Privacy Policy

This Privacy Policy explains how Tyto AI Labs Pte. Ltd., doing business as PropPal CRM ("PropPal", "we", "us" or "our"), collects, uses, discloses, stores, and otherwise processes personal data in connection with PropPal CRM's application, website, and related services (the "Service").

This Privacy Policy forms part of our Terms of Service. If there is any conflict between this Privacy Policy and the Terms of Service, the Terms of Service prevail.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of this Privacy Policy

1.1 This Privacy Policy applies to personal data processed by PropPal in connection with the Service, including personal data relating to:

1. our business users;
2. individuals whose information is contained in data uploaded, synced, or otherwise processed through the Service; and
3. individuals who contact us for support, billing, legal, or account-related matters.

1.2 The Service is offered from Singapore and may be accessible internationally. If you access or use the Service from outside Singapore, you acknowledge that your personal data may be processed in Singapore and other countries where we or our service providers operate.

1.3 The Service is intended only for business users who are property agents and is not intended for consumer use.

2. Our data protection roles

2.1 In many cases, PropPal acts as an organisation under the Singapore Personal Data Protection Act 2012 ("PDPA") or as a controller under analogous laws when we process personal data for our own business purposes, such as account administration, billing, support, security, and compliance.

2.2 In relation to personal data contained in user content that you ask us to process through the Service, including WhatsApp conversation history, contact records, and CRM content, PropPal generally acts as a data intermediary under the PDPA, or as a processor / service provider under analogous laws, on your behalf and for your purposes.

2.3 Where PropPal acts as a data intermediary / processor, you remain responsible for determining the purposes and means of processing, providing required notices, obtaining required consents or other permissions, and ensuring that your use of the Service is lawful.

3. Personal data we collect

Depending on how the Service is used, we may collect and process the following categories of personal data:

3.1 Account and profile data

1. phone number;
2. business identity or profile information you provide to us; and
3. other account details you submit in connection with onboarding, verification, support, or account administration.

3.2 Communications and CRM data

1. WhatsApp messages and chat contents made available through your connection to the Service;
2. Contact names and phone numbers;
3. CRM records, notes, fields, labels, or similar data you choose to store in the Service; and
4. AI-generated summaries, extracted fields, suggested replies, drafts, and related outputs stored in the Service.

3.3 Billing and payment data

1. billing contact details;
2. subscription plan, billing status, invoices, payment confirmations, and transaction records; and
3. payment-related information made available to us by Stripe or equivalent third-party payment processors, to the extent necessary to process subscriptions, administer billing, issue refunds, and maintain related financial records.

3.4 Support and account communications

Information you provide when you contact us for support, submit a deletion request, request assistance, or otherwise communicate with us.

3.5 We do not intentionally request or require highly sensitive credentials such as banking passwords, payment card CVVs, or one-time passwords, and you must not upload or provide such information through the Service.

4. How we collect personal data

4.1 We collect personal data directly from you when you:

1. sign up for or use the Service;
2. connect your WhatsApp account or otherwise enable integrations;
3. upload, input, sync, or store information in the Service;
4. subscribe, pay, request refunds, or manage billing; or
5. contact us for support or legal or privacy matters.

4.2 We collect personal data automatically from data that you choose to process through the Service, including communications and contact records made available through your use of WhatsApp connectivity and CRM features.

4.3 We may receive personal data from third parties where necessary to provide the Service, including payment processors, hosting providers, database providers, AI service providers, and other service providers acting on our instructions or on your instructions.

5. How we use personal data

We may collect, use, disclose, and otherwise process personal data for the following purposes, as applicable and permitted by law:

5.1 to provide, operate, host, maintain, support, secure, troubleshoot, and improve the Service;

5.2 to connect and maintain your WhatsApp session and to ingest, organise, search, summarise, and draft content based on communications processed through the Service;

5.3 to generate AI-assisted outputs such as summaries, extracted fields, suggested replies, and drafts;

5.4 to create, store, display, and manage CRM records and related account data;

5.5 to process subscriptions, payments, renewals, refunds, invoices, and other billing or tax-related matters;

5.6 to respond to support requests, deletion requests, and other account or operational enquiries;

5.7 to detect, investigate, prevent, or address fraud, abuse, misuse, unauthorised access, security incidents, and other harmful or unlawful activity;

5.8 to enforce our Terms of Service and other policies, establish or defend legal claims, and comply with applicable law, lawful requests, or regulatory obligations;

5.9 to generate aggregated or de-identified insights that do not identify you or any individual; and

5.10 for other purposes disclosed to you at the time of collection or otherwise permitted by applicable law.

6. AI features and OpenAI

6.1 The Service may use artificial intelligence to generate summaries, extracted fields, suggested replies, drafts, and related outputs.

6.2 To provide these AI features, PropPal may transmit relevant WhatsApp message content and related prompt context to third-party AI service providers, including OpenAI.

6.3 AI-generated outputs may be stored within the Service as part of your CRM records or workflow history.

6.4 Unless expressly stated otherwise in writing, PropPal does not use your user content to train general-purpose artificial intelligence models for the benefit of other customers or third parties.

6.5 AI output may be inaccurate, incomplete, misleading, or inappropriate. You remain responsible for reviewing and verifying AI outputs before relying on them or sending them to any person.

7. Legal bases and permissions

7.1 Where required by applicable law, we process personal data based on one or more of the following:

1. your consent or deemed consent;
2. the necessity to provide the Service or perform our contract with you;
3. our legitimate business interests, where recognised by law and not overridden by applicable rights;
4. compliance with legal or regulatory obligations; or
5. another basis permitted by applicable law.

