Privacy Policy

1. Introduction

Welcome to Zeemarq Pte. Ltd. ("Zeemarq," "we," "us," or "our"). We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you use our enterprise resource planning (ERP) platform, AI-driven chat solutions, and related services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including businesses, their authorized employees, and representatives who access our platform for B2B procurement, supplier management, inventory tracking, order automation, payment reconciliation, and other business operations.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

2. Scope and Application

2.1 Business-to-Business Services

Zeemarq provides B2B services exclusively. We do not knowingly collect, process, or store personal data from end consumers (e.g., retail customers of our business clients). Our Services are designed for businesses and their authorized personnel who manage procurement, supply chain operations, inventory, and related business functions.

2.2 Authorized Users

When a business organization engages with our Services, that organization (the "Client") is responsible for ensuring that all employees, contractors, and representatives who access our platform ("Authorized Users") are informed of and consent to this Privacy Policy. Clients are responsible for obtaining necessary consents from their Authorized Users in accordance with applicable data protection laws.

2.3 Marketplace and E-Commerce Integrations

Our Services integrate with various e-commerce platforms and marketplaces, including but not limited to Amazon (all marketplaces), Shopify, Lazada, Shopee, TikTok Shop, and WooCommerce. When you connect your accounts on these platforms to Zeemarq, we access and process data from these platforms to provide our Services. This Privacy Policy governs how we handle such data. You should also review the privacy policies of these third-party platforms, as they have their own data practices that are independent of Zeemarq.

3. Information We Collect

We collect various types of information to provide, maintain, improve, and secure our Services. The information we collect falls into the following categories:

3.1 Information You Provide Directly

Account Registration Information:

• Full name
• Business email address
• Company name and business details
• Job title and role
• Account credentials (username and encrypted password)
• Business registration information and tax identifiers (where applicable)

Business and Transaction Information:

• Purchase orders and order details
• Supplier and vendor information (names, contact details, addresses)
• Product catalogs, SKUs, and inventory data
• Delivery and shipping addresses
• Invoice and payment information
• Payment method details (processed through third-party payment processors)
• Transaction history and order status
• Pricing, discounts, and terms negotiated with suppliers

Communication Data:

• Communications you send through our platform, including messages to suppliers, internal team communications, and customer support inquiries
• AI chat interaction logs, including questions, commands, and responses
• Feedback, reviews, and survey responses

Marketplace and Integration Data:

When you connect third-party e-commerce accounts (Amazon, Shopify, Lazada, Shopee, TikTok Shop, WooCommerce), we collect:

• Order data and transaction records from connected platforms
• Product listings, inventory levels, and catalog information
• Customer order information (business customer data only, not end-consumer personal data)
• Sales data, revenue figures, and performance metrics
• Shipping and fulfillment information
• API access tokens and credentials (encrypted and securely stored)

3.2 Information Collected Automatically

Usage and Analytics Data:

• Device information (device type, operating system, browser type and version)
• IP address and general location information (country/city level)
• Log data (access times, pages viewed, features used)
• Clickstream data and navigation patterns
• Session duration and frequency of use
• Feature usage statistics and performance metrics
• Error reports and diagnostic information

Cookies and Similar Technologies:

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities and preferences. These technologies help us:

• Authenticate users and maintain secure sessions
• Remember your preferences and settings
• Analyze usage patterns and improve our Services
• Measure the effectiveness of our marketing campaigns
• Provide personalized content and recommendations

You can control cookie preferences through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Services.

Third-Party Analytics:

We use third-party analytics services, including but not limited to Google Analytics, to understand how users interact with our Services. These services may collect information about your use of our Services and other websites over time. The information collected is used to evaluate and improve our Services, analyze trends, and understand user behavior.

3.3 Information from Third Parties

• E-Commerce Platform Data: When you authorize integration with Amazon, Shopify, Lazada, Shopee, TikTok Shop, WooCommerce, or other platforms, we receive data through their APIs in accordance with their terms of service and API usage policies.
• Payment Processor Information: We use third-party payment processors including HitPay, Stripe, and PayPal to process payments. These processors provide us with limited transaction confirmation data (e.g., payment status, transaction ID) but do not share full payment card details with us.
• AI and Machine Learning Services: We use Mixtrail and other AI/ML service providers to enhance our AI-driven chat capabilities and analytics features. These providers may process data on our behalf in accordance with their data processing agreements.

