Privacy Policy

Effective Date: 20 June 2026

This Privacy Policy describes how FEHA International Consulting B.V. (Netherlands) and FEHA Assurtech Pte. Ltd. (Singapore) (collectively, "FEHA," "we," "us," or "our") collect, use, and disclose personal data when you use the FEHA.io services ("Service").

1. Scope and Governing Data Controller

1.1. Applicability: This Policy applies to all users of our Service. The specific legal entity responsible for processing your personal data (the Data Controller/Organization) is determined by the entity with which your organization enters into a formal Agreement, as detailed below.

1.2. Governing Law: The processing of your personal data will be governed primarily by the laws of the jurisdiction of your contracting entity.

Contracting Entity (Controller)	Primary Jurisdiction	Applicable Regulations
FEHA International Consulting B.V.	The Netherlands / European Union	General Data Protection Regulation (GDPR)
FEHA Assurtech Pte. Ltd.	Singapore	Personal Data Protection Act (PDPA)

2. Information Collection

We may collect personal data directly from you or through automated means:

2.1. Personal Information Provided by You: This includes identity and contact data such as your name, job title, and email address provided when you register for the Service, request a demo, or contact support.

2.2. Service Usage Data (Log Data): When you access the Service, we automatically collect information sent by your browser, including your computer’s Internet Protocol ("IP") address, browser type and version, the pages of our Service that you visit, the time and date of your visit, and other statistics. 2.3. Cookies and Tracking Technologies: We utilize "cookies" to enhance and optimize the Service. You have the option to accept or refuse these cookies, although refusal may limit the functionality of certain service features.

2.3. Data Minimization and Sensitive Personal Data: FEHA is committed to data minimization and only collects personal data necessary to provide and improve the Service. FEHA does not intentionally collect or process special categories of personal data or sensitive personal data, including but not limited to: Health or medical information;

Biometric or genetic data;

Information relating to disabilities;

Racial or ethnic origin;

Political opinions;

Religious or philosophical beliefs;

Sexual orientation; or

Children's personal data.

2.4. Accuracy and Completeness of Personal Data: FEHA takes reasonable steps to ensure that personal data processed through the Service is accurate, complete, and up to date, where necessary for the purposes for which it is used. Users are encouraged to notify FEHA of any changes or inaccuracies relating to their personal data.

2.5. Consequences of Not Providing Personal Data: Where certain personal data is required for FEHA to provide the Service, support requests, or fulfill contractual or legal obligations, failure to provide such information may result in FEHA being unable to:

Provide or maintain access to certain Service features;

Respond to inquiries or support requests;

Complete onboarding or account registration processes; or

Fulfill contractual obligations.

‍

3. Basis for Processing (Applicable by Jurisdiction)

We process your personal data under the following legal bases:

FEHA International Consulting B.V. (GDPR)	FEHA Assurtech Pte. Ltd. (PDPA)
Contractual Necessity: To perform our Service obligations to you. Legal Obligation: To comply with applicable legal requirements. Legitimate Interest: For business improvement, security, fraud prevention, and direct marketing where consent is not required.	Consent: Your explicit consent to use the Service. Legitimate Interest: For operational efficiency and security. Contractual Necessity: To fulfill obligations under the contract.

4. Use of Data, AI Models, and Sub-Processors

4.1. Purpose of Use: The collected personal data is used exclusively for the following purposes: (i) To provide, operate, and maintain the Service and the Platform. (ii) To notify you about changes to our Service. (iii) To provide customer support and respond to inquiries. (iv) To improve the Service, including analysis of usage patterns. (v) To comply with legal obligations.

4.2. Commitment Regarding AI Model Training: Our Service utilizes proprietary AI models (derived from open-source LLMs hosted and managed by FEHA) and third-party AI models (including those based on Gemini technology). FEHA explicitly commits that it will not use Client data, including any Personal Data or Confidential Information, for the purpose of training or enhancing any external or internal artificial intelligence (AI) or machine learning models.

4.3. Third-Party AI Models and Sub-Processing: When we utilize third-party AI models (e.g., Gemini) to provide Service functionality, this necessitates the transmission of data to the third-party provider. The third-party provider acts as a sub-processor to FEHA. We commit to selecting sub-processors that maintain a high standard of data security and privacy. Further details regarding the security measures and privacy terms applicable to data processed by the Gemini model are available directly from the third-party provider's official documentation.

4.4 Google APIs and Google User Data: When FEHA integrates with Google APIs or Google Cloud services to provide specific Service functionality, access to Google user data is limited to the minimum data and scopes required for that functionality and is only performed with the user’s explicit authorization. FEHA’s use of data received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used solely to provide the requested Service features, is not used for advertising or profiling, is not shared except as necessary to deliver the Service or comply with legal obligations and is not used to train or improve AI or machine learning models. Where applicable, Google acts as a sub-processor, and FEHA ensures appropriate contractual, technical, and organizational safeguards are in place to protect such data.

