Privacy Policy of Singularity.Inc

Last Updated: February 20, 2026

1. Introduction

Singularity.Inc ("we," "us," or "our") is committed to protecting the privacy and personal data of visitors to our website and users of our services. This Privacy Policy explains how we collect, use, store, and share personal data in connection with our website (including our AI chatbot), our consulting services, and our AI solutions development services. Given that our partners and shareholders are based in Austria, Germany, and Switzerland, we process personal data in compliance with the European Union General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR"), the Austrian Data Protection Act (Datenschutzgesetz, "DSG"), the German Federal Data Protection Act (Bundesdatenschutzgesetz, "BDSG"), and the Swiss Federal Act on Data Protection (Datenschutzgesetz, "nDSG"), as applicable. By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Controller and Contact Information

The data controller responsible for the processing of your personal data is Singularity.Inc. If you have any questions or concerns about this Privacy Policy or our data processing practices, you may contact us at:

Singularity.Inc Email: christian@singularity.inc Phone: +43 664 326 16 16

3. Categories of Personal Data We Collect

We may collect and process the following categories of personal data depending on the nature of your interaction with us:

Website Usage Data. When you visit our website, we automatically collect certain technical data, including your IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and other usage statistics. This data is collected through server log files and, where applicable, through cookies and similar tracking technologies.

Contact and Communication Data. When you contact us through our website, by email, or through other channels, we collect the information you provide, including your name, email address, phone number, company name, job title, and the content of your inquiry or message.

AI Chatbot Interaction Data. Our website features an AI-powered chatbot designed to assist visitors with inquiries about our services. When you interact with the chatbot, we collect and process the content of your conversations, including any personal data you voluntarily provide during the interaction. Chatbot interaction data may be logged and stored for quality assurance, service improvement, and training purposes.

Client and Business Partner Data. In connection with our consulting and AI solutions development services, we may collect professional and business-related data about our clients and business partners, including names, job titles, contact details, company information, contractual and billing data, and project-related correspondence.

Application and Recruitment Data. If you apply for a position with us, we collect the personal data included in your application materials, such as your name, contact details, resume, cover letter, and references.

4. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases under Article 6(1) of the GDPR:

Performance of a Contract (Article 6(1)(b) GDPR). We process personal data as necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. This includes providing our consulting and AI solutions development services, managing client relationships, and processing invoices and payments.

Legitimate Interests (Article 6(1)(f) GDPR). We process personal data where it is necessary for the purposes of our legitimate interests, provided that such interests are not overridden by your rights and freedoms. Our legitimate interests include operating and improving our website (including the AI chatbot), ensuring IT security, preventing fraud, conducting business analytics, and marketing our services to existing and prospective clients.

Consent (Article 6(1)(a) GDPR). Where required by law, we process certain personal data based on your freely given, specific, informed, and unambiguous consent. This applies, for example, to the use of non-essential cookies and certain direct marketing communications. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

Legal Obligation (Article 6(1)(c) GDPR). We process personal data where it is necessary for compliance with a legal obligation to which we are subject, including tax, accounting, and regulatory requirements under Austrian, German, Swiss, or EU law.

5. AI Chatbot — Specific Disclosures

Our website employs an AI chatbot to provide real-time assistance to visitors. The following specific disclosures apply to interactions with the chatbot:

Nature of the Chatbot. The chatbot is an automated system powered by artificial intelligence. It is not a human agent, and responses generated by the chatbot are produced algorithmically.

Data Collected. The chatbot collects and processes the text of your conversations, as well as associated metadata such as timestamps and session identifiers. You should avoid sharing sensitive personal data (such as financial account numbers, health information, or government-issued identification numbers) with the chatbot.

Purpose of Processing. Chatbot interaction data is processed for the purpose of responding to your inquiries, improving the quality and accuracy of the chatbot's responses, and enhancing the user experience on our website.

Data Retention. Chatbot interaction logs are retained for a period of 6 months following the date of the interaction, after which they are anonymized or deleted unless a longer retention period is required by law or for the establishment, exercise, or defense of legal claims.

Automated Decision-Making. The chatbot's responses constitute a form of automated processing. However, we do not use the chatbot for automated decision-making that produces legal effects or similarly significant effects on individuals within the meaning of Article 22 of the GDPR.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze website traffic, and support our marketing efforts. We distinguish between the following types of cookies:

Strictly Necessary Cookies. These cookies are essential for the functioning of the website and cannot be switched off. They are typically set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms.

Analytics and Performance Cookies. These cookies allow us to measure and analyze how visitors use our website so that we can improve its performance and content. We use Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), which sets cookies to help us understand how visitors interact with our website. These cookies are only set with your prior consent.

Marketing and Advertising Cookies. These cookies may be set through our website by advertising partners to build a profile of your interests and show you relevant advertisements on other sites. These cookies are only set with your prior consent.

You can manage your cookie preferences at any time through our cookie consent banner or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of the website.

6a. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies and similar technologies to collect and analyze information about the use of our website, including your IP address, browser type, pages visited, time spent on pages, and referral sources. We have enabled IP anonymization (anonymizeIp) on our website, which means that Google truncates your IP address within the European Economic Area or Switzerland before it is transmitted to Google servers in the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there.

Legal Basis. We use Google Analytics only with your prior consent pursuant to Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, "TDDDG"), as applicable. You may grant or withdraw your consent at any time through our cookie consent banner.

Data Transfers. Google may transfer analytics data to servers in the United States. Google LLC is certified under the EU-U.S. Data Privacy Framework, and we additionally rely on Standard Contractual Clauses as a supplementary transfer mechanism. For more information, please refer to Google's privacy policy at https://policies.google.com/privacy.

