Privacy Policy

Overview

By accessing this website or engaging with OpenSME's services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please do not use our website or submit personal information to us.

This policy applies to personal data collected through our website (www.opensme.co), email correspondence, and in connection with our software components and services.

Who We Are

OpenSME Pte Ltd ("OpenSME", "we", "us", "our") is a technology company incorporated in Singapore, providing modular, AI-powered software solutions for small and medium enterprises. We are the data controller responsible for personal data collected through this website and our services.

For any privacy-related matters, you may contact us at: hello@opensme.co

Data We Collect

Information You Provide Directly

When you contact us, request a demonstration, or otherwise communicate with OpenSME, we may collect:

• Full name
• Work email address
• Company name and size
• Industry or job function
• Any information you voluntarily share in your message or enquiry
• Communication preferences

Information Collected Automatically

When you visit our website, certain technical data may be collected automatically, including:

• IP address and general geographic location (country/city level)
• Browser type and version
• Device type and operating system
• Pages visited and time spent on each page
• Referring URL (the page you visited before arriving at our site)
• Date and time of your visit

Information from Business Interactions

In the course of delivering our services to clients, we may collect additional professional information such as business contact details, operational data shared for the purpose of software configuration, and feedback or correspondence related to project delivery.

How We Use Your Data

We use the personal data we collect for the following purposes:

• Responding to enquiries — to reply to your messages and provide information you have requested
• Scheduling and conducting demonstrations — to arrange and run product sessions you have requested
• Service delivery — to configure, deploy, and support software components for clients
• Communications — to send you relevant updates, thought leadership content, or product information where you have given consent or where we have a legitimate interest in doing so
• Analytics and improvement — to understand how our website is used and improve its content and functionality
• Legal and compliance — to meet our legal obligations, enforce our terms, and protect our rights

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

Legal Basis for Processing

Under the PDPA and applicable data protection frameworks, we process your personal data on the following legal grounds:

• Consent — where you have explicitly agreed to receive communications or to the use of your data for a specific purpose
• Contractual necessity — where processing is required to fulfil a contract or to take steps at your request before entering into a contract
• Legitimate interests — where we have a genuine business interest in processing your data that does not override your rights (for example, responding to a business enquiry or improving our website)
• Legal obligation — where we are required to process data to comply with applicable law

Data Sharing and Disclosure

We may share your personal data in limited circumstances:

Service Providers

We may engage trusted third-party service providers who assist in operating our website and delivering our services (for example, cloud hosting providers, email delivery services, or analytics tools). These providers are contractually bound to process your data only on our instructions and to maintain appropriate security standards.

Legal Requirements

We may disclose your personal data if required to do so by law, regulation, court order, or governmental authority, or if we believe such disclosure is necessary to protect our legal rights, enforce our agreements, or protect the safety of our users or the public.

Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business, personal data may be transferred to the relevant successor entity. We will notify you of any such change and any choices you may have in accordance with applicable law.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention practices are:

• Enquiry and contact data — retained for up to 3 years from last contact, after which it is securely deleted unless an ongoing business relationship exists
• Client project data — retained for the duration of the engagement and for up to 7 years thereafter for legal and compliance purposes
• Website analytics data — retained in aggregated, anonymised form; personally identifiable data is not retained beyond 26 months
• Email correspondence — retained in accordance with our internal records management policy

When personal data is no longer required, it is securely deleted or anonymised.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include:

• Encrypted data transmission using HTTPS/TLS protocols
• Access controls limiting data access to authorised personnel only
• Regular security reviews of our systems and processes
• Secure, reputable cloud infrastructure providers with their own certified security practices

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any identified vulnerabilities or breaches.

In the event of a data breach that is likely to result in significant harm to affected individuals, we will notify the relevant authorities and affected persons in accordance with applicable law.

Cookies and Tracking Technologies

Our website may use cookies and similar technologies to improve your browsing experience and gather analytics. Cookies are small text files stored on your device when you visit a website.

Types of Cookies We Use

• Essential cookies — necessary for the website to function correctly (for example, session management). These cannot be disabled.
• Analytics cookies — used to understand how visitors interact with our website, such as which pages are visited most. This data is aggregated and anonymised where possible.

We do not use advertising cookies, tracking pixels from social media platforms, or any cookies designed to build a profile of your browsing behaviour across third-party websites.

Managing Cookies

You can control and delete cookies through your browser settings. Disabling certain cookies may affect the functionality of parts of our website. For more information, visit aboutcookies.org.

Your Rights

Under the Personal Data Protection Act 2012 (Singapore) and, where applicable, the General Data Protection Regulation (GDPR) and other data protection laws, you have the following rights in relation to your personal data:

• Right of access — you may request a copy of the personal data we hold about you
• Right to correction — you may request that inaccurate or incomplete personal data be corrected
• Right to withdrawal of consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal
• Right to erasure — in certain circumstances, you may request that your personal data be deleted
• Right to restrict processing — you may request that we limit how we use your data in certain situations
• Right to data portability — where applicable, you may request your data in a structured, machine-readable format
• Right to object — you may object to processing based on legitimate interests, including for direct marketing purposes

To exercise any of these rights, please contact us at hello@opensme.co. We will respond to all legitimate requests within 30 days. We may ask you to verify your identity before processing your request.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore at www.pdpc.gov.sg.

Children's Privacy

Our website and services are directed at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational procedures. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us: