Privacy Policy

Futurity Technologies PTE. LTD ("Futurity", "We", "Us", or "Our") is the primary operator of the platform https://futurity.work, as well as all related products, applications, and services provided under the trademarks "Futurity" and "Corint" (collectively referred to as the "Futurity Products"), which may be accessed worldwide via desktop, mobile devices, or tablets.

This Privacy Policy outlines how we collect, use, store, process, and manage personal information and other data in accordance with applicable laws, including but not limited to the laws of the Republic of Singapore and relevant data protection regulations in jurisdictions where we operate.

By accessing or using the Futurity Products, or by entering into a contractual or cooperative agreement with us, you acknowledge that you have read and understood this Privacy Policy. We process your data on the legal bases described in the "Legal Basis for Processing" section below.

We may revise or update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other circumstances. We encourage you to review this Privacy Policy periodically to stay informed of any changes.

This Privacy Policy applies to:

• Visitors, users, and account holders of Futurity Products.
• Partners, vendors, and third parties who interact with our services.
• All forms of personal and non-personal data collected through our platforms, events, or other official channels.

Our Role

When you use Futurity directly, we act as the data controller (or equivalent under applicable law) for your personal data.

When your organisation uses Futurity and you access it as an employee or member, your organisation is the data controller and Futurity acts as a data processor on their behalf. In this case, your organisation's privacy policy governs the processing of your data, and our obligations are set out in our Data Processing Agreement with your organisation.

This Privacy Policy is prepared and enforced in accordance with the prevailing laws and regulations of the Republic of Singapore, as well as any applicable laws and regulations in other jurisdictions relevant to any part of Futurity's products and services. This includes, but is not limited to, statutes, regulations, judicial precedents, and applicable codes of practice, as enacted or amended from time to time. Futurity is committed to complying with the laws of Singapore as its primary governing law, ensuring that all provisions outlined in this Privacy Policy are consistent and in harmony with the applicable legal framework in Singapore while respecting relevant international legal requirements.

Information You Provide

• Account Information — Name, email address, phone number, login credentials, profile details, and preferences.
• Chat & Conversation Data — Messages sent to and received from AI assistants, including file attachments and tool outputs.
• Workflow Data — Workflow configurations, execution logs, scheduled triggers, and run results.
• Vault Data — Files uploaded to the encrypted vault, including metadata (filename, size, type, upload date).
• Payment Data — Billing information processed by our payment provider. Futurity does not store full payment card numbers.

Information Collected Automatically

• Usage Data — IP address, device type, browser, pages visited, features used, and activity logs.
• Analytics Data — Error reports (via Sentry), performance metrics, and anonymised usage analytics (via Vercel Analytics).
• Authentication Data — Session tokens stored as cookies (see our Cookie Policy).

Information from Third Parties

• Integration Data — OAuth tokens, connection metadata, and data synced from third-party services (Google, Microsoft, Slack, Salesforce) when you connect these integrations.
• WhatsApp Data — Phone numbers and message content processed through the WhatsApp Business API on behalf of your organisation.
• Desktop Session Data — Screen captures and interaction data when using desktop control features, initiated and controlled by the user.

Your data may be used for:

• Providing and improving our products and services.
• Processing transactions and managing your account.
• Customizing content and recommendations.
• Communicating updates, offers, or service changes.
• Ensuring compliance with legal obligations and resolving disputes.

Futurity collects and processes your data for the following purposes:

1. To enhance and personalize your experience in accessing and using Futurity's products and services.
2. To assist our clients in better understanding user needs, enabling them to provide an improved and more relevant experience.
3. To provide AI-assisted features by transmitting your prompts and relevant context to third-party AI providers. Futurity does not use your data to train, fine-tune, or improve AI models. Your data is processed only to generate responses within the service.
4. To establish and maintain communication with you, including follow-up confirmations regarding your potential use of Futurity's products and services.
5. For marketing purposes, which include:
   1. Gathering insights to improve Futurity's products, features, and services.
   2. Providing updates, offers, or promotional information about Futurity's products and services, including through email-based newsletters.