Opt-Out. In addition to managing your cookie preferences, you may prevent the collection of data by Google Analytics by installing the Google Analytics Opt-Out Browser Add-On, available at https://tools.google.com/dlpage/gaoptout.

Data Processing Agreement. We have entered into a data processing agreement with Google in accordance with Article 28 of the GDPR, under which Google is obligated to process data on our behalf and in accordance with our instructions.

7. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

Service Providers. We engage third-party service providers to perform functions on our behalf, including web hosting, IT support, cloud computing, analytics, email delivery, and customer relationship management. These providers process personal data only on our instructions and are bound by data processing agreements in accordance with Article 28 of the GDPR.

Cloud Service Providers. We use cloud-based infrastructure and software services (such as cloud hosting, cloud storage, and cloud-based productivity and communication tools) provided by third-party vendors, which may include providers based in the United States or other countries outside the EEA. Personal data processed through these services may include website data, client data, internal communications, and other categories of data described in this Privacy Policy. We ensure that all cloud service providers are bound by data processing agreements in accordance with Article 28 of the GDPR and that appropriate safeguards for international data transfers are in place, as described in Section 8 below.

Professional Advisors. We may share personal data with our legal, tax, and accounting advisors where necessary for the management of our business affairs.

Group Entities and Partners. Given that our partners and shareholders operate across Austria, Germany, and Switzerland, personal data may be shared among these individuals and entities for internal administrative purposes and the provision of our services. Transfers within the EEA are governed by the GDPR. Transfers to Switzerland are permitted without additional safeguards, as the European Commission has recognized Switzerland as providing an adequate level of data protection.

Authorities and Regulatory Bodies. We may disclose personal data to public authorities, courts, or regulatory bodies where required by law or in response to valid legal process.

Business Transfers. In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the relevant third party, subject to applicable data protection laws.

8. International Data Transfers

Our operations are primarily based within the European Economic Area ("EEA") and Switzerland. However, certain third-party service providers we use — including Google (for Google Analytics) and our cloud infrastructure and software providers — may process personal data on servers located in the United States or other countries outside the EEA.

Where personal data is transferred to countries outside the EEA or Switzerland that have not been recognized as providing an adequate level of data protection, we ensure that appropriate safeguards are in place. These safeguards include one or more of the following mechanisms:

·      The EU-U.S. Data Privacy Framework ("DPF"): Where the recipient organization in the United States is certified under the DPF, transfers are made in reliance on the European Commission's adequacy decision of July 10, 2023 (Implementing Decision (EU) 2023/1795).

·      Standard Contractual Clauses ("SCCs"): We enter into Standard Contractual Clauses approved by the European Commission (Article 46(2)(c) GDPR), supplemented where necessary by additional technical and organizational measures following a transfer impact assessment.

·      Other legally recognized transfer mechanisms as applicable under the GDPR, the Swiss nDSG, or other applicable data protection laws.

You may request further information about the specific safeguards applied to international transfers of your personal data by contacting us using the details provided in Section 2.

9. Data Retention

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected or as required by applicable law. The specific retention periods depend on the nature of the data and the purpose of processing:

·      Website usage and analytics data: 24 months.

·      Contact and communication data: retained for the duration of the business relationship and for a period of 10 years thereafter.

·      Contractual and billing data: retained for the statutory retention periods under applicable Austrian, German, or Swiss tax and commercial law, which may be up to 10 years.

·      Chatbot interaction data: 12 months.

·      Application data: retained for 6 months following the conclusion of the recruitment process, unless you consent to a longer retention period for future opportunities.

Upon expiration of the applicable retention period, personal data is securely deleted or anonymized.

10. Your Rights

Subject to applicable law, you have the following rights with respect to your personal data:

Right of Access (Article 15 GDPR). You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to request access to that data together with certain supplementary information.

Right to Rectification (Article 16 GDPR). You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data.

Right to Erasure (Article 17 GDPR). You have the right to request the deletion of your personal data where, among other grounds, the data is no longer necessary for the purposes for which it was collected or you withdraw your consent.

Right to Restriction of Processing (Article 18 GDPR). You have the right to request the restriction of processing of your personal data in certain circumstances, such as where you contest the accuracy of the data.

Right to Data Portability (Article 20 GDPR). You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where the processing is based on consent or the performance of a contract and is carried out by automated means.

Right to Object (Article 21 GDPR). You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object to processing for direct marketing purposes, we will cease such processing without undue delay.

Right to Withdraw Consent. Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority. Depending on the jurisdiction, the competent authorities include the Austrian Data Protection Authority (Datenschutzbehörde), the relevant German State Data Protection Authority (Landesdatenschutzbeauftragter), or the Swiss Federal Data Protection and Information Commissioner (Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter, "EDÖB").

To exercise any of these rights, please contact us using the contact details provided in Section 2 above.

11. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to, encryption of data in transit and at rest, access controls, regular security assessments, and employee training on data protection. While we take commercially reasonable steps to safeguard your personal data, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Third-Party Links

Our website may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to those third-party websites. We encourage you to review the privacy policies of any third-party websites you visit.

13. Children's Privacy

Our website and services are not directed at individuals under the age of sixteen (16). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that data promptly.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Privacy Policy periodically. Where material changes are made, we will take reasonable steps to notify you, such as by posting a prominent notice on our website.

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Austria, without regard to its conflict of laws principles, and in compliance with the GDPR, the Austrian DSG, the German BDSG, and the Swiss nDSG, as applicable.