Vidy Privacy Policy

Last Updated: April 29, 2026

1. Data Controller and Scope

  1. This Privacy Policy ("Policy") is issued by SILICONWORLD PTE. LTD., a company incorporated in Singapore ("Vidy", "we", "us", or "our"), acting as the data controller in respect of personal data processed in connection with the Services and, where applicable, as a data processor on behalf of its customers. We process personal data in accordance with applicable data protection laws and regulations in relevant jurisdictions.

  2. This Policy applies to all personal data processed in connection with the Vidy services (the "Services"), including web-based services, mobile applications (and any future service interfaces if introduced).

2. Categories of Personal Data We Collect

We collect and process the following categories of personal data in a manner that is adequate, relevant, and limited to what is necessary for the purposes described in this Policy:

  1. Account and Authentication Data. We collect identifiers necessary to create, secure, and manage your account, including your email address. Where you choose to register or sign in via third-party authentication providers (such as Apple, Google, Facebook, or X), we may receive limited profile information from those providers, such as your profile name, avatar, and a unique user identifier. The scope of information shared depends on your settings with the relevant provider and is governed by their respective privacy policies.

  2. AI Interaction Data (User Inputs and Outputs). We process the content you submit to and receive from the Services, including prompts, instructions, queries, uploaded files (such as text, images, audio, or video), generated outputs, and interaction history with our AI systems. Such content may include personal data that you choose to provide, including potentially sensitive data such as facial images or voice data where you upload or input such content. Where such data is processed, we implement appropriate safeguards and only process it where permitted under applicable law and based on a valid legal basis. You are responsible for ensuring, to the extent required by applicable law, that you have a valid legal basis to submit any personal data through the Services, including data relating to third parties, and that such data does not infringe applicable laws or third-party rights.

  3. Technical and Device Data. We automatically collect certain technical information necessary to operate, secure, and improve the Services, including your IP address, device identifiers (such as IDFA, Android ID, or equivalent identifiers), browser type, operating system, network and usage logs, and crash reports or diagnostic data. Where required, such data is used in an aggregated or de-identified form for analytics and service optimisation.

  4. Payment and Transaction Data. Where you purchase paid features, we collect limited transaction-related information through third-party payment processors, including subscription status, payment confirmation, and transaction reference identifiers. We do not collect or store full payment card details. Payment processing is carried out by independent third-party providers subject to their own privacy and security practices.

  5. Communications Data. We collect information contained in your communications with us, including customer support requests, service-related correspondence, feedback, complaints, and, where necessary, information used to verify your identity or address security and fraud prevention requirements.

3. Purposes of Processing

  1. We process personal data to provide, operate, and maintain the Services, including enabling AI generation and interactive features based on your inputs and instructions, managing user accounts, and handling billing, payments, and subscription administration. We may also use your contact information to send you service-related communications and, where permitted by your preferences or applicable law, promotional messages and direct marketing communications, and you may opt out of such communications at any time.

  2. We also process personal data to ensure the security, integrity, and reliability of the Services, including for fraud detection, abuse prevention, and the protection of users, systems, and third parties.

  3. In addition, we process personal data to improve and develop the Services, including through analytics, performance optimization, and product enhancement. Where possible, such processing is carried out using aggregated or de-identified data.

  4. Where necessary, we process personal data to comply with applicable legal and regulatory obligations, including record-keeping and regulatory requests, and to enforce our contractual rights and defend against legal claims.

4. Legal Basis for Processing

Where applicable data protection laws require a legal basis for processing, we rely on the following grounds in connection with the specific purposes described in this Policy:

  1. We process personal data to provide, operate, and maintain the Services, including enabling AI generation and interactive features and managing user accounts, where such processing is necessary for the performance of a contract with you.

  2. We process personal data for billing, payments, and subscription administration, where such processing is necessary for the performance of a contract and, where applicable, to comply with legal and financial obligations.

  3. We process personal data to ensure the security, integrity, and reliability of the Services, including fraud detection, abuse prevention, and protection of users, systems, and third parties, where such processing is necessary for our legitimate interests.

