Effective Date: 1 March 2026
Version: 1.0
Augurithm™ exists to give leaders the one thing their organisation cannot: the unfiltered truth. The strategic intelligence you entrust to our platform is among the most sensitive data a business can produce. We treat it accordingly.
This Privacy Policy governs the collection, use, storage, disclosure, and protection of personal data and strategic intelligence submitted to Augurithm AI (“Augurithm,” “we,” “us,” or “our”), accessible at https://augurithm.ai and associated applications. It applies to all individuals who access or use the Augurithm platform (“you” or “User”).
We are incorporated in Singapore and maintain operations in the United Arab Emirates. This Policy is drafted in compliance with the Singapore Personal Data Protection Act 2012 (“PDPA”), the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL”), and the DIFC Data Protection Law No. 5 of 2020 (as amended 15 July 2025). Where we expand into the European Union or the United States, we will comply with the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”), respectively, and will update this Policy to reflect those obligations.
“Personal Data” means any data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which Augurithm has or is likely to have access. This includes but not limited to your name, email address, company information, and account credentials.
“Strategic Intelligence” means any business scenario, challenge, question, context, or other substantive input you submit to Augurithm’s AI Council for analysis, together with any output, artifact, or recommendation generated in response. This category of data is afforded the highest level of protection under this Policy.
“Profile Data” means the contextual information you provide during account creation, including, but not limited to, industry, region, company size, decision-making authority, current challenges, and preferences for advisory history.
“Usage Data” means automatically collected technical information, including, but not limited to, IP information, browser type, session duration, pages visited, and interaction patterns.
“AI Infrastructure Partners” means the third-party large language model providers whose APIs power Augurithm’s Council agents. These partners process data transiently to generate responses and are contractually prohibited from retaining, training on, or repurposing your data.
“The Council” means Augurithm’s system of eight AI agents that collectively analyse your Strategic Intelligence submissions.
When you create an Augurithm account, we collect your first name, last name, email address, and password (stored in hashed form). We also collect Profile Data, including but not limited to your industry, geographic region, company size, decision-making authority level, a description of your current business challenge, IP information, and optionally, your past advisory experience and satisfaction ratings. This Profile Data enables our Council agents to calibrate their analysis to your specific operational context.
When you engage with The Council, you submit business scenarios, questions, and contextual information for analysis. This constitutes Strategic Intelligence and represents the most sensitive category of data we handle. Your strategic inputs are processed by our AI agents to generate adversarial analysis, and the resulting outputs are delivered to you within the platform’s conversational interface.
Subscription payments are processed by Stripe, Inc. Augurithm does not store, process, or have access to your full credit card number, CVV, or other payment card details. Stripe operates as an independent data controller for payment processing and maintains PCI DSS Level 1 certification. We retain only the transaction reference, subscription status, and the last four digits of your payment method for account management purposes.
When you access Augurithm, we automatically collect Usage Data through a privacy-respecting analytics infrastructure. This includes but is not limited to your IP address (anonymised after collection), browser type and version, operating system, device type, pages visited, session duration, and timestamp of access. We do not create individual user profiles for advertising purposes and do not share your browsing data with third-party advertisers.
Augurithm uses strictly necessary cookies to maintain your authenticated session. We do not use third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies.
We use your Personal Data and Profile Data to create and manage your account, authenticate your access, and personalise The Council’s analytical framework to your industry, region, and operational context. We use your Strategic Intelligence inputs to generate adversarial analysis through our AI agents and deliver the resulting artifacts through the platform’s interface.
This section addresses the most critical question our users have: What happens to my thinking once I submit it?
The third-party AI models that power our Council agents operate under API agreements that contractually prohibit them from retaining, logging, or using your inputs or outputs for model training, fine-tuning, or any purpose beyond generating your immediate response. Data transmitted to these partners is processed transiently and is not stored on their systems after the response is delivered. This is what we mean by our Zero-Retention AI Guarantee: the AI infrastructure that processes your strategic thinking does not keep it.
Augurithm maintains an internal intelligence layer that stores artifacts and contextual data to support features such as Permanent Strategic Memory (available to Authority Tier subscribers). This stored data powers continuity of advice across sessions. However, this data is encrypted at rest, access-controlled, and is not accessible to individual Augurithm employees in raw form. Our internal systems are architected so that no Augurithm team member can read, view, or reconstruct your strategic thinking or conversational inputs unless for debugging. You interact with output exclusively through the platform’s conversational interface.
