regXperience
Sign In
← View short summary

RegXperience – Privacy Policy

Last Updated: 11/07/2025

This Privacy Policy explains how DeepDive Labs Pte. Ltd. (“DeepDive Labs,” “we,” “our,” or “us”) collects, uses, discloses, and protects personal data in connection with the RegXperience platform and related services (collectively, the “Services”).

By creating an account or using the Services, you (“Customer,” “User,” or “you”) consent to the practices described in this Policy. Capitalized terms not defined here have the meanings given in the Terms of Service.

1. Scope and Application

This Policy applies to all personal data processed by DeepDive Labs through the RegXperience platform, including:

  • Customer account information;
  • Personal data contained in Customer Content; and
  • Information collected automatically from use of the Services.

This Policy supplements but does not replace any mandatory rights you have under applicable law such as the Personal Data Protection Act 2012 (PDPA) or the EU General Data Protection Regulation (GDPR).

2. Personal Data We Collect

2.1 Information You Provide Directly

  • Account Information – name, email address, organization, and authentication credentials.
  • Billing Information – payment instrument details handled by our payment processor (we do not store full card numbers).
  • Uploaded Files and Documents – any regulatory, policy, or evidence documents you upload.
  • Support and Feedback – correspondence, chat transcripts, and survey responses.

2.2 Information Collected Automatically

  • Usage logs (IP address, browser type, device ID, pages visited, date and time).
  • Cookies and similar technologies for authentication and analytics.
  • Error logs and performance metrics for troubleshooting.

2.3 Information from Third Parties

  • Authentication providers (Google Workspace, Microsoft 365 sign-in).
  • AI or cloud service providers that process Customer Content for analysis.
  • Marketplace Contributors who make content available through the platform.

3. Purposes of Processing

We process personal data only for legitimate and proportionate purposes, including:

  1. Service Delivery – to operate, maintain, and improve the platform and perform contractual obligations.
  2. Account Management – to create, verify, and administer user accounts.
  3. AI Processing – to analyse uploaded documents and produce Derived Content as requested.
  4. Billing and Payment – to process transactions and issue receipts.
  5. Security and Fraud Prevention – to detect misuse, protect accounts, and enforce our Terms.
  6. Legal and Regulatory Compliance – to respond to lawful requests or obligations.
  7. Product Improvement – to compile anonymised or aggregated analytics that help refine algorithms and usability.
  8. Marketing and Communications – to send service announcements or optional updates (you may opt out at any time).

4. Legal Basis for Processing

Where the PDPA applies, processing is based on consent, contractual necessity, or legitimate interests balanced against user privacy. Where the GDPR applies, processing may rely on:

  • Contract performance
  • Legal obligation
  • Legitimate interest
  • Consent

5. Cookies and Tracking

We use essential session cookies for authentication and analytics cookies (e.g., Google Analytics) to understand usage trends. You can adjust browser settings to refuse cookies, but this may limit functionality.

6. How We Use AI and Third-Party Subprocessors

  1. Certain features send Customer Content to AI providers (e.g., OpenAI, Anthropic, AWS Bedrock) for text extraction or summarisation.
  2. Providers act as Subprocessors under written agreements prohibiting data reuse or model training.
  3. The active Subprocessor list is maintained at https://regxperience.tech/terms.
  4. You may opt out of AI processing where available; doing so may disable certain automated features.

7. Data Sharing and Disclosure

We share personal data only as necessary:

Recipient

Purpose

Service Providers & Subprocessors

Hosting, AI analysis, support, and billing.

Contributors (Marketplace)

Where you voluntarily purchase or access their templates.

Professional Advisors & Auditors

Legal, accounting, or compliance obligations.

Authorities or Courts

When legally required or to protect rights and safety.

Corporate Transactions

In the event of merger, acquisition, or sale of assets (with safeguards).

We do not sell personal data or permit advertising trackers on RegXperience.

