Privacy Policy

1. Introduction

TOKENEE PTE. LTD., a private company limited by shares, incorporated and registered in Singapore under UEN 202546529 ("Tokenee", "we", "us", or "our") respects your privacy and is committed to handling personal data responsibly.

This Privacy Policy explains how we collect, use, disclose, transfer, retain, and otherwise process personal data in connection with:

1. our website at https://tokenee.com/ (the "Website") and related webpages;

2. our software platform, APIs, dashboards, and related services;

3. sales, onboarding, support, events, marketing, and business relationship management; and

4. any other interactions you have with us.

This Privacy Policy is designed primarily for a business-to-business context. In many cases, we process personal data relating to representatives, personnel, and users of our business customers and prospective customers. Where we process personal data on behalf of a Customer as a service provider or processor, that Customer’s instructions and agreements with us will govern that processing in addition to this Privacy Policy.

The Privacy Policy should be read together with our Terms of Service (available on the Website). Unless otherwise defined in this Privacy Policy, capitalised terms used herein have the meanings given to them in the Terms of Service. In the event of any conflict between this Privacy Policy and the Terms of Service in relation to the processing of personal data, this Privacy Policy shall prevail to the extent of such conflict.

2. Controller / Organisational Role

For personal data we collect and process for our own purposes, Tokenee acts as the organisation responsible for that processing.

For personal data included in Customer Data that we process on behalf of a Customer in delivering the Services, Tokenee generally acts as a service provider, processor, or similar role under applicable data protection law, and the relevant Customer remains responsible for determining the purposes and lawful basis of that processing.

3. Personal Data We Collect

We may collect the following categories of personal data, depending on how you interact with us:

3.1. Business Contact and Identity Data, such as:

• name;

• business email address;

• business telephone number;

• employer;

• job title;

• department;

• professional profile information;

• correspondence details.

3.2. Account and Authentication Data, such as:

• usernames;

• login identifiers;

• passwords or password hashes;

• multi-factor authentication settings;

• access roles and permissions;

• account status;

• audit logs;

• API credentials or related identifiers.

3.3. Technical and Device Data, such as:

• IP address;

• browser type and version;

• device identifiers;

• operating system;

• locale and language settings;

• session data;

• timestamps;

• network and diagnostic logs;

• cookie identifiers and similar technologies.

3.4. Usage and Activity Data, such as:

• pages viewed;

• features used;

• clicks, navigation, and interactions;

• referral URLs;

• performance metrics;

• support-related usage context;

• product telemetry;

• communications with us.

3.5. Transactional and Commercial Data, such as:

• subscription details;

• order records;

• billing contacts;

• invoice details;

• payment status;

• commercial correspondence;

• procurement records.

3.6. Marketing and Communications Data, such as:

• newsletter sign-up details;

• webinar registrations;

• event attendance;

• communication preferences;

• survey responses;

• meeting notes;

• marketing engagement information.

3.7. Support and Inquiry Data, such as:

• support tickets;

• issue descriptions;

• attached files;

• screenshots;

• troubleshooting logs;

• feedback and chat communications.

3.8. Customer Data

Our Customers may upload or make available personal data through the Services, which may include personal data relating to their employees, users, clients, investors, counterparties, or other individuals. The type of personal data involved depends on the Customer’s use case and instructions.

4. Sources of Personal Data

We collect personal data:

1. directly from you, such as when you fill in a form, request a demo, create an account, sign up for updates, correspond with us, or use the Services;

2. from our Customers, when they add you as an Authorised User or otherwise make your data available in connection with an account;

3. automatically through your use of the Website or Services, including through cookies, logs, and analytics technologies;

4. from public sources, professional networking platforms, business databases, event organisers, or referral partners; and

5. from service providers that support our sales, marketing, onboarding, analytics, hosting, payment, or support functions.

5. How We Use Personal Data

We may use personal data for the following purposes:

5.1. Providing and Administering the Services, including to:

• create and manage accounts;

• authenticate users;

• provide access to features and APIs;

• operate, maintain, and improve the Services;

• process transactions and subscriptions;

• manage renewals and account administration.