You may opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in account settings
• Contacting dpo@futurity.work

Opting out of marketing does not affect transactional communications (e.g., password resets, billing receipts, security alerts).

To provide AI-assisted features, user prompts and relevant context are transmitted to the following third-party AI providers:

• OpenAI (OpenAI, L.L.C.) — United States
• Google Gemini (Google LLC) — United States
• Fireworks AI (Fireworks AI, Inc.) — United States
• OpenRouter (OpenRouter, Inc.) — United States

These providers process data solely to generate responses and do not use your data for model training under our agreements with them. For details on each provider's data handling, refer to their respective privacy policies.

We may share your data with:

• Our subsidiaries, affiliates, and service providers who process data on our behalf.
• Legal authorities when required by applicable law or regulation.
• Third parties in connection with business transactions such as mergers, acquisitions, or restructuring.

We use the following categories of service providers to process personal data on our behalf:

We maintain agreements with all sub-processors that require them to protect personal data to a standard consistent with this policy.

We may update this list from time to time. Material changes (addition of new sub-processors) will be communicated via email or in-app notification at least 14 days in advance.

Futurity's infrastructure is hosted on self-managed servers (Hetzner) in Singapore, the United States, and Germany, and on Amazon Web Services in Singapore. Your data may be transferred to and processed in the following jurisdictions:

• Singapore — Application hosting (Hetzner), file storage and encryption key management (AWS S3, KMS), and business operations.
• United States — Application hosting (Hetzner), AI provider API calls (OpenAI, Google Gemini, Fireworks, OpenRouter), error monitoring (Sentry), analytics (Vercel), and transactional email (SendGrid).
• Germany — Application hosting and Kubernetes infrastructure (Hetzner).

For users in the European Economic Area (EEA) and United Kingdom: Where we transfer personal data outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision. You may request a copy of the applicable safeguards by contacting our DPO.

For users in Singapore: We ensure that recipients of personal data provide a standard of protection comparable to that under the PDPA (s.26).

For users in Canada: Your personal data may be processed in the United States by our AI and infrastructure providers. Under the laws of those jurisdictions, data may be accessible to law enforcement and national security authorities.

We retain your data only as long as necessary for the purposes described in this policy.

After the retention period expires, data is permanently deleted or irreversibly anonymised. Data in backup archives may persist for up to 30 additional days before being purged.

You may request deletion of your data at any time by contacting us. Certain data may be retained where required by law (e.g., billing records for tax purposes).

We protect your data using technical and organisational measures appropriate to the sensitivity of the data, including:

• Encryption — Data is encrypted at rest and in transit (TLS 1.2+).
• Access Controls — Role-based access with principle of least privilege. Employee access to production data is logged and reviewed.
• Authentication — Multi-factor authentication for internal systems.
• Monitoring — Continuous monitoring for unauthorised access and anomalous activity.
• Assessments — Regular security assessments and vulnerability scanning.
• Incident Response — Documented incident response process with defined roles and escalation procedures.

No system is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any vulnerabilities or incidents.

Futurity processes WhatsApp messages on behalf of organisations using the WhatsApp Business API. Phone numbers and message content are transmitted through Meta's infrastructure. Users interacting via WhatsApp should also refer to Meta's privacy policy at https://www.whatsapp.com/legal/privacy-policy.

Futurity uses AI to generate responses, summaries, and recommendations based on user prompts. These outputs are provided as suggestions and are not used to make automated decisions that produce legal or similarly significant effects on users without human review.

If we introduce features that involve automated decision-making with significant effects, we will update this policy and provide the right to request human review.

