language icon search icon
AIStorm Privacy Policy
home > Privacy Policy

Effective Date: January 29, 2026

Last Updated: January 29, 2026


1. Introduction and Legal Basis

This Privacy Policy is issued by ASIAINFO SECURITY Technology PTE. LTD. (“we,” “us,” or “the Company”) to explain how we collect, use, disclose, transfer, and protect your personal data when providing AIStorm-branded software, hardware, firmware, websites, and related services (collectively, the “Products” or “Services”) to users in Singapore.


This policy strictly complies with Singapore’s Personal Data Protection Act 2012 (PDPA) and its subsidiary legislation, as well as relevant guidelines issued by the Personal Data Protection Commission (PDPC).


Your use of our Products constitutes your acceptance of our processing of your personal data as described herein. If you do not agree with any part of this policy, please discontinue using our Services immediately.



2. Data Controller and Contact Information

Organization Name: ASIAINFO SECURITY Technology PTE. LTD.

Registered Address: 21F Centennial Tower, 3 Temasek Avenue, Singapore

Contact Email: [AIStorm@aistorm.com]


You may contact us via the email above to submit inquiries, complaints, or exercise your rights regarding your personal data. We have appointed a Data Protection Officer (DPO) responsible for overseeing the implementation of this policy.



3. Types of Personal Data Collected

Depending on the features you use, we may collect the following categories of personal data:


3.1 Basic Data (Applicable to Most Products)

- Identity and Contact Information: Name, job title, company name, email address, and phone number (used for account registration, customer support, or product activation).

- Device and Account Information: Device model, operating system version, IP address, MAC address, unique device identifiers, product serial numbers, or activation codes (to ensure the product functions).

- Usage Logs: Records of product access, feature usage frequency, software installation, and operational status (to ensure the product functions).


3.2 Security and Threat Detection Data (Depending on Product Features)

To deliver core cybersecurity services, we may process the following technical data (which may incidentally contain limited personal data):

- Network Traffic Metadata: Source IP, destination IP, port numbers, protocol type, and URL access records.

- Threat Signature Data: File hashes, malware signatures, suspicious filenames, threat types, and timestamps.

- Email Security Data: If you use email protection features, we process sender/recipient addresses, email subjects, attachment names/types/sizes only upon your active submission. Email content is processed solely for automated malware or spam detection and is immediately deleted after processing.

- System Behavior Data: System logs, login attempt records, and anomalous network activity data.


Note: All data collection adheres to the principle of data minimisation. We avoid collecting sensitive personal data (e.g., race, religion) unless explicitly permitted by law and with your express consent.



4. Purposes of Data Processing and Legal Bases


We process your data primarily for the following purposes:

- Service Provision: To validate product licenses, deliver software updates, cloud services, and technical support.

- Security Protection: To detect, prevent, and respond to viruses, malware, cyberattacks, and other security threats.

- Product Improvement: To analyze threat trends and enhance detection capabilities and product performance.

- Legal Compliance: To fulfill legal obligations and protect the legitimate rights of the Company and users.


Our legal bases for processing your personal data include:

- Performance of a Contract: Necessary to provide the Products or Services you have purchased or licensed.

- Legitimate Interests: For cybersecurity defense, fraud prevention, and service improvement, provided these interests do not override your fundamental rights and freedoms.

- Consent: For non-essential processing or marketing-related activities, we will obtain your explicit consent.


We do not use your personal data for direct marketing unless we have obtained your explicit prior consent, in full compliance with PDPA’s specific requirements on direct marketing.



5. International Data Transfers


Your personal data may be transferred outside Singapore (including but not limited to mainland China, the United States, and the European Union) for the following reasons:


- Global threat intelligence analysis

- Cloud-based processing and R&D support


We ensure all cross-border transfers comply with Section 26 of the PDPA through one or more of the following safeguards:

- Conducting an assessment to confirm the recipient jurisdiction offers comparable protection to the PDPA;

- Entering into legally binding data processing agreements with recipients that impose confidentiality and security obligations; or

- Obtaining your explicit consent for the international transfer.



6. Data Retention Period

We retain your personal data only for the minimum period necessary to fulfill the purposes for which it was collected. Once the data is no longer needed—or if you withdraw consent and no other lawful basis exists—we will:


- Securely delete the data; or

- Irreversibly anonymize the data so that individuals can no longer be identified.



7. Your Rights


As a data subject, you have the following rights under the PDPA:

- Right of Access: Request confirmation of whether we hold your personal data and obtain a copy.

- Right to Correction: Request correction of inaccurate or incomplete data.

- Right to Withdraw Consent: Withdraw consent for processing based on consent at any time.

- Right to Deletion: Request deletion of data when it is no longer necessary, unlawfully collected, or upon withdrawal of consent.

- Right to Data Portability: Under certain conditions, request your data in a commonly used, machine-readable format.


How to Exercise Your Rights: Please submit a written request to the email address in Section 2. We will respond within 30 days. In complex cases, we may extend this period by up to an additional 30 days, and we will notify you of the reason for the extension.



8. Data Protection Measures


We implement appropriate technical and organizational measures to safeguard your personal data, including but not limited to:


- AES-256 encryption for data at rest and in transit

- Strict access controls and authentication protocols

- Regular security audits and vulnerability scans

- Employee confidentiality agreements and data handling training


In the event of a data breach that is likely to result in significant harm to your rights and interests, we will:


- Immediately activate our incident response plan;

- Notify affected individuals and the Personal Data Protection Commission (PDPC) without undue delay where feasible.



9. Miscellaneous


- Policy Updates: We may update this policy from time to time. Material changes will be communicated via in-product notifications or email.

- Governing Law: This policy is governed by the laws of Singapore.

- Complaints to PDPC: You have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) regarding our data processing practices.


If you have any questions about this policy, please contact our Data Protection Officer (DPO) via the email provided above.


ASIAINFO SECURITY Technology PTE. LTD.

January 29, 2026