5.2. Customer Relationship and Commercial Management, including to:

• communicate with Customers and prospects;

• provide demos, proposals, and commercial responses;

• negotiate and administer contracts;

• send service-related notices;

• manage billing and collections.

5.3. Support, Troubleshooting, and Service Improvement, including to:

• respond to inquiries and support requests;

• diagnose technical issues;

• monitor service performance;

• conduct debugging, quality assurance, and product development;

• analyse usage trends and capacity needs.

5.4. Security and Fraud Prevention, including to:

• secure accounts and infrastructure;

• detect unauthorised access, abuse, suspicious activity, and fraud;

• maintain audit trails;

• investigate incidents;

• protect our rights, users, systems, and business.

5.5. Marketing and Events, including to:

• send newsletters, updates, thought leadership, invitations, and product information;

• manage event registrations and attendance;

• personalise communications where permitted by law;

• conduct surveys and measure campaign effectiveness.

5.6. Compliance and Legal Purposes, including to:

• comply with applicable laws, regulations, court orders, and lawful governmental requests;

• maintain books and records;

• establish, exercise, or defend legal claims;

• enforce our agreements and policies.

5.7. Corporate Transactions, including to support due diligence, financing, audits, restructuring, merger, acquisition, investment, or sale of all or part of our business, subject to appropriate confidentiality protections.

6. Legal Bases for Processing

Depending on the applicable law and context, we process personal data on one or more of the following grounds:

1. the processing is necessary to enter into or perform a contract with you or your organisation;

2. the processing is necessary for our legitimate interests, such as running our business, securing our systems, developing our services, and communicating with business contacts, provided those interests are not overridden by your rights where applicable;

3. the processing is necessary to comply with a legal obligation;

4. you have given consent, where consent is required; and/or

5. another lawful basis permitted under applicable law.

Where Singapore law applies, we aim to process personal data in line with the Personal Data Protection Act ("PDPA") framework for notification of purposes, consent where applicable, protection, retention limitation, and transfer limitation.

7. Business Contact Information

Because Tokenee operates in a business-to-business setting, much of the personal data we handle consists of business contact information relating to individuals acting in a professional capacity. Under the PDPA, business contact information is generally carved out from certain aspects of the regime when used solely for business purposes. Even so, we seek to handle such information responsibly and in line with this Privacy Policy.

8. Cookies and Similar Technologies

8.1. We use cookies, pixels, local storage, SDKs, and similar technologies to operate the Website and Services, remember preferences, analyse traffic, improve functionality, secure sessions, and support marketing activities.

8.2. Cookies may include:

• strictly necessary cookies;

• performance and analytics cookies;

• functionality cookies;

• advertising or campaign measurement cookies, where used.

8.3. You can manage cookies through your browser settings and, where implemented, through our cookie banner or preference centre. Please note that disabling certain cookies may affect Website functionality.

9. Marketing Communications

9.1. We may send you service-related and transactional communications where necessary for our relationship with you.

9.2. We may also send you marketing communications where permitted by applicable law, including updates about our products, company news, events, and related topics.

9.3. You may opt out of marketing communications at any time by using the unsubscribe link in the relevant message or by contacting us.

9. How We Disclose Personal Data

We may disclose personal data to the following categories of recipients:

1. our Affiliates;

2. cloud hosting, infrastructure, and data storage providers;

3. identity, authentication, communications, analytics, CRM, customer support, billing, and payment service providers;

4. professional advisers such as lawyers, auditors, accountants, consultants, and insurers;

5. event partners or webinar providers where you register for co-hosted events;

6. competent authorities, courts, regulators, law enforcement agencies, or other third parties where required by law or necessary to protect rights or safety;

7. counterparties in a corporate transaction; and

8. our Customers, where your data is associated with their account or where we process personal data on their behalf.

11. International Transfer of Personal Data

11.1. Tokenee may transfer, store, or process personal data in Singapore and other jurisdictions where we, or our service providers, operate.

11.2. Where we transfer personal data across borders, we take steps designed to ensure that the transferred personal data remains protected in accordance with applicable law. Depending on the circumstances, these steps may include contractual safeguards, internal policies, technical and organisational controls, adequacy-based transfers where available, or other lawful transfer mechanisms.

