sensitive payment card details
(d) Stripe's processing is governed by Stripe's Privacy Policy
2.5 Technical and Usage Data
(a) IP address (collected via server logs and third-party service providers)
(b) Browser type, version, and language settings
(c) Device information (operating system, device identifiers)
(d) Usage logs and analytics (pages visited, features used, time spent)
(e) Referral source and clickstream data
(f) Authentication cookies and session tokens
2.6 Email Communications Data
(a) Account-related emails sent via Postmark (a service of ActiveCampaign LLC)
(b) Newsletter subscriptions managed via Wix
(c) Support and business correspondence via Google Workspace
(d) Email open rates and engagement metrics (where consent is provided)
2.7 Cookies and Similar Technologies
We use cookies and similar tracking technologies, including:
(a) Essential authentication cookies (required for Platform functionality)
(b) Analytics cookies (e.g., Google Analytics or similar providers)
(c) Marketing and advertising pixels (e.g., Meta Pixel, Google Ads conversion tracking)
For detailed information about our use of cookies, please refer to our separate Cookie Policy or the Cookies section below.
3. LEGAL BASIS FOR PROCESSING (GDPR AND UK GDPR)
Where the GDPR or UK GDPR applies to you, we process your personal data based on one or more of the following legal bases:
3.1 Contractual Necessity. Processing is necessary to perform our contract with you, including:
(a) Providing access to your Account
(b) Enabling Project creation and management
(c) Delivering Ada AI assistance and Subscription services
(d) Processing payments and managing billing
3.2 Consent. We process personal data based on your explicit consent for:
(a) Newsletter subscriptions and marketing communications
(b) Non-essential cookies and tracking technologies
(c) Optional features requiring consent under applicable law
You may withdraw your consent at any time by contacting us or using the unsubscribe mechanisms provided.
3.3 Legitimate Interests. We process personal data based on our legitimate interests, including:
(a) Improving and optimizing the Services
(b) Conducting analytics and research to enhance user experience
(c) Monitoring system performance, security, and fraud prevention
(d) Developing new features and functionality
(e) Internal record-keeping and business operations
We have assessed that these interests are not overridden by your data protection rights.
3.4 Legal Compliance. We process personal data to comply with legal obligations, including:
(a) Tax and accounting requirements
(b) Regulatory reporting obligations
(c) Compliance with lawful requests from government authorities
(d) Enforcement of our Terms of Service and other legal rights
4. HOW WE USE PERSONAL DATA
We use your personal data for the following purposes:
4.1 Service Provision and Operation
(a) To create, maintain, and manage your Account
(b) To process and fulfill your Projects and AI interaction requests
(c) To provide access to Ada and Subscription features
(d) To authenticate users and maintain platform security
4.2 Payment Processing
(a) To process Subscription payments and manage billing
(b) To issue invoices and receipts
(c) To handle refunds and payment disputes
4.3 Communication
(a) To send service-related communications, including account notifications, updates, and security alerts
(b) To respond to your inquiries and provide customer support
(c) To send newsletters and marketing communications (where you have provided consent)
4.4 Service Improvement and Analytics
(a) To monitor and analyze usage patterns and trends
(b) To improve system functionality, performance, and user experience
(c) To develop and test new features
(d) To conduct research and data analysis
4.5 Security and Fraud Prevention
(a) To detect, prevent, and investigate fraudulent or unauthorized activity
(b) To enforce our Terms of Service and other policies
(c) To protect the rights, property, and safety of Permalogica, our users, and the public
4.6 Legal and Compliance
(a) To comply with applicable laws, regulations, and legal processes
(b) To respond to lawful requests from public authorities
(c) To protect and defend our legal rights
WE DO NOT SELL YOUR PERSONAL DATA TO THIRD PARTIES.
5. ARTIFICIAL INTELLIGENCE (AI) PROCESSING DISCLOSURE
5.1 Third-Party AI Provider. User inputs, prompts, and queries submitted to Ada are processed using third-party AI infrastructure provided by OpenAI, L.L.C., a company headquartered in the United States.
