1. Compliance with Singapore Law
Polyzy takes data protection seriously and aims to comply with the Singapore Personal Data Protection Act 2012 ("PDPA"), including applicable regulations and advisory guidelines issued by the Personal Data Protection Commission ("PDPC").
Where applicable, users are responsible for ensuring that they have obtained all necessary rights, permissions, and consents before uploading, sharing, or processing personal data through the Services.
2. Information We Collect
We may collect and process the following categories of information:
A. Account Information
- Name
- Email address
- Company or agency name
- Login credentials
- Subscription and billing information
B. Client and Insurance Data Uploaded by Users
Depending on how the Services are used, uploaded information may include:
- Insurance policy information
- Coverage details
- Financial planning information
- Personal identifiers
- Dates of birth
- Family/dependent information
- Notes and planning summaries
- Insurance documents and related files
Users remain responsible for the lawfulness and accuracy of uploaded data.
C. Usage and Technical Information
We may automatically collect:
- IP address
- Browser type
- Device information
- Operating system
- Login timestamps
- Platform usage analytics
- Error logs and diagnostic data
D. AI and Processing Data
Uploaded documents and platform data may be processed using OCR, machine learning, and AI technologies in order to:
- extract structured insurance information,
- generate summaries,
- improve workflow automation,
- and provide platform functionality.
3. How We Use Information
We may use personal data to:
- provide and operate the Services;
- authenticate users;
- process uploaded documents;
- generate policy summaries and analytics;
- provide AI-assisted workflow features;
- improve platform performance and reliability;
- detect fraud, abuse, or security incidents;
- comply with legal and regulatory obligations;
- communicate with users regarding accounts, billing, or support matters;
- maintain audit, security, and operational logs.
We do not sell personal data to third parties.
4. AI Processing and Model Usage
Polyzy may use trusted third-party AI, OCR, cloud, and infrastructure providers to support platform functionality.
Uploaded content may be securely transmitted to subprocessors solely for purposes such as:
- optical character recognition (OCR),
- structured data extraction,
- AI-assisted summarisation,
- document analysis,
- and platform functionality.
Where AI services are used, data is processed through enterprise/API-based AI services with encrypted transmission. Polyzy does not intentionally use customer-uploaded data to train public AI models.
We take reasonable steps to work with reputable providers that maintain appropriate security and privacy standards for enterprise and business usage.
5. User Responsibilities
Users are responsible for:
- ensuring they have authority to upload and process personal data;
- obtaining any necessary client consents;
- complying with applicable laws, regulations, insurer requirements, and internal agency policies;
- ensuring uploaded data is accurate and lawful.
Polyzy acts primarily as a technology service provider and workflow platform.
Users remain solely responsible for:
- financial advice,
- suitability assessments,
- regulatory compliance,
- and client communications.
Polyzy does not provide financial, legal, tax, or insurance advice.
6. Disclosure of Information
We may disclose information:
- to trusted service providers and subprocessors supporting our operations;
- where required by law, regulation, court order, or lawful request;
- to protect our rights, systems, users, or security;
- in connection with a merger, acquisition, restructuring, or sale of assets;
- with the user's consent or instruction.
We do not sell customer personal data.
7. Data Storage and International Transfers
Your information may be stored or processed in Singapore or other jurisdictions where our service providers operate.
Where personal data is transferred outside Singapore, we take reasonable steps to ensure that comparable standards of data protection are maintained in accordance with applicable law and industry practices.
8. Data Security
We implement reasonable administrative, technical, and organisational safeguards designed to protect information against unauthorised access, disclosure, alteration, misuse, or loss.
Security measures may include:
- encryption in transit using SSL/TLS;
- encrypted cloud storage;
- secure authentication and login verification;
- one-time password (OTP) verification for account access where applicable;
- automatic session expiry after periods of inactivity;
- role-based and restricted internal access controls;
- audit logging and monitoring;
- secure cloud infrastructure providers;
- routine security and operational monitoring.
No system or method of electronic storage is completely secure, and we cannot guarantee absolute security.
9. Access by Polyzy Administrators
Access to customer data is restricted to authorised administrators or service providers on a need-to-know basis for purposes such as:
- customer support,
- troubleshooting,
- security investigations,
- maintenance,
- and legal or compliance obligations.
While Polyzy takes reasonable steps to restrict and safeguard access, users acknowledge that limited access may be required in certain operational circumstances.
10. Data Retention
We retain personal data only for as long as reasonably necessary for:
- providing the Services,
- operational and business purposes,
- legal and regulatory obligations,
- dispute resolution,
- fraud prevention,
- and enforcement of agreements.
We may delete or anonymise information when it is no longer required.
Users are responsible for maintaining their own backups where necessary.
11. User Rights
Subject to applicable law, users may request to:
- access personal data;
- correct inaccurate information;
- withdraw consent where applicable;
- request deletion of certain information.
Requests may be submitted using the contact details below.
We may require reasonable verification before processing requests.
13. Third-Party Services
The Services may integrate with or rely on third-party providers, including:
- cloud hosting providers;
- authentication providers;
- analytics platforms;
- AI and OCR providers;
- payment processors;
- communication services.
Such third parties may maintain separate terms and privacy policies.
Polyzy is not responsible for the privacy practices of third-party services outside our control.
14. Limitation of Liability
To the maximum extent permitted by law:
- Polyzy does not guarantee uninterrupted, error-free, or completely secure operation of the Services;
- users acknowledge inherent risks associated with electronic transmission and cloud-based systems;
- Polyzy shall not be liable for indirect, incidental, special, consequential, or punitive damages arising from use of the Services or unauthorised access beyond our reasonable control.
Nothing in this Privacy Policy excludes liability that cannot lawfully be excluded under Singapore law.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
Updated versions will be posted on our website with a revised "Last Updated" date.
Continued use of the Services after updates constitutes acceptance of the revised Privacy Policy.
16. Contact Us
For privacy-related questions or requests, please contact:
Polyzy
hello@polyzy.com
If required under applicable law, Polyzy may designate a Data Protection Officer ("DPO") and publish the relevant contact details accordingly.