TrueWatch Privacy
This PRIVACY NOTICE (this “Privacy Notice”) describes how TrueWatch Technology Inc Pte., Ltd. (“TrueWatch”, “we”, “us”, or “our”) collect, use, disclose, and otherwise process personal data in connection with our websites, products, services, SDKs, and related offerings that link to or reference this Privacy Notice (collectively, the “Services”). It also explains the choices and rights available to individuals and how to contact us.
1. Scope and Roles
We take your privacy seriously. This Privacy Notice explains how we handle your personal data. Our role in processing your data depends on how you interact with us. 1.1 TrueWatch acts as a controller for personal data that we collect and determine the purposes and means of processing for (e.g. website visitor, sales and marketing, account administration, billing data).
For data that our customers submit to or collect through the Services (e.g. metrics, logs, traces, RUM data, session replay recordings, synthetic test results), Truewatch acts as a processor and the customer is the controller. Customers are responsible for the lawfulness of their inputs, the configuration of collection, and honoring end-user notices and choices.
1.2. This Privacy Notice applies to: a. visits to our website and other online properties we control; b. interactions with our sales, events, and support teams; c. account registration and administration for the Services; and d. product telemetry and diagnostics we collect as controller.
This Privacy Notice does not apply to personal data that we process as a processor under our Data Processing Agreement, neither or to third party websites or services that are not controlled by Truewatch.
1.3. TrueWatch does not knowingly collect or process personal data from individuals under the age defined as a minor by applicable law (for example, under 16 in the EU). If we become aware that such data has been collected, we will take steps to delete it promptly.
2. Personal Data We Collect as Controller
Depending on your interactions with us, we may collect the following categories of personal data:
a. Website and Marketing Data: We may collect device identifiers, IP addresses, general location inferred from your IP, browser type, and operating system. We also gather information on pages you view, links you click, and referring or exit pages through cookies and other technologies. b. Contact and Account Data: This includes your name, business contact details, organization, role, authentication credentials, and communication preferences. c. Commercial and Billing Data: When you make a purchase, we collect transaction records, order history, payment information, billing addresses, and tax IDs where legally required. d. Support and Communications: We collect the content of your requests to our support or sales teams, meeting scheduling details, and feedback from surveys. e. Events and Programs: If you register for our events, such as webinars or trainings, we collect your registration information. f. Recruitment: If you apply for a job, we collect information from your application, CV, or resume.
To secure and improve the Services, we may collect limited telemetry about how administrative users interact with UI components or SDKs (e.g. feature enablement, performance and error logs, version and configuration data). Where such telemetry could reasonably identify an individual, we treat it as personal data under this Privacy Notice.
3. Personal Data Collected or Processed within the Services
Customers may enable collection of data types such as metrics, logs, traces, profiles, infrastructure data, Real User Monitoring events, session replay, synthetic test data, and alerting artifacts. Customers determine which data to ingest, how long to retain it, which fields to index, and which redaction or obfuscation controls to enable. As to this personal data, Truewatch acts as processor under our Data Processing Agreement.
Sensitive Data Caution
The Services are not intended to be used to collect or store special category or sensitive personal data (e.g. government-issued IDs, precise geolocation of consumers, financial account numbers, payment card data, health or biometric data) unless expressly permitted by the Agreement and applicable laws, and configured with appropriate safeguards. Customers should use masking, filtering, or drop-rules to prevent ingestion of such data.
4. Sources of Personal Data
We collect personal data in a few ways. You provide data to us directly when you fill out a form, create an account, or contact support. We also collect data automatically through cookies and SDKs when you use our website. In addition, we may obtain data from third-party sources like integration partners, event organizers, identity providers, resellers, public databases, and marketing providers, all in accordance with applicable laws.
5. Purposes and Legal Bases
We use personal data for the following purposes and rely on these legal bases for processing:
| Purposes | Activities | Legal Bases |
|---|---|---|
| Provide and administer the Services | Create accounts, provision workspaces, process transactions, provide support, maintain security and availability | Contract necessity, legitimate interests |
| Secure and protect users, customers, and the Services | Fraud prevention, incident detection, debugging, access controls, audit logs, and enforcing terms | Legitimate interests, legal obligation |
| Improve and develop the Services | Analytics, product research, quality assurance, and training Truewatch-controlled models or heuristics using aggreged or de-identified information | Legitimate interests, consent where required for non-essential cookies. |
| Communicate with you | Transactional notices, updates, service communications, and, with consent or as permitted, marketing. | Contract necessity, legitimate interests, consent where required. |
| Compliance with laws and legal process, and to defend legal claims | - | Legal obligation, legitimate interests |
We do not sell personal data, and we do not use personal data for cross-context behavioral advertising.
AI/ML and Model Training
- Customer Personal Data: We do not use personal data to train generalized or foundation AI models. We process this data only to provide our services and as permitted by our agreements.
