This Data Protection Policy (“Policy”) describes the principles and governance practices adopted by WorldMind Pte. Ltd. (“WorldMind”, “we”, “our”, or “us”) for the collection, use, processing, storage, and protection of customer data processed through our platforms and services, including any AI-enabled tools, analytics modules, and the DecisionAI suite.

This Policy is provided for informational purposes only and does not constitute a contractual commitment. Contractual data protection obligations, where applicable, may be set out separately in a Data Processing Addendum (“DPA”) or similar agreement executed between WorldMind and the customer.

2. Scope

This Policy applies to all customer data processed by WorldMind in the course of providing hosted software services, AI-assisted decision tools, and related support offerings.

Customers remain fully responsible for:

• the data they choose to upload,
  
  

• compliance with their own legal and regulatory requirements, and
  
  

• ensuring appropriate user access within their own organizations.
  
  

3. Data Collection & Purpose Limitation

3.1 Limited and Purpose-Bound Collection

WorldMind only collects and processes customer data to the extent reasonably necessary to:

• deliver the subscribed services,
  
  

• maintain and secure the platform,
  
  

• improve system reliability and performance, or
  
  

• comply with applicable law.
  
  

3.2 No Secondary Usage

WorldMind does not use customer data for advertising, marketing, or unrelated product training, unless explicitly agreed.
Customer data is never sold, rented, or shared with third parties for commercial gain.

3.3 Customer Ownership

Customers retain full ownership and control of all data they provide. WorldMind does not claim rights to customer data beyond what is required to operate the service.

4. Access Control & Internal Governance

4.1 Controlled Access

Access to customer data is restricted to authorized personnel who require such access for platform operations, troubleshooting, or security purposes. Access is governed by authentication, authorization, and least-privilege principles.

4.2 Customer Access Responsibilities

Customers are responsible for:

• managing their own user accounts,
  
  

• configuring permissions within their organization, and
  
  

• ensuring they do not upload prohibited or unlawfully obtained data.
  
  

5. Data Hosting, Security & Retention

5.1 Hosting Infrastructure

WorldMind operates on reputable, industry-leading cloud service providers that maintain robust security controls, availability frameworks, and global compliance standards.

While these providers maintain their own set of certifications, WorldMind does not make any representation that its services inherit or replicate such certifications.

5.2 Security Measures

WorldMind implements commercially reasonable safeguards, which may include:

• role-based access controls,
  
  

• environment and tenant isolation,
  
  

• secure authentication,
  
  

• continuous monitoring capabilities,
  
  

• protection against unauthorized access and misuse.
  
  

These measures are designed to mitigate risks but do not guarantee absolute security.

5.3 Encryption

Customer data is encrypted in transit and at rest using the encryption mechanisms made available by the underlying cloud platform.

5.4 Backups & Resilience

Backups are carried out using the cloud provider’s built-in durability and redundancy features.
Recovery operations follow internal procedures and are subject to inherent limitations of the hosting provider.
Nothing in this Policy constitutes an uptime or recovery-time guarantee.

5.5 Data Retention & Deletion

WorldMind retains customer data only for:

• the duration required to deliver the service,
  
  

• internal audit and security requirements, or
  
  

• legal/regulatory obligations.
  
  

Upon service termination or upon validated customer request (where applicable), data will be deleted following our internal data lifecycle processes.
Residual copies may remain in backup systems until overwritten in the ordinary course of operations.

6. Subprocessors

WorldMind may engage carefully selected subprocessors to support infrastructure, platform operations, or security tooling.
Each subprocessor is bound by appropriate confidentiality and protective measures.
A list of subprocessors may be provided upon request, subject to reasonable confidentiality considerations.

7. Regulatory Cooperation

WorldMind complies with applicable data protection laws.
Where legally permitted, customers will be notified before customer data is disclosed to regulatory or law-enforcement bodies.

8. Policy Updates

WorldMind may amend or update this Policy from time to time to reflect:

• changes in legal or regulatory requirements,
  
  

• enhancements to security or platform architecture, or
  
  

• operational and business needs.
  
  

Revised versions will be published on the WorldMind website.
Your continued use of our services after any update constitutes acceptance of the revised Policy.

9. Disclaimer

This Policy does not create any warranty, guarantee, or contractual right, nor does it impose obligations beyond those expressly stated in a written agreement signed between WorldMind and the customer.
WorldMind expressly disclaims liability for acts beyond its reasonable control, including but not limited to customer misconfigurations, misuse of services, or third-party breaches affecting customer-owned systems.