Privacy Policy

SaleLab AI Privacy Policy

Last updated: November 20, 2025

1. Who we are

SaleLab AI Pte. Ltd. ("SaleLab", "we", "us", "our") is a company incorporated in Singapore. We provide messaging and commerce tools that connect channels like WhatsApp with platforms like Shopify (the "Solution").

This Privacy Policy explains how we collect, use, disclose and protect personal data in connection with our websites, products and services.

2. What this policy covers

This Privacy Policy applies to:

Visitors to our website (for example, salelab.ai)
Merchants and their staff who use our Solution
End customers who interact with merchants through channels integrated with our Solution (for example, WhatsApp conversations, checkouts triggered from chat)

If you are a merchant, your own privacy notices to your customers remain your responsibility. This policy explains how SaleLab handles personal data in our role.

We handle personal data in line with the Singapore Personal Data Protection Act 2012 and its regulations ("PDPA").

3. Personal data we collect

"Personal data" means data, whether true or not, about an individual who can be identified from that data, or from that data and other information that we have or are likely to have access to.

3.1 Data you provide directly

Examples:

Contact details
- Name, job title, business email, phone number, address
Account and merchant data
- Login credentials, role, merchant account details, billing details
End customer data coming through the Solution
- Name, phone number, delivery details
- Chat content and associated metadata
- Products viewed, carts created, orders placed via flows we power
Communications with us
- Emails, support requests, feedback, survey responses

3.2 Data collected automatically

Examples:

Usage and log data
- Features used, timestamps, interaction flows, performance metrics
Device and technical data
- IP address, browser type, operating system, referring URLs
Cookies and similar technologies
- Session identifiers, preference cookies, analytics cookies

We may collect these when you visit our site, use our Solution, or interact with content or messages we send.

4. How we use your personal data

We use personal data for purposes that a reasonable person would consider appropriate in the circumstances, including:

Provide and operate the Solution
- Create and manage accounts
- Route, process and store messages and events between merchants and their end customers
- Enable chat to checkout flows and related commerce features
Support, security and quality
- Diagnose and fix issues
- Monitor performance and uptime
- Detect and prevent fraud, misuse, or security incidents
Product improvement and analytics
- Analyse usage patterns to improve flows, models and features
- Develop new products and capabilities
- Generate aggregated or anonymised statistics
Business operations and compliance
- Billing and invoicing
- Audits, reporting, legal and regulatory compliance
- Responding to lawful requests from regulators or authorities
Marketing and communication
- Send service announcements and updates
- Send marketing communications about our products or features, where permitted by law and with consent where required
- Allow you to opt out of marketing at any time

Where required by the PDPA, we will obtain your consent before collecting, using or disclosing personal data, or we will rely on applicable PDPA exceptions (for example, where consent is deemed or where use is necessary for business improvement or legal purposes).

5. WhatsApp, Cloud API and cross border transfers

Our Solution integrates with the WhatsApp Business Platform, including Meta's Cloud API ("WhatsApp Infrastructure"), to deliver and receive messages between merchants and their customers.

This means:

Message data and certain related metadata may be processed and stored on infrastructure operated by Meta Platforms Inc. or its affiliates
Such infrastructure is hosted in data centers located outside Singapore, including in North America and the European Union
SaleLab does not offer WhatsApp data localisation in Singapore

When personal data is transferred out of Singapore, we will take reasonable steps to ensure that the recipient provides a standard of protection that is at least comparable to the protection under the PDPA. This is typically done through contractual clauses and sub-processor due diligence.

Merchants are responsible for ensuring that their own privacy notices make it clear to their customers that WhatsApp conversations and related data may be processed by Meta and stored outside their home country.

6. Cookies and analytics

We use cookies and similar technologies to:

Keep you logged in and maintain sessions
Remember preferences
Understand how visitors use our website and Solution
Improve performance and user experience

You can usually control cookies through your browser settings. Blocking certain cookies may affect how our website or Solution works.

