Octok

Privacy Policy

1. Introduction

This Privacy Policy explains how the operator of octok.com (“Octok”, “we”, “us”, or “our”), a company incorporated in Singapore, collects, uses, discloses, and protects your personal data when you use our platform and related services (the “Services”).

This Privacy Policy should be read together with our Terms of Use. By using the Services, you acknowledge that you have read and understood this Privacy Policy.

We are committed to complying with the Personal Data Protection Act 2012 of Singapore (“PDPA”) and other applicable data protection laws.

2. Data Controller

The data controller for your personal data is the operator of octok.com, a company incorporated in Singapore.

Our Data Protection Officer (“DPO”) can be contacted at: privacy@elevatesphere.com

3. Personal Data We Collect

3.1 Data You Provide Directly

Account Data

When you create an account, we collect the information you provide or that is made available through your chosen authentication method, such as your name, email address, and profile photo. We do not receive or store your third-party authentication passwords. We store only the minimum information necessary to maintain your account.

Business Data

You may submit company URLs, business descriptions, uploaded documents, market preferences, and other business-related information (“Business Data”) to use the Services.

AI Interaction Data

We collect the inputs and prompts you provide to our AI system, as well as the AI-generated outputs created for you.

Communications

If you contact us for support or other inquiries, we collect the content of your communications.

3.2 Data Collected Automatically

Technical Data

We collect your IP address, browser type and version, device type, operating system, and other technical information when you access the Services.

Usage Data

We collect information about how you interact with the Services, including pages visited, features used, access times, and referring URLs.

3.3 Data from Third Parties

We may receive data from third-party authentication providers in connection with account creation. We do not currently purchase or otherwise obtain personal data from third-party data brokers.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

(a) Service Provision

To provide, maintain, and operate the Services, including generating AI Outputs based on your Inputs.

(b) AI Processing

Your Inputs, including Business Data, are processed by our AI systems and may be transmitted to third-party LLM providers via API for the purpose of generating AI Outputs. This is necessary to deliver the core functionality of the Services.

(c) Service Improvement

We may use your Inputs, AI Outputs, and any other data collected through the Services to analyse usage patterns, improve the Services, develop new features, and train or fine-tune AI models. We may also use anonymised and aggregated data for research, statistical analysis, and other purposes at our discretion.

(d) Account Management

To create and manage your account, authenticate your identity, and communicate with you about your account.

(e) Security and Abuse Prevention

To detect, prevent, and address fraud, abuse, security incidents, and technical issues.

(f) Legal Compliance

To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

(g) Communications

To send you service-related notices, updates, and, with your consent, marketing communications. You may opt out of marketing communications at any time.

5. Legal Basis for Processing

Under the PDPA, our primary legal basis for processing your personal data is your consent, which you provide when you create an account and use the Services. In certain cases, we may process your data based on legitimate interests (such as improving our Services or preventing fraud) or to comply with legal obligations.

For users subject to data protection laws outside Singapore, the legal bases for processing may vary depending on your jurisdiction. Please consult the relevant local laws or seek independent legal advice.

6. How We Share Your Personal Data

We may share your personal data with the following categories of recipients:

(a) Third-Party LLM Providers

Your Inputs are transmitted to third-party LLM providers for the purpose of generating AI Outputs. These providers process your data as data processors acting on our instructions.

We work with various third-party AI and technology providers to deliver the Services. The specific providers may change from time to time at our discretion.

(b) Cloud Infrastructure Providers

We use Amazon Web Services (AWS) with servers located in Singapore to host the Services and store your data.

(c) Code Execution Services

We use e2b.dev for certain code execution functionality within the Services.

(d) API Gateway

We use ElevateSphere (newapi.elevatesphere.com) as an API gateway service.

(e) Expert Network Members

If you choose to engage an Expert Network member, we will share relevant information with that member to facilitate the engagement. You will be asked to provide your explicit consent before any such sharing occurs.

(f) Payment Processors

When payment functionality is implemented, your payment information will be processed directly by third-party payment processors (such as Stripe or PayPal). We do not store your payment card details.

(g) Legal and Regulatory Authorities

We may disclose your personal data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Octok, our users, or the public.

(h) Corporate Transactions

In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred to the acquiring entity.

7. Cross-Border Data Transfers

Your personal data is primarily stored on AWS servers located in Singapore.

In the course of providing the Services, your data may be transferred to and processed in countries outside of Singapore, including by third-party providers whose servers may be located anywhere in the world. By using the Services, you expressly consent to such transfers and acknowledge that data protection standards in other jurisdictions may differ from those in Singapore.

We may transfer your data to any jurisdiction as we deem appropriate for the provision of the Services or our business operations.