  4. We process personal data to improve, develop, and optimise the Services, including through analytics, performance monitoring, and product development, where such processing is necessary for our legitimate interests. Where possible, such processing is carried out using aggregated or de-identified data.

  5. We process personal data based on your consent where required, including for non-essential cookies, optional features, or other processing activities that require your permission. You may withdraw your consent at any time.

  6. We process personal data where necessary to comply with applicable legal and regulatory obligations, including responding to lawful requests from public authorities, maintaining records, and enforcing our terms and legal rights.

5. AI-Specific Disclosures

  1. Nature of AI Outputs. AI-generated outputs are produced through probabilistic systems and may be inaccurate, incomplete, or outdated. Outputs are not human-generated, reviewed, or verified unless expressly stated. They are provided for general informational purposes only and should not be relied upon as professional advice, including legal, medical, financial, or safety-critical advice. You are responsible for evaluating the accuracy and suitability of any outputs before use.

  2. No Automated Decision-Making with Legal Effect. We do not use AI systems to make decisions that produce legal effects or similarly significant impacts on individuals without meaningful human involvement. The Services are intended to assist users and do not replace human judgment.

  3. Training and Model Use. Unless expressly stated otherwise or with your separate consent where required, we do not use user content to train AI models. User content is processed solely to provide the Services, including generating outputs in response to your inputs. We may use aggregated or de-identified data to improve, optimise, and secure the Services.

  4. High-Risk and Prohibited Uses. The Services are not intended for high-risk or sensitive use cases where errors could result in harm, including legal decision-making, medical use, financial advice, emergency response, or other safety-critical contexts. You must not use the Services for unlawful, harmful, or misleading purposes, including infringement of intellectual property or privacy rights, unauthorized use of personal data (such as images or voice data), or impersonation, fraud, or deception. We may implement safeguards, including content moderation and access restrictions, to prevent misuse and ensure compliance with applicable laws.

6. Data Sharing and Disclosure

We do not sell personal data or share personal data for cross-context behavioural advertising. We only share personal data where necessary for the purposes described in this Policy and subject to appropriate contractual, technical, and organisational safeguards. We may disclose personal data to the following categories of recipients:

  1. Service Providers (Processors). We engage carefully selected third-party service providers to support the operation, security, analytics, and functionality of the Services. These providers process personal data on our behalf and are contractually bound to confidentiality and data protection obligations.
CategoryService ProviderPurpose of ProcessingPrivacy Policy
Error MonitoringBuglyProCollection of application crash reports and diagnostic data for troubleshooting and performance optimisationLink
Analytics / AttributionAdjustMarketing attribution and campaign performance measurementLink
Feature ManagementShiplyManagement and control of specific features or campaign modulesLink
AnalyticsRangers (Volcengine)User behaviour analytics and statistical analysisLink
AuthenticationGoogle Sign-InUser authentication and account loginLink
AI ServicesGemini LiveGeneration of audio-based AI responsesLink
AI ServicesGeminiGeneration of text-based AI responsesLink
Content ModerationNetEase YidunContent security review and risk detection for user-submitted dataLink
Cloud InfrastructureAWSHosting and storage of user data, including uploaded content and system dataLink

  1. Affiliates and Group Companies. We may share personal data within our corporate group where necessary for internal administrative purposes, service delivery, security management, and business operations, subject to appropriate safeguards.

  2. Legal and Regulatory Disclosures. We may disclose personal data to courts, regulators, law enforcement authorities, or other competent third parties where required by applicable law or legal process, or where such disclosure is necessary to comply with legal obligations, enforce our contractual rights, prevent or investigate fraud, abuse, or security incidents, or protect the rights, property, or safety of our users, our organisation, or third parties.

  3. Business Transfers. In the event of a merger, acquisition, restructuring, financing, or sale of assets, personal data may be transferred to relevant third parties as part of the transaction, subject to confidentiality obligations and applicable data protection requirements.

