Legal

Privacy Policy

Last updated · 22 April 2026

This Privacy Policy explains what personal information Axccelerate collects, how we use it, who we share it with, and the rights you have over it. Because we operate across APAC, the Middle East, and the Americas, we aim to meet the strictest applicable regulatory bar — including GDPR, UK DPA, Singapore PDPA, UAE PDPL, and CCPA/CPRA — rather than the lowest common denominator.

Who we are

Axccelerate Pte. Ltd. (Singapore) is the data controller for information collected through this website and through general marketing channels. Our regional delivery entities and client-facing engineering teams act as data processors on behalf of clients under signed Data Processing Agreements (DPAs), processing personal data only on documented instructions and within the scope of the engagement.

Information we collect

1. Information you provide directly

  • Enquiry forms on /proposal, /contact, service-page lead forms — typically name, email, company, role, project details, timeline, budget band.
  • Email, WhatsApp, LINE, or phone communications with our team.
  • Information shared during scoping calls, workshops, or onboarding — including account access, operational context, and any sensitive data your team chooses to share for analysis.

2. Information we collect automatically

  • IP address, browser type, operating system, device identifiers, referrer URL, pages visited, time on page, click paths.
  • Approximate geographic location derived from IP.
  • Interactions with our content — which pages you scrolled, which case studies you opened, which service pages you returned to.

3. Cookies and similar technologies

See the Cookies section below for details on what we set and how to control them.

4. Information from third parties

  • Form providers, analytics platforms (Google Analytics 4, Mixpanel, Segment), CRM (HubSpot, Salesforce), and advertising platforms (Google Ads, Meta, LinkedIn).
  • Public professional information (e.g. LinkedIn profile data) where you've engaged with our outbound outreach.

How we use information

  • Respond to enquiries, scope proposals, and deliver services.
  • Maintain client relationships — billing, communication, project reporting, InsightAX dashboards, and running campaigns.
  • Operate, secure, and improve our website, marketing channels, and internal systems.
  • Personalise marketing communications (only with appropriate consent where required).
  • Detect and prevent fraud, abuse, or unauthorised access.
  • Comply with legal obligations and respond to lawful requests from regulators, courts, and law-enforcement authorities.
  • Aggregated or anonymised analysis — product research, benchmarking, and performance reporting. Once data is properly anonymised it is no longer personal data.

AI and automated processing

Axccelerate is an AI-native company. We use AI models — both our own and third-party — to score leads, generate insights from client data, operate the InsightAX decision fabric, and automate campaign execution. Where AI is used in a way that produces a legal or similarly significant effect on you personally (for example, credit decisioning deployed for a fintech client, or automated qualification gates), you have the right under applicable law to:

  • Request information about the logic, significance, and likely consequences of the automated decision.
  • Request meaningful human review of the outcome.
  • Contest the decision and have it re-assessed.

For marketing-only uses (e.g. lead scoring for our own pipeline), automated processing doesn't produce legal effects and these rights don't apply, but we'll still explain the logic on request.

Cookies

We use three categories of cookies and similar technologies:

  • Essential — session, authentication, CSRF protection, load balancing. These can't be disabled.
  • Analytics — Google Analytics 4, behaviour tracking, heatmaps. Lifetime typically 14 months.
  • Marketing — attribution, retargeting pixels (Meta, Google, LinkedIn). Lifetime typically 90 days to 13 months depending on the platform.

Manage preferences through your browser settings, our cookie banner where present, or the platform-level opt-outs exposed by each advertising platform.

Sharing and disclosure

We don't sell personal data. We share with:

  • Service providers — hosting (AWS, GCP, Vercel), email, analytics, CRM, support, billing — under written DPAs that restrict use to documented purposes.
  • Professional advisors — legal counsel, accountants, auditors, insurers — bound by confidentiality obligations.
  • Legal and regulatory — court orders, regulator requests, or where disclosure is necessary to establish, exercise, or defend legal claims.
  • Business transfers — in connection with an acquisition, merger, or restructuring, with continued protection under this Policy.
  • Client-directed sharing — integrations you explicitly ask us to set up (ESP, ad platform, warehouse, webhook).

International transfers

We operate across multiple jurisdictions, so personal data may be transferred out of its country of origin. We use Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum (IDTA), ASEAN Model Contractual Clauses where applicable, and equivalent mechanisms to protect the data in transit and in the destination. Transfers involving clients in regulated sectors (finance, healthcare) follow any additional local requirements under a project-specific DPA.

Data retention

  • Enquiry data — retained for 24 months from last contact, then deleted or anonymised, unless consent is withdrawn earlier.
  • Active client data — retained for the duration of the engagement plus 7 years (to satisfy tax and legal record-keeping obligations).
  • Analytics and marketing cookies — typically 14 months; some marketing platforms retain for longer under their own policies.
  • Aggregated or anonymised data — retained indefinitely since it no longer identifies a person.

Security

  • Encryption in transit (TLS 1.2+) and at rest (AES-256) for all client and internal data stores.
  • Role-based access controls with mandatory multi-factor authentication for internal systems.
  • Regular security audits, automated vulnerability scanning, and external penetration testing on production systems.
  • Incident response plan with 72-hour breach notification to regulators and affected users, as required by applicable law.
  • Documented employee security and data-handling training, refreshed annually.

Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase personal data (the “right to be forgotten”), subject to legal retention obligations.
  • Restrict or object to specific processing activities.
  • Receive a portable copy of your data in a machine-readable format.
  • Withdraw consent at any time, where we rely on consent as the lawful basis.
  • Lodge a complaint with a supervisory authority in your jurisdiction.
  • Opt out of solely-automated decision-making that produces legal or similarly significant effects, where legally applicable.

To exercise any of these rights, email privacy [at] axccelerate [dot] com. We respond within 30 days (or sooner where law requires).

Children

Our services are not directed to anyone under 16 and we do not knowingly collect personal data from children. If you believe we hold data about a child, email privacy [at] axccelerate [dot] comand we'll delete it.

Changes to this policy

We may update this policy as our practices evolve or as legal standards change. Material changes will be notified via email to active clients or a prominent banner on this site. The “Last updated” date at the top of this page always reflects the most recent revision.

Contact

Data Protection Officer
privacy [at] axccelerate [dot] com
Axccelerate Pte. Ltd.
Singapore

Questions about this page?Contact us