Privacy Policy

1. Data Controller and Scope

The data controller for services offered through aicycle.cc is AICycle LLC, Wyoming, USA. This policy applies to personal data collected through our website, contact forms, newsletter sign-up, analytics tooling, booking flows, and future AI readiness audit workflows for businesses in Singapore, Malaysia, the European Economic Area, and other jurisdictions where we market our services.

2. What We Collect and Why

3. Legal Bases for Processing

Where Singapore PDPA or Malaysia PDPA 2010 applies, we will obtain, manage, and honour consent in line with those laws. If you choose not to provide required information, we may be unable to respond fully or deliver the requested service.

• Consent, including where required under the Singapore Personal Data Protection Act 2012, Malaysia Personal Data Protection Act 2010, and GDPR Article 6(1)(a)
• Performance of a contract or steps taken at your request before entering into a contract under GDPR Article 6(1)(b)
• Legitimate interests under GDPR Article 6(1)(f), such as operating and securing our website, responding to business enquiries, and improving our services
• Compliance with legal obligations where applicable

4. How We Use Personal Data

We do not sell your personal data. We only share personal data with service providers and partners where necessary to run the site, deliver services, comply with legal obligations, or protect our legitimate interests.

• Responding to enquiries, proposals, and service requests
• Delivering consulting, audit, workshop, and advisory services
• Sending newsletters, reports, or marketing communications where you have consented or where otherwise lawful
• Managing discovery calls, project scheduling, and payment administration
• Securing, monitoring, and improving our website and infrastructure
• Creating aggregated, anonymised, or de-identified operational insights

5. Cookies and Similar Technologies

6. Third-Party Processors and Services

We rely on the following third-party services to operate the website and deliver services. Your data may be processed by them on our behalf or as independently controlled data where their own terms apply:

• Resend — transactional and operational email delivery
• Cloudflare — website hosting, content delivery, edge security, analytics support, and infrastructure services
• Google Analytics 4 — website analytics and aggregate performance measurement
• Cal.com — meeting scheduling and booking workflows
• Stripe — invoicing and payment processing where applicable

7. Your Rights

Subject to applicable law, you may exercise the following rights with us:

• Request access to the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of personal data where lawful
• Withdraw consent for consent-based processing

8. Additional GDPR Rights for EEA Users

If you are in the EEA, UK, or another jurisdiction providing equivalent rights, you may also have:

• The right to data portability
• The right to object to certain processing based on legitimate interests
• The right to restrict processing in specific circumstances
• The right to lodge a complaint with your local supervisory authority

9. Data Retention

When data is no longer needed, we delete it, anonymise it, or securely limit access in accordance with our retention practices and legal obligations.

• Contact and enquiry records: typically retained for up to 24 months after the last substantive interaction unless a longer retention period is required for contract, legal, or dispute purposes
• Newsletter and subscription data: retained until you unsubscribe or request deletion
• Analytics data: retained according to the relevant tool settings, including GA4 retention controls
• Booking and billing records: retained for accounting, compliance, and service administration as required by law or contract

10. Cross-Border Transfers

Because we operate internationally and use cloud service providers, personal data may be transferred to and processed in jurisdictions outside your home country, including the United States and other regions where our service providers operate. Where required, we take reasonable steps to ensure appropriate safeguards are in place.

11. Data Security

We use reasonable technical and organisational measures to protect personal data, including encrypted transport, access controls, provider security safeguards, and operational review processes. No system is completely risk-free, but we work to reduce exposure and respond appropriately if an incident occurs.

12. Contact, Rights Requests, and Complaints

To exercise your rights, withdraw consent, or ask a privacy question, contact us using the details below. We may need to verify your identity before fulfilling a request.

• Data Controller: AICycle LLC, Wyoming, USA
• Email: hello@aicycle.cc
• Website: https://aicycle.cc/en/contact

13. Google Account Data Access (Hermes Office Assistant)

Our "Hermes Office Assistant" service, after you explicitly authorize it, accesses limited Google account data to provide its features. The scope and purpose are as follows: