Legal
Privacy Policy
Effective date: 1 April 2026
1. Introduction
3PEAT.AI (Deep Shift Pte Ltd T/A 3PEAT.AI. UEN 202343141W) is committed to protecting the personal data of its clients, prospective clients, employees, contractors, and business contacts. This Privacy Policy describes how we collect, use, disclose, and protect personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA) and applicable data protection laws in jurisdictions where we operate.
By engaging our services or providing us with personal data, you consent to the practices described in this policy. We encourage you to read this policy carefully.
2. Personal Data We Collect
2.1 Categories of Personal Data
We may collect the following categories of personal data in the course of our business:
- Identity data: full name, job title, company name, professional background
- Contact data: work email address, phone number, business address
- Contractual data: agreements, service specifications, purchase orders, invoices
- Communications data: emails, meeting notes, call records relevant to service delivery
- Technical data: IP addresses, login credentials, usage data from our systems (where applicable)
- Financial data: payment information, billing records (where applicable)
2.2 How We Collect Personal Data
- Directly from you during onboarding, contracting, or service delivery
- From publicly available professional sources (e.g., LinkedIn, company websites)
- From referral partners or business introductions
- Through our website or digital communication tools
3. Purpose and Legal Basis for Processing
We collect and use personal data only for specified, explicit, and legitimate purposes. The primary purposes for which we process personal data are:
| Purpose | Legal Basis |
|---|---|
| Providing consulting and advisory services | Contractual necessity; consent |
| Managing the client relationship and communications | Legitimate interests; contractual necessity |
| Compliance with legal and regulatory obligations | Legal obligation |
| Marketing and business development (opt-in only) | Consent |
| Improving service quality and internal processes | Legitimate interests |
| Processing payments and managing accounts | Contractual necessity |
4. Disclosure of Personal Data
4.1 Internal Disclosure
Personal data is accessible only to those within 3PEAT.AI who require it for the performance of their duties. We do not sell personal data under any circumstances.
4.2 Third-Party Disclosure
We may disclose personal data to the following categories of third parties:
- Cloud service providers and IT infrastructure providers (e.g., email, document storage, CRM platforms)
- Professional advisors including lawyers, accountants, and auditors
- Regulatory or government bodies where required by law
- Subcontractors engaged to assist in service delivery, subject to equivalent data protection obligations
All third-party recipients of personal data are required to maintain appropriate security measures and use the data only for the specified purpose.
4.3 Cross-Border Transfers
In delivering our services, personal data may be transferred to or accessed by parties located in jurisdictions outside Singapore. Before transferring personal data internationally, 3PEAT.AI takes reasonable steps to ensure the recipient applies a standard of protection comparable to the PDPA. This may be achieved through:
- Contractual clauses binding the overseas recipient to equivalent data protection obligations
- Participation in internationally recognised privacy frameworks (e.g., APEC Cross-Border Privacy Rules System)
- Verified adequacy of the recipient country's data protection laws
- Explicit informed consent of the data subject
5. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law or contract. Our standard retention schedules are:
| Category | Retention Period |
|---|---|
| Client engagement records | 7 years from contract end |
| Marketing and prospect data | 2 years from last interaction (unless consent renewed) |
| Employee records | 7 years from end of employment |
| General correspondence | 3 years |
At the end of the applicable retention period, personal data is securely deleted or anonymised in accordance with our data disposal procedures.
6. Your Rights
Subject to applicable law, individuals whose personal data we hold have the following rights:
Right of access
Request a copy of the personal data we hold about you
Right of correction
Request correction of inaccurate or incomplete personal data
Right to withdraw consent
Where processing is based on consent, withdraw consent at any time (without affecting lawfulness of prior processing)
Right to data portability
Request that data be provided in a portable, machine-readable format (where technically feasible)
Right to object
Object to processing based on legitimate interests
To exercise any of these rights, please contact us at the details in Section 9. We will respond within 30 days.
8. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or disclosure. These measures include encryption, access controls, and regular security reviews, as detailed in our Information Security Policy (3PAI-ISP-002). In the event of a data breach involving personal data, we will respond in accordance with our Data Breach Response Plan (3PAI-DBR-002).
9. Contact and Complaints
For privacy-related enquiries, requests, or complaints, please contact:
Privacy Contact
Management, 3PEAT.AI
Address
160 Robinson Road, #14-04, Business Federation Center, Singapore 068914
If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore at www.pdpc.gov.sg.
10. Policy Updates
This policy is reviewed annually or when significant operational, legal, or regulatory changes occur. Updated versions will be published and, where appropriate, communicated directly to affected individuals.