Effective date: 18 May 2026

Privacy Policy


1. Introduction and scope

This Privacy Policy explains how Trustethica ("Trustethica", "we", "us", "our") collects, uses, discloses, and protects personal data when you visit our website at trustethica.com or interact with us. It is designed to comply with the Personal Data Protection Act 2012 of Singapore (PDPA SG), the Personal Data Protection Act 2010 of Malaysia as amended in 2024 (PDPA MY), the Privacy Act 1988 (Cth) of Australia and the Australian Privacy Principles, and the European Union General Data Protection Regulation 2016/679 (GDPR) and UK GDPR, in each case to the extent applicable to you.


2. Personal data we collect

Information you provide to us directly:

  • Identification: full name, job title, organisation, country of operation

  • Contact: work email address, telephone number where provided

  • Professional context: industry, organisation size, AI deployment information, application content

  • Communications: correspondence with us

Information collected automatically when you visit our website:

  • Server log data: IP address, request timestamp, page requested, browser user agent

This is collected by our hosting infrastructure for operational and security purposes (delivering the site, detecting abuse, diagnosing errors). We do not currently use website analytics, tracking pixels, advertising tags, or personalisation technologies.


3. Purposes for which we use your personal data

We use your personal data to:

  • Respond to enquiries and review applications to our founding partner programme

  • Evaluate organisational fit for platform deployment

  • Send service updates, security advisories, and, where you have agreed, marketing communications

  • Operate, maintain, secure, and improve our website

  • Comply with legal, regulatory, and accounting obligations

  • Establish, exercise, or defend legal claims


4. Legal basis for processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on:

  • Consent (Article 6(1)(a)) for marketing communications

  • Contract performance (Article 6(1)(b)) for processing your application and managing programme participation

  • Legitimate interests (Article 6(1)(f)) for operating and securing our website, B2B outreach to professional contacts at your organisation, and protecting our legal rights

  • Legal obligation (Article 6(1)(c)) where required by law


5. Disclosure and recipients

We do not sell your personal data. We disclose personal data only to:

  • Service providers acting on our behalf (cloud hosting, email infrastructure, form processing, customer relationship management) under contractual confidentiality and data protection obligations

  • Professional advisers (legal, accounting, audit, insurance)

  • Government, regulatory, or law enforcement authorities where required by law

  • Third parties in connection with a corporate transaction (merger, acquisition, restructuring), subject to appropriate confidentiality


6. International transfers

Trustethica is established in Singapore. Personal data may be transferred to and processed in Singapore, Malaysia, Australia, and other jurisdictions in which our service providers operate.

  • For transfers from the European Economic Area, United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses or other appropriate safeguards under Articles 44–50 GDPR

  • For transfers from Singapore, we ensure recipient organisations provide a standard of protection comparable to the PDPA SG

  • For transfers from Malaysia, we comply with the cross-border transfer requirements of the PDPA MY

  • For transfers from Australia, we take reasonable steps to ensure recipients handle personal information consistently with the Australian Privacy Principles


7. Retention

We retain personal data only for as long as necessary for the purposes set out in this policy, to comply with legal and accounting obligations, and to resolve disputes. Application and enquiry data is retained for 24 months from last meaningful contact, after which it is deleted or anonymised, unless we are required by law to retain it longer.


8. Your rights

Subject to applicable law and identity verification, you have the following rights:

  • Access to the personal data we hold about you

  • Correction or rectification of inaccurate or incomplete personal data

  • Erasure or deletion of personal data, where applicable

  • Restriction of processing (GDPR / UK GDPR)

  • Portability of personal data in a structured, machine-readable form (GDPR / UK GDPR)

  • Objection to processing based on legitimate interests or for direct marketing

  • Withdrawal of consent at any time where processing is based on consent, without affecting the lawfulness of prior processing

  • Lodging a complaint with your supervisory authority, including the Personal Data Protection Commission Singapore (PDPC), the Office of the Australian Information Commissioner (OAIC), the Personal Data Protection Commissioner Malaysia (JPDP), the Information Commissioner's Office (ICO) in the United Kingdom, or your relevant EU data protection authority

To exercise any right, please contact us at the addresses in section 13. We will respond within the timeframe required by the applicable law.


9. Cookies and tracking technologies

We do not use cookies, web beacons, or similar technologies for analytics, tracking, advertising, or personalisation on our website. We do not deploy website analytics.

Strictly necessary cookies set by our hosting and form-processing infrastructure may be used to deliver core website functionality, including form submission and basic security. These are not used to track or identify you across other websites or sessions, and your consent is not required for them under applicable law.

If we introduce analytics, marketing cookies, or other tracking technologies in the future, we will update this Privacy Policy and, where consent is required, request it before deploying them.


10. Security

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit, access controls, logging, and incident response procedures. No system can be guaranteed completely secure.


11. Data breach notification

Where required by applicable law, we will notify the relevant regulator and affected individuals of personal data breaches meeting the applicable notification thresholds, including under the PDPA SG, the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth), the PDPA MY breach notification obligations, and Articles 33–34 GDPR.


12. Children

Our services are directed exclusively to professional and business contacts. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us and we will delete it.


13. Contact and Data Protection Officer

Controller: Responsible AI Solutions Pte. Ltd.

Data Protection Officer: dpo@trustethica.com

We have not appointed a representative under Article 27 GDPR or its UK equivalent on the basis that our processing does not meet the threshold criteria. We will appoint a representative if and when our processing falls within scope.


14. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be notified through our website or by direct communication where appropriate.


15. Governing law

This Privacy Policy is governed by the laws of the Republic of Singapore, without prejudice to mandatory rights and remedies available to you under the data protection law of your country of residence.