Legal

Privacy Policy

Last Updated: 14 May 2025 · Effective: 14 May 2025

1. Introduction

Bayu Labs Pte. Ltd. ("Bayu Labs", "we", "us", "our") is committed to protecting the personal data of everyone who interacts with our services. This Privacy Policy explains what personal data we collect, how we use it, how we keep it secure, and what rights you have in relation to it.

This policy applies to all services provided by Bayu Labs, including our website at bayulabs.cyou, our consultation services, and any ongoing support engagements.

We operate in Singapore and follow the Personal Data Protection Act 2012 (PDPA). If you have questions about this policy, please contact us at [email protected].

2. Personal Data We Collect

We collect only what is needed to provide our services and respond to enquiries.

2.1 Data you provide directly

— Name and email address (from our contact form)
— Phone number (optional, from contact form)
— Message content and business details (from contact form or consultation)
— Email or chat message samples (provided during Customer Reply Companion setup)

2.2 Data collected automatically

— Browser type, device type, and approximate location (via analytics tools)
— Pages visited and time spent on this website
— Cookie preferences (stored locally in your browser)

2.3 Legal basis for processing

— Consent: for optional cookies and marketing communications
— Contract: to deliver the service you have engaged us for
— Legitimate interest: to respond to enquiries and improve our service

3. How We Use Your Data

— To respond to enquiries submitted via our contact form
— To arrange and deliver consultation sessions
— To configure, test, and maintain AI tools during an active engagement
— To send operational communications about your engagement (scope notes, summaries, support replies)
— To understand how our website is used, so we can improve it
— To comply with applicable legal obligations

We do not sell your personal data to third parties. We do not use your data for profiling or automated decision-making.

3.1 Third-party services

We use the following third-party services that may process personal data on our behalf:

— Google Analytics — anonymous website usage data
— Email hosting provider — for receiving and sending correspondence

All third-party services are chosen to operate in a manner consistent with Singapore PDPA obligations.

3.2 Data retention

— Enquiry data: retained for 12 months from last contact, then deleted
— Engagement data (consultation notes, setup files): retained for the duration of the engagement plus 6 months, then deleted unless otherwise agreed
— Analytics data: aggregated and anonymised; not linked to individuals

4. How We Protect Your Data

— Data is transmitted over encrypted (HTTPS) connections
— Access to client data is limited to team members directly involved in the engagement
— Files and documents shared during engagements are stored in access-controlled environments
— We review our data handling practices at least annually
— In the event of a data breach, we will notify affected individuals and the Personal Data Protection Commission (PDPC) in accordance with PDPA requirements

5. Cookies

Our website uses cookies to support basic functionality and to understand how it is used. We ask for your consent before setting non-essential cookies.

For full details on the cookies we use and how to manage your preferences, please see our Cookie Policy.

6. Your Rights

Under the Singapore PDPA, you have the right to:

— Access the personal data we hold about you
— Correct inaccurate or incomplete personal data
— Withdraw consent for data processing based on consent (this may affect our ability to provide certain services)
— Request deletion of data we no longer have a lawful basis to retain
— Data portability — receive a copy of your data in a commonly used format

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

If you believe your data has been handled in a way that is not compliant with the PDPA, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

7. Links to Other Sites

Our website may contain links to third-party sites. We are not responsible for the privacy practices of those sites and encourage you to read their policies separately before providing any personal information.

8. Children's Privacy

Our services are intended for business owners and professionals aged 18 and over. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from a minor, we will delete it promptly.

9. Updates to This Policy

We may update this Privacy Policy from time to time. When we do, the "Last Updated" date at the top of this page will change. For material changes, we will send a notice to clients with active engagements.

Continued use of our services after an update constitutes acceptance of the revised policy.

10. Contact Us

For questions about this policy or to exercise your data rights:

Data Controller: Bayu Labs Pte. Ltd.

[email protected]

152 Beach Road, #08-05 Gateway East, Singapore 189721