Effective date: June 01, 2026

This Privacy Policy describes how Softfoundry International Pte Ltd (“Softfoundry”, “we”, “us”, or “our”) collects, uses, discloses, stores, transfers, and otherwise processes Personal Data in connection with your access to and use of the FacePro Xpert System application, website, and related services (collectively, the “Services”).

We process Personal Data for the purposes of providing, operating, maintaining, improving, securing, and supporting the Services. By accessing or using the Services, you consent to the collection and use of your Personal Data in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as those in our Terms and Conditions.

Legal Basis for Processing Personal Data

We process Personal Data where necessary to provide and operate the Services, perform contractual obligations, comply with legal requirements, protect our legitimate interests, or where consent has been obtained where required by applicable law.

Collection and Use of Personal Data

We collect and process various categories of information to provide, maintain, improve, and secure our Services, and to fulfil the purposes described in this Privacy Policy.

Data Types Collected

Personal Data
When you use our Services, we may ask you to provide us with certain information relating to an identified or identifiable individual (“Personal Data”) that we can use to contact or identify you. Categories of Personal Data we may collect include, but are not limited to:

• •  Email address
• •  Name or alias
• •  Telephone number
• •  Country, city, address and postal code
• •  Cookies and usage data
• •  Device model and operating system data (including Android ID)
• •  IP address

To ensure compatibility of push notification functionality with the terminal devices you use, we have embedded third-party terminal device manufacturer SDKs into our app. For information about these third-party SDKs, please refer to the following table.

Third-party SDK name	Information collection types	Information collection / use purpose	Third-party website /privacy policy link
Firebase Crashlytics Firebase Cloud Messaging	Device-related information (Android) (ID, device model name, CPU architecture, RAM and disk space, etc.) Crashlytics Install UUID Firebase Installation ID Crash trajectory	Used for collecting program crash logs and implementing message push.	https://firebase.google.com/support/privacy
Google ARCore	Google account ID, device ID, user device performance and other diagnostic data, such as battery life, loading time, latency, frame rate and other diagnostic data.	For AR tagging	https://policies.google.com/privacy?hl=en
Google Maps	Access Wi-Fi Status Get location	Used to obtain location and display map	https://policies.google.com/privacy?hl=en

Certain account information may be displayed within the Services to enable users to verify and manage their account details. Access to such information is available only after successful account authentication.

Users are responsible for maintaining the security and confidentiality of their account credentials and devices. If you become aware of any unauthorised access to your account or misuse of your credentials, please notify us immediately and take appropriate steps to secure your account. We may assist in investigating suspected unauthorised access where appropriate.

Account Information and Security

Certain account information, such as account identifiers, telephone numbers, email addresses, or other profile information, may be displayed within the Services to enable users to verify and manage their account information accurately. Access to such information is restricted to authenticated users who have successfully signed in to their accounts.

Users are responsible for maintaining the confidentiality and security of their account credentials, devices, and related login information. Users should take appropriate measures to prevent unauthorised access to their accounts, including protecting passwords and securing access to their devices.

If you become aware of any suspected unauthorised access, misuse of your account, compromise of login credentials, or other security-related incident, you should notify us promptly and take appropriate steps to secure your account, including changing your password or terminating active sessions where applicable. We may assist in investigating and responding to suspected unauthorised access or misuse where appropriate.

To the extent permitted by applicable law, users are responsible for activities conducted through their accounts where such activities result from the user’s failure to maintain appropriate account security measures.

Usage Data

When you access or use the Services through a desktop, laptop, mobile device, or other supported platform, we may automatically collect certain technical and usage information, including your device type, device identifiers, IP address, operating system, browser type, network information, and other diagnostic and usage data (“Usage Data”). We use such information to operate, maintain, secure, analyse, and improve the Services.

Device Permissions

Certain features of the Services require access to specific device permissions. You may choose whether to grant or withdraw such permissions through your device settings. If a required permission is not granted, the corresponding feature may not function as intended.

Audio and Video Conferencing: To participate in audio and video conferencing, you must grant access to your device’s camera and microphone. These permissions enable the transmission of audio and video communications and support optimisation of call quality and performance. If you do not grant these permissions, you will be unable to use audio and video conferencing features.

Storage Permission: To enable file uploads, downloads, messaging functions, and profile customisation, we may request access to files, images, videos, and other content stored on your device. Such access is limited to information necessary to provide the relevant functionality. If storage access is not granted, certain features, including messaging and profile image management, may not function properly.