We take reasonable steps to ensure that personal data we process is accurate, complete, and up-to-date. You can update your account information at any time through your account settings. If you believe any data we hold is inaccurate, please contact us to request correction.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate or incomplete data.
• Deletion — Request deletion of your personal data, subject to legal retention requirements.
• Data Portability — Receive your data in a structured, machine-readable format (JSON or CSV).
• Restrict Processing — Request that we limit how we use your data in certain circumstances.
• Object to Processing — Object to processing based on legitimate interest, including for direct marketing.
• Withdraw Consent — Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
• Automated Decision-Making — You will not be subject to decisions based solely on automated processing that produce legal or similarly significant effects without human review.

How to Exercise Your Rights

You may submit a request by:

1. Emailing dpo@futurity.work with the subject line "Data Rights Request"
2. Using the data request form in your account settings (when available)

We will verify your identity before processing any request. We will respond within:

• 30 days (GDPR, PDPA, PIPEDA)
• 45 days (CCPA/CPRA, with a possible 45-day extension)

There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.

Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

• Singapore: Personal Data Protection Commission (PDPC)
• EU/UK: Your local supervisory authority
• Canada: Office of the Privacy Commissioner (OPC)
• California: California Attorney General

You may also contact our DPO to raise concerns directly.

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with additional rights.

Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information:

Sale and Sharing of Personal Information

Futurity does not sell your personal information. Futurity does not share your personal information for cross-context behavioural advertising.

Your California Rights

In addition to the rights listed above, California residents have:

• Right to Know — Categories and specific pieces of PI collected, sources, purposes, and third parties.
• Right to Non-Discrimination — We will not deny services, charge different prices, or provide different quality based on your exercise of privacy rights.
• Right to Limit Use of Sensitive PI — If we collect sensitive PI beyond what is necessary to provide the service, you may request we limit its use. Currently, we do not collect sensitive PI as defined by the CCPA.
• Authorised Agent — You may designate an authorised agent to submit requests on your behalf with verifiable written permission.

To exercise your rights, contact dpo@futurity.work or use the methods described in "How to Exercise Your Rights" above.

In the event of a data breach that is likely to result in significant harm or risk to your rights:

• We will notify the relevant supervisory authority within the timeframes required by applicable law (72 hours under GDPR; 3 calendar days under PDPA; as soon as feasible under PIPEDA).
• We will notify affected individuals without undue delay, providing a description of the breach, the data involved, and steps you can take to protect yourself.
• We maintain an internal incident response process and keep records of all breaches as required by applicable law.

Our designated Data Protection Officer can be contacted at:

Name: Miklos Sunario
Email: dpo@futurity.work
Address: 111 North Bridge Road, #07-11, Peninsula Plaza, Singapore 179098

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or other factors. For material changes, we will provide at least 30 days' advance notice via email or in-app notification before the changes take effect. Non-material changes (e.g., typographical corrections) may take effect immediately upon posting.

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Email: contact@futurity.work

Address: 111 North Bridge Road, #07-11, Peninsula Plaza, Singapore 179098

If you are a resident of a US state with a consumer privacy law (including California, Virginia, Colorado, Connecticut, Utah, and others), you may have additional rights regarding your personal data:

• Right to Know — You may request that we disclose what personal data we collect, use, and share about you.
• Right to Delete — You may request that we delete personal data we have collected from you, subject to certain exceptions.
• Right to Correct — You may request that we correct inaccurate personal data we maintain about you.
• Right to Data Portability — You may request a copy of your personal data in a portable, readily usable format.
• Right to Opt Out — You may opt out of the sale or sharing of your personal data, if applicable.

How to Submit a Request

You may exercise your rights using either of the following methods:

1. Online: Submit a request through our Privacy Request Form.
2. Email: Send your request to privacy@futurity.work.

We will acknowledge receipt of your request and respond within 45 days as required by applicable law. We may need to verify your identity before processing your request.

We will not discriminate against you for exercising any of these rights.

Note: This section provides a summary of rights that may apply to you. The specific rights available depend on your state of residence and the applicable law. Please consult the relevant state statute for full details.