8. International Data Transfers

  1. Data may be processed in Singapore, the EEA, the United States, or other jurisdictions where our Subprocessors operate.
  2. When transferring personal data internationally, we rely on contractual safeguards such as the EU Standard Contractual Clauses or equivalent PDPA-approved mechanisms.
  3. By using the Services, you consent to such transfers subject to these safeguards.

9. Data Retention

  1. Account data is retained while your subscription is active and deleted within 90 days of account closure unless legal obligations require longer retention.
  2. Uploaded documents and Derived Content are deleted promptly upon user request or at subscription expiry.
  3. Backups are securely purged on a rolling 30-day schedule.
  4. Aggregated or anonymised statistics may be retained indefinitely for service improvement.

10. Security Measures

We implement administrative, technical, and physical controls including:

  • TLS 1.2+ encryption in transit;
  • Role-based access controls;

No system is fully secure; you acknowledge and accept inherent risks of Internet transmission.

11. Your Rights

Subject to applicable law, you may:

  • Access personal data we hold about you;
  • Correct inaccuracies;
  • Request Deletion of personal data (subject to retention obligations);
  • Withdraw Consent where processing is based on consent;
  • Object to Processing for marketing or legitimate interests;
  • Request Data Portability in a structured, machine-readable format.

Requests can be submitted to hello@deepdivelabs.tec. We may require identity verification before acting.

12. Children’s Data

The Services are intended for professional use by adults. We do not knowingly collect personal data from individuals under 18 years of age. If we learn that such data has been collected, it will be deleted promptly.

13. Data Breach Notification

In the unlikely event of a personal-data breach likely to result in harm or risk to individuals, DeepDive Labs will:

  1. Notify affected customers and the Personal Data Protection Commission (PDPC) in accordance with PDPA requirements;
  2. Provide details of the breach, mitigation, and contact information; and
  3. Cooperate fully with regulatory authorities.

14. Third-Party Links

Our platform may contain links to third-party sites. DeepDive Labs is not responsible for their privacy practices or content. We encourage you to review those sites’ privacy policies before providing any personal data.

15. Marketplace Contributor Responsibilities

Contributors who process personal data through templates they upload act as independent data controllers for such content. DeepDive Labs processes related purchaser information only as a facilitator and is not responsible for Contributors’ privacy practices.

16. Corporate and Legal Disclosures

We may disclose data:

  • To comply with lawful requests from authorities;
  • To enforce our Terms of Service or protect our rights; or
  • In connection with merger, financing, or sale of business, provided recipients are bound by confidentiality obligations.

17. Retention of Communications

Support requests, invoices, and transactional emails may be retained for audit and compliance purposes for up to seven (7) years, consistent with Singapore accounting and tax requirements.

18. Changes to This Policy

We may amend this Policy from time to time. The effective version will always appear at https://regxperience.tech/privacy with a revised “Last Updated” date. Material changes will be notified through the platform or by email at least seven (7) days before taking effect. Your continued use after that date signifies acceptance.

19. Contact and Data-Protection Officer

For any privacy-related inquiries or to exercise your rights:

Data Protection Officer (DPO) DeepDive Labs Pte. Ltd. [Insert registered Singapore address] Email: hello@deepdivelabs.tec

If unresolved, you may contact the Personal Data Protection Commission (PDPC Singapore) or, where applicable, your local supervisory authority.

20. Governing Law and Dispute Resolution

This Policy is governed by the laws of the Republic of Singapore. Any dispute arising from or relating to this Policy shall be resolved by arbitration under the Singapore International Arbitration Centre (SIAC) Rules, seat Singapore, language English.

Summary of Safeguards

  • Full PDPA and GDPR alignment.
  • Transparent AI processing with opt-out.
  • Strong encryption and access controls.
  • User rights clearly defined and supported.
  • 90-day deletion window on termination.
← View short summaryBack to Home