QR Code Scanning Function: To use QR code scanning features, you must grant access to your device’s camera. We may process information relating to QR code scans in order to display scan results and provide related functionality. If camera access is not granted, QR code scanning features will not be available.

Chat Function: When you use chat features within the Services, messages and related communications are encrypted during transmission. If you choose to share images from your device, access to your photo library may be required to enable image selection and transmission. Chat records may be stored locally on your device to support the functionality of the Services. Unless otherwise stated, chat records stored locally on your device are not retained on our servers.

Location Services: Where location-based functionality is available, we may request access to your device’s location information to enable features such as location sharing, navigation, or remote support services. If location access is not granted, certain location-based features may not be available.

Automatic Launch: The Services may utilise background processes or automatic launch functionality to support incoming calls, meeting invitations, reminders, notifications, and other service-related communications. Disabling such functionality may affect the timely delivery of certain notifications and communications.

Service Optimisation and Security: To maintain the security, stability, and performance of the Services, we may collect device and application information, including device model, operating system, system version, network type, IMEI, MAC address, Android ID, list of installed applications, APP crash records, traffic statistics, operational logs, audio and video quality data (volume and audio/video packet loss rate, audio and video quality data do not involve your call content), and function usage records (such as meeting start and end time etc.). This information is used to diagnose technical issues, monitor service performance, improve functionality, and protect the security and integrity of the Services. In addition, in order to receive incoming calls in a timely manner, we may need you to enable the auto-start function to display the other party’s call information when necessary.

Retention and Storage of Personal Data

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, to provide the Services, or to comply with applicable legal, regulatory, contractual, or business requirements. Upon expiry of the applicable retention period, Personal Data will be securely deleted, anonymised, or otherwise disposed of in accordance with applicable laws and our internal retention policies.

Where Personal Data is transferred across jurisdictions for the provision of the Services, we implement appropriate technical, organisational, and contractual safeguards to ensure an adequate level of protection and to maintain the confidentiality, integrity, and security of such information.

For enterprise-managed content, including chat records, files, and other data controlled by organisational customers, retention periods may be determined by the relevant organisation. We do not access, review, or use such content except as necessary to provide the Services, where authorised by the relevant customer or user, or where required by applicable law.

Deletion of Personal Data

You may request the deletion of your Personal Data if you believe that we have processed such information in violation of applicable laws, regulations, or our obligations under this Privacy Policy. To submit a deletion request, please contact us using the details provided in the “Contact Us” section.

Upon receipt of your request, we may require verification of your identity before processing the request. Subject to applicable legal and regulatory requirements, we will review and respond to your request within a reasonable timeframe and, where applicable, inform you of the outcome within seven (7) business days following successful verification.

If your account is provided through an organisation or enterprise account, requests relating to the deletion of your account or Personal Data may need to be submitted through your organisation’s designated administrator in accordance with the organisation’s account management policies.

Your Rights

Subject to applicable law, you may have the right to access, correct, update, delete, restrict, or object to the processing of your Personal Data, withdraw consent where consent forms the basis of processing, and exercise any other rights available under applicable data protection laws.

Tracking and Cookie Data

We use cookies and similar technologies, including web beacons, tags, pixels, and scripts, to operate, maintain, secure, and improve the Services, enhance user experience, analyse usage patterns, and support the functionality of our website and applications.

Cookies are small text files that are placed on your device when you visit a website or use an application. They may contain unique identifiers and other information that enable us to recognise your browser or device and remember certain preferences and settings.

You may configure your browser settings to refuse or restrict cookies, or to notify you when cookies are being used. However, disabling certain cookies may affect the availability, functionality, or performance of some features of the Services.

Types of Cookies We Use

• •  Session Cookies – Used to enable core functionality and maintain your session while using the Services.
• •  Preference Cookies – Used to remember your preferences, settings, and user choices to enhance your experience.
• •  Security Cookies – Used to support authentication, prevent fraudulent activity, and maintain the security and integrity of the Services.
  
  

Use of Personal Data

We may collect, use, disclose, store, and otherwise process Personal Data for the following purposes:

• •  Providing, operating, maintaining, and improving the Services;
• •  Communicating with users regarding the Services and any updates thereto;
• •  Enabling access to interactive features and functionalities;
• •  Providing customer support and technical assistance;
• •  Analysing service usage and performance to enhance user experience;
• •  Monitoring the security, reliability, and effectiveness of the Services;
• •  Detecting, preventing, investigating, and resolving technical and security-related issues; and
• •  Complying with applicable legal and regulatory requirements.
  