We use aggregated, anonymised, and de-identified outcome data to improve the quality and accuracy of Augurithm’s analytical capabilities. This means we may analyse patterns such as which types of scenarios produce the most actionable outputs, how users interact with different Council agents, and aggregate quality scores.
We use your email address to send transactional communications essential to the service, including account verification, password resets, subscription confirmations, billing receipts, optional weekly insights, material changes to our Terms of Service or this Privacy Policy, and critical security notifications. We may also send product updates and feature announcements once opt in, from which you may unsubscribe at any time in the system setting.
Under the Singapore PDPA, we process your data based on consent (provided at account registration), contractual necessity (to deliver the service you have subscribed to), and legitimate interests (to improve and secure the platform). Under the UAE PDPL and DIFC Data Protection Law, we process your data on substantially equivalent grounds, including the performance of a contract to which you are a party and our legitimate interests in operating and improving a secure service. Where we expand into jurisdictions requiring additional legal bases (such as the GDPR), we will supplement this section accordingly.
Augurithm does not sell, rent, trade, or otherwise commercially share your Personal Data or Strategic Intelligence with any third party. We disclose data only in the following limited circumstances:
Stripe, Inc. processes your payment information as an independent data controller. Stripe’s handling of your payment data is governed by its own privacy policy, available at https://stripe.com/privacy.
We may disclose your data where required by applicable law, regulation, legal process, or governmental request. This includes compliance with the Singapore PDPA’s requirements for disclosure to public agencies, the UAE PDPL’s provisions for lawful government requests, and the DIFC Commissioner’s lawful directions. Where legally permitted, we will notify you of such requests before disclosure.
In the event of a merger, acquisition, reorganisation, or sale of all or substantially all of Augurithm’s assets, your data may be transferred to the successor entity, provided the successor agrees to be bound by terms no less protective than this Privacy Policy. We will notify you of any such transfer and provide you with the opportunity to delete your account and data before the transfer takes effect.
Augurithm operates from Singapore and the United Arab Emirates. Your data may be processed in jurisdictions where our AI Infrastructure Partners maintain their computing resources, which may include the United States, the European Union, and other regions.
Under the Singapore PDPA’s Transfer Limitation Obligation (Section 26), we ensure that any recipient of transferred personal data provides a standard of protection comparable to that under the PDPA, through contractual obligations, binding corporate rules, or reliance on prescribed exceptions. Under the UAE PDPL and DIFC Data Protection Law, we implement equivalent safeguards, including contractual data processing agreements that require overseas recipients to maintain protections comparable to those required under UAE law.
Where we expand into the EU or UK markets, we will implement Standard Contractual Clauses (SCCs) or rely on adequacy decisions as required by the GDPR.
Upon account deletion (initiated by you or triggered by subscription cancellation), the following retention schedule applies:
| Data Category | Retention After Deletion |
|---|---|
| Personal Data (name, email, profile) | Deleted within 30 calendar days |
| Strategic Intelligence (inputs, artifacts, memory) | Permanently purged within 30 calendar days |
| Payment references and billing history | Retained for 7 years per statutory accounting requirements |
| Anonymised, aggregated usage analytics | Retained indefinitely (non-reversible to individual) |
| Server logs containing IP addresses | Deleted within 90 calendar days |
Encrypted backups may retain data for up to an additional thirty (30) days beyond the schedules above, after which they are automatically purged through our backup rotation cycle. During this period, backup data is encrypted at rest and is not accessible for operational use.
Augurithm implements technical and organisational measures designed to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include:
Encryption in transit using TLS 1.2 or higher for all data transmitted between your device and our servers, and between our servers and AI Infrastructure Partners. Encryption at rest using AES-256 or equivalent standards for all stored Personal Data and Strategic Intelligence. Access controls that restrict employee access to production data on a strict need-to-know basis, with all access logged and auditable.
No system is impervious to breach. While we employ industry-standard safeguards, we cannot guarantee absolute security. In the event of a data breach affecting your Personal Data, we will notify you and the relevant supervisory authority in accordance with the timelines prescribed by applicable law, including within three (3) calendar days to the PDPC under Singapore’s PDPA for notifiable breaches, and as required under the UAE PDPL and DIFC Data Protection Law.
