2.1 Account Identifiers

• Name, email, phone number (optional), country.

2.2 Profile & Role Data

• Role (Advisor/Leader/Org Admin), experience (Rookie/Existing Advisor), insurance organisation (e.g., Prudential, AIA), designated team leader, team/org relationships and seat assignments.

2.3 Content & Coaching Inputs

• Chat messages with the AI coach, weekly reflections (e.g., case-size counts, appointments held, outreach activity level), and any files or text you submit for coaching.

2.4 Usage & Activity Data

• In-app interactions, timestamps, feature usage, error/diagnostic logs, and performance metrics used to maintain and improve the Service.

2.5 Device & Technical Data

• Device/OS type, app version, IP address, and similar technical signals used for security, fraud prevention, and compatibility.

2.6 Communications

• Support requests, verification emails/SMS, feedback, and invitations (e.g., a leader inviting team members to join).

2.7 Cookies/Analytics

• Cookies/SDK identifiers and session analytics to understand performance and improve the web experience. (See our Cookie/Tracking notice, if applicable.)

2.8 Aggregated/Anonymised Data (Non-Personal)

• De-identified statistics and benchmarks that no longer identify you, used for analytics and product planning.

2.9 Data We Do Not Collect

• No client/customer PII: we do not collect your end-clients’ personal data.
• No sensitive personal data: we do not collect sensitive personal data (e.g., health data, religious beliefs, political opinions, sexual life, or criminal records).

2.10 Media & Device Inputs (Opt-in)

We may access the following only when you choose to use related features and after the OS permission prompt:

• Microphone / Audio recordings (e.g., voice notes for coaching).
• Camera (e.g., to set profile picture).
• Photos / Gallery (e.g., to upload profile picture).
• Contacts (optional; e.g., to send an invite to join the team).F

Purpose: Provide core coaching features (transcribe voice notes you submit, attach images you upload, or help you organize content you choose to share). Choice & control: Access occurs only after your explicit OS permission and is limited to the single action you perform. You can withdraw permission at any time in your device settings. No background collection: We do not record audio, capture images, scan your photo library, or read your contacts in the background. Access is limited to the specific file(s) or contact(s) you select.
Non-distribution: We do not sell or rent audio, images, or contacts. We do not share them with third parties for their own marketing or independent purposes. Training use: We do not use your audio, images, or contacts to train third-party models without your explicit opt-in (see “AI Processing & Model Training” below).

Retention:

• Audio & images you upload: Stored with your account to power coaching features; you may delete them at any time from within the app or by contacting us.
• Transcripts/derivatives: Kept only as needed for coaching history and audit; on deletion request we will delete or anonymise associated derivatives unless retention is required by law.
• Contacts: If enabled, we store only the minimal fields you select (e.g., name/label). You can remove them at any time.

3.1 Provide and Personalise the Service

• Create and manage your account; authenticate access; personalise coaching, Learn content, and feature views.

3.2 Coaching, Scoring, and Insights

• Compute weekly metrics (e.g., X-Factor and sub-scores); generate qualitative coaching guidance; provide team-level insights to authorised leaders/admins.

3.3 Community Showcase (Read-Only)

• Curate and display high-scoring reflections in a read-only community view (anonymised or attributed, as applicable), and perform moderation.

3.4 Security, Fraud Prevention, and Service Quality

• Protect accounts and systems; detect/prevent misuse; perform diagnostics, logging, and performance monitoring.

3.5 Communications

• Send service notices (verification codes, updates, team invitations), respond to support requests, and—where permitted—send product or feature messages. (You can opt out of marketing messages at any time.)

3.6 Analytics and Product Improvement

• Use aggregated/anonymous analytics to improve features, reliability, and user experience; conduct quality checks for AI outputs.

3.7 Legal/Compliance

• Comply with applicable laws, regulations, audits, and enforcement requests; manage disputes and enforce our Terms.

3A. AI Processing & Model Training

We may use AI services to transcribe audio you submit and to generate coaching insights based on the content you provide.

• Processing scope: Only the text/audio/images that you submit for coaching are sent to our AI processors.
• Model training: By default, your content is not used to train third-party foundation models. If we ever offer an opt-in to allow training to improve the Service, it will: (i) be off by default, (ii) be clearly presented, and (iii) be revocable at any time.
• On-device vs cloud: When feasible we process on device; otherwise, we use secure cloud processors under contract (see “Data sharing & processors”).

