Privacy Policy

How we collect, process, and protect your data under bank-grade encryption protocols.

Last Updated: March 29, 2026  |  Effective Date: March 29, 2026

1. Introduction & Scope

Korteq Systems ("Company," "we," "us," or "our") is committed to protecting the privacy and security of all data entrusted to us. This Privacy Policy explains how we collect, use, store, share, and protect information when you:

  • Visit our website at korteqsystems.com
  • Engage our Services under a Statement of Work (SOW)
  • Interact with our autonomous systems, platforms, or dashboards
  • Communicate with us via email, WhatsApp, or other channels

Korteq Systems operates as a B2B autonomous infrastructure provider. Our Services are designed for business entities, not individual consumers. This policy should be read in conjunction with our Terms of Service.

By engaging our Services or using our website, you acknowledge that you have read and understood this Privacy Policy.

2. Definitions

The following terms carry the meanings defined below throughout this Privacy Policy:

"Personal Data" Any information relating to an identified or identifiable natural person, including name, email address, IP address, device identifiers, and any other data defined as personal data under applicable data protection laws.
"Processing" Any operation performed on Personal Data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.
"Data Controller" The entity that determines the purposes and means of processing Personal Data. Korteq Systems acts as Data Controller for data collected through our website and direct engagements.
"Data Processor" The entity that processes Personal Data on behalf of the Data Controller. Korteq Systems acts as Data Processor when handling Client data under a SOW.
"Data Subject" The individual to whom Personal Data relates.
"Sub-processor" A third-party service provider engaged by Korteq Systems to process data on behalf of the Client.
"DPA" (Data Processing Agreement) A legally binding agreement between Korteq Systems and the Client that governs data processing activities performed on the Client's behalf.
"Autonomous Systems" Self-operating software infrastructure built and deployed by Korteq Systems, including lead engines, closer bots, SEO matrices, social AI, ad optimization tools, and custom AI platforms.

3. Data We Collect

We collect and process data across several categories depending on your interaction with Korteq Systems:

3.1 Website Visitor Data

When you visit our website, we may automatically collect:

  • IP address and approximate geolocation
  • Browser type, version, and language preferences
  • Device type, operating system, and screen resolution
  • Pages visited, time spent, and navigation patterns
  • Referring URL and search terms used to find our site
  • Cookie consent preferences

3.2 Contact & Inquiry Data

When you reach out to us through our contact form or direct channels, we collect:

  • Full name and email address
  • Company name and job title
  • Service of interest and project details
  • Message content and any attachments

3.3 Client Engagement Data

When you enter into a business engagement with us, we may collect:

  • Business registration details and billing information
  • Platform credentials and API keys provided for integration
  • Business data, content, and assets provided under the SOW
  • Communication logs related to the engagement

3.4 Autonomous System Data

Our autonomous systems may process the following data on behalf of Clients:

  • Outbound AI Engine: Prospect contact information, email engagement metrics, and campaign analytics
  • Autonomous Closer: Conversation logs, prospect responses, and engagement data via WhatsApp or web chat
  • SEO Sniper Matrix: Search performance data, keyword analytics, and content metrics
  • Omnipresent Social: Social media account data, audience analytics, and content performance metrics
  • ROAS Machine: Meta ad account data, campaign performance, audience targeting data, and spend analytics
  • Apex Custom AI: Business logic data, user interaction data, and system-specific data as defined in the SOW

3.5 Communication Data

We collect data from our interactions with you across all channels, including email correspondence, WhatsApp messages, video call recordings (with prior consent), and support ticket content.

4. How We Use Your Data

We process your data based on the following legal grounds and for the stated purposes:

4.1 Contract Performance

  • Delivering Services as defined in the applicable SOW
  • Setting up, configuring, and maintaining autonomous systems
  • Processing payments and managing billing
  • Providing technical support and system updates
  • Communicating about engagement-related matters

4.2 Legitimate Interest

  • Improving and optimising our website, systems, and services
  • Analysing usage patterns to enhance user experience
  • Ensuring system security and preventing fraud
  • Internal reporting, analytics, and business development

4.3 Consent

  • Sending marketing communications about new services or features
  • Setting non-essential cookies and tracking technologies
  • Recording video calls or meetings

4.4 Legal Obligation

  • Complying with tax, accounting, and regulatory requirements
  • Responding to lawful requests from public authorities
  • Maintaining records required by applicable law

AI Training Disclosure: Client data processed through our autonomous systems is never used to train general-purpose AI models. System optimisation occurs only within each Client's isolated environment and benefits only that Client's deployment.