  

Data Transmission

Your Personal Data may be transferred to, stored, or processed outside your country of residence for the purposes described in this Privacy Policy.

Where such transfers occur, we will take reasonable steps to ensure that appropriate safeguards are implemented to protect your Personal Data and that it is processed in accordance with applicable data protection laws and this Privacy Policy. We will only transfer Personal Data where appropriate safeguards have been implemented to ensure a level of protection substantially equivalent to the level of protection required under applicable data protection laws.

Information Disclosure

Legal Requirements
We may disclose your Personal Data where such disclosure is necessary or permitted under applicable law, including for the following purposes:

• •  To comply with legal, regulatory, judicial, or law enforcement requirements;
• •  To protect and defend our rights, property, or legitimate interests;
• •  To prevent, investigate, or address fraud, security incidents, misconduct, or unlawful activities relating to the Services;
• •  To protect the safety, rights, and interests of users or the public, and
• •  To establish, exercise, or defend legal claims or comply with legal obligations.
  
  

Data Security

We implement appropriate technical, organisational, and physical measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised access, disclosure, or misuse. These measures are intended to provide a level of security appropriate to the nature, scope, and sensitivity of the Personal Data processed.

While we maintain commercially reasonable safeguards and follow industry-standard security practices to protect Personal Data, no method of transmission over the Internet or method of electronic storage can be guaranteed to be completely secure. Accordingly, although we take reasonable steps to safeguard Personal Data, we cannot guarantee its absolute security.

Service Providers

We may engage third-party companies and individuals to facilitate our Services (“Service Providers”), provide services on our behalf, perform Service-related functions, or assist us in analysing how the Services are used.

These Service Providers may have access to Personal Data only to the extent necessary to perform services on our behalf. Service Providers are contractually required to process Personal Data solely in accordance with our instructions, implement appropriate technical and organisational security measures, maintain the confidentiality of Personal Data, and not disclose, use, or process such information for any purpose other than providing the contracted services, unless required by applicable law.

Third-Party Websites and Services

The Services may contain links to third-party websites or services that are not owned, operated, or controlled by us. Access to and use of such third-party websites or services is subject to their respective terms and privacy policies.

We encourage you to review the privacy practices of any third-party website or service you visit. We are not responsible for, and disclaim all liability arising from, the content, privacy practices, security measures, or operation of any third-party website or service.

Changes to this Privacy Policy

We may amend or update this Privacy Policy from time to time to reflect changes in our business practices, technologies, legal requirements, or the Services we provide.

Where required by applicable law, we will provide reasonable notice of any material changes through appropriate channels, including email, in-application notifications, or other prominent communications. The “Effective Date” at the top of this Privacy Policy will indicate when the latest version became effective.

We encourage you to review this Privacy Policy periodically to remain informed about how we collect, use, disclose, and protect your Personal Data. Unless otherwise stated, any amendments to this Privacy Policy will take effect upon publication of the updated version.

Protection of Minors

Our Services are intended primarily for adults. Where required by applicable law, minors must obtain the consent of a parent or legal guardian before using the Services or providing Personal Data.

We are committed to protecting the privacy of children and minors and will process their Personal Data only in accordance with applicable laws. If you are a parent or legal guardian and believe that a child has provided Personal Data without the required consent, please contact us using the details provided in the Contact Us section.

If we become aware that we have collected a child’s Personal Data in violation of applicable legal requirements, we will take reasonable steps to delete or anonymise such information as soon as practicable.

Other Privacy Notices

The FacePro Xpert System Privacy Policy constitutes the general privacy policy governing the collection, use, disclosure, storage, and protection of Personal Data across FacePro Xpert System products and services. The rights of users and the information security measures described therein apply to all users of the FacePro Xpert System.

In the event of any inconsistency, conflict, or discrepancy between the FacePro Xpert System Privacy Policy and this Privacy Policy in relation to your use of FacePro Xpert System services, the provisions of this Privacy Policy shall prevail to the extent of such inconsistency.

The Children’s Privacy Statement sets out additional privacy protections applicable to users who are children. Where the Children’s Privacy Statement applies and any inconsistency, conflict, or discrepancy exists between the Children’s Privacy Statement, the FacePro Xpert System Privacy Policy, and this Privacy Policy, the provisions of the Children’s Privacy Statement shall prevail to the extent of such inconsistency.

Contact Us

If you have any questions, requests, or concerns regarding this Privacy Policy or our processing of Personal Data, please contact us at:

Email: support@softfoundry.com