Lythe Pte. Ltd. ("Lythe", "we", "us", or "our") is committed to protecting the privacy of individuals whose personal data is collected and processed when using Lythe’s services. This Privacy Policy explains how we collect, use, disclose, store, transfer, and protect personal data in connection with Lythe’s platform and our AI‑powered conversational interfaces, including our chat and voice software development kits (SDKs) and hosted agentic bots.

Lythe provides conversation infrastructure and agentic technology that helps organisations integrate AI‑powered bots across chat and voice channels. We offer B2B solutions through our platform, including APIs, SDKs and managed agents, that power persistent conversational experiences. Users interact with our agentic bots through messaging and voice channels (such as WhatsApp, Telegram, Slack, or other telephony services) and may also interact with our websites and web forms (collectively, the "Services"). If you do not agree with this Privacy Policy, please do not use the Services.

If you have questions about this Privacy Policy, please contact us at: team@lythe.ai

1. WHAT DOES THIS PRIVACY POLICY APPLY TO?

This Privacy Policy applies to personal data processed by Lythe in connection with the Services, including when you:

• message or interact with our agentic bots through messaging or voice channels (including WhatsApp, Telegram, Slack, or other platforms);
• integrate our chat or voice SDKs, APIs or other Lythe services into your applications or systems;
• create or update a developer, organisation or user profile;
• use our websites, forms or landing pages; or
• communicate with us for support, feedback or operational reasons.

This Privacy Policy does not apply to third‑party services that you may access through links or integrations. Those third parties are responsible for their own privacy practices. Please review their policies.

2. IMPORTANT TERMS

To make this Privacy Policy easier to read, we use certain defined terms:

• “Personal Data” means data about an individual who can be identified from that data (alone or together with other data), as defined under Singapore’s Personal Data Protection Act 2012 (PDPA).
• “Messaging Platforms” and “Voice Platforms” refers to third‑party messaging or voice services used to communicate with our agentic bots (e.g., WhatsApp, Telegram, Slack, and other telephony or chat platforms).
• “Agentic Bots” refers to Lythe’s AI‑powered conversational agents and associated SDKs used for onboarding, automation and coordination across chat and voice channels.
• “Organisations” refers to business customers and their authorised users who integrate our agentic bots and services.
• “Service Providers” refers to third parties that provide services to Lythe to operate the Services (e.g., cloud hosting, analytics, AI processing, automation and security tooling).

3. PERSONAL DATA WE COLLECT

We collect personal data in the following ways:

• A. Personal data you provide directly to us.
• B. Personal data collected automatically when you use the Services.
• C. Personal data we receive from third parties (where applicable).

The types of personal data we collect depend on how you use Lythe.

3A. PERSONAL DATA YOU PROVIDE

• Contact and account identifiers: name, phone number, email address, messaging/voice identifiers, organisation name, job title or role and other identifiers you provide when creating an account or contacting us.
• Organisation and integration information: company name, domain, integration details, technical contact information, authorised user lists and other information needed to provision and manage access to our APIs or SDKs.
• Profile and preference information: languages, skills, roles, preferences, usage settings and any other information you choose to share to configure or personalise your experience.
• Conversation content: messages, audio or voice recordings, chat or voice transcripts and attachments you send to or through our Services.
• Support and feedback: information you provide when you contact us for support, submit feedback or report issues.
• Payment and billing information (if applicable): limited information needed to facilitate payments or billing and maintain financial records, subject to data minimisation.

3B. PERSONAL DATA COLLECTED AUTOMATICALLY

• Usage data: features used, interactions with our agentic bots, event timestamps, workflow events and interaction logs.
• Device and technical data: IP address, browser type, device type, operating system, device settings and general location derived from IP (approximate).
• Audio and voice data: metadata and diagnostics related to voice interactions such as call duration, error logs and performance metrics.
• Logs and diagnostics: security logs, error logs, performance metrics and other diagnostic information used for debugging, reliability and abuse prevention.

Messaging & Voice Platforms may also process and provide metadata under their own policies. Lythe receives only the information that is made available to us via those platforms.

