Privacy Policy

Effective Date: 23 April 2026

Privacy Policy

Last updated: 23 April 2026

Summary (the short version)

Alias builds multilingual AI guides for events, entertainment and digital experiences. If you use one of our guides, configure one as a client, or visit our website, this policy explains what we collect, why, and what you can do about it.

In plain terms:

  • We collect only what we need to deliver the service, keep it secure, and improve it.

  • We do not sell personal data.

  • We do not use client content or end-user conversations to train foundation AI models.

  • We use established AI model providers as sub-processors and list them publicly.

  • You can access, correct, delete, or export your data. Contact our Data Protection Officer at dpo@alias.cm.

The sections below cover the detail.

This policy covers how we handle personal data. For terms governing your use of the Service, see our Terms of Service at [alias.cm/terms]. For terms specific to AI-generated outputs and acceptable use, see our AI Terms at [alias.cm/ai-terms].

1. Who we are

Alias Virtual Technologies Pte. Ltd. (UEN 202428802H, "Alias", "we", "our", "us") is a company incorporated in Singapore. We operate the Alias platform, our website at [alias.cm], and the conversational AI guides that clients build and deploy through us (together, the "Service").

For the purposes of applicable data protection law, we act as:

  • A data controller for information we collect directly, such as website visitors, client administrators, marketing contacts, and prospects.

  • A data processor for personal data processed on behalf of our clients when end users interact with guides deployed by those clients. In that flow, our client is the data controller. The terms of our service agreement and any separate Data Processing Agreement (DPA) govern that relationship.

Our Data Protection Officer can be reached at dpo@alias.cm.

2. Who this policy covers

This policy applies to three categories of people:

Clients and client administrators. Individuals and organisations that sign up to build, configure, and deploy guides through the Alias platform.

End users. People who interact with a guide that an Alias client has deployed, for example attendees of an event, fans engaging with a brand, or guests of a tour operator.

Website visitors and prospects. People who visit alias.cm, subscribe to our updates, contact us, or engage with our marketing.

This policy does not cover data we collect from employees, contractors, or job applicants, which is handled separately.

3. What we collect

3.1 From clients and client administrators

  • Account information: name, business email, role, company name, password, and profile settings.

  • Billing and payment details: handled by our payment provider. We receive transaction records, not full card numbers.

  • Client content: materials you upload or link to so we can build your guide, including FAQs, documents, webpages, schedules, brand assets, and media.

  • Platform usage data: how you use the Alias dashboard, including logins, feature interactions, and configuration changes.

  • Support communications: messages, tickets, and recordings of support calls where disclosed.

3.2 From end users of deployed guides

  • Conversation content: the questions, answers, and inputs exchanged with a guide during a session.

  • Session metadata: timestamps, language detected, device type, approximate location (country or region derived from IP), and a session identifier.

  • Contact details you provide: if a guide offers bookings, sign-ups, or other actions, the information you submit to complete those (for example, your name and email).

  • Technical logs: IP address, browser type, referrer URL, and cookies as set out in Section 10.

We do not use cameras, microphones, or facial tracking to animate avatars. Avatar animation is generated by AI based on the text or speech of the response, not on any live input from you.

3.3 From website visitors and prospects

  • Contact information you submit through forms or subscriptions.

  • Technical and analytics data about your visit, including pages viewed, time on page, and referring source.

  • Cookies and similar technologies as set out in Section 10.

4. How we use data

4.1 Purposes

We use data to:

  1. Deliver the Service, including provisioning accounts, building guides from client content, and serving end-user conversations.

  2. Maintain security, prevent abuse, detect fraud, and respond to incidents.

  3. Provide customer support.

  4. Process payments and manage contracts.

  5. Improve the Service, including diagnosing bugs, refining retrieval quality, and understanding feature usage in aggregate.

  6. Communicate with you about the Service, including operational notices and, with your consent where required, marketing.

  7. Comply with legal obligations.

4.2 Legal bases (EU, UK, and equivalent regimes)

Where GDPR or a similar regime applies, we rely on:

  • Contractual necessity for provisioning and delivering the Service to clients and processing end-user interactions on their behalf.