7.2 You represent that you have all rights, authority, notices, permissions, and consents required to provide personal data to PropPal and to instruct PropPal to process that personal data through the Service, including where the data relates to your clients, leads, prospects, tenants, landlords, buyers, sellers, or other third parties.

8. Disclosure of personal data

8.1 We may disclose personal data to the following categories of recipients where reasonably necessary to provide the Service or comply with law:

1. service providers and subprocessors, including hosting providers, database providers, AI providers, and other vendors that help us provide, support, secure, or improve the Service;
2. payment processors and billing service providers, to the extent necessary to process subscriptions, payments, refunds, invoices, and related financial administration;
3. professional advisers, such as lawyers, accountants, auditors, insurers, and consultants, where reasonably necessary for legal, tax, compliance, or business purposes;
4. regulators, law enforcement, courts, and public authorities, where required by applicable law, legal process, or lawful request, or where reasonably necessary to protect rights, safety, security, or property;
5. transaction counterparties, where disclosure is reasonably necessary in connection with a merger, acquisition, financing, reorganisation, sale of assets, or similar corporate transaction; and
6. other recipients where you direct us to disclose personal data or where disclosure is otherwise permitted by applicable law.

8.2 We do not currently use personal data to send promotional marketing communications about PropPal CRM. We may, however, send service-related, billing-related, support-related, legal, or operational communications.

9. Cross-border transfers

9.1 Personal data may be processed, stored, backed up, or accessed in Singapore and in other countries where PropPal or its service providers operate.

9.2 Where we transfer personal data outside Singapore and the PDPA applies, we will take steps intended to ensure that the transferred personal data receives a standard of protection that is comparable to the protection required under the PDPA, including by relying on contractual or other legally recognised safeguards where appropriate.

9.3 By using the Service and providing or instructing us to process personal data through the Service, you acknowledge and instruct us to make cross-border transfers that are reasonably necessary to provide the Service.

10. Retention

10.1 We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, or as required or permitted by applicable law.

10.2 Upon a valid written deletion request sent to support@proppalcrm.com from the email associated with the account, and after verification, we will use commercially reasonable efforts to delete or de-identify relevant user content from active systems within 30 calendar days.

10.3 Residual copies may persist in backups for a limited period and will be overwritten in accordance with backup cycles, unless earlier removal is required by law.

10.4 We may retain personal data for longer where necessary for legal, regulatory, tax, billing, fraud prevention, dispute resolution, security, accounting, or enforcement purposes.

10.5 After cancellation or termination, we may delete or de-identify personal data in accordance with our retention practices, subject to applicable law and legitimate business needs.

11. Security

11.1 We implement reasonable technical and organisational measures intended to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks.

11.2 These measures may include encryption in transit using TLS / HTTPS, encryption of personal data at rest, access controls, authentication measures, and other safeguards appropriate to the nature of the Service.

11.3 No method of transmission over the internet, and no method of electronic storage, is completely secure. Accordingly, we do not guarantee that unauthorised access, loss, corruption, or disclosure will never occur.

11.4 You are responsible for maintaining the security of your own devices, credentials, systems, and integrations, and for using the Service in a secure and lawful manner.

12. Your rights and choices

12.1 Subject to applicable law and applicable exceptions, you may request:

1. access to personal data we hold about you;
2. correction of inaccurate or incomplete personal data;
3. withdrawal of consent where our processing is based on consent;
4. deletion of personal data; and
5. information about how your personal data has been used or disclosed, where applicable.

12.2 You may also disconnect your WhatsApp connection through the Service where that feature is available.

12.3 To make a privacy, access, correction, withdrawal, or deletion request, please contact support@proppalcrm.com. We may request information reasonably necessary to verify your identity, authority, and the scope of your request.

12.4 Withdrawal of consent, deletion, or disconnection may affect our ability to provide some or all of the Service.

12.5 Where PropPal processes personal data on behalf of a user as a data intermediary / processor, requests relating to that personal data may need to be directed first to the relevant user or organisation that controls the data. We may redirect, coordinate, or assist with such requests where appropriate and permitted.

12.6 If you are located in a jurisdiction that grants additional privacy rights, you may contact us and we will handle your request in accordance with applicable law.

13. Third-party platforms and external services

13.1 The Service may depend on or interact with third-party platforms, including WhatsApp. Those platforms are not controlled by PropPal, and their collection and processing of personal data are governed by their own terms and privacy policies.

13.2 PropPal is not affiliated with, endorsed by, or sponsored by WhatsApp or Meta.

13.3 We encourage you to review the privacy terms and policies of any third-party platform you use in connection with the Service.

14. Cookies and analytics

14.1 We do not currently use non-essential cookies or analytics tools on the Service.

14.2 If we introduce cookies, analytics, or similar tracking technologies in the future, we may update this Privacy Policy and, where required by applicable law, provide additional notice or obtain consent.

15. Children and minors

15.1 The Service is not intended for individuals under the age of 18, and we do not knowingly provide the Service to minors.

15.2 If you believe that a minor has provided personal data to us in violation of this Privacy Policy, please contact us at support@proppalcrm.com.

16. Changes to this Privacy Policy

16.1 We may update this Privacy Policy from time to time.

16.2 If we make changes that materially affect how we collect, use, or disclose personal data, we will provide notice, such as by email or in-app notification, and may require re-acceptance before continued use of the Service where appropriate.

16.3 The "Last updated" date at the top of this Privacy Policy indicates when this Privacy Policy was last revised.

17. Contact us

If you have questions, requests, or complaints relating to this Privacy Policy or our handling of personal data, please contact:

Tyto AI Labs Pte. Ltd.
doing business as PropPal CRM
Email: support@proppalcrm.com