For users subject to data protection laws in other jurisdictions, you are responsible for ensuring your use of the Services complies with applicable cross-border data transfer requirements.

8. Data Retention

We retain your personal data for as long as we deem necessary or appropriate in our sole discretion, including to fulfil the purposes for which it was collected, provide the Services, comply with legal obligations, resolve disputes, enforce our agreements, and for any other legitimate business purpose.

Account Data

Retained for the duration of your account and for a reasonable period thereafter (not exceeding 12 months) to allow for account reactivation or to comply with legal obligations.

AI Interaction Data

Inputs and AI Outputs are retained for the duration of your account. You may delete individual conversation histories through the platform interface.

Technical and Usage Data

Retained for up to 12 months from the date of collection.

Post-Deletion

When you delete your account or specific data, we will delete or anonymise the data within a commercially reasonable timeframe as determined by us, subject to any applicable legal retention requirements. Notwithstanding the foregoing, we may retain any data indefinitely for legal, regulatory, backup, archival, or other legitimate business purposes. Anonymised data that can no longer be associated with you may be retained and used indefinitely.

9. Your Rights

9.1 Under the PDPA (All Users)

Under the PDPA, you have the right to:

  1. Access your personal data held by us;
  2. Correct any inaccurate or incomplete personal data;
  3. Withdraw your consent to our collection, use, or disclosure of your personal data (subject to legal and contractual restrictions);
  4. Request the portability of your personal data to another organisation (where technically feasible); and
  5. Make a complaint to the Personal Data Protection Commission (“PDPC”) if you believe we have breached the PDPA.

9.2 Additional Rights Under Other Laws

Depending on your location, you may have additional rights under applicable data protection laws, which may include the right to request erasure, object to processing, request restriction of processing, or lodge a complaint with your local supervisory authority. You are responsible for understanding your rights under applicable law.

9.3 Exercising Your Rights

To exercise any of the above rights, please contact us at privacy@elevatesphere.com. We will respond to your request within a reasonable timeframe (and in any event within the timeframe required by applicable law). We may need to verify your identity before processing your request.

10. Cookies and Tracking Technologies

We currently do not use any third-party analytics or tracking tools. We use only essential cookies necessary for the functioning of the Services (such as session management).

If we introduce additional cookies or tracking technologies in the future, we will update this Privacy Policy and implement an appropriate cookie consent mechanism.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

  1. Encryption of data in transit using RSA-based encryption;
  2. Encryption of data at rest in our databases;
  3. Hosting on AWS Singapore with enterprise-grade security controls;
  4. Access controls limiting data access to authorised personnel; and
  5. Regular review of our security practices.

While we take reasonable steps to protect your data, no method of transmission or storage is completely secure. We cannot and do not guarantee the security of your data. You acknowledge that you provide your data at your own risk, and Octok shall not be liable for any unauthorised access, loss, or disclosure of your data.

12. Children’s Privacy

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that data promptly. If you believe we have inadvertently collected data from a child, please contact us at privacy@elevatesphere.com.

13. Data Breach Notification

In the event of a data breach that is likely to result in significant harm to affected individuals, we will:

  1. Notify the PDPC within 3 calendar days of our assessment that the breach is notifiable;
  2. Notify affected individuals as soon as practicable; and
  3. Take all reasonable steps to contain the breach and minimise harm.

Where applicable, we will also comply with breach notification requirements under the GDPR, PIPL, or other applicable laws.

14. Changes to This Privacy Policy

We may update this Privacy Policy at any time and for any reason at our sole discretion. Updated Privacy Policy will be effective immediately upon posting on our website. Your continued use of the Services following the posting constitutes your acceptance of such changes. It is your responsibility to review this Privacy Policy regularly.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Data Protection Officer
Octok
Singapore
Email: privacy@elevatesphere.com
General Support
Email: support@elevatesphere.com
Legal Inquiries
Email: legal@elevatesphere.com

16. Compliance with Local Laws

16.1 Singapore (PDPA)

This Privacy Policy is drafted in compliance with the PDPA. To the extent that any provision of this Privacy Policy conflicts with the PDPA, the PDPA shall prevail. You may contact the PDPC at https://www.pdpc.gov.sg if you have a complaint about our data practices.

16.2 Your Responsibility for Local Compliance

If you are located in or subject to the laws of any jurisdiction with data protection or privacy legislation (including but not limited to the European Union, People’s Republic of China, Japan, Republic of Korea, or other ASEAN jurisdictions), you are solely responsible for:

  1. ensuring your use of the Services complies with all applicable local laws and regulations;
  2. obtaining any necessary consents or authorisations required under local law before using the Services;
  3. complying with any cross-border data transfer requirements applicable to you; and
  4. seeking independent legal advice regarding your obligations under applicable law.
© 2026 Octok. All rights reserved.