3.4 Information We Do Not Collect

We do not knowingly collect:

• Personal data from end consumers (retail customers of our business clients)
• Sensitive personal data such as health information, biometric data, genetic data, racial or ethnic origin, political opinions, religious beliefs, or sexual orientation
• Information from individuals under the age of 18 (our Services are B2B only)

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery and Performance

• Provide Core Services: Enable order placement, supplier communication, payment processing, delivery tracking, inventory management, and all features of our ERP platform
• AI-Driven Chat: Power our AI chat interface to allow natural language interaction with the system, automate workflows, provide real-time insights, and respond to queries
• Marketplace Integration: Synchronize data between your Zeemarq account and connected e-commerce platforms, consolidate orders, manage inventory across channels, and provide unified reporting
• Order Automation: Process and route orders automatically based on your business rules and preferences
• Payment Reconciliation: Match payments with invoices, track outstanding balances, and generate financial reports
• Supplier Management: Maintain supplier databases, track performance, manage communications, and facilitate procurement processes

4.2 Account Management and Security

• Authentication and Access Control: Verify your identity, maintain secure sessions, and manage user permissions
• Account Administration: Create and manage user accounts, process registrations, and handle account modifications
• Security Monitoring: Detect and prevent fraud, unauthorized access, security breaches, and other malicious activities
• System Integrity: Maintain the security, stability, and reliability of our Services

4.3 Communication

• Service Communications: Send transaction confirmations, order updates, delivery notifications, system alerts, and other service-related messages
• Customer Support: Respond to inquiries, troubleshoot issues, and provide technical assistance
• Marketing Communications: Send promotional materials, product updates, newsletters, and event invitations (you may opt out at any time)
• Administrative Notices: Communicate changes to our terms, policies, or Services

4.4 Analytics and Improvement

• Usage Analysis: Understand how users interact with our Services, identify popular features, and detect areas for improvement
• Performance Optimization: Monitor system performance, identify bugs and errors, and optimize speed and reliability
• Product Development: Develop new features, enhance existing functionality, and innovate our AI capabilities
• Business Intelligence: Generate insights and reports to help clients optimize their procurement and supply chain operations
• AI Model Training: Improve our AI chat algorithms and natural language processing capabilities (using aggregated, anonymized data where possible)

4.5 Legal and Compliance

• Legal Obligations: Comply with applicable laws, regulations, legal processes, and governmental requests
• Contract Enforcement: Enforce our Terms of Service, investigate violations, and protect our rights and property
• Dispute Resolution: Resolve disputes, address claims, and protect against legal liability
• Regulatory Compliance: Meet requirements of e-commerce platforms, payment processors, and financial regulations

4.6 Business Operations

• Transaction Processing: Facilitate payments, generate invoices, and maintain financial records
• Vendor Management: Onboard and manage relationships with technology providers, payment processors, and other service providers
• Corporate Transactions: Support mergers, acquisitions, reorganizations, or sales of assets (with appropriate data protection safeguards)

5. Legal Bases for Processing (PDPA and International Standards)

Under Singapore's Personal Data Protection Act (PDPA) and international data protection standards, we process your personal data based on the following legal bases:

5.1 Consent

We obtain your consent to process personal data when required by law, particularly for:

• Marketing communications
• Non-essential cookies and tracking technologies
• Processing of data for purposes beyond core service delivery

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5.2 Contract Performance

We process personal data as necessary to perform our contractual obligations to you and your organization, including:

• Providing access to our Services
• Processing orders and transactions
• Delivering customer support
• Maintaining your account

5.3 Legal Obligations

We process personal data to comply with legal and regulatory requirements, including:

• Tax and accounting obligations
• Financial record-keeping requirements
• Responding to lawful requests from authorities
• Compliance with e-commerce platform policies and regulations

5.4 Legitimate Interests

We process personal data based on our legitimate business interests, provided these interests do not override your fundamental rights and freedoms. These legitimate interests include:

• Improving and securing our Services
• Preventing fraud and abuse
• Analytics and business intelligence
• Internal administration and operational efficiency
• Marketing our Services to existing business clients

6. How We Share Your Information

We do not sell personal data to third parties. We share your information only in the following circumstances:

6.1 Service Providers and Business Partners

We engage trusted third-party service providers to perform functions and support our Services. These providers have access to personal data only as necessary to perform their functions and are contractually obligated to protect the confidentiality and security of personal data. Categories of service providers include:

• Cloud Infrastructure: Amazon Web Services (AWS) provides our cloud hosting and infrastructure services in the Singapore region.
• Payment Processors: HitPay, Stripe, and PayPal process payments on our behalf. These processors have their own privacy policies and handle payment information in accordance with PCI-DSS standards.
• AI and Machine Learning: Mixtrail and other AI service providers help power our intelligent chat features and analytics capabilities.
• Email and Communications: Email service providers help us send transactional emails, notifications, and marketing communications (with your consent).
• Customer Support Tools: Customer support platforms help us manage support tickets and provide assistance to users.
• Analytics and Marketing: Analytics providers (such as Google Analytics) and marketing platforms help us understand usage patterns and reach potential clients.