  • Legitimate interests for security, fraud prevention, Service improvement, and limited direct marketing to existing clients. Our balancing assessments are available on request.

  • Consent for non-essential cookies, marketing emails to new prospects, and any processing not covered by another basis.

  • Legal obligation for tax, accounting, and regulatory responses.

Where Singapore's PDPA applies, we rely on consent, deemed consent by notification, or the legitimate interests exception as appropriate.

5. AI, model providers, and training data

This section matters. If you are evaluating Alias for enterprise use, read it first.

5.1 Our model providers

Alias uses third-party large language model (LLM) providers to generate responses. Our current sub-processor list is at [alias.cm/legal/sub-processors] and updated as our stack changes.

5.2 What we do not do

We do not use client content or end-user conversations to train foundation AI models. We do not permit our model providers to use the content of client prompts, client-uploaded materials, or end-user interactions for their own model training, and we contractually require them to exclude such content from training under their enterprise APIs.

5.3 What we do

We use aggregated and anonymised usage signals (for example, question categories, retrieval success rates, latency) to evaluate and improve our own retrieval, ranking, and orchestration logic. These signals do not identify individuals.

Clients can request that their conversation logs be deleted from our systems in line with Section 8.

5.4 Automated decisions

Alias guides generate responses through automated processing. These responses are informational. They do not, on their own, make decisions that produce legal effects or similarly significant effects on you. Where a guide triggers an action (for example, a booking), a human-operated downstream system processes that action.

5.5 Related terms

Terms governing the use of AI-generated outputs, accuracy, and acceptable use are set out in our AI Terms at [alias.cm/ai-terms].

6. How we share data

We share data only as necessary, and never sell it.

6.1 Sub-processors

We use trusted vendors for hosting, LLM inference, speech synthesis, analytics, payments, and customer support. Our current sub-processor list is at [alias.cm/legal/sub-processors]. We update it in advance of material changes and, where contractually required, notify enterprise clients before adding new sub-processors.

6.2 Clients

When an end user interacts with a guide, the relevant client has access to conversation logs and analytics relating to their deployment. This is expected: the client is the data controller for that interaction.

6.3 Legal and safety

We may disclose data to comply with a binding legal request, to enforce our terms, to investigate fraud or abuse, or to protect the rights, safety, or property of Alias, our clients, our users, or others.

6.4 Corporate transactions

If Alias is involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected parties where required by law.

6.5 With your consent

We may share data for other purposes with your consent or at your direction.

7. International transfers

Alias operates globally. Personal data may be processed in Singapore, Australia, the United States, the European Economic Area, the United Kingdom, Japan, and Korea.

Where data is transferred from a jurisdiction with restrictions on cross-border transfers:

  • From the EEA or UK: we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or an adequacy decision. Where relevant, we have conducted transfer impact assessments.

  • From Singapore: we comply with the PDPA's Transfer Limitation Obligation, including ensuring recipients provide a comparable standard of protection.

  • From other jurisdictions: we apply equivalent contractual or technical safeguards.

A copy of our transfer safeguards is available on request from dpo@alias.cm.

8. How long we keep data

We keep personal data only as long as needed for the purposes in Section 4.

CategoryRetentionClient account and billing recordsFor the duration of the contract, then up to 7 years for tax and audit obligationsClient content (uploaded materials)For the duration of the contract, then deleted within 90 days of termination unless the client requests earlier deletionEnd-user conversation logsAs specified in the client contract. Default: 3 months, extendable by agreement with the clientWebsite analytics14 monthsMarketing contactsUntil you unsubscribe, then suppressed for complianceSupport tickets3 years from resolutionSecurity and audit logs12 to 24 months

Where we are required to retain data for longer, for example to resolve a dispute or meet a legal obligation, we will.

9. Your rights

Depending on where you live, you have the following rights over your personal data:

  • Access a copy of the data we hold about you.

  • Correction of inaccurate or incomplete data.

  • Deletion in certain circumstances.

  • Restriction of processing.

  • Objection to processing based on legitimate interests or direct marketing.