4.1 Consent and Deemed Consent

In most cases, we rely on your consent — or deemed consent where appropriate — to collect, use, and disclose your personal data. By signing up for a DignifyX account, interacting with our AI coaching features, or providing your information voluntarily (e.g., reflections, email, or phone number), you are deemed to have consented to our use of your data for those stated purposes.

You may withdraw your consent at any time by contacting us (see “Your Rights” below). However, withdrawing consent may affect your ability to use certain features of the App or our Services.

4.2 Contractual or Legal Necessity

We may also process your personal data without consent where permitted by law — for example:

• to comply with legal or regulatory obligations, including accounting, tax, audit, or law enforcement requirements;
• to investigate or resolve claims, disputes, or fraud; or
• to ensure the security and integrity of our systems and Services.

4.3 Legitimate Business Purposes

We may use your data for legitimate business purposes that a reasonable person would consider appropriate in the circumstances — such as improving our AI models, maintaining service quality, generating anonymised statistics, and ensuring system reliability. In all such cases, we will ensure that your privacy and rights are not overridden by these business needs.

4.4 Consent for Marketing Communications

Where required by law, we will obtain your explicit consent before sending you marketing or promotional messages. You can opt out at any time by using the unsubscribe link or contacting us directly.

We use processors for purposes such as:

• Cloud hosting and database management – to store and manage data securely (e.g., Render, Supabase, Upstash, DigitalOcean).
• AI and analytics – to process text inputs, generate insights, and improve model accuracy (e.g., OpenAI API, internal analytics tools).
• Communication and customer support – to send verification emails, updates, and provide user support (e.g., helpdesk or email providers).
• Security and monitoring – to detect misuse, maintain uptime, and ensure data integrity.

All processors are required to:

• Protect personal data with reasonable administrative, technical, and organizational safeguards.
• Use the data only for the purposes we have specified and only in accordance with our written instructions.
• Comply with applicable data protection laws in Singapore, Malaysia, and other jurisdictions where they operate.
• Delete or return personal data once their services for us end.

We do not sell or rent your personal data to third parties.
Where data must be transferred to a country outside Singapore or Malaysia, we ensure that comparable levels of protection are applied (see “Cross-border Transfers” below).

Non-distribution of sensitive inputs: Audio recordings, camera captures, photos/gallery items, and contacts you choose to submit are not sold, rented, or shared with third parties for their independent use. Processors may handle these items only to provide the Service to you (e.g., transcription or secure storage) and only under our written instructions. They must delete or return such data when their services end.

• using data transfer agreements or contractual clauses that impose obligations on the recipient to protect your data;
• transferring data only to organisations that have adopted binding corporate rules or other recognised safeguards; or
• obtaining your consent where required by law.

All transfers are made only for legitimate business purposes, such as cloud hosting, payment processing, analytics, and support.
We take reasonable steps to ensure that our overseas service providers handle your personal data securely and in accordance with this Privacy Policy.

• settle outstanding  service matters,
• respond to inquiries or disputes,
• comply with legal, tax, or regulatory obligations, and
• maintain necessary business records.

User-submitted audio and images are deleted upon account deletion or earlier on request, except where retention is required by law. Transcripts derived from your audio are deleted or anonymised alongside the source unless legally required to retain. Contacts (if imported) are deleted upon request or account deletion.

After this period, we will securely delete or anonymise your personal data so that it can no longer be linked to you. Non-personal or aggregated data (such as anonymised usage statistics) may be kept indefinitely for analytics and product improvement.

You may also request earlier deletion of your personal data at any time, subject to our need to retain certain information to meet legal or contractual requirements.

Our safeguards include, where applicable:

• Encryption of data in transit and at rest;
• Access controls that restrict personal data to authorised personnel with a legitimate need;
• Authentication and logging to monitor and prevent unauthorised system access;
• Regular security reviews and updates to our infrastructure and policies; and
• Employee confidentiality obligations and data-protection training for staff and contractors.

Audio, image, and contact data are encrypted in transit and at rest; access is restricted to authorised personnel and processors with a legitimate need.

All service providers that process personal data on our behalf are required to implement comparable security standards and comply with our written instructions.

While we strive to protect your personal data, no system or transmission method is completely secure. We cannot guarantee absolute security, and you share responsibility for keeping your login credentials and account information confidential.

If we become aware of a data breach that is likely to result in harm to you, we will notify the relevant authorities and affected users in accordance with applicable data-protection laws.