5.2 OpenAI API Usage. We utilize OpenAI's API services to power Ada's AI capabilities. According to OpenAI's enterprise API terms:
(a) Data submitted via the API is NOT used by OpenAI to train its general-purpose models
(b) API data is processed solely to generate responses for your specific requests
(c) OpenAI's processing of API data is governed by OpenAI's Privacy Policy and API Data Usage Policies
5.3 No Automated Decision-Making. AI outputs generated by Ada are algorithmic recommendations and suggestions. They do NOT constitute automated decision-making with legal or similarly significant effects on you. You retain full discretion over whether and how to implement any AI-generated recommendations.
5.4 Internal Analysis. We may analyze anonymized and aggregated AI interaction data internally to:
(a) Improve Ada's performance and accuracy
(b) Enhance user experience
(c) Develop new features and capabilities
(d) Conduct research and quality assurance
Such analysis does not identify you individually.
6. DATA SHARING AND DISCLOSURE
We may share your personal data with the following categories of third parties:
6.1 Service Providers and Processors. We engage trusted third-party service providers to perform functions on our behalf, including:
(a) DigitalOcean, LLC (United States) – cloud hosting and infrastructure
(b) OpenAI, L.L.C. (United States) – AI processing
(c) Stripe, Inc. (United States) – payment processing
(d) Postmark / ActiveCampaign LLC (United States) – transactional email delivery
(e) Wix.com Ltd. (global infrastructure) – newsletter distribution
(f) Google LLC (United States) – email services (Google Workspace), analytics (Google Analytics)
These service providers are contractually obligated to process personal data only on our instructions and to implement appropriate security measures.
6.2 Business Transfers. In the event of a merger, acquisition, reorganization, asset sale, or similar transaction, your personal data may be transferred to the acquiring entity or successor, subject to the same privacy protections.
6.3 Legal and Regulatory Authorities. We may disclose personal data to government authorities, law enforcement agencies, regulators, or courts when:
(a) Required by law, legal process, or governmental request
(b) Necessary to enforce our Terms of Service or protect our legal rights
(c) Necessary to protect the safety, rights, or property of Permalogica, our users, or the public
6.4 With Your Consent. We may share personal data with third parties when you have provided explicit consent for such disclosure.
6.5 Aggregated and Anonymized Data. We may share aggregated, anonymized, or de-identified data that does not identify you personally with third parties for research, analytics, marketing, or other business purposes.
7. DATA RETENTION
7.1 Retention Periods. We retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:
(a) Account Data: Retained while your Account remains active
(b) Project Data: Retained while your Account remains active or until you delete specific Projects
(c) AI Interaction Data: Retained while your Account remains active
(d) Payment and Transaction Records: Retained for up to seven (7) years to comply with tax and accounting obligations
(e) Technical and Usage Data: Retained for up to two (2) years for analytics and security purposes
(f) Marketing Communications Data: Retained until you unsubscribe or withdraw consent
7.2 Account Deletion. Upon your request to delete your Account:
(a) We will delete your personal data from active production systems within thirty (30) days
(b) Data may remain in backup systems for up to ninety (90) days before permanent deletion
(c) We may retain certain data where required by law or for legitimate business purposes (e.g., transaction records for accounting)
7.3 Transient Data Processing. Certain data (such as third-party DEM raster files) is processed transiently and is not permanently stored. Such data is deleted immediately upon completion of processing or within twenty-four (24) hours, whichever is sooner.
8. INTERNATIONAL DATA TRANSFERS
8.1 Data Location. Permalogica is headquartered in Singapore. However, our infrastructure providers and service providers are located in various countries, including the United States and other jurisdictions.
8.2 Cross-Border Transfers. Personal data collected through the Services may be transferred to, stored in, and processed in countries outside the European Economic Area (EEA), United Kingdom, Singapore, or your country of residence. These countries may have data protection laws that differ from the laws of your jurisdiction.
8.3 Safeguards for International Transfers. Where required by applicable law, we implement appropriate safeguards for international data transfers, including:
(a) European Commission-approved Standard Contractual Clauses (SCCs) for transfers from the EEA or UK
(b) Contractual data protection obligations with service providers
(c) Reliance on service providers' compliance frameworks (e.g., EU-U.S. Data Privacy Framework, where applicable)
(d) Other legally recognized transfer mechanisms
8.4 Data Transfer Impact Assessment. We have conducted data transfer impact assessments where required and have implemented supplementary measures to ensure adequate protection of personal data transferred internationally.