4.5. Automated Decision-Making and AI-Assisted Processing: FEHA may utilize artificial intelligence ("AI") systems to assist in generating drafts, recommendations, summaries, analyses, or operational outputs within the Service. However, FEHA does not use solely automated decision-making or profiling processes that produce legal or similarly significant effects on users. AI-generated outputs are intended to support human review and are subject to oversight, validation, and approval by FEHA personnel or authorized users before reliance or implementation.

5. Disclosure and Sharing of Data

5.1. Service Providers and Sub-Processors: We engage third-party companies and individuals to facilitate our Service ("Service Providers"). These third parties are granted access to your personal data only to perform tasks on our behalf and are contractually obligated not to disclose or use the information for any other purpose.

5.2. Legal Requirements: We may disclose your personal data in the good faith belief that such action is necessary to: Comply with a legal obligation (e.g., a court order). Protect and defend the rights or property of FEHA. Prevent or investigate possible wrongdoing in connection with the Service.

5.3. Marketing Communications and Singapore Do Not Call (DNC) Compliance: Where FEHA sends marketing or promotional communications, FEHA will do so in compliance with applicable laws and regulations, including the Singapore Personal Data Protection Act (PDPA) and the Do Not Call (DNC) provisions where applicable. Users may opt out of receiving marketing communications at any time through the unsubscribe mechanism included in such communications or by contacting FEHA directly.

6. Data Security

We employ commercially acceptable technical and organizational measures to protect your personal data. However, as no method of transmission over the Internet or electronic storage is entirely secure, we cannot guarantee the absolute security of your data.

6.1. Data Retention: FEHA retains personal data only for as long as necessary to fulfill the purposes for which the data was collected, including operational, contractual, legal, security, audit, and regulatory purposes.

Retention periods are determined based on:

The nature and sensitivity of the personal data;

Legal and regulatory obligations;

Contractual requirements;

Operational and security needs; and

Applicable limitation periods and dispute resolution requirements.

When personal data is no longer required, FEHA will securely delete, anonymize, or dispose of the information in accordance with applicable laws and internal data retention policies.

6.2. Personal Data Breach Management and Notification: FEHA maintains internal procedures for identifying, assessing, containing, investigating, and responding to actual or suspected personal data breaches. Where required under applicable laws, including the GDPR and Singapore PDPA, FEHA will notify the relevant supervisory authority and/or affected individuals within legally required timeframes where a breach is assessed to pose a risk of harm to individuals or involves notifiable data breach threshold. FEHA will also take reasonable steps to mitigate the effects of any confirmed breach and implement corrective actions to reduce the likelihood of recurrence.

‍

7. Data Subject Rights

Depending on your contracting entity (see Section 1), you may possess the following data protection rights:

FEHA International Consulting B.V. (GDPR)	FEHA Assurtech Pte. Ltd. (PDPA)
Right of Access: To obtain copies of your data. Right to Rectification: To correct inaccurate or incomplete data. Right to Erasure ("Right to be Forgotten"): To request deletion of data under certain conditions. Right to Restrict Processing: To limit how your data is processed. Right to Data Portability: To transfer your data to another controller. Right to Object: To object to processing based on legitimate interest or for direct marketing.	Right of Access: To access personal data records. Right to Correction: To correct errors or omissions in data. Right to Withdraw Consent: To withdraw consent to the collection, use, or disclosure of data. Right to Access & Correction Fees: May be subject to reasonable administrative charges for fulfilling access/correction requests.

FEHA International Consulting B.V. (GDPR)

FEHA Assurtech Pte. Ltd. (PDPA)

Right of Access: To obtain copies of your data.
Right to Rectification: To correct inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): To request deletion of data under certain conditions.
Right to Restrict Processing: To limit how your data is processed.
Right to Data Portability: To transfer your data to another controller.
Right to Object: To object to processing based on legitimate interest or for direct marketing.

Right of Access: To access personal data records.
Right to Correction: To correct errors or omissions in data.
Right to Withdraw Consent: To withdraw consent to the collection, use, or disclosure of data.
Right to Access & Correction Fees: May be subject to reasonable administrative charges for fulfilling access/correction requests.

8. International Data Transfers

When transferring data across international borders (e.g., from the EU to Singapore, or vice versa), we ensure that appropriate safeguards are implemented, such as standard contractual clauses (SCCs) or other mechanisms recognized by the governing jurisdiction, to maintain the protection of your data.

9. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy periodically. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" date at the top of this Policy.

10. Contact Us

For any questions or suggestions concerning this Privacy Policy, please contact us:

Privacy Contact / Data Protection Representative:

Henry Kevin (DPO)

Email: contact@feha.io