6.2 E-Commerce Platform Integrations

When you connect third-party e-commerce accounts to Zeemarq, we share necessary data with these platforms to enable synchronization and provide our Services. This data sharing is governed by:

• The platform's API terms and policies
• Your authorization and consent to connect accounts
• This Privacy Policy

Data shared with these platforms may include order data, inventory information, product catalogs, and business customer information required for order fulfillment.

6.3 Legal Requirements and Protection

We may disclose personal data when required by law or when we believe disclosure is necessary to:

• Comply with legal obligations, court orders, subpoenas, or regulatory requirements
• Enforce our Terms of Service or other agreements
• Protect our rights, property, or safety, or that of our users or the public
• Detect, prevent, or address fraud, security issues, or technical problems
• Respond to claims of violation of third-party rights

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, asset sale, or bankruptcy, personal data may be transferred to the acquiring or successor entity. We will provide notice and ensure that the transferee agrees to protect personal data in accordance with this Privacy Policy.

6.5 With Your Consent

We may share personal data with third parties when you provide explicit consent for such sharing. You may withdraw consent at any time, subject to legal or contractual restrictions.

6.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you or your organization. This may include industry benchmarks, usage statistics, or market research.

7. International Data Transfers

7.1 Data Storage and Processing Location

All personal data collected through our Services is stored and processed on servers located in Singapore using Amazon Web Services (AWS) Singapore region. We do not transfer personal data outside of Singapore under normal operations.

7.2 Third-Party Service Providers

Some of our third-party service providers (such as payment processors, analytics providers, and AI services) may be located outside Singapore or may process data in multiple jurisdictions. When we engage such providers, we ensure appropriate safeguards are in place through:

• Data processing agreements with security and confidentiality obligations
• Standard contractual clauses or other approved transfer mechanisms
• Adequacy decisions recognized under applicable data protection laws
• Technical and organizational measures to protect data in transit and at rest

7.3 E-Commerce Platform Data

When you authorize integration with international e-commerce platforms (such as Amazon marketplaces in different regions), data may be transferred to those platforms' servers in various locations. These transfers are governed by the platforms' own privacy policies and data protection practices.

8. Data Security

We implement comprehensive technical, physical, and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.

8.1 Technical Security Measures

Encryption:

• Data in transit is encrypted using industry-standard TLS/SSL protocols
• Data at rest is encrypted using AES-256 encryption
• Database encryption and encrypted backups
• Secure password storage using bcrypt or similar hashing algorithms

Access Controls:

• Multi-factor authentication (MFA) for administrative access
• Role-based access control (RBAC) limiting data access to authorized personnel
• Regular access reviews and privilege management
• Secure API authentication using OAuth 2.0 and API keys

Network Security:

• Firewalls and intrusion detection/prevention systems
• DDoS protection and rate limiting
• Secure network architecture and segmentation
• Regular security monitoring and threat detection

Application Security:

• Secure coding practices and code reviews
• Regular security testing and vulnerability assessments
• Web application firewall (WAF)
• Protection against common vulnerabilities (SQL injection, XSS, CSRF)

8.2 Organizational Security Measures

Personnel Security:

• Background checks for employees with access to personal data (where legally permissible)
• Confidentiality agreements and data protection training
• Strict access control policies and least privilege principle
• Regular security awareness training

Incident Response:

• Security incident response plan and procedures
• Regular security audits and risk assessments
• Continuous monitoring and logging of system activities
• Breach notification procedures in compliance with applicable laws

Vendor Management:

• Due diligence and security assessments of third-party providers
• Data processing agreements with security obligations
• Regular vendor security reviews
• Clear data handling and retention requirements

8.3 Physical Security

Our data is hosted on AWS infrastructure in Singapore, which maintains:

• Physical access controls to data centers
• Environmental controls and redundancy
• 24/7 security monitoring
• Disaster recovery and business continuity measures

8.4 Limitations

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of personal data. In the event of a data breach affecting personal data, we will notify affected parties and relevant authorities in accordance with applicable data protection laws.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

9.1 Retention Periods

Active Account Data:

• Personal data associated with active accounts is retained for the duration of your relationship with Zeemarq and as long as your account remains active
• Business and transaction data is retained to provide ongoing Services and enable historical reporting

Transaction Records:

• Order, invoice, and payment records are retained for a minimum of seven (7) years to comply with accounting, tax, and financial regulatory requirements
• Transaction metadata may be retained longer for audit and compliance purposes

AI Chat Logs:

• AI chat interaction logs are retained for up to three (3) years for service improvement, support purposes, and AI model training
• Chat logs may be anonymized or aggregated for longer retention periods