9. DATA SUBJECT RIGHTS
Depending on your location and applicable law, you may have the following rights regarding your personal data:
9.1 Right of Access. You have the right to request confirmation of whether we process your personal data and to obtain a copy of your personal data.
9.2 Right to Rectification. You have the right to request correction of inaccurate or incomplete personal data.
9.3 Right to Erasure (Right to be Forgotten). You have the right to request deletion of your personal data in certain circumstances, such as:
(a) The data is no longer necessary for the purposes for which it was collected
(b) You withdraw consent and there is no other legal basis for processing
(c) You object to processing and there are no overriding legitimate grounds
(d) The data has been unlawfully processed
9.4 Right to Restriction of Processing. You have the right to request that we restrict processing of your personal data in certain circumstances.
9.5 Right to Object. You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
9.6 Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
9.7 Right to Withdraw Consent. Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.
9.8 Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable law.
For EEA residents: You may lodge a complaint with the supervisory authority in your country of residence.
For Singapore residents: You may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore.
9.9 Exercising Your Rights. To exercise any of these rights, please contact us at:
Email: support@permalogica.com
Subject Line: "Data Subject Rights Request"
We may require verification of your identity before processing your request to ensure the security of your personal data. We will respond to valid requests within the timeframes required by applicable law (typically within thirty (30) days).
10. SECURITY MEASURES
10.1 Commitment to Security. We implement appropriate technical and organizational security measures designed to protect your personal data against unauthorized access, disclosure, alteration, and destruction.
10.2 Security Safeguards. Our security measures include:
(a) Encryption of data in transit using industry-standard TLS/SSL protocols (HTTPS)
(b) Encryption of sensitive data at rest
(c) Secure cloud hosting infrastructure with access controls
(d) Multi-factor authentication for internal administrative access
(e) Regular security assessments and vulnerability testing
(f) Employee training on data protection and security practices
(g) Payment processing via PCI-DSS compliant payment processors (Stripe)
(h) Incident response and breach notification procedures
10.3 Limitations. No method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your Account credentials.
11. NEWSLETTER AND MARKETING COMMUNICATIONS
11.1 Consent Required. We will only send you marketing communications (including newsletters) if you have provided explicit consent or where otherwise permitted by applicable law.
11.2 Opt-In Mechanism. We may use a double opt-in mechanism for newsletter subscriptions to confirm your consent.
11.3 Unsubscribe. All marketing emails include an unsubscribe link. You may opt out of marketing communications at any time by:
(a) Clicking the "unsubscribe" link in any marketing email
(b) Contacting us at support@permalogica.com
(c) Updating your communication preferences in your Account settings
11.4 Transactional Emails. Please note that even if you opt out of marketing communications, you will continue to receive essential transactional emails related to your Account and Services (e.g., password resets, billing notifications).
11.5 No Sale of Email Lists. We do not sell, rent, or otherwise disclose email addresses or marketing lists to third parties for their own marketing purposes.
12. COOKIES AND TRACKING TECHNOLOGIES
12.1 Use of Cookies. We use cookies and similar tracking technologies to enhance your experience on our Services, analyze usage patterns, and deliver personalized content.
12.2 Types of Cookies We Use:
(a) Essential Cookies: Required for authentication, security, and core Platform functionality. These cookies cannot be disabled without affecting your ability to use the Services.
(b) Analytics Cookies: Used to collect information about how visitors use the Services (e.g., Google Analytics). This helps us understand user behavior and improve the Services.
(c) Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of marketing campaigns (e.g., Meta Pixel, Google Ads conversion tracking). These cookies require your consent where mandated by law.
12.3 Cookie Consent. Where required by applicable law (such as under GDPR), we will obtain your consent before using non-essential cookies. You can manage your cookie preferences through:
(a) Our cookie consent banner (displayed upon your first visit)
(b) Your browser settings (most browsers allow you to refuse or delete cookies)
(c) Third-party opt-out tools (e.g., Network Advertising Initiative, Digital Advertising Alliance)
12.4 Third-Party Cookies. Some cookies may be placed by third-party service providers. We do not control these third-party cookies. Please refer to the privacy policies of these third parties for more information.
