AlazOS
Book Demo

Legal

Privacy Policy

How Alaz Sol X Pte Ltd. processes personal data for AlazOS.AI and the AlazOS Business Operating System.

Last updated: 22 May 2026

This Privacy Policy describes how Alaz Sol X Pte Ltd. ("Company," "we," "us," or "our") collects, uses, discloses, and protects personal data when you access AlazOS.AI (our website at alazos.ai and related domains), the AlazOSplatform, APIs, dashboards, mobile interfaces, and related services (collectively, the "Services").AlazOS.AI and the AlazOS platform are owned and operated by Alaz Sol X Pte Ltd.. By using the Services, you acknowledge this Policy and our data practices as described herein.

1. Scope and Role

Through AlazOS.AI, Alaz Sol X Pte Ltd. provides B2B software infrastructure for marketplace operators, franchisors, merchants, and enterprise estates. Depending on your relationship with us, we may act as a data controller (for example, when you register a AlazOS operator account) or as a data intermediary / processor on behalf of a merchant or estate that uses our platform to serve its customers.

2. Personal Data Protection Act (PDPA) Compliance

Alaz Sol X Pte Ltd. designs its data program to align with the Personal Data Protection Act 2012 (PDPA) of Singapore, including its obligations relating to consent, purpose limitation, notification, access and correction, accuracy, protection, retention limitation, transfer limitation, and accountability.

  • Consent and notification: We collect personal data only for identified purposes and provide notice at or before collection where required.
  • Purpose limitation: We do not use personal data for unrelated purposes without fresh consent or a permitted legal basis.
  • Access and correction: Individuals may request access to or correction of their personal data subject to applicable exceptions. Contact privacy@alazos.ai.
  • Retention: We retain personal data only as long as necessary for the purposes collected, legal obligations, dispute resolution, and enforcement of agreements.
  • Cross-border transfers: Where data is transferred outside Singapore, we implement appropriate safeguards such as contractual clauses and vendor due diligence consistent with PDPA transfer requirements.

3. Categories of Data We Collect

Depending on your use of the Services, we may collect:

  • Account and identity data: name, business name, email, phone, role, billing address, government identifiers where required for KYC or payment onboarding.
  • Transactional and operational data: orders, invoices, inventory events, payout instructions, audit logs, and API telemetry.
  • Payment-related data: payment method metadata, Connect account identifiers, and settlement records processed through our payment sub-processors.
  • Technical data: IP address, device identifiers, browser type, cookies, and security logs.
  • Communications: support tickets, demo requests, and contractual correspondence.

4. How We Use Personal Data

We use personal data to:

  • Provide, maintain, and secure the Services;
  • Authenticate users and enforce role-based access controls;
  • Process payments, fees, and marketplace settlements;
  • Generate invoices, ledgers, and compliance exports;
  • Detect fraud, abuse, and policy violations;
  • Improve product performance and reliability;
  • Comply with legal, regulatory, and tax obligations;
  • Communicate service updates and respond to inquiries.

5. Data Encryption and Security

We implement administrative, technical, and organizational measures designed to protect personal data, including:

  • Encryption in transit: TLS 1.2+ for data transmitted between clients and our APIs.
  • Encryption at rest: industry-standard encryption for databases, backups, and object storage containing sensitive fields.
  • Access controls: least-privilege access, multi-factor authentication for administrative systems, and enterprise row-level security (RLS) tenant isolation in the data plane.
  • Monitoring: logging, anomaly detection, and incident response procedures.

No method of transmission or storage is completely secure. We cannot guarantee absolute security but commit to reasonable safeguards appropriate to the sensitivity of the data processed.

6. Third-Party Sub-Processors

We engage trusted third-party service providers ("sub-processors") to operate the Services. These providers process personal data only on our instructions and subject to contractual data protection obligations.

Stripe, Inc.acts as a critical sub-processor for payment acceptance, Stripe Connect onboarding, identity verification, and fund movement. When you use payment features, Stripe's processing is governed by Stripe's Privacy Policy and applicable financial regulations. Alaz Sol X Pte Ltd. does not store full payment card numbers on its own systems where Stripe tokenization is employed.

Additional sub-processors may include:

  • Cloud infrastructure and database hosting providers;
  • Email and notification delivery services;
  • Analytics, monitoring, and error reporting tools;
  • Customer support and CRM platforms;
  • Professional advisors (legal, audit) under confidentiality duties.

We maintain an internal register of sub-processors and evaluate their security posture before engagement. Material changes to sub-processors affecting merchant data may be notified through operator dashboards or contractual channels.

7. Cookies and Similar Technologies

We use cookies and similar technologies on AlazOS.AI for session management, authentication, security, and aggregated analytics. You may control cookies through browser settings; disabling certain cookies may impair Service functionality.

8. Disclosure to Third Parties

We may disclose personal data:

  • To sub-processors and infrastructure partners as described above;
  • To marketplace operators or merchants when you transact on their estate (each may have independent privacy obligations to end customers);
  • To regulators, courts, or law enforcement when required by applicable law;
  • In connection with a merger, acquisition, or asset sale with appropriate confidentiality safeguards;
  • With your consent or at your direction.

9. Your Rights

Subject to applicable law, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal data, and to withdraw consent where processing is consent-based. To exercise rights, contact privacy@alazos.ai. We will respond within timelines required by the PDPA or other applicable regulations.

10. Children's Data

The Services are directed to businesses and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. Material updates will be posted on AlazOS.AIwith a revised "Last updated" date. Continued use of the Services after changes constitutes acknowledgment of the updated Policy.

12. Contact

For privacy inquiries, data protection requests, or PDPA-related complaints regarding AlazOS.AI:

Alaz Sol X Pte Ltd.
Data Protection Officer
Email: privacy@alazos.ai
Subject line: "PDPA Request — [Your Organization Name]"