Privacy Policy

Effective date: 1st January 2026

This Privacy Policy explains how TrueDigi, operated by Datacultr Fintech Limited ("TrueDigi", "we", "us", "our"), collects, uses, discloses, and protects information when you:

1. visit our website truedigi.ai (the "Site");
2. request a demo or contact us; and/or
3. access and use our AI-powered engagement platform, including our software, SDKs, APIs, dashboards, and related services (the "Platform" / "Services").

1) Roles: when we are a Controller vs. a Processor

A. Website visitors and business contacts: TrueDigi acts as a data controller for personal data collected via the Site (e.g., demo requests, contact forms, sales inquiries), and for limited business administration and security purposes.

B. End-customer data processed for our enterprise clients: When regulated lenders, banks, fintechs, telcos, or utilities (each a "Client") use TrueDigi to engage with their customers, TrueDigi typically processes personal data on behalf of the Client as a processor/service provider, under the Client's instructions and under a Data Processing Agreement (DPA). In these cases, the Client is the controller/data fiduciary responsible for providing notices to end-users and handling most rights requests.

Important: If you are an end-customer of a bank/lender/organization using TrueDigi and you want to exercise your privacy rights, you should generally contact that organization first (see Section 10).

2) Information we collect

Depending on how you interact with us, we may collect the following categories:

A. Information you provide

• Business contact details: name, work email, company, job title, phone number, country/city, and communications with us (e.g., sales/support).
• Account information (Platform users): login credentials and profile details for authorized users of Client accounts (e.g., administrators, agents).
• Demo or inquiry details: information submitted via Site forms (e.g., use case, volume, requirements).

B. Information collected automatically

• Device and usage data: IP address, browser type, device identifiers, pages viewed, timestamps, referring pages, and interactions with emails (open/click events where enabled).
• Log files: standard server logs used for security, troubleshooting, and analytics.
• Cookies / similar technologies: as described in Section 6.

C. Information we receive from others

• Clients and partners: where you are a Platform user provisioned by a Client, or where partners refer business inquiries.

3) How we use personal data

Where TrueDigi acts as a controller (notably for the Site and business contacts), we use personal data to:

• operate and secure the Site and Services;
• respond to inquiries and provide demos, proposals, and support;
• manage our relationship with prospective/current clients (sales, contracting, billing administration);
• analyze usage and improve the Site/Services;
• comply with legal obligations and enforce our rights.

Marketing communications: where permitted by law, we may send product/service updates. You can opt out at any time using the unsubscribe mechanism or by contacting us.

4) How we process data for Clients

When we process personal data on behalf of a Client (processor/service provider role), we process such data only:

• to provide the Services and perform the agreement with the Client;
• according to the Client's documented instructions; and
• as otherwise required by applicable law.

5) Legal bases

Depending on applicable law and context, we rely on one or more of the following:

• Contract: to provide the Site/Services you request or administer Platform access.
• Legitimate interests: e.g., securing and improving the Site/Services, preventing fraud, business communications (balanced against your rights).
• Consent: e.g., where required for certain cookies/marketing in specific jurisdictions.
• Legal obligation: compliance, lawful requests, and regulatory requirements.

6) Cookies and analytics

We use cookies and similar technologies for:

• essential Site functionality and security;
• preferences;
• analytics and performance measurement; and
• (where enabled) marketing measurement.

Our current stack may include analytics and crash/logging tools (e.g., Google Analytics and Firebase or equivalent) to understand Site/app performance and improve reliability. You can manage cookies via your browser settings, and (where implemented) via our cookie banner/preferences tool.

7) Sharing and disclosures

We may share personal data with:

• Service providers / subprocessors: hosting, security, analytics, communications, customer support tooling, and similar vendors acting under contract and confidentiality obligations.
• Our corporate group: for internal administration, security, and business operations.
• Clients: to provide the Services and support the Client's instructions.
• Legal and regulatory recipients: if required by law, to protect rights/safety, investigate fraud, or respond to lawful requests.

We do not "sell" personal data in the ordinary commercial sense.

8) International data transfers

TrueDigi operates globally. Personal data may be processed in countries other than where you live (including where we, our Clients, or our service providers operate).

Where required by applicable law, we implement appropriate safeguards for cross-border transfers (e.g., contractual protections and security measures). In processor contexts, transfer mechanisms may also be governed by the Client's DPA and instructions.

9) Data retention

We retain personal data only as long as necessary for the purposes described in this Policy, including:

• duration of the business relationship and account access;
• support, audit, and security needs; and
• legal/regulatory retention and dispute resolution.

In processor contexts, retention and deletion are governed by the Client contract/DPA and Client instructions, subject to law.

10) Your privacy rights

Depending on your jurisdiction, you may have rights such as:

• access, correction, deletion;
• withdrawal of consent (where processing is based on consent);
• restriction, objection, portability (where applicable);
• grievance/complaint rights with a supervisory authority.

End-customers of our Clients: If your data relates to a bank/lender/organization using TrueDigi, your request will generally be handled by that organization (the controller/data fiduciary). We may redirect your request accordingly.

How to contact us for rights requests: Email: privacy@truedigi.ai

Please include enough information for us to verify your identity and locate relevant records. We may request additional information proportionate to the request.

11) Security

We maintain technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. However, no security system is perfect, and we cannot guarantee absolute security.

12) Children / minors

Our Site and Services are not intended for individuals under 18, and we do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate steps.

13) Third-party sites and services

The Site or Services may link to third-party sites or include third-party features. Their privacy practices are governed by their own policies, and we are not responsible for third-party practices.

14) Changes to this Policy

We may update this Policy from time to time. We will post the updated version on this page.

15) Contact us

For privacy questions or requests: privacy@truedigi.ai

This Privacy Policy was last revised on 21st January 2026.