Depending on your jurisdiction, you may exercise the following rights with respect to your Personal Data. To exercise any of these rights, contact us at support@augurithm.ai.
| Right | Description | Legal Basis |
|---|---|---|
| Right of Access | Request a copy of the Personal Data we hold about you and information about how it has been used or disclosed within the preceding twelve (12) months. | PDPA s.21; UAE PDPL Art.17; DIFC DPL Art.28 |
| Right to Correction | Request correction of inaccurate or incomplete Personal Data. | PDPA s.22; UAE PDPL Art.18; DIFC DPL Art.29 |
| Right to Deletion | Request deletion of your Personal Data and Strategic Intelligence, subject to the retention schedules in Section 6. | UAE PDPL Art.19; DIFC DPL Art.30 |
| Right to Data Portability | Request that we transmit your Personal Data to another service provider in a structured, commonly used, machine-readable format. | PDPA s.26H; UAE PDPL Art.20; DIFC DPL Art.32 |
| Right to Withdraw Consent | Withdraw your consent to processing at any time, with reasonable notice. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal. | PDPA s.16; UAE PDPL Art.7; DIFC DPL Art.12 |
| Right to Restrict Processing | Request that we limit the processing of your Personal Data in certain circumstances, such as while a correction request is being assessed. | UAE PDPL Art.21; DIFC DPL Art.31 |
| Right to Object | Object to processing of your Personal Data based on legitimate interests. | UAE PDPL Art.22; DIFC DPL Art.33 |
We will respond to all rights requests within thirty (30) calendar days. Where a request is complex or we receive a high volume of requests, we may extend this period by a further thirty (30) days, with prior notice to you. We do not charge a fee for processing rights requests unless a request is manifestly unfounded or excessive.
In accordance with Section 11(3) of the Singapore PDPA, Augurithm is responsible for ensuring compliance with applicable data protection laws.
Augurithm is designed for business professionals and C-suite executives. We do not knowingly collect Personal Data from individuals under the age of eighteen (18). If we become aware that we have collected data from a minor, we will take immediate steps to delete that data and terminate the associated account. If you believe a minor has provided data to Augurithm, please contact us at support@augurithm.ai.
The Augurithm platform may contain links to third-party websites or services. This Privacy Policy applies only to Augurithm. We do not control and are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party service you access through or in connection with Augurithm.
Augurithm honours Do Not Track (“DNT”) browser signals. When we detect a DNT signal, we disable all non-essential analytics data collection for that session. Because we do not engage in cross-site tracking or serve third-party advertisements, the practical impact of DNT on your Augurithm experience is minimal.
The following addenda address jurisdiction-specific requirements. As Augurithm expands into new markets, additional addenda will be incorporated.
Augurithm complies with all eleven (11) obligations under the Personal Data Protection Act 2012 (as amended), including the Consent, Purpose Limitation, Notification, Access, Correction, Accuracy, Protection, Retention Limitation, Transfer Limitation, Accountability, and Data Breach Notification obligations. Our DPO’s contact information is published and accessible during Singapore business hours. In the event of a notifiable data breach that is likely to result in significant harm or affects 500 or more individuals, we will notify the PDPC within three (3) calendar days and affected individuals as soon as practicable.
For users in the United Arab Emirates, Augurithm processes Personal Data in accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. Where Augurithm operates within or serves clients in the Dubai International Financial Centre, we additionally comply with DIFC Data Protection Law No. 5 of 2020 (as amended effective 15 July 2025), including conducting Data Protection Impact Assessments for high-risk processing activities, maintaining records of processing activities, and implementing appropriate safeguards for cross-border data transfers. Users in the DIFC may exercise their rights directly with Augurithm or lodge complaints with the DIFC Commissioner of Data Protection.
This addendum will be activated upon Augurithm’s expansion into the European Economic Area. It will address lawful bases for processing under Article 6 GDPR, enhanced data subject rights including the right to erasure (Article 17) and automated decision-making provisions (Article 22), cross-border transfer mechanisms including Standard Contractual Clauses, Data Protection Impact Assessments under Article 35, and designation of an EU representative under Article 27.
This addendum will be activated upon Augurithm’s expansion into the United States. It will address California residents’ rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act), including the right to know, delete, opt-out of sale/sharing, and limit use of sensitive personal information.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational factors. For material changes that affect how we handle your Strategic Intelligence or that reduce your rights under this Policy, we will provide at least thirty (30) calendar days’ prior notice via email to your registered address and a prominent notice within the platform. Your continued use of Augurithm after the effective date of a revised Policy constitutes acceptance of the revised terms. If you do not agree with the changes, you may delete your account in accordance with Section 6.2.
If you have a complaint about how we handle your Personal Data, we encourage you to contact our Data Protection Officer (DPO) at support@augurithm.ai in the first instance.
AUGURITHM™
© 2025–2026 Augurithm Pte Ltd. All rights reserved.