5. Data We Process on Your Behalf

When Korteq Systems operates autonomous systems for a Client, we act as a Data Processor for data that flows through those systems. In this capacity:

  • Client as Controller: The Client remains the Data Controller for all end-user and prospect data processed by our systems. The Client is responsible for ensuring they have the appropriate legal basis to collect and process that data.
  • Per-Client Isolation: All Client infrastructure is deployed on isolated, dedicated environments. Client data is never co-mingled with other Clients' data.
  • Processing Instructions: We process Client data solely in accordance with the Client's documented instructions as defined in the SOW and applicable DPA.
  • DPA Availability: A Data Processing Agreement (DPA) is available upon request and will be executed for all engagements where Korteq Systems processes personal data on the Client's behalf.
  • Sub-processor Oversight: We maintain a list of approved sub-processors (see Section 7) and will notify Clients before engaging new sub-processors, providing the opportunity to object.

6. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and understand how our site is used.

6.1 Types of Cookies We Use

  • Essential Cookies: Required for core website functionality, including cookie consent preferences (stored in localStorage). These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymised usage data. These are only set with your consent.
  • Functional Cookies: Enable enhanced features such as remembering your preferences and settings.

6.2 Cookie Consent

On your first visit, our cookie consent banner will ask for your preference. You can accept or decline non-essential cookies. Your consent choice is stored locally in your browser and can be changed at any time by clearing your browser data or managing your cookie settings.

6.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling essential cookies may affect the functionality of our website. For more information on managing cookies, visit your browser's help pages.

7. Third-Party Services & Sub-processors

We work with trusted third-party providers to deliver our Services. Each sub-processor is vetted for their security practices and data protection compliance. Below is a summary of the categories of sub-processors we engage:

Cloud Infrastructure Google Cloud Platform, Amazon Web Services (AWS), Cloudflare — for hosting, content delivery, DDoS protection, and compute resources.
AI & Machine Learning OpenAI — for powering AI capabilities within our autonomous systems, including natural language processing, content generation, and conversational AI.
Advertising Platforms Meta Business (Facebook/Instagram) — for ad campaign management and optimisation via our ROAS Machine system.
Payment Processing Stripe — for secure payment processing. We do not store credit card details on our servers.
E-Commerce Shopify Plus — for e-commerce infrastructure when deploying Global E-Commerce solutions.
Communication WhatsApp Business — for real-time prospect engagement and client communication.

Data shared with third parties is limited to what is strictly necessary for the purpose of providing our Services. All sub-processors are bound by contractual obligations to protect your data. We maintain an up-to-date sub-processor list available to Clients upon request.

We do not sell, rent, or trade your personal data to any third party for their marketing purposes.

8. AI & Automated Decision-Making

Transparency Notice: Korteq Systems deploys autonomous AI-driven systems as a core part of its service offering. This section explains how automated processing works within our systems.

8.1 Types of Automated Processing

Our autonomous systems perform the following types of automated processing:

  • Lead Scoring & Qualification: Automated assessment of prospect engagement signals to prioritise outreach efforts.
  • Content Generation: AI-generated email copy, social media content, and SEO-optimised articles based on Client parameters.
  • Conversational AI: Automated responses in WhatsApp and web chat to engage prospects 24/7.
  • Ad Optimisation: Autonomous budget allocation, bid adjustment, and audience targeting for Meta advertising campaigns.
  • Performance Analysis: Automated reporting and insights generation from campaign and system data.

8.2 Human Oversight

While our systems operate autonomously, human oversight is maintained through:

  • Client-accessible dashboards with real-time system visibility
  • Configurable parameters and guardrails set during the Architecture Audit phase
  • Escalation protocols for edge cases or anomalous behaviour
  • Regular performance reviews and system audits by our engineering team

8.3 Your Rights Regarding Automated Decisions

Where automated processing produces effects that significantly impact individuals, Data Subjects have the right to:

  • Obtain an explanation of the logic involved in the automated decision
  • Request human intervention or review of the decision
  • Express their point of view and contest the decision

Clients are responsible for informing their own end-users about the use of automated systems and for handling any Data Subject requests related to automated decisions made by our systems on the Client's behalf.

9. Data Security

Korteq Systems implements bank-grade security measures to protect your data against unauthorised access, alteration, disclosure, or destruction.

9.1 Encryption

  • In Transit: All data transmitted between your browser and our servers, and between our internal systems, is encrypted using TLS 1.3.
  • At Rest: All stored data is encrypted using AES-256 encryption.

9.2 Infrastructure Security

  • Per-Client Isolation: Each Client's infrastructure runs in a dedicated, isolated environment with no shared resources or data pathways.
  • Access Controls: Strict role-based access control (RBAC) with the principle of least privilege. All access is logged and auditable.
  • 24/7 Monitoring: Continuous monitoring with automated threat detection, alerting, and escalation protocols.
  • Incident Response: Critical security incidents are acknowledged within 2 hours with a defined response and communication protocol.

