This Privacy Policy explains how Daysun Labs Pte. Ltd.("Daysun Labs", "we", "our", or "us"), the company behind Astate, collects, uses, stores, and protects personal data when you use the Astate web application and related services ("Astate" or the "Service"). If you have any questions, write to us at hello@astate.sg.
1. Who we are
Daysun Labs Pte. Ltd. is a company incorporated in Singapore (UEN 202522106R). Registered address: 152 Beach Road, #23-02, Gateway East, Singapore 189721. For purposes of Singapore's PDPA, our Data Protection Officer can be contacted at hello@astate.sg.
2. Our core data promises
Before going into the legal detail, here is what we commit to in plain terms.
- We do not train AI models on your data.Your conversations, contacts, and listings are never used to train any AI model — ours or any third party's.
- We do not sell or share your data. Not to other agents, not to property portals, not to advertisers, not to data brokers — ever.
- Your data is isolated to your account. Other Astate users cannot see, search, or learn from your conversations, contacts, or listings.
- Your data lives in Singapore. Our primary database is hosted in the Singapore region.
- You can export or delete your data at any time. No lock-in. No leftover copies.
- The language model that drafts your replies operates under a no-training contract. Whether we use one provider or rotate between providers, the operating terms always include: no use of your data for model training, and processing-only retention.
The rest of this policy explains how we deliver on those promises.
3. Data we collect
We collect only what we need to deliver the Service.
3.1 Account data
- Your name and email address (used to log you in via magic link).
- Your business identifiers, if you choose to provide them (e.g., CEA registration number, agency name).
3.2 Service-generated content
- WhatsApp messages received by your connected business number ("Inbound Messages").
- Your draft and final replies sent through Astate ("Outbound Messages").
- Edits you make to AI-generated drafts (used only to personalize your future drafts within your own account).
- Listings, notes, and other content you upload or enter into Astate.
3.3 Contact data of your clients
- Phone numbers and display names of WhatsApp contacts who message your business number.
- Any personal data your clients voluntarily share in their messages.
Important: When your clients message your WhatsApp business number, their personal data flows through Astate. As an agent, you represent and warrant that you have the legal basis (consent or otherwise) to process this data via Astate. We act as your data processor for this content.
3.4 Usage and technical data
- Device, browser, operating system, IP address, and similar technical metadata.
- Feature usage events (e.g., "draft generated", "reply sent") used for product analytics — never tied to message content.
3.5 What we do not collect
- We do not access your WhatsApp account beyond the messages routed to your connected business number through our authorized BSP (360dialog).
- We do not access your phone's contacts, photos, or any data outside the Service.
- We do not collect financial information unless you become a paying customer (handled by our payment processor at that time).
4. How we use your data
| Purpose | Legal basis (PDPA) | Examples |
|---|---|---|
| Deliver the Service | Performance of contract / consent | Generate drafts, send replies, store conversations |
| Personalize your drafts | Performance of contract | Learn from your edits to improve your future drafts within your account |
| Service security & fraud prevention | Legitimate interest | Detect abuse, prevent unauthorized access |
| Customer support | Performance of contract | Respond to your questions |
| Product improvement (aggregate) | Legitimate interest | Track which features are used (never tied to message content) |
| Legal compliance | Legal obligation | Respond to lawful government requests |
We do not use your data for advertising, profiling for third parties, or training AI models.
5. Subprocessors
We use the following subprocessors to deliver the Service. Each is bound by a written agreement requiring confidentiality and security at least equivalent to what we promise you.
| Subprocessor | Purpose | Region |
|---|---|---|
| Current LLM provider (currently Anthropic, PBC) | LLM inference for drafting replies. We may rotate providers with 30 days' notice. All providers we use are bound by equivalent no-training terms. | United States |
| Vercel Inc. | Application hosting | Singapore region |
| Turso (ChiselStrike Inc.) | Primary database (libSQL) | Singapore region |
| 360dialog GmbH | WhatsApp Business API provider | EU / regional |
| Resend, Inc. | Transactional email (magic link login) | United States |
| Upstash, Inc. | Rate limiting and caching (no message content stored) | Singapore region |
| Sentry (Functional Software, Inc.) | Error monitoring (no message content) | United States |
| PostHog Inc. | Product analytics (no message content) | United States / EU |
| Google LLC (Workspace) | Business email | Multiple regions |
We will give 30 days' advance notice before adding new subprocessors that handle message content.
6. Data sharing
We do not sell, rent, lease, or share your personal data with third parties for their own purposes. The only situations in which your data leaves our systems are:
- To our subprocessors (Section 5), strictly to deliver the Service.
- When required by law, such as a valid court order or lawful government request. We will notify you unless legally prohibited.
- In a corporate transaction (merger, acquisition), in which case the acquiring entity must accept this Privacy Policy or notify you of changes.
We will never share your data with property portals, real estate agencies (other than your own, with your explicit consent), data brokers, or advertisers.
7. Data residency and cross-border transfer
Your account data, conversations, contacts, and listings are stored in Singapore. Some subprocessors (Anthropic, Resend, Sentry, PostHog) operate from the United States or other regions. Where personal data is transferred outside Singapore, we ensure the recipient is bound by contractual protections at least comparable to PDPA standards.
8. Data retention
| Data type | Retention |
|---|---|
| Account data | While your account is active + 30 days after deletion |
| Conversations, drafts, replies | While active. On deletion, hard-deleted within 30 days (including backups) |
| Tone learning context | While active. Deleted with your account. |
| Usage analytics (no content) | Up to 24 months in aggregate form |
| Logs (security & operational) | Up to 90 days |
| Backups | 30-day rolling, fully purged within 30 days of deletion |
You can request earlier deletion at any time (Section 10).
9. Security
We protect your data using industry-standard practices, including:
- Encryption in transit (TLS 1.2+).
- Encryption at rest for the primary database.
- Role-based access controls and the principle of least privilege.
- Logical isolation between accounts (no cross-account queries).
- Audit logging of administrative access.
- Regular review of subprocessor security posture.
No system is perfectly secure. In the event of a personal data breach affecting you, we will notify you and the Singapore Personal Data Protection Commission (PDPC) where required by law, generally within 72 hours of becoming aware of the breach.
10. Your rights
Under Singapore's PDPA, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate personal data.
- Withdraw consent to our processing (which may end your ability to use the Service).
- Request deletion of your personal data.
- Export your data in a portable, machine-readable format.
To exercise any of these rights, write to hello@astate.sg. We will respond within 30 days. For users covered by other privacy laws (e.g., EU GDPR), additional rights may apply. We honour reasonable requests regardless of jurisdiction.
11. Children
Astate is for licensed real estate professionals. We do not knowingly collect data from anyone under 18. If you believe we have collected such data, contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to your registered address at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.
13. Contact us
For any privacy-related question, request, or concern:
Daysun Labs Pte. Ltd.
Attn: Data Protection Officer
hello@astate.sg
152 Beach Road, #23-02, Gateway East, Singapore 189721