  • Portability in a structured, machine-readable format.

  • Withdraw consent where processing is based on consent.

  • Lodge a complaint with your local data protection authority.

9.1 How to exercise your rights

If you are a client or client administrator, use your dashboard settings or contact dpo@alias.cm.

If you are an end user of a guide, the client who deployed that guide is your primary point of contact. You can also contact us at dpo@alias.cm and we will route your request appropriately.

We may need to verify your identity before acting on a request. We will respond within the time frame required by applicable law, typically 30 days.

9.2 No retaliation

We will not deny, charge different prices for, or provide a different level of service because you exercised your rights.

10. Cookies and similar technologies

We use cookies and similar technologies to operate the website, remember preferences, and measure usage.

  • Strictly necessary cookies cannot be switched off.

  • Analytics cookies help us understand how the Service is used.

  • Marketing cookies are set only with your consent where required.

You can manage cookies through your browser settings or our cookie banner where provided. Disabling some cookies may affect how the Service works.

11. Security

We use administrative, technical, and physical safeguards to protect personal data. These include encryption in transit and at rest, access controls, logging, vendor risk management, and regular security reviews.

No system is perfectly secure. If we become aware of a personal data breach affecting you, we will notify affected parties and, where required, the relevant supervisory authority within 72 hours under GDPR or within 3 calendar days of establishing the breach is notifiable under Singapore's PDPA.

You are responsible for keeping your account credentials confidential and notifying us promptly of any suspected compromise.

12. Children

The Alias platform is not directed at children. We do not knowingly collect personal data from children under 13.

Alias guides are often deployed in contexts such as events, festivals, and fan experiences where minors may be present. Clients are responsible for ensuring that their deployment is appropriate for the expected audience and for implementing age-gating where required. If we become aware that a child under 13 has provided us with personal data without parental consent, we will delete it.

13. Regional addenda

13.1 European Economic Area and United Kingdom

If you are in the EEA or UK, you have the rights set out in Section 9 under the GDPR or UK GDPR.

Alias does not have an establishment in the EU or UK, so there is no lead supervisory authority under the GDPR one-stop-shop mechanism. You can direct complaints to your local data protection authority.

Where required under Article 27 of the GDPR or its UK equivalent, our appointed representative details are published at [alias.cm/legal/representatives]. You can contact our representative directly on matters relating to our processing of your personal data.

13.2 California

If you are a California resident, the CCPA and CPRA give you the rights set out in Section 9, plus:

  • The right to know categories of personal information collected, sources, purposes, and recipients.

  • The right to opt out of the "sale" or "sharing" of personal information. Alias does not sell or share personal information as those terms are defined under the CPRA.

  • The right to limit the use of sensitive personal information. We do not use sensitive personal information for purposes that would trigger this right.

To exercise your rights, contact dpo@alias.cm.

13.3 Australia

If you are in Australia, the Privacy Act 1988 (Cth) and the Australian Privacy Principles apply to our handling of your personal information. You have the rights set out in Section 9 and may complain to the Office of the Australian Information Commissioner.

13.4 Korea and Vietnam

We comply with the Personal Information Protection Act (PIPA) in Korea and the Law on Digital Technology in Vietnam as they apply to our Service. Specific disclosures relating to AI systems, including automated decision disclosures, are provided in line with the Korean AI Basic Act and Vietnam's Law on Digital Technology.

14. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email, through the Service, or by posting a prominent notice before the changes take effect. The date at the top of this page shows when it was last updated.

15. Contact

For any questions, requests, or complaints:

  • Data Protection Officer: dpo@alias.cm

  • General enquiries: hello@alias.cm

  • Postal address: Alias Virtual Technologies Pte. Ltd., 160 Robinson Road, #14-04 Singapore Business Federation Center, Singapore 068914

If you are not satisfied with our response, you can complain to:

  • The Personal Data Protection Commission of Singapore (www.pdpc.gov.sg)

  • Your local supervisory authority (for EEA and UK residents)

  • The Office of the Australian Information Commissioner (for Australian residents)

  • The California Attorney General (for California residents)