Skip to main content
Legal

Privacy Policy

Learn how Nucleus AI collects, uses, and protects your personal information in compliance with Singapore PDPA.

Last updated: January 30, 2026~15 min read

Singapore PDPA Compliant

This policy complies with the Personal Data Protection Act 2012 (PDPA) of Singapore and outlines your rights regarding your personal data.

📋

1. Introduction and Scope

Nucleus Enterprise PTE. LTD. ("Nucleus AI," "we," "our," or "us"), a company incorporated in Singapore, is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 ("PDPA") of Singapore and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our AI agent platform, website, and related services (collectively, the "Services"). By using our Services, you consent to the practices described in this Policy.

This Policy applies to all users of our Services, including individuals accessing our platform through enterprise agreements. Enterprise customers may have additional data processing agreements that supplement this Policy.

👤

2. Data Protection Officer

In accordance with the PDPA, we have appointed a Data Protection Officer (DPO) to oversee our data protection practices.

Contact Our DPO

  • Email: contact@nucleusenterprise.ai
  • Address: Nucleus Enterprise PTE. LTD., Singapore
📊

3. Personal Data We Collect

We collect personal data through various means when you interact with our Services:

3.1 Information You Provide Directly

  • Account Information: Name, email, phone, company, job title, preferences
  • Payment Information: Billing address and payment details (via PCI-DSS compliant processors)
  • Communications: Messages, feedback, and support requests
  • User Content: Files, documents, images uploaded to the platform

3.2 Information from AI Interactions

  • Conversation Data: Messages and prompts with AI agents
  • Task Instructions: Descriptions of delegated tasks
  • Generated Outputs: Content created by AI on your behalf
  • Feedback Data: Ratings and corrections on AI outputs

3.3 Information Collected Automatically

  • Device Information: Device type, OS, browser, unique identifiers
  • Usage Data: Features accessed, actions, session duration
  • Log Data: IP address, access times, pages viewed
  • Performance Data: Error reports and diagnostics

3.4 Information from Third Parties

  • Connected Services: Data from authorized integrations (Google, Microsoft, Slack)
  • Authentication Providers: Profile info from social sign-in
  • Enterprise Administrators: User provisioning data
⚙️

4. Purposes of Data Collection and Use

1Service Delivery

  • • Providing and maintaining the AI platform
  • • Processing requests and AI tasks
  • • Managing accounts and subscriptions
  • • Customer support

2Improvement

  • • Analyzing usage patterns
  • • Developing new features
  • • AI model improvement (with safeguards)
  • • Research and analytics

3Security & Compliance

  • • Detecting security threats and fraud
  • • Enforcing Terms of Service
  • • Legal and regulatory compliance
  • • Responding to lawful requests

4Communications

  • • Service notifications and updates
  • • Feature announcements
  • • Marketing (with consent)
⚖️

5. Legal Basis for Processing

Consent

Where you have given explicit consent for specific processing activities

Contractual Necessity

Where processing is necessary to perform our contract with you

Legitimate Interests

Where processing is necessary for our legitimate business interests, balanced against your rights

Legal Obligations

Where processing is required to comply with applicable laws

🔗

6. Data Sharing and Disclosure

We do not sell your personal data to third parties.

Service Providers

We engage trusted third-party providers:

  • Cloud: Amazon Web Services (AWS)
  • AI Models: OpenAI, Anthropic
  • Payments: Stripe
  • Analytics & Communications

AI Model Providers

Your prompts are sent to AI providers with agreements that prohibit training on your data (enterprise), require deletion after processing, and mandate security measures.

Legal Requirements

We may disclose data when required by law, to protect rights and safety, or to detect fraud.

🤖

7. AI-Specific Data Practices

Model Training Policy

Enterprise Plans

Your data is NOT used to train AI models unless you explicitly opt-in

Free/Individual Plans

Anonymized data may improve services, subject to consent preferences

AI Input/Output Data: Stored to provide service and maintain conversation history. Content filtering detects harmful content. AI outputs are not guaranteed accurate.

Automated Decision-Making: AI assists but does not make fully automated decisions with significant effects without human oversight.

Safety Measures: Content moderation, rate limiting, abuse detection, regular audits, and human review processes.

🔒

8. Data Security

Encryption

TLS 1.3 in transit
AES-256 at rest

Access Control

RBAC & MFA
Least privilege

Compliance

SOC 2 Type II
Regular audits

Breach Response: We notify PDPC within 3 business days and affected individuals as soon as practicable.

🗄️

9. Data Retention

Data TypeRetention Period
Account DataWhile active + 30 days after deletion
Conversation HistoryWhile active (deletable anytime)
Usage Logs90 days
Payment Records7 years (regulatory)
Support Tickets3 years after resolution
🌍

10. International Data Transfers

Your data may be transferred to and processed in countries outside Singapore, including the United States.

Transfer Safeguards

  • • Standard Contractual Clauses (SCCs)
  • • Data processing agreements with all providers
  • • Verification of adequate protection standards
  • • PDPA compliance for overseas transfers

Enterprise customers may request data residency options for specific geographic regions.

11. Your Rights Under the PDPA

Access

Request access to your personal data and how it was used

Correction

Request correction of inaccurate or incomplete data

Withdraw Consent

Withdraw consent for consent-based processing

Portability

Request data in machine-readable format

Deletion

Request deletion subject to legal obligations

To exercise your rights: Email contact@nucleusenterprise.ai or use account settings. We respond within 30 days.

🍪

12. Cookies and Tracking

Essential: Required for functionality
Functional: Remember preferences
Analytics: Understand usage
Marketing: Relevant ads (with consent)

Manage cookies via browser settings or our consent tool.

👶

13. Children's Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect data from children. Parents should contact us immediately if they believe a child has provided personal data.

🔗

14. Third-Party Links

Our Services may link to third-party websites. This Policy does not apply to them. Review their privacy policies before providing any personal data.

📝

15. Changes to This Policy

We may update this Policy periodically. Material changes will be notified via email or prominent notice. The "Last updated" date indicates the latest revision. Continued use constitutes acceptance.

📢

16. Complaints and Disputes

Contact us first at contact@nucleusenterprise.ai. We will investigate and attempt to resolve complaints.

Singapore PDPC

If unsatisfied, lodge a complaint with the Personal Data Protection Commission:

www.pdpc.gov.sg | info@pdpc.gov.sg

✉️

17. Contact Us

For questions about this Privacy Policy or our data practices:

Email: contact@nucleusenterprise.ai

Address: Nucleus Enterprise PTE. LTD., Singapore