11.3. Where Singapore’s PDPA applies, we seek to ensure that overseas recipients provide a standard of protection comparable to the PDPA, in line with the transfer limitation framework.

12. Data Security

12.1. We maintain administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks.

12.2. Depending on the context, our security measures may include:

• encryption in transit and at rest where appropriate;

• access controls and least-privilege permissions;

• authentication requirements;

• logging and monitoring;

• environment segregation;

• secure development practices;

• vendor due diligence;

• confidentiality obligations for personnel;

• incident response processes.

12.3. No method of transmission or storage is completely secure. We therefore cannot guarantee absolute security.

13. Retention

13.1. We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including for contractual performance, support, security, auditability, dispute resolution, and legal or regulatory compliance.

13.2. Retention periods vary depending on the type of data, the nature of the relationship, the sensitivity of the data, our legal obligations, and the need to preserve records.

13.3. When personal data is no longer required, we will delete, anonymise, or securely dispose of it, unless retention is required or permitted by law, or reasonably necessary for backups, fraud prevention, legal holds, or evidentiary purposes.

13.4. This aligns with the PDPA’s retention limitation obligation, which requires organisations to cease retention or properly dispose of personal data when it is no longer needed for legal or business purposes.

14. Customer Data and Processor-Style Processing

14.1. Where we process personal data as part of Customer Data on behalf of a Customer, we process that data in accordance with our agreement with the Customer and the Customer’s documented instructions, except where otherwise required by law.

14.2. In that context, the relevant Customer is generally responsible for:

• providing privacy notices to relevant individuals;

• identifying an appropriate lawful basis for processing;

• obtaining required consents or authorisations;

• responding to rights requests; and

• ensuring that its use of the Services is lawful.

14.3. If you believe your personal data has been submitted to our Services by one of our Customers and you would like to exercise rights in respect of that data, you should contact the relevant Customer directly first. We may assist our Customers where appropriate and required by law.

15. Data Subject Rights

15.1. Depending on the law that applies to you, you may have rights in relation to your personal data, which may include the right to:

• request access to personal data we hold about you;

• request correction of inaccurate or incomplete personal data;

• request deletion of personal data in certain circumstances;

• object to or request restriction of certain processing;

• withdraw consent where processing is based on consent;

• request portability of your personal data where applicable; and

• complain to a competent supervisory authority or regulator.

15.2. These rights are not absolute and may be subject to legal limitations and exceptions. To exercise such rights, please contact us using the details below. We aim to respond to rights requests within 30 (thirty) days. In complex or multiple requests, we may extend this by a further 30 (thirty) days, in which case we will notify you.

15.3. Customers in Singapore who wish to raise a concern with the relevant supervisory authority may contact the Personal Data Protection Commission at https://www.pdpc.gov.sg.

16. Accuracy

We take reasonable steps to ensure that the personal data we use is accurate, complete, and up to date where appropriate for the purposes for which it is used, particularly where it may affect decisions or disclosures. Please let us know if your personal data changes or is inaccurate.

17. Children

Our Website and Services are intended for business users and not for children. We do not knowingly collect personal data from children in connection with the Services. If you believe that a child has provided personal data to us, please contact us so that we can take appropriate steps.

18. Third-Party Websites and Services

Our Website and Services may contain links to third-party websites, products, or services. We are not responsible for the privacy practices, content, or security of those third parties. We encourage you to review their privacy notices before interacting with them.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or services. The updated version will be posted on our Website with a revised “Last updated” date. Where required by law, we will provide additional notice or obtain consent.

20. Contact Details and Complaints

20.1. If you have any questions, requests, or concerns relating to this Privacy Policy or our handling of personal data, please contact us at:

TOKENEE PTE. LTD.

Address: 77 High Street #10-12B, High Street Plaza, Singapore 179433

Email: privacy@tokenee.com

20.2. We aim to acknowledge all privacy-related inquiries within 5 (five) business days of receipt and to respond substantively within 30 (thirty) days. In complex cases or where we receive multiple concurrent requests from the same individual, we may extend the response period by a further 30 (thirty) days, in which case we will inform you of the extension and the reasons for it before the expiry of the initial 30-day period.