Communication Data:

• Customer support communications are retained for three (3) years to maintain service quality and handle potential disputes
• Marketing communications and consent records are retained until you withdraw consent, plus a reasonable period to process and honor your request

Usage and Analytics Data:

• Server logs and usage analytics are typically retained for one (1) to two (2) years
• Aggregated, anonymized analytics data may be retained indefinitely

Deleted Account Data:

• When you close your account, we retain personal data for ninety (90) days to allow for account recovery or reactivation
• After the retention period, personal data is permanently deleted or anonymized, except for data we are legally required to retain
• Backup copies may persist for up to an additional ninety (90) days before automatic deletion

9.2 Legal and Compliance Requirements

We may retain personal data beyond the standard retention periods when:

• Required by applicable laws or regulations
• Necessary to comply with legal holds, ongoing investigations, or litigation
• Needed to enforce our rights or defend against legal claims
• Required to meet contractual obligations

9.3 Extended Retention

With your consent or as required by law, we may retain certain personal data for extended periods. For example:

• Historical business intelligence data for long-term trend analysis
• Anonymized or aggregated data for research and product development
• Records required for regulatory audits or investigations

10. Your Rights and Choices

We respect your privacy rights and provide you with control over your personal data. Depending on your jurisdiction, you may have the following rights:

10.1 Right to Access

You have the right to request access to the personal data we hold about you. Upon receiving a verifiable request, we will provide:

• Categories of personal data we collect
• Specific pieces of personal data we have collected
• Purposes for which we use your data
• Categories of third parties with whom we share data

10.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update most of your account information directly through your Zeemarq dashboard. For other corrections, please contact us at support@zeemarq.com.

10.3 Right to Deletion

You have the right to request deletion of your personal data, subject to certain legal exceptions. We will delete your data unless we need to retain it to:

• Complete a transaction or provide a service you requested
• Comply with legal obligations
• Detect and resolve security issues or fraud
• Exercise free speech rights or conduct research in the public interest
• Comply with existing legal claims or legal obligations

To request deletion, please contact support@zeemarq.com or use the account deletion feature in your dashboard.

10.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can export your data directly through your Zeemarq dashboard or request a data export by contacting support@zeemarq.com.

10.5 Right to Object

You have the right to object to processing of your personal data for:

• Direct marketing purposes (you may opt out at any time)
• Processing based on legitimate interests
• Automated decision-making (where applicable)

To exercise this right, contact support@zeemarq.com or use the opt-out mechanisms provided in our communications.

10.6 Right to Withdraw Consent

Where we process personal data based on your consent, you have the right to withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal. To withdraw consent, contact support@zeemarq.com.

10.7 Right to Restrict Processing

You may have the right to request restriction of processing of your personal data in certain circumstances, such as:

• While we verify the accuracy of personal data you have contested
• When processing is unlawful but you prefer restriction over deletion
• When we no longer need the data but you need it for legal claims
• While we verify your objection to processing

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore or other relevant supervisory authority if you believe we have violated your privacy rights. Contact details:

10.9 How to Exercise Your Rights

To exercise any of these rights, please:

• Email us at support@zeemarq.com or support-dpo@zeemarq.com
• Clearly identify yourself and specify the right you wish to exercise
• Provide sufficient information to verify your identity
• Specify which data or processing activities your request relates to

We will respond to verified requests within thirty (30) days, or as required by applicable law. If we need additional time, we will notify you of the extension and the reasons for it.

11. Marketing Communications and Opt-Out

11.1 Types of Marketing Communications

With your consent, we may send you:

• Product updates and new feature announcements
• Educational content, webinars, and training materials
• Industry news, best practices, and insights
• Promotional offers and special programs
• Event invitations and surveys

11.2 How to Opt Out

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us at support@zeemarq.com

Please note that even if you opt out of marketing communications, we will still send you:

• Transactional emails (order confirmations, delivery notifications, payment receipts)
• Service-related announcements (system maintenance, security alerts)
• Administrative messages (policy updates, account notifications)

11.3 Cookie Preferences

You can manage cookie preferences through:

• Your browser settings (most browsers allow you to refuse or delete cookies)
• Cookie consent banner on our website (for initial cookie preferences)
• Opting out of third-party analytics cookies through provider-specific opt-out mechanisms

Disabling certain cookies may affect the functionality of our Services.

12. Cookies and Tracking Technologies

12.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies (web beacons, pixels, local storage) to provide, secure, and improve our Services.

