1. Introduction and Scope
At B-Sharp AI Pte. Ltd. ("B-Sharp AI", "we", "us", "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information. This policy applies to personal information collected through our website at b-sharp.ai, email and other communication channels, contact forms, and client engagement processes.
This policy is designed to comply with:
- Singapore's Personal Data Protection Act (PDPA) 2012
- The Australian Privacy Act 1988 and Australian Privacy Principles (APPs)
- Japan's Act on the Protection of Personal Information (APPI)
- Applicable United States federal and state privacy laws
- The UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018
- The EU General Data Protection Regulation (GDPR), Regulation (EU) 2016/679
B-Sharp AI does not currently maintain an establishment in the EU or UK. As our processing of EU/UK personal data is limited in scale, we have assessed that the exemption under GDPR Article 27(2)(a) currently applies. This position will be reviewed as our business grows. Data protection enquiries from UK/EU individuals can be directed to our DPO at dpo@b-sharp.ai.
2. Personal Information We Collect
We collect contact and business information (name, title, company, email, phone, LinkedIn profile); engagement information (project scope, deliverables, correspondence, payment details); and website data (visit date/time, pages viewed, browser type, IP address, cookie data). We may also receive information about you from referral sources or professional networks where you have made information publicly available.
We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or criminal history). If such data is incidentally provided to us in the course of an engagement, we will treat it with additional care and process it only with your explicit consent or as required by law.
3. How We Use Your Personal Information
We use your personal information for the following purposes. Where required by applicable law (including the UK GDPR and EU GDPR), we have identified the legal basis for each processing activity:
- To respond to enquiries and provide information about our services – Legal basis: legitimate interest (responding to business enquiries) or, where you have contacted us, steps taken at your request prior to entering into a contract.
- To deliver consulting engagements and produce agreed deliverables – Legal basis: performance of a contract. B-Sharp AI may use artificial intelligence tools, including large language models, in the course of providing consulting services. Our consultants exercise professional judgment in reviewing, validating, and contextualising all AI-assisted outputs.
- To manage the client relationship and communications – Legal basis: performance of a contract and legitimate interest (maintaining the business relationship).
- To issue invoices and process payments – Legal basis: performance of a contract and legal obligation (financial record-keeping requirements).
- To comply with legal and regulatory obligations – Legal basis: legal obligation.
- To send relevant industry insights or invitations to events – Legal basis: consent (for new contacts who have opted in) or legitimate interest (for existing clients based on the business relationship). You may unsubscribe at any time.
4. Website-Specific Data Collection
Our website uses cookies to enhance your browsing experience. We categorise cookies as follows:
- Essential cookies: Required for core website functionality (e.g., remembering your cookie consent preference). These do not require your consent.
- Analytical cookies: Used to understand how visitors interact with our website (e.g., Google Analytics). These are only activated after you provide consent.
- Functional cookies: Used to remember your preferences and improve your experience. These are only activated after you provide consent.
You can manage your cookie preferences at any time through the cookie consent banner on our website or through your browser settings. Blocking certain cookies may limit some website features. No non-essential cookies are set before you provide consent.
Information provided through our contact form is collected to respond to your enquiries.
5. Disclosure and Sharing of Personal Information
We share your personal information only:
- With your explicit consent;
- With specialist consultants or sub-contractors involved in delivering your engagement, all under appropriate confidentiality obligations;
- With payment processors for secure transaction handling; or
- When required or authorised by law.
International data transfers. Your personal information may be transferred to, stored, or processed by overseas recipients. Our current data processors and their locations are:
- Google Cloud Platform – United States
- Anthropic – United States
- Vercel – United States
- GitHub – United States
Where we transfer personal data outside your jurisdiction, we implement appropriate safeguards:
- For Australian data subjects: We take reasonable steps to ensure overseas recipients handle your personal information in accordance with the Australian Privacy Principles.
- For Japanese data subjects: We obtain your prior consent for cross-border transfers and provide information about the data protection laws in the destination country and safeguards in place, as required by the APPI. Singapore is not currently on Japan's APPI adequacy list.
- For UK data subjects: Transfers are protected by the UK International Data Transfer Agreement (UK IDTA) or the UK Addendum to the EU Standard Contractual Clauses.
- For EU data subjects: Transfers are protected by the European Commission's Standard Contractual Clauses (2021 version).
B-Sharp AI does not sell or share your personal information as those terms are defined under the California Consumer Privacy Act (CCPA) or any other applicable US state privacy law.
6. Data Security and Protection
Our security measures include encrypted digital storage and secure cloud platforms; role-based access controls and authentication; and confidentiality obligations binding all personnel and sub-contractors. While we implement robust security measures, no transmission over the internet can be guaranteed to be completely secure.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and the relevant supervisory authority in accordance with applicable law, including:
- The Personal Data Protection Commission (Singapore) – as required by the PDPA
- The Office of the Australian Information Commissioner – as required by the Notifiable Data Breaches scheme under the Privacy Act 1988
- The Personal Information Protection Commission (Japan) – within 30 days (or 60 days for cyberattacks), as required by the APPI
- The Information Commissioner's Office (UK) – within 72 hours, as required by the UK GDPR
- The relevant EU supervisory authority – within 72 hours, as required by the EU GDPR
7. Data Retention Policy
Client engagement records: minimum of 5 years after engagement completion. Financial records: 5 years from the date of transaction. Marketing communications: until you withdraw consent or unsubscribe. Website data: varies by type; cookies may be retained for up to 2 years.
8. Your Rights
Depending on your jurisdiction and applicable law, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete personal data.
- Erasure: Request that we delete your personal data where there is no compelling reason for its continued processing ("right to be forgotten").
- Restriction: Request that we restrict the processing of your personal data in certain circumstances.
- Data portability: Request a copy of your personal data in a structured, commonly used, machine-readable format.
- Objection: Object to processing based on legitimate interest, including direct marketing.
- Withdrawal of consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
- Automated decision-making: B-Sharp AI does not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.
- Discontinuation (Japan): Request that we discontinue the use of, or provision to third parties of, your personal data.
To exercise any of these rights, contact our Data Protection Officer at dpo@b-sharp.ai. We will acknowledge your request within 3 business days and provide a substantive response within 30 days.
9. Anonymity and Pseudonymity
Where practicable, we offer the option to remain anonymous or use a pseudonym when making general enquiries, as provided for under Australian Privacy Principle 2. However, for formal consulting engagements, we require accurate contact and business information to deliver our services.
10. Supervisory Authorities and Complaints
If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction:
- Singapore: Personal Data Protection Commission (PDPC) – www.pdpc.gov.sg
- Australia: Office of the Australian Information Commissioner (OAIC) – www.oaic.gov.au
- Japan: Personal Information Protection Commission (PPC) – www.ppc.go.jp
- United States: Federal Trade Commission (FTC) – www.ftc.gov, or your state attorney general
- United Kingdom: Information Commissioner's Office (ICO) – ico.org.uk
- European Union: Your local data protection supervisory authority
We encourage you to contact us first at dpo@b-sharp.ai so we have the opportunity to address your concern directly.
11. Updates and Modifications
We may update this Privacy Policy from time to time. The updated policy will be posted on our website with a new "Last Updated" date. Your continued use of our services constitutes acceptance.
12. Contact Information and Data Protection Officer
DPO: Dr. Warren R. Becraft · B-Sharp AI Pte. Ltd. · Singapore · dpo@b-sharp.ai · b-sharp.ai · We will acknowledge your enquiry within 3 business days and provide a substantive response within 30 days.