  4. User-Directed Sharing. Where you choose to connect or interact with third-party services (e.g., through login integrations), we may share relevant data as necessary to enable such integrations, in accordance with your instructions and the third party's policies.

  5. Safeguards. All recipients of personal data are subject to appropriate safeguards, including contractual data protection obligations, confidentiality requirements, security controls, and restrictions on onward transfers. We take reasonable steps to ensure that such recipients process personal data in accordance with applicable data protection requirements.

7. International Data Transfers

  1. As a global SaaS provider, personal data may be transferred to and processed in jurisdictions outside your country of residence, including being stored in Singapore and accessed or processed in China, as well as in other countries where our service providers operate.

  2. Where required by applicable data protection laws, we implement appropriate safeguards for such transfers, including Standard Contractual Clauses or other legally recognised transfer mechanisms, together with additional technical and organisational measures to ensure an adequate level of protection. We assess, on an ongoing basis, the circumstances of such transfers and implement supplementary safeguards where necessary.

8. Data Retention

  1. We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including providing the Services, complying with legal obligations, resolving disputes, enforcing agreements, and ensuring system integrity and security.

  2. Retention periods may vary depending on the nature of the data and the applicable processing purpose, and will not exceed six (6) months unless a longer retention period is required or permitted by applicable laws, or reasonably necessary for legal, security, or dispute resolution purposes.

9. Security, Data Protection Governance & Breach Notification

  1. We implement appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, least-privilege access controls, security monitoring, and periodic assessments, taking into account the nature of the data and the risks involved.

  2. We maintain internal governance frameworks, including data protection policies, confidentiality obligations, security training, vendor risk management, and incident response procedures. Where required, we designate a responsible data protection function.

  3. In the event of a personal data breach likely to result in a risk to individuals, we will take prompt steps to contain and mitigate the impact and, where required, notify competent authorities and affected individuals without undue delay.

10. Your Rights

  1. Subject to applicable data protection laws, you may have certain rights in relation to your personal data, including the right to access, correct, delete, or restrict the use of your personal data, to object to certain processing, and, where applicable, the right to data portability and to withdraw consent. You may also have the right to opt out of certain uses of your personal data, such as direct marketing communications.

  2. You may exercise these rights by contacting us using the details provided in this Policy. We may take reasonable steps to verify your identity before fulfilling your request and will respond within the timeframes required by applicable law. We may refuse requests that are manifestly unfounded, excessive, or otherwise not required under applicable law. We will not discriminate against you for exercising your privacy rights.

11. Cookies and Tracking Technologies

  1. We use cookies and similar technologies to operate, secure, and improve the Services, including for authentication, performance monitoring, usage analytics, and service optimisation. Where required by applicable law, we obtain your consent before placing non-essential cookies through cookie banners or similar mechanisms.

  2. You may manage your cookie preferences at any time through our cookie settings or your browser controls. Please note that strictly necessary cookies cannot be disabled, and disabling certain cookies may affect the availability or functionality of the Services.

12. Children's Data

The Services are intended for users aged 18 and above, and we do not knowingly collect or process personal data of individuals under the age of 18. If we become aware that such data has been inadvertently collected, we will promptly delete it in accordance with applicable data protection laws, including the GDPR and the CCPA, and take reasonable steps to prevent further collection.

13. Policy Updates

We may update this Privacy Policy from time to time. Where we make material changes, we will provide prior notice by appropriate means in accordance with applicable data protection laws. We encourage you to review the Policy periodically. Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acknowledgment of the changes and, where required by applicable law, your acceptance of the revised Policy.

14. Contact Information

For privacy-related inquiries or requests:

SILICONWORLD PTE. LTD.

Email: support@vidy.chat

Address: 1 RAFFLES PLACE #21-01 ONE RAFFLES PLACE SINGAPORE (048616)

If you have concerns regarding our handling of your personal data, you also have the right to contact the competent supervisory or regulatory authority in your jurisdiction, where applicable.