12.2 Types of Cookies We Use

Essential Cookies (Strictly Necessary):

These cookies are necessary for the Services to function and cannot be disabled. They include:

• Authentication cookies to maintain secure sessions
• Security cookies to protect against fraud and abuse
• Load balancing cookies to distribute traffic efficiently
• Cookies that remember your preferences during a session

Functional Cookies:

These cookies enable enhanced functionality and personalization:

• Remembering your language, region, and display preferences
• Storing your dashboard customization settings
• Recalling your recently viewed items or searches

Analytics and Performance Cookies:

These cookies help us understand how users interact with our Services:

• Google Analytics for usage statistics and user behavior
• Session recording and heatmap tools to improve user experience
• Performance monitoring to identify and fix technical issues

Marketing and Advertising Cookies:

With your consent, these cookies are used for marketing purposes:

• Tracking conversions from advertising campaigns
• Measuring the effectiveness of marketing efforts
• Retargeting and personalized advertising
• Social media integration and sharing functionality

12.3 Third-Party Cookies

Some cookies are placed by third-party services we use:

• Google Analytics for website analytics
• Advertising platforms (Google Ads, Facebook Pixel, LinkedIn Insight Tag) for remarketing
• Payment processors for transaction security
• Social media platforms for sharing and integration features

These third parties may collect information about your online activities across different websites. Review their privacy policies for details on their data practices.

12.4 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to:
  • View and delete existing cookies
  • Block third-party cookies
  • Block all cookies (may affect site functionality)
  • Receive notifications when cookies are set
  Consult your browser's help documentation for specific instructions.
• Cookie Consent Tools: You can manage non-essential cookies through our cookie consent banner when you first visit our website.
• Third-Party Opt-Outs:
  • Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
  • Network Advertising Initiative: https://optout.networkadvertising.org
  • Digital Advertising Alliance: https://optout.aboutads.info

12.5 Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals. We do not currently respond to DNT signals, but we provide you with control over cookies and tracking through the methods described above.

13. Third-Party Links and Services

13.1 Third-Party Websites

Our Services may contain links to third-party websites, including supplier websites, e-commerce platforms, and partner sites. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

13.2 E-Commerce Platform Integrations

When you integrate your Zeemarq account with third-party e-commerce platforms (Amazon, Shopify, Lazada, Shopee, TikTok Shop, WooCommerce), those platforms have their own privacy policies and data practices that are independent of Zeemarq. We recommend reviewing:

• Amazon: Amazon Services Business Solutions Agreement and Privacy Notice
• Shopify: Shopify Privacy Policy and API Terms of Service
• Lazada: Lazada Privacy Policy and Seller Terms
• Shopee: Shopee Privacy Policy and Seller Policies
• TikTok Shop: TikTok Shop Privacy Policy and Merchant Terms
• WooCommerce: WordPress.com Privacy Policy and WooCommerce Terms

13.3 Payment Processors

We use third-party payment processors (HitPay, Stripe, PayPal) to handle payment transactions. These processors have their own privacy policies:

• HitPay: https://www.hitpayapp.com/privacy
• Stripe: https://stripe.com/privacy
• PayPal: https://www.paypal.com/privacy

When you make a payment, you are subject to the privacy policy and terms of the payment processor you choose.

13.4 AI and Machine Learning Partners

We use Mixtrail and other AI/ML service providers to enhance our AI capabilities. These providers process data on our behalf in accordance with data processing agreements that require them to protect your data and use it only for authorized purposes.

14. Children's Privacy

Our Services are designed exclusively for businesses and their authorized personnel. We do not knowingly collect personal data from individuals under the age of 18. Our Services are B2B only and are not directed at children.

If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete such information promptly.

If you believe we may have collected information from a child, please contact us immediately at support@zeemarq.com.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, legal requirements, or for other operational, legal, or regulatory reasons.

15.1 Notification of Changes

When we make material changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email to the address associated with your account
• Display a prominent notice on our website or within our Services
• Request your consent where required by applicable law

15.2 Your Acceptance

Your continued use of our Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, please discontinue use of our Services and contact us to close your account.

15.3 Prior Versions

We will maintain prior versions of this Privacy Policy in our archives. If you would like to review a previous version, please contact support@zeemarq.com.

16. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection practices and ensure compliance with applicable privacy laws.

You may contact our DPO regarding:

• Questions about this Privacy Policy or our data practices
• Requests to exercise your privacy rights
• Data protection concerns or complaints
• Data breach notifications
• Guidance on privacy-related matters

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within five (5) business days. For requests to exercise your privacy rights, we will respond within thirty (30) days or as required by applicable law.