- Controller Data: We may use aggregated and/or de-identified information from controller data (e.g., website analytics, product telemetry that does not identify an individual) to develop and improve our features, including for quality, reliability, and security. We never attempt to re-identify this data.
- Your Choices: You have control over optional analytics or telemetry via product settings and SDK configurations.
6. Cookies and Similar Technologies
We use cookies, pixels, and other similar technologies on our website for several reasons, including for essential functionality, improving performance, and personalizing your experience. These technologies also help us with marketing. For a detailed explanation of how we use these technologies and how you can manage your preferences, please see our dedicated Cookies Policy and the consent tools available on our website. You can withdraw or update your consent at any time using these tools.
7. Disclosure or Personal Data
We may disclose your personal data to the following third parties for the purposes described
a. Professional Advisers: We may share data with professional advisers, such as lawyers, auditors, and insurers, under strict confidentiality agreements. b. Legal Authorities: We may disclose your data to legal authorities when required by law or to protect our rights, safety, or integrity, as well as the rights, safety, or integrity of others. c. Corporate Transactions: Your data may be disclosed in connection with a merger, financing, acquisition, or dissolution. We will ensure appropriate safeguards and provide notice as required by law. d. Service Providers: We share data with vendors and processors who host, support, operate, and improve our services. This includes providers for cloud infrastructure, security, analytics, communications, payment processing, and customer support. e. Our Affiliates: Your data may be shared with our affiliated companies for internal administration, in a manner consistent with this Privacy Notice. f. Partners and Resellers: If you procure our services through a partner or reseller, we may disclose your data to them.
We place strict contractual obligations on all recipients to protect your personal data. We also do not allow them to use your data for their own marketing purposes without your explicit consent.
8. International Transfers
TrueWatch operates globally and may transfer personal data to countries where we or our service providers operate, which may have privacy laws different from those of your jurisdiction. To ensure your data remains protected, we implement appropriate safeguards. For transfers from the European Economic Area (EEA) and the United Kingdom, we use the EU Standard Contractual Clauses (SCCs) and the UK Addendum. For transfers from Singapore, we ensure a comparable level of protection as required by the PDPA. We may use additional mechanisms for other regions, such as the Swiss Addendum or other approved contractual clauses, to maintain robust data protection.
Cross-border transfers occur only where an adequate or comparable level of data protection is ensured, consistent with Articles 44-49 of the GDPR and Section 26 of the PDPA.
9. Data Retention
We retain your personal data for as long as needed to fulfill the purpose for which it was collected. This includes satisfying any legal, accounting, or reporting requirements, as well as resolving disputes and enforcing our agreements. For data collected within our services, our customers can control data retention through product configurations and documentation. Where we act as the data controller, we determine the retention period based on fixed periods or objective criteria, such as the account lifecycle, legal limitation periods, business-continuity requirements, or our security needs. To ensure system resilience, backups may be retained for a limited additional period.
10. Data Security
We take the security of your personal data seriously. We have implemented administrative, technical, and physical safeguards to protect your data from accidental or unlawful destruction, loss, alteration, and unauthorized access or disclosure. Our security measures include logical access controls, encryption for data both in transit and at rest, vulnerability management, secure software development practices, and network segmentation. We also use continuous monitoring, logging, and personnel security measures. In the event of a security incident, we have a defined incident response procedure and will notify our customers and regulators as required by law and our agreements.
11. Your Rights and Choices
Depending on your location, you may have specific rights regarding your personal data. These rights often include the ability to request access, correction, or deletion of your data, as well as the right to request a restriction on its processing, data portability, or to object to certain types of processing.
Withdrawal of Consent
You may withdraw your consent for any optional data processing at any time by contacting us. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
Marketing and Cookies Choices
You have control over how we use your data for marketing. You can opt out of marketing emails at any time by using the unsubscribe link provided in our emails or by contacting us directly. Please note that even if you unsubscribe from marketing communications, you may still receive transactional or service-related notices from us. You can also manage your cookie preferences through the consent tool on our website and by adjusting your browser settings.
Our Response Time
We will respond to all requests without undue delay and within the timeframes required by applicable law. Here are some examples of our typical response times:
a. EEA/UK (GDPR): We will respond within 30 calendar days of receiving your request. This period can be extended by an additional 60 calendar days for complex requests, but we will notify you of the extension and the reason for it.
b. Singapore (PDPA): We will respond within 30 calendar days of receiving your request. If we need more time, we will inform you within those 30 days of the timeframe within which we will respond.
c. California (CPRA): We will respond within 45 calendar days of receiving your request. This period can be extended by an additional 45 calendar days, and we will notify you of the extension. We will also acknowledge receipt of certain requests within 10 business days.
Verifying Your Identity
To protect your personal data, we may take reasonable steps to verify your identity before fulfilling your request. This is to ensure that we are not providing your data to an unauthorized person. If you are an authorized agent, you may submit a request on your behalf where permitted by law. We will not discriminate against you for exercising any of your privacy rights where prohibited by law.