9.3 Compliance & Audits

  • SOC 2 Readiness: Our internal processes and controls are designed to meet SOC 2 Type II standards.
  • PDPA Compliance (Singapore): We operate in full compliance with Singapore's Personal Data Protection Act (PDPA). All personal data from Singapore-based clients and their end-users is collected, used, and disclosed in accordance with PDPA obligations, including consent, purpose limitation, and access requirements.
  • GDPR Alignment: Our data protection practices are aligned with the EU General Data Protection Regulation (GDPR) for all global operations.
  • Regular Audits: We conduct periodic security assessments, vulnerability scans, and penetration testing.
  • Employee Training: All team members undergo regular data protection and security awareness training.

10. International Data Transfers

Korteq Systems operates globally, serving Clients across Dubai, Singapore, Australia, and other markets. As a result, your data may be transferred to and processed in countries outside your jurisdiction.

When transferring data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses for transfers of personal data outside the European Economic Area (EEA) to countries without an adequate level of data protection.
  • Adequacy Decisions: Where applicable, we rely on adequacy decisions issued by the European Commission recognising that certain countries provide an adequate level of data protection.
  • Cloud Provider Compliance: Our cloud infrastructure providers (Google Cloud, AWS) maintain compliance with international data transfer frameworks and offer regional data residency options upon request.
  • Contractual Safeguards: All sub-processors engaged in international data processing are bound by contractual obligations that provide equivalent data protection standards.

Clients who require data to remain within a specific geographic region may request regional deployment options during the Architecture Audit phase.

11. Data Retention

We retain data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

11.1 Retention Periods

  • Website Visitor Data: Anonymised analytics data is retained for up to 26 months. Raw server logs are retained for up to 90 days.
  • Contact & Inquiry Data: Retained for the duration of the business relationship plus 12 months, unless you request earlier deletion.
  • Client Engagement Data: Retained for the duration of the engagement. Upon termination, data is available for export for 30 days before permanent deletion, as specified in our Terms of Service (Section 10.5).
  • Autonomous System Data: Retained for the duration of the Client's active engagement. Data processing ceases upon termination and follows the same 30-day export and deletion schedule.
  • Communication Logs: Business correspondence is retained for 24 months after the last interaction for quality assurance and dispute resolution purposes.
  • Financial Records: Invoice and payment records are retained for the period required by applicable tax and accounting regulations (typically 7 years).

11.2 Deletion Process

When data reaches the end of its retention period, it is permanently deleted using industry-standard secure deletion methods. Backup copies follow a separate but aligned deletion schedule, with complete purge occurring within 30 days of the primary deletion.

12. Your Rights

Under applicable data protection laws, including the GDPR, you have the following rights regarding your personal data:

Right of Access You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
Right to Rectification You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure You have the right to request deletion of your personal data where there is no compelling reason for its continued processing ("right to be forgotten").
Right to Restrict Processing You have the right to request that we limit the processing of your personal data under certain circumstances.
Right to Data Portability You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another controller.
Right to Object You have the right to object to the processing of your personal data based on legitimate interest or for direct marketing purposes.
Right to Withdraw Consent Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing performed prior to withdrawal.
Rights Related to Automated Decisions You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects (see Section 8.3).

How to Exercise Your Rights

To exercise any of the above rights, please contact us at hello@korteqsystems.com with the subject line "Data Subject Request." We will respond to your request within 30 days. In certain cases, we may need to verify your identity before processing the request.

If you believe that we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

13. Children's Privacy

Korteq Systems provides B2B services designed exclusively for business entities and their authorised representatives. Our Services are not directed at individuals under the age of 18.

We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete that information. If you believe a child has provided us with personal data, please contact us at hello@korteqsystems.com.

14. Changes to This Policy

  • Korteq Systems reserves the right to update or modify this Privacy Policy at any time. Changes will be communicated with at least 30 days' notice via email or through our website.
  • Material changes — including modifications to data collection practices, sharing policies, or your rights — will be clearly highlighted in the notification.
  • The "Last Updated" date at the top of this page will reflect the most recent revision.
  • Continued use of our website or Services after the notice period constitutes acceptance of the updated Privacy Policy.
  • If you do not agree with the updated policy, you may terminate the engagement in accordance with our Terms of Service (Section 10).

15. Contact Information

For questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

Korteq Systems — Data Protection

Email: hello@korteqsystems.com

Subject Line: Privacy Inquiry

Response Time: Within 24 hours on business days

Contact Us