12.5 Additional Information. For more detailed information about the specific cookies we use, their purposes, and retention periods, please refer to our Cookie Policy.
13. CHILDREN'S PRIVACY
13.1 Age Restriction. The Services are not intended for, and we do not knowingly collect personal data from, individuals under the age of eighteen (18) years.
13.2 Parental Consent. If you are under 18 years of age, you must not use the Services or provide any personal data to us without the consent of your parent or legal guardian.
13.3 Notification. If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete such information as soon as reasonably practicable.
13.4 Parental Rights. If you are a parent or guardian and believe that your child has provided personal data to us without your consent, please contact us immediately at support@permalogica.com so that we can take appropriate action.
14. THIRD-PARTY LINKS AND SERVICES
14.1 External Links. The Services may contain links to third-party websites, applications, or services that are not owned or controlled by Permalogica.
14.2 No Responsibility. We are not responsible for the privacy practices or content of third-party websites or services. This Privacy Policy does not apply to third-party websites or services.
14.3 Review Third-Party Policies. We encourage you to review the privacy policies of any third-party websites or services before providing them with your personal data.
15. CHANGES TO THIS PRIVACY POLICY
15.1 Right to Modify. We reserve the right to modify, amend, or update this Privacy Policy at any time at our sole discretion to reflect changes in our practices, legal requirements, or for other operational reasons.
15.2 Notice of Changes. We will provide notice of material changes to this Privacy Policy by:
(a) Updating the "Last Updated" date at the top of this Privacy Policy
(b) Posting the updated Privacy Policy on our Website
(c) Sending an email notification to the address associated with your Account (for material changes)
(d) Displaying a prominent notice on the Platform (for material changes)
15.3 Acceptance of Changes. Your continued use of the Services after the effective date of any changes to this Privacy Policy constitutes your acceptance of the revised Privacy Policy. If you do not agree to the updated Privacy Policy, you must discontinue use of the Services and may request deletion of your Account.
15.4 Review Regularly. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data.
16. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
16.1 Right to Know. You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.
16.2 Right to Delete. You have the right to request deletion of your personal information, subject to certain exceptions.
16.3 Right to Opt-Out of Sale. We do not sell personal information. However, you have the right to opt out if our practices change in the future.
16.4 Right to Correct. You have the right to request correction of inaccurate personal information.
16.5 Right to Limit Use of Sensitive Personal Information. You have the right to limit the use and disclosure of sensitive personal information.
16.6 Right to Non-Discrimination. You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.
16.7 Authorized Agent. You may designate an authorized agent to submit requests on your behalf.
To exercise these rights, please contact us at support@permalogica.com with the subject line "California Privacy Rights Request."
17. SINGAPORE DATA PROTECTION NOTICE (PDPA)
If you are a Singapore resident, the following applies under the Personal Data Protection Act 2012:
17.1 Consent. By using the Services, you consent to the collection, use, and disclosure of your personal data as described in this Privacy Policy.
17.2 Withdrawal of Consent. You may withdraw your consent at any time by contacting us, subject to legal and contractual restrictions.
17.3 Access and Correction. You have the right to request access to and correction of your personal data.
17.4 PDPC Complaints. You may lodge a complaint with the Personal Data Protection Commission of Singapore if you believe we have breached the PDPA.
18. CONTACT INFORMATION
If you have any questions, concerns, or complaints about this Privacy Policy or our data protection practices, please contact us at:
Permalogica Pte. Ltd.
Attention: Data Protection Officer
68 Circular Road, #02-01
049422, Singapore
Email: support@permalogica.com
For GDPR-related inquiries from the EEA or UK, please include "GDPR Inquiry" in the subject line.
For CCPA-related inquiries from California, please include "California Privacy Rights" in the subject line.
We will respond to your inquiry within a reasonable timeframe in accordance with applicable law.
════════════════
BY USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AS DESCRIBED IN THIS PRIVACY POLICY.