18. Specific Compliance Notes

18.1 Singapore Personal Data Protection Act (PDPA)

Zeemarq complies with Singapore's Personal Data Protection Act 2012 (PDPA) and follows the data protection obligations outlined by the Personal Data Protection Commission (PDPC). We:

• Collect personal data with consent or as permitted by law
• Use personal data only for purposes that have been disclosed
• Ensure personal data is accurate and complete
• Protect personal data with appropriate security measures
• Retain personal data only as long as necessary
• Provide individuals with access to and correction of their personal data

18.2 Amazon Marketplace Requirements

For Amazon seller and vendor data, we:

• Display our company details, contact information, and this Privacy Policy prominently
• Implement security measures to protect Amazon-sourced data
• Use Amazon data only for authorized purposes in accordance with Amazon's API License Agreement
• Do not share Amazon data with unauthorized third parties
• Comply with Amazon's data deletion and retention requirements

18.3 Shopify Platform Requirements

For Shopify merchant data, we:

• Comply with Shopify's API Terms of Service and Platform Policies
• Access store data only with proper authorization and for approved purposes
• Implement security standards required by Shopify
• Do not misuse or resell Shopify merchant data
• Honor merchant data deletion requests

18.4 Other E-Commerce Platforms

We comply with the data protection requirements, API terms, and platform policies of Lazada, Shopee, TikTok Shop, WooCommerce, and other integrated platforms. We access and use data from these platforms only as authorized and in accordance with their respective policies.

19. Additional Information

19.1 Automated Decision-Making

Our AI-driven chat and automation features may involve automated decision-making for purposes such as:

• Order routing and workflow automation
• Inventory recommendations and restocking suggestions
• Supplier selection based on predefined criteria
• Payment reconciliation and matching

These automated processes are designed to enhance efficiency and accuracy. Significant decisions affecting your business operations are subject to human review and oversight. You have the right to:

• Request human intervention in automated decisions
• Express your point of view regarding automated decisions
• Contest automated decisions that significantly affect you

19.2 Data Sharing for Business Purposes

We do not sell personal data. However, we may share personal data with service providers for business purposes as described in Section 6 of this Privacy Policy. In the past twelve (12) months, we have shared the following categories of personal data with service providers:

• Identifiers: Name, email address, business contact information, account credentials
• Commercial Information: Order history, transaction records, payment information, purchase patterns
• Internet/Electronic Activity: Usage data, browsing history, interaction with our Services
• Professional Information: Company name, job title, business role, business registration details
• Inferences: Preferences, behavior patterns, business intelligence derived from usage

Categories of service providers with whom we share data include:

• Cloud infrastructure providers (AWS)
• Payment processors (HitPay, Stripe, PayPal)
• AI and analytics services (Mixtrail, Google Analytics)
• E-commerce platform providers (Amazon, Shopify, Lazada, Shopee, TikTok Shop, WooCommerce)
• Email and communication service providers
• Customer support platforms

19.3 Cross-Border Business Operations

While our primary data processing occurs in Singapore, some of our business clients and their suppliers may operate across multiple countries within the APAC region. When you use our Services for cross-border procurement and supply chain management:

• Data may be accessed by authorized users in different countries where your business operates
• Supplier information may be shared across borders as necessary to facilitate transactions
• You are responsible for ensuring compliance with data protection laws applicable to your cross-border operations
• We provide tools and features to help you manage data flows in accordance with your legal obligations

19.4 Industry-Specific Considerations

Food and Beverage Industry:

Many of our clients operate in the food and beverage sector. We understand the unique requirements of this industry, including:

• Traceability and food safety documentation
• Temperature-controlled delivery tracking
• Regulatory compliance (e.g., AVA/SFA requirements in Singapore)
• Supplier certification and audit records

We handle this industry-specific data with appropriate security measures and in accordance with applicable food safety and supply chain regulations.

Multi-Location Business Operations:

For businesses operating multiple outlets or locations:

• Each location may have separate user accounts and access controls
• Consolidated reporting aggregates data across locations
• Centralized procurement data helps optimize supply chain efficiency
• Location-specific data can be isolated or shared based on your business structure

19.5 Data Accuracy and Quality

We take reasonable steps to ensure personal data is accurate, complete, and up-to-date. However, the accuracy of your data depends in part on the information you provide. You are responsible for:

• Providing accurate and truthful information
• Updating your account information when it changes
• Reviewing and verifying data imported from third-party platforms
• Ensuring that supplier and business partner information you enter is accurate

You can update most information directly through your Zeemarq dashboard. If you identify inaccuracies, please correct them promptly or contact support@zeemarq.com for assistance.