3C. PERSONAL DATA FROM THIRD PARTIES

In some cases, we may receive personal data from third parties, for example:

• Organisations or partners who provide user or contact details needed to configure integrations or deliver our Services (e.g., employee lists or support contacts).
• Messaging & Voice Platforms that provide metadata or identifiers used to route messages or calls.
• Service Providers that help detect fraud or abuse or provide analytics or other signals.
• Publicly available sources, where relevant and permitted (for example, to verify legitimacy or security).

3D. SENSITIVE PERSONAL DATA

Lythe does not require sensitive personal data (for example, NRIC, passport numbers, health or medical information) to deliver our Services. Please do not send sensitive personal data unless we explicitly request it and you choose to provide it. If you choose to provide sensitive personal data, you consent to our processing of it for the purpose you provided it.

4. HOW WE USE PERSONAL DATA

We use personal data for the following purposes:

• To provide, operate and maintain the Services, including our agentic bots and associated workflows.
• To create and maintain user and organisation profiles and manage access to our Services.
• To facilitate conversational interactions and automate tasks on behalf of users or organisations.
• To send service communications, including confirmations, updates, reminders and important notices.
• To prevent, detect and investigate fraud, spam, abuse or violations of our Terms.
• To troubleshoot, debug and monitor performance, reliability and security.
• To improve and develop our products and services, including evaluating and correcting system outputs, training models and fixing errors.
• To comply with legal obligations, respond to lawful requests and enforce our Terms.
• To manage business operations (e.g., audits, reporting, risk management) in a manner consistent with this Privacy Policy.
• To personalise responses and experiences, including tailoring content based on approximate location or other non‑precise signals (where provided).

We may process chat and voice transcripts and other inputs through AI‑enabled systems and automated workflows to generate responses and perform functions. We aim to minimise data use, restrict access and apply safeguards appropriate for conversational services.

5. CONSENT, NOTIFICATION AND LEGAL BASES (SINGAPORE PDPA)

Lythe operates in Singapore and is committed to complying with the PDPA. In general, we collect, use and disclose personal data with your consent and after notifying you of the purposes for which your personal data will be processed.

By using the Services, you consent to our collection, use and disclosure of your personal data for the purposes set out in this Privacy Policy, unless and to the extent that consent is not required under an applicable PDPA exception.

Where required or appropriate, we will obtain express consent (for example, for certain marketing messages) or provide additional notices at the point of collection.

6. HOW WE DISCLOSE AND SHARE PERSONAL DATA

We do not sell personal data. We disclose personal data only as reasonably necessary to operate the Services and comply with legal obligations.

6A. SHARING WITH ORGANISATIONS AND AUTHORISED USERS

To enable collaboration and deliver the Services, we may share limited information within an organisation or with authorised users (for example, employees, contractors or partners). This may include:

• display name or identifier;
• relevant roles, skills, preferences or permissions;
• conversation or task‑specific details and logistics;
• contact details needed for coordination (e.g., phone number or messaging handle), where necessary; and
• approximate location or regional information needed to tailor responses or coordinate tasks (e.g., timezone or city), where provided.

We aim to share only what is necessary. We do not share your precise live location unless you choose to provide it (for example, by sending a location pin in chat or voice).

6B. SHARING WITH SERVICE PROVIDERS

We use Service Providers to help us operate the Services. These providers may process personal data on our behalf to deliver services such as hosting, storage, monitoring, analytics, AI processing, automation and security. Where applicable, we treat such providers as data intermediaries and/or processors and require them to protect personal data through contractual obligations.

Examples of Service Providers we use include:

• Meta (WhatsApp) – messaging platform used for chat delivery.
• Telegram – messaging platform used for chat delivery.
• Slack – messaging platform used for chat and voice delivery.
• OpenAI (ChatGPT/OpenAI) – AI processing for conversational responses and automation.
• NeonDB or other database/storage infrastructure – for storing profiles, conversation logs and operational records.
• Google Cloud – cloud hosting, compute and storage infrastructure used to run our platform and AI services.
• AWS Services - cloud computing, storage and hosting infrastructure used to deliver our services.

