Privacy Policy

Last updated: 11 May 2026

This Privacy Policy describes how Virtala Tech Pte. Ltd. ("Virtala," "we," "us") processes personal data when you visit our website, use our demo or sales channels, or use the Virtala cloud platform and related services (together, the "Services"). It is intended for business contacts and authorized users of our customers, not for consumer banking end users (your organization's privacy notices govern those relationships).

1. Who is responsible?

The data controller for personal data we collect in our own business capacity (for example marketing, account administration, and billing) is:

Virtala Tech Pte. Ltd.
Singapore
Email: privacy@virtala.ai

2. Personal data we process

Depending on how you interact with us, we may process:

  • Account and contact data: name, work email, employer, role, phone, and similar identifiers you or your organization provide.
  • Service and technical data: authentication events, IP address, device and browser type, logs, configuration metadata, and support tickets.
  • Customer content: files, case notes, and other content your organization uploads to the Virtala platform to operate KYC/AML workflows. Your organization is typically the controller of that content; we process it as a processor under agreed terms and, where applicable, a data processing agreement (DPA). See our data processing overview for how to obtain a DPA.
  • Marketing preferences: subscription choices and engagement with our communications.

3. Purposes and legal bases (GDPR)

Where EU/UK GDPR applies, we rely on:

  • Contract — to provide the Services and support you have requested.
  • Legitimate interests — to secure our systems, improve product reliability, prevent abuse, and carry proportionate B2B marketing, balanced against your rights.
  • Consent — where required for non-essential cookies or specific communications (see our Cookie Policy).
  • Legal obligation — where we must retain or disclose records to comply with law.

4. Sharing and subprocessors

We use vetted infrastructure and software providers (for example cloud hosting, authentication, email, and observability) who process personal data on our instructions. A current list of categories of subprocessors is available on request from privacy@virtala.ai. We impose confidentiality, security, and data protection terms consistent with the role each provider performs.

5. International transfers

Your data may be processed in Singapore and other countries where we or our subprocessors operate. Where GDPR applies, we use appropriate safeguards (such as Standard Contractual Clauses) when transferring personal data to countries not covered by an adequacy decision.

6. Retention

We retain personal data only as long as needed for the purposes above, including legal, accounting, and security requirements. Retention periods for customer content are aligned with your organization's instructions and our agreement.

7. Security

We implement technical and organizational measures appropriate to the risk, including access controls, encryption in transit and at rest where applicable, and operational monitoring. See our Security page for a high-level overview.

8. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict processing, object, or port your personal data, and to withdraw consent where processing is consent-based. EU/UK individuals may lodge a complaint with their supervisory authority. To exercise rights, contact privacy@virtala.ai.

9. Changes

We may update this policy from time to time. Material changes will be highlighted on this page or communicated through appropriate channels.