19.6 Account Security Responsibilities

While we implement robust security measures, account security is a shared responsibility. You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using strong, unique passwords
• Enabling multi-factor authentication (MFA) when available
• Limiting account access to authorized personnel only
• Promptly notifying us of any unauthorized access or security breaches
• Logging out of your account when using shared devices
• Keeping your devices and software up-to-date with security patches

19.7 Data Breach Notification

In the event of a data breach that affects personal data, we will:

• Investigate the incident promptly and thoroughly
• Take immediate steps to contain and remediate the breach
• Notify affected individuals without undue delay (within 72 hours where required by law)
• Notify the Personal Data Protection Commission (PDPC) and other relevant authorities as required
• Provide information about the nature of the breach, data affected, and steps being taken
• Offer guidance on measures individuals can take to protect themselves

You can report suspected security incidents or data breaches to support@zeemarq.com or support-dpo@zeemarq.com.

20. Definitions

To help you understand this Privacy Policy, here are definitions of key terms:

• Personal Data: Information that identifies, relates to, describes, or can be reasonably linked to you or your business, including but not limited to names, email addresses, business contact details, and transactional information.
• Processing: Any operation performed on personal data, including collection, recording, organization, storage, use, disclosure, deletion, or any other handling of information.
• Data Controller: The entity that determines the purposes and means of processing personal data. For most processing activities, your business organization (the Client) is the data controller, and Zeemarq acts as a data processor.
• Data Processor: An entity that processes personal data on behalf of a data controller. Zeemarq acts as a data processor when handling personal data on behalf of our business clients.
• Consent: Freely given, specific, informed, and unambiguous indication of your wishes by which you agree to the processing of your personal data.
• De-identification: The process of removing or modifying personal information so that it cannot be associated with a specific individual.
• Anonymization: The process of permanently and irreversibly altering personal data so that individuals can no longer be identified.
• Aggregated Data: Data that has been combined from multiple sources or individuals and presented in a summary form that does not identify specific individuals.
• Authorized User: An employee, contractor, or representative of a Client organization who is granted access to use the Zeemarq Services.
• Services: The Zeemarq ERP platform, AI-driven chat solutions, mobile applications, APIs, and all related features and functionality.

21. Jurisdiction-Specific Rights and Notices

21.1 Singapore Residents

Under Singapore's Personal Data Protection Act (PDPA), Singapore residents have specific rights regarding their personal data:

• Access and Correction: You have the right to request access to your personal data and request correction of inaccuracies. We will respond to access requests within thirty (30) days.
• Withdrawal of Consent: You may withdraw consent for the collection, use, or disclosure of your personal data at any time, subject to legal and contractual restrictions. Withdrawal of consent may affect our ability to provide Services to you.
• Data Portability: You have the right to receive your personal data in a structured, commonly used format and transmit it to another organization.
• Protection from Unauthorized Use: We are required to protect your personal data against unauthorized access, collection, use, disclosure, or similar risks.
• Complaints: If you believe your personal data has been mishandled, you may file a complaint with:

  Personal Data Protection Commission (PDPC)

  Email: info@pdpc.gov.sg

  Website: https://www.pdpc.gov.sg

  Phone: +65 6377 3131

21.2 Other APAC Jurisdictions

If you are located in other APAC jurisdictions (Malaysia, Thailand, Indonesia, Philippines, etc.), you may have additional rights under local data protection laws. We will comply with applicable local laws when processing your personal data. Contact support-dpo@zeemarq.com for information specific to your jurisdiction.

22. Business Client Responsibilities

22.1 Data Controller Obligations

When your organization uses Zeemarq Services, your organization typically acts as the data controller for personal data of your employees and business contacts. As a data controller, you are responsible for:

• Obtaining necessary consents from your employees and Authorized Users
• Providing privacy notices to individuals whose data you process through our Services
• Ensuring lawful bases for processing personal data
• Implementing appropriate data protection policies
• Responding to data subject requests from your employees
• Complying with applicable data protection laws in your jurisdiction
• Ensuring data you share with us is collected lawfully

22.2 Data Processing Agreement

For business clients who require a formal Data Processing Agreement (DPA) or Data Processing Addendum, please contact support@zeemarq.com. Our DPA addresses:

• Roles and responsibilities of data controller and processor
• Permitted processing activities and purposes
• Security measures and safeguards
• Sub-processor arrangements
• Data breach notification procedures
• Data subject rights assistance
• Data transfer mechanisms
• Audit rights and compliance verification

22.3 User Authorization and Access Management

Business clients are responsible for:

• Determining which employees should have access to Zeemarq Services
• Assigning appropriate roles and permissions to Authorized Users
• Regularly reviewing and updating user access rights
• Promptly revoking access when employees leave or change roles
• Monitoring user activity for unauthorized or inappropriate use
• Training employees on proper use of the Services and data protection practices

23. Data Minimization and Purpose Limitation

We adhere to the principles of data minimization and purpose limitation:

Data Minimization:

• We collect only personal data that is necessary for the purposes identified in this Privacy Policy
• We avoid collecting excessive or irrelevant information
• We regularly review data collection practices to ensure necessity
• We provide options to limit data collection where appropriate

Purpose Limitation:

• We use personal data only for the purposes for which it was collected or compatible purposes
• We do not use personal data for unrelated purposes without obtaining consent
• We clearly communicate purposes of data processing at the time of collection
• We do not repurpose data in ways that would surprise or concern users

24. Privacy by Design

We incorporate privacy considerations into our product development and business processes through privacy by design principles:

• Proactive Approach: We anticipate and prevent privacy issues before they occur
• Privacy as Default: Privacy-protective settings are the default configuration
• Privacy Embedded: Privacy is integrated into system design and business practices
• Full Functionality: We achieve privacy without sacrificing functionality
• End-to-End Security: Security measures protect data throughout its lifecycle
• Visibility and Transparency: We operate openly and provide clear information about our practices
• User-Centric: We prioritize user privacy and provide meaningful control over personal data

25. Accountability and Governance

25.1 Privacy Governance

Zeemarq maintains a privacy governance framework that includes:

• Regular privacy impact assessments for new features and services
• Privacy training for employees handling personal data
• Privacy incident response and management procedures
• Ongoing monitoring and auditing of data protection practices
• Vendor management and third-party risk assessment
• Documentation of data processing activities and compliance measures

25.2 Compliance Monitoring

We continuously monitor compliance with this Privacy Policy and applicable laws through:

• Internal audits and reviews
• Third-party security assessments and penetration testing
• Monitoring of regulatory developments and guidance
• Regular updates to policies and procedures
• Incident tracking and remediation
• Performance metrics and accountability measures

25.3 Transparency Reports

Upon request, we can provide information about:

• Types of data requests received from government authorities
• Our responses to such requests
• Data breach incidents and resolutions
• Compliance certifications and audit results

Contact support-dpo@zeemarq.com for transparency-related inquiries.

26. Specific Service Features and Privacy

26.1 AI Chat Functionality

Our AI-driven chat feature processes your queries and commands to provide intelligent assistance. Please note:

• Chat interactions are logged and may be used to improve AI performance
• Sensitive business information shared in chat is protected with the same security measures as other data
• You should not share highly confidential or sensitive personal information in chat unless necessary
• Chat logs are retained as specified in Section 9 (Data Retention)
• You can request deletion of chat logs by contacting support@zeemarq.com

26.2 Supplier and Vendor Data

When you add supplier and vendor information to Zeemarq:

• You are responsible for ensuring you have the right to share this information
• Supplier data is used to facilitate procurement and supply chain management
• We may contact suppliers on your behalf as part of our Services
• Suppliers may receive notifications and communications through our platform
• You control which team members can access supplier information

26.3 Multi-Tenant Environment

Zeemarq operates a multi-tenant platform where multiple client organizations use shared infrastructure:

• Each client's data is logically separated and isolated
• Access controls prevent unauthorized access between tenants
• Client data is not shared with other clients unless explicitly authorized (e.g., for supplier collaboration)
• We implement robust security measures to maintain data isolation

26.4 API Access and Integrations

When you use our APIs or integrate third-party applications:

• API access is controlled through secure authentication mechanisms
• You are responsible for securing your API credentials
• Third-party applications you authorize may have access to your data according to the permissions you grant
• Review and revoke API access regularly for applications you no longer use
• We are not responsible for third-party applications' data practices

27. Regional and Cultural Considerations

As a Singapore-based company serving the APAC region, we recognize and respect:

• Cultural differences in privacy expectations and preferences
• Diverse regulatory environments across jurisdictions
• Language and communication preferences of our users
• Business practices and customs specific to different markets
• Local holidays, business hours, and support availability

We strive to provide Services that are culturally appropriate and compliant with local regulations throughout the APAC region.

28. Educational Resources

We are committed to helping our users understand and protect their privacy. We provide:

• Privacy and security best practices documentation
• Training materials for Authorized Users
• Regular updates on privacy and security topics
• Guidance on compliance with data protection laws
• Resources for implementing privacy-protective business practices

Visit https://zeemarq.com or contact support@zeemarq.com for access to educational resources.

29. Effective Date and Version History

• Current Version: 1.0
• Effective Date: November 7, 2025
• Last Updated: November 7, 2025

This is the initial version of our Privacy Policy. Future updates will be documented with version numbers and effective dates.

30. Entire Agreement

This Privacy Policy, together with our Terms of Service and any applicable Data Processing Agreement, constitutes the entire agreement between you and Zeemarq regarding the processing of personal data. In case of conflict between this Privacy Policy and other agreements, the terms of the Data Processing Agreement (if applicable) shall prevail with respect to data processing matters.