Some analytics or advertising tools we use may be provided by third parties. These providers may use cookies or similar technologies to collect information about your online activities over time and across different websites, subject to their own privacy policies.

7. How we share personal data

We do not sell personal data.

We may share personal data with:

Service providers and sub processors
- Cloud hosting, storage and infrastructure services
- WhatsApp Business Platform and other messaging providers
- Payment processors, if relevant
- Analytics, monitoring and logging providers
- Professional advisers (lawyers, accountants, auditors)

These parties are only allowed to use personal data to provide services to us and must protect it appropriately.

Merchants and their authorised users
- For end customers, personal data and chat content is shared with the relevant merchant and its authorised staff as needed to operate the Solution.
Corporate transactions
- If we are involved in a merger, acquisition, financing, sale of assets or similar event, personal data may be transferred as part of that transaction, subject to confidentiality obligations and PDPA requirements.
Legal and regulatory purposes
- Where we believe it is reasonably necessary to:
  - Comply with applicable laws, regulations or legal processes
  - Respond to valid requests from regulators, law enforcement or other public authorities
  - Protect our rights, property, users, or the public

For cross border disclosures, we will comply with PDPA transfer requirements and ensure comparable protection where required.

8. Data retention

We keep personal data:

For as long as it is reasonably necessary for the purposes set out in this policy
For as long as required by law, regulation or contractual obligation
For as long as needed to resolve disputes, enforce our agreements, or protect our legal interests

Where possible, we will anonymise or aggregate data so that it no longer identifies individuals, and may retain such information for analytics and product improvement.

9. How we protect personal data

We use reasonable administrative, technical and physical safeguards to protect personal data in our possession or under our control, such as:

Access controls and authentication
Encryption in transit and at rest where appropriate
Network security measures and monitoring
Internal policies and staff training

No method of transmission or storage is perfectly secure. While we work to protect personal data, we cannot guarantee absolute security.

10. Your rights and choices

Subject to the PDPA and other applicable laws, you may have the right to:

Request access to personal data we hold about you
Request correction of inaccurate personal data
Withdraw consent to our collection, use or disclosure of your personal data, where consent is the basis
Request deletion of personal data, where applicable

Withdrawal of consent or deletion of certain data may affect your ability to use our Solution or specific features.

We may need to verify your identity and may refuse requests in cases where PDPA exceptions apply, for example where:

The data is subject to legal privilege or legal obligations
The request would unreasonably impact the privacy of others
The request is manifestly unfounded or excessive

We may charge a reasonable fee for handling access requests, as permitted under the PDPA.

To exercise your rights, contact our Data Protection Officer using the details in section 13.

If you are an end customer of a merchant, you may need to contact the merchant directly to exercise certain rights, as they may be the primary controller of your personal data.

11. Third party services and links

Our Solution may link to or integrate with third party websites, apps or services (for example, WhatsApp, Shopify, payment providers). These services are operated by third parties and are governed by their own terms and privacy policies.

We do not control and are not responsible for the privacy practices or content of those third parties. You use them at your own risk and should review their privacy policies separately.

12. Children

Our services are designed for businesses and are not intended for children under 18 years old. We do not knowingly collect personal data directly from children. If you believe a child has provided personal data to us without appropriate consent, contact us and we will review and handle it in line with applicable law.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies or legal requirements.

We will post the updated policy on our website with a new "Last updated" date. Significant changes may be notified through the Solution or by email where appropriate.

Your continued use of the Solution after any changes take effect means you accept the updated Privacy Policy.

14. How to contact us

If you have any questions, requests or complaints about this Privacy Policy or how we handle personal data, contact our Data Protection Officer:

Email: hello@salelab.ai
Subject line: "Attention: Data Protection Officer"

We will review and respond within a reasonable time in accordance with the PDPA.

Learn More

SaleLab AI