Privacy Policy

1. Data controller identity

Finance AI Lab Pte. Ltd. is the data controller responsible for personal data collected through financeailab.pro, our contact forms, lab enrolment processes, and in-person services at our Cecil Street facility. Our Data Protection Officer may be reached at [email protected] or by post at the address above.

2. Personal data we collect

We collect personal data that you voluntarily provide and data generated through your use of our services:

• Identity and contact data: full name, email address, phone number, postal address, and company name (for corporate enquiries).
• Enrolment data: module selections, cohort preferences, payment references, and attendance records for lab sessions.
• Communication data: messages submitted through contact forms, email correspondence, and support tickets.
• Technical data: IP address, browser type, device information, pages visited, and cookie identifiers (see our Cookie Policy).
• Financial workflow data: sample spreadsheets, categorisation rules, and agent configuration preferences submitted during lab modules — used solely for educational delivery.

We do not collect NRIC numbers, bank account credentials, or credit card numbers directly through this website. Payment processing for module fees is handled by third-party payment providers subject to their own privacy policies.

3. Purposes of collection and use

We collect and use personal data for the following purposes:

• Processing module enrolments and delivering lab education services.
• Responding to enquiries about our AI financial management programs and parallel agent demonstrations.
• Configuring and calibrating parallel agent assist tools during onboarding sessions.
• Sending administrative communications about cohort schedules, venue changes, and policy updates.
• Improving our website, lab modules, and user experience through aggregated analytics.
• Complying with legal obligations under Singapore law, including ACRA reporting requirements.
• Protecting against fraud, abuse, and security threats to our systems.

4. PDPA legal bases for processing

Under the PDPA, we rely on the following bases for processing personal data:

• Consent: You provide explicit consent when submitting contact forms (consent_pdpa checkbox), enrolling in modules, or accepting non-essential cookies. Consent may be withdrawn at any time, subject to contractual and legal limitations.
• Legitimate interests: We process data necessary to operate our lab business, improve services, and maintain website security — balanced against your privacy rights.
• Legal obligation: We retain certain records as required by Singapore tax, accounting, and regulatory frameworks.
• Contractual necessity: Processing required to fulfil module delivery agreements and service bookings you enter with us.

5. Disclosure to third parties

We do not sell personal data. We may disclose data to:

• Cloud hosting providers operating secure infrastructure in the Asia-Pacific region.
• Email delivery services for transactional and administrative communications.
• Payment processors for module fee transactions (they receive only payment-related data).
• Professional advisers (lawyers, accountants) bound by confidentiality obligations.
• Government authorities when required by law or valid legal process.

All third-party processors are contractually required to protect personal data to standards comparable with the PDPA.

6. Cross-border transfers

Some service providers may process data outside Singapore. Where cross-border transfers occur, we ensure appropriate safeguards are in place — including contractual clauses requiring PDPA-equivalent protection — before data leaves Singapore.

7. Data retention

We retain personal data only as long as necessary for the purposes described:

• Contact form submissions: 24 months from last interaction, unless an enrolment relationship exists.
• Enrolment and attendance records: 7 years from module completion (accounting and dispute resolution).
• Financial workflow sample data: deleted within 90 days of module completion unless you request extended retention for ongoing review cadence services.
• Cookie consent records: 6 months from the date of your choice.
• Server logs and security records: 12 months.

After retention periods expire, data is securely deleted or anonymised.

8. Your rights under the PDPA

As an individual, you have the following rights regarding your personal data:

• Access: Request a copy of personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Withdrawal of consent: Withdraw consent for processing that relies on consent — we will cease processing unless another legal basis applies.
• Data portability: Request export of data you provided in a structured, commonly used format where technically feasible.

To exercise these rights, email [email protected] with sufficient detail to identify your records. We respond within 30 days. A reasonable fee may apply for manifestly unfounded or excessive requests.

9. PDPC contact information

If you believe we have not handled your personal data appropriately, you may contact the Personal Data Protection Commission (PDPC):

Personal Data Protection Commission
10 Pasir Panjang Road #03-01
Mapletree Business City
Singapore 117438
Website: www.pdpc.gov.sg

We encourage you to contact us first at [email protected] so we may address your concern directly.

10. Cookies and tracking

Our website uses cookies as described in our Cookie Policy. Essential cookies operate regardless of consent. Analytics and marketing cookies require your explicit choice via the cookie banner. Consent choices are stored locally for six months.

11. Security measures

We implement appropriate technical and organisational measures to protect personal data, including:

• HTTPS encryption for all website traffic.
• Access controls limiting staff access to personal data on a need-to-know basis.
• Regular review of data handling practices and vendor security postures.
• Secure deletion procedures for expired records.
• Honeypot and validation controls on contact forms to reduce spam submissions.

No transmission method over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Children's data

Our services are directed at adults and corporate teams. We do not knowingly collect personal data from individuals under 18 without parental or guardian consent. If you believe we have collected data from a minor, contact [email protected] for prompt deletion.

13. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be posted on this page with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance of the revised policy. For significant changes affecting consent-based processing, we will seek fresh consent where required.

14. Automated decision-making

Finance AI Lab does not use personal data for fully automated decision-making that produces legal or similarly significant effects. The parallel AI finance agent generates draft outputs for human review — enrolment decisions, module placement, and service eligibility are made by staff, not algorithms alone.

15. Marketing communications

With your consent, we may send information about upcoming lab cohorts, new modules, and parallel agent feature updates. You may opt out of marketing emails at any time by clicking the unsubscribe link or emailing [email protected]. Opting out of marketing does not affect transactional communications about active enrolments.

16. Contact us

For privacy enquiries, data access requests, or consent withdrawals:

Finance AI Lab Pte. Ltd.
60 Cecil Street, #22-05 ISO Centre, Singapore 049709
Email: [email protected]
Phone: +65 6971 2843