6C. LEGAL DISCLOSURES AND BUSINESS TRANSACTIONS

We may disclose personal data:

• to comply with law, regulation, court order or other lawful requests;
• to protect Lythe’s rights, property and safety and the rights, property and safety of users; and
• in connection with corporate transactions such as mergers, acquisitions, financing or asset sales, subject to appropriate safeguards.

7. INTERNATIONAL TRANSFERS

Some of the Service Providers listed above may process or store personal data outside Singapore. Where personal data is transferred overseas, Lythe takes steps to ensure the transferred personal data is protected to a standard comparable to the PDPA (for example, through contractual and operational safeguards).

8. DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by applicable laws, accounting and regulatory obligations. When personal data is no longer needed, we will cease retention or remove the means by which the data can be associated with you (for example, deletion or anonymisation).

9. SECURITY

We implement reasonable security arrangements to protect personal data in our possession or under our control. These may include access controls, least‑privilege policies, monitoring and encryption in transit where supported. No system is completely secure; therefore, we cannot guarantee absolute security.

10. ACCURACY

We take reasonable steps to ensure that personal data collected is accurate and complete, particularly where it is likely to be used to make a decision that affects you or to be disclosed to others. You can help by keeping your profile information up to date and informing us of any changes.

11. DATA BREACH MANAGEMENT AND NOTIFICATION

If we become aware of a data breach, we will take steps to assess and contain it. Where the breach is notifiable under the PDPA (for example, it results in, or is likely to result in, significant harm to affected individuals and/or is of significant scale), we will notify the Personal Data Protection Commission (PDPC) and affected individuals as soon as practicable, in accordance with applicable requirements.

12. YOUR RIGHTS AND CHOICES (PDPA)

Subject to applicable law, you may have the right to:

• Request access to your personal data in our possession or under our control and information about how your personal data has been used or disclosed in the past year.
• Request correction of inaccuracies in your personal data.
• Withdraw consent for our collection, use or disclosure of your personal data (where we rely on consent).
• Opt out of marketing communications, where applicable.

We may need to verify your identity before processing requests. We may charge a reasonable fee for access requests as permitted under the PDPA, and we will notify you of the fee before proceeding.

12A. WITHDRAWAL OF CONSENT

You may withdraw your consent at any time by contacting us using the details in Section 16. Withdrawal of consent may affect our ability to provide the Services. We will inform you of the likely consequences of withdrawal before completing your request.

13. DO NOT CALL (DNC) AND MARKETING

We may send service‑related messages that are necessary to operate Lythe (for example, operational alerts, confirmations and policy updates). If we send marketing messages to Singapore telephone numbers, we will comply with the DNC provisions and obtain consent where required. You may opt out of marketing messages at any time.

14. COOKIES AND TRACKING (WEBSITE)

Our websites may use cookies and similar technologies for essential functionality, security, analytics and performance. You can control cookies through your browser settings. Disabling cookies may affect site functionality.

15. CHILDREN

The Services are not intended for children under 13. If you are under the age required to provide valid consent in your jurisdiction, you should use the Services only with appropriate permission. If we learn that we collected personal data from a child without valid consent, we will take steps to delete it.

16. CONTACT US (DATA PROTECTION OFFICER)

Data Protection Officer (DPO)
Email: team@lythe.ai

Privacy Policy URL: https://lythe.ai/privacy

17. SUBPROCESSORS AND THIRD‑PARTY PROVIDERS

We use the following third‑party providers to help operate the Services. This list may be updated from time to time:

• Meta (WhatsApp) – messaging platform used for chat delivery.
• Telegram – messaging platform used for chat delivery.
• Slack – messaging platform used for chat and voice delivery.
• OpenAI (ChatGPT/OpenAI) – AI processing for conversational responses and automation.
• NeonDB or other database/storage providers – database/storage infrastructure for profiles, conversations and operational records.
• Google Cloud – cloud hosting, compute and storage infrastructure used to run our platform and AI services.
• AWS Services – cloud computing, storage and hosting infrastructure used to deliver our services.

18. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The updated version will be posted with a revised “Last Updated” date. If changes are material, we will take reasonable steps to notify you through the Services.