12. Region-Specific Disclosures
This section outlines specific data protection practices and rights that apply to individuals in certain jurisdictions.
12.1 European Economic Area (EEA), United Kingdom, and Switzerland
For individuals in the EEA, the United Kingdom, and Switzerland, please note that we act as the data controller for your personal data. Our legal bases for processing are detailed in Section 5 of this Privacy Notice. You have the right to lodge a complaint with a data protection supervisory authority in your habitual place of residence, place of work, or where the alleged infringement occurred. We do not use automated decision-making processes that produce legal or similarly significant effects on individual.
12.2 Singapore (PDPA)
As a company incorporated in Singapore, our data processing activities are primarily governed by the Personal Data Protection Act (PDPA) of Singapore. We comply with all PDPA requirements, including obligations for collection, use, disclosure, protection, retention, access, correction, data breach notification, and cross-border transfers. We avoid collecting Singapore NRIC/FIN numbers or copies unless required by law, to verify your identity with a high degree of certainty, or where specific PDPA exception applies. We will use alternative identifiers whenever reasonably practicable.
12.3 California (CPRA)
For California residents, we act as a “business” (or controller) with respect to the personal information we collect and a “service provider” (or processor) for the data we process on behalf of our customers. We want to be clear that we do not “sell” or “share” personal information as defined by the California Privacy Rights Act (CPRA), and we do not use sensitive personal information to infer characteristics. Where applicable, we honor opt-out preference signals as a valid request to opt-out of the sale or sharing of data, and we provide additional opt-out methods as required by CPRA regulations. As a California resident, you can exercise the rights listed in Section 11 and may also request information about our disclosures for business purposes during the preceding 12 months.
12.4 Indonesia (PDP Law)
For individuals in Indonesia, we comply with the Law No. 27 of 2022 concerning Personal Data Protection. You have specific rights, including the right to access, correct, delete, withdraw consent, restrict processing, object, and data portability, all subject to statutory conditions. We may transfer personal data outside of Indonesia only where one of the permitted safeguards applies, and we will document the transfer mechanism as required by law. In the event of data breach, we will notify the relevant authorities and affected individuals in accordance with applicable Indonesian regulations.
12.5 Other Jurisdictions
While our data processing activities are primarily governed by the Singapore PDPA, we understand that privacy rights may vary depending on your jurisdiction. We are committed to processing your personal data and honoring your requests in accordance with the specific legal requirements of your local laws, where applicable.
13. Children’s Privacy
Our Services are designed for use by businesses and are not intended for, or directed at, children. We do not knowingly collect personal data from individuals under the age of sixteen (16) without prior verifiable parental consent or as otherwise permitted by law.
If you are a parent or legal guardian and believe your child has provided personal data to us without your consent, please contact us immediately at [email protected]. Upon receiving such a request, we will take all reasonable steps to promptly delete the child’s personal data from our records in accordance with all applicable laws and regulations, including the Children’s Online Privacy Protection Act and the GDPR.
14. Third Party Links and Integrations
This Privacy Notice applies solely to our collection, use, and disclosure of your personal data. Our Services may, from time to time, contain links to third party websites, applications, plug-ins, or other services. We do not own, operate, or control these third parties, and they are not governed by this Privacy Notice.
We are not responsible for the privacy practices, data security, or content of such third party services. We strongly encourage you to review the privacy notices and policies of any third party websites or services you interact with before providing any personal data. Your use of such third party services is at your own risk.
15. Changes to this Privacy Notice
This Privacy Notice may be amended, supplemented, or modified from time to time at our sole discretion. The Effective Date at the top of this document indicates the date of the most recent revision.
Notification of Changes
We will provide notice of any material changes to this Privacy Notice by posting the updated version on our Services or by other reasonable means. We are not required to provide prior notice for non-material changes.
Acceptance of Revised Privacy Notice
Your continued use of our Services after the effective date of any amendment, supplement, or modification to this Privacy Notice constitutes your unconditional acceptance of the revised Privacy Notice. If you do not agree to the terms of the revised Privacy Notice, you must cease all use of our Services.
16. How to Contact Us
If you have any questions about our Privacy Notice, or to exercise your rights as detailed in this Privacy Notice, appeal our decision related to the exercise of your rights, or other related privacy issues, you may contact our Data Protection Officer at ([email protected]) or use our Privacy Request Form.
If you have any concerns about our adherence to this Privacy Notice, we encourage you to contact us directly. We will review and work to resolve any complaints or disputes related to the use and sharing of personal data in line with this Privacy Notice and relevant laws and regulations.
You may also reach out to us in writing at the following address:
TrueWatch Technology Inc Pte., Ltd.
Aspial One 55 Ubi Ave 3 #02-07
Singapore 408864
(+65) 6924-1094
[email protected]