Privacy Policy-Whale

Last update: May, 2025

Thank you for your interest in Whale products and services (hereinafter referred to as "We"). We respect your concerns about privacy and appreciate your trust and confidence in us. In view of this, Whale has formulated the "Whale Business Privacy Policy" (hereinafter referred to as "this Policy"). This Policy applies to Whale enterprise business websites, applications, products, and services that display or provide links to this Policy. We remind you: Before using the services of our website, please make sure that you have carefully read and thoroughly understood this Policy. We strive to be clear and concise and to use bold text to alert you to the clauses that are significantly relevant to your interests.

This policy will help you understand the following:

I. Definition

II. Scope of Application

III. How We Collect Personal Data

IV. How We Use Personal Data

V. How We Use Cookies & Similar Technologies

VI. How We Provide, Transfer, and Disclose Your Personal Data

VII. How We Store Personal Data

VIII. How We Protect Personal Data

IX. How to Access & Control Your Personal Data

X. How We Deal with Children's Personal Data

XI. How This Policy Is Updated

XII. How to Contact Us

I. Definition

Whale Website: Whale Official website (The domain name: www.meetwhale.com/ and associated domain names)

Whale: Unless otherwise agreed, "Whale" refers to relevant legal entities such as Whale Tech Pte. Ltd. and its affiliate companies, that provide you with relevant services and assume corresponding responsibilities.

Affiliate Companies: "Affiliate Companies" means companies directly or indirectly controlled by Whale; or that have direct or indirect control of Whale; or co-control of the same company as Whale with the ability to exert significant influence over it; or a company directly or indirectly controlled by the same company as Whale, including but not limited to parent companies, subsidiaries, etc.

Personal Data: Personal data means any Data that, either on its own or jointly with other data, can be used to identify an individual.

II. Scope of Application

Depending on how you interact with us, you may need to provide us with personal data when you use our websites, applications, products, or services. In some cases, you can choose not to provide such data, but this may prevent us from providing you with corresponding products or services, or may mean that we cannot respond to or resolve any issues you have raised. Depending on your country, the Whale representative office that you interact with will be responsible for handling your data. The Website, the App, and any services we provide in connection with one or more of the above businesses are collectively referred to as the "Services".

This Policy does not apply to how third parties collect, use, disclose or retain data. We recommend that you review the personal data protection policies of these third-party websites or services.

III. How We Collect Personal Data

We collect and use personal data to provide better product and service experience for you. We may use your personal data for the following purposes:

1. Account Registration

In order to register as a user of our services, you will need to provide your mobile phone number, email address, name, password, and verification code to create or log in to the Platform.

2. Active Users

In order to provide you with the services you choose to use or to guarantee the quality of service and experience, we will collect your online behavior data.

3. Products and Technical Services

In order to provide customers with the product technology, customers and their employees need to provide mobile phone numbers and email addresses to log in and receive operational data, work tasks, approval tasks, customer service consultation, operation, maintenance, and others.

4. Security Services

In order to meet the relevant legal requirements, and to provide you with safe and stable services, to protect you from viruses, Trojans, or other malicious programs and websites, we need to record the service category, method and device brand, device model, device name, device software version data and other daily logs and service-related data in the process of your use of our services.

5. Collection and use of non-personally identifiable information (PII)

Non-PII is information that cannot be used to identify a particular individual. For example, statistical data, such as the number of visits to our website, is non-PII. We collect this data to understand how people use our websites, applications, products, and services so that we can improve our quality of service and better meet user requirements. We may collect, use, process, transfer, or disclose non-PII for other purposes at our own discretion. We will try best to isolate your personal data from non-PII and use them separately. If non-PII is mixed with your personal data, it will be treated as personal data.

IV. How We Use Personal Data

1. To accomplish the purposes described in " III. How We Collect Personal Data" in this Policy.

2. To keep you informed of the status of your use of the services, we will send you service reminders or notifications.

3. Report to the relevant authorities in accordance with laws, regulations, or regulatory requirements.

4. Invite you to participate in customer research related to our services.

V. How We Use Cookies & Similar Technologies

To ensure our websites and applications work correctly, we may need to place a small piece of data known as a cookie on your computer or mobile device. A cookie is a text file stored by a web server on a computer or mobile device. The content of a cookie can be retrieved or read only by the user or server that creates the cookie. A cookie often consists of identifiers, site names, and some numbers and characters. Cookies are unique to the browsers or applications you use, and enable websites or applications to store data such as your preferences or items in your shopping cart.

Like many other websites or Internet service providers, we use cookies to improve user experience. Cookies allow websites or applications to remember your settings such as language, preferred font size, or other browser preferences. This means that you do not need to set your preferences on every visit. If you disable cookies, websites will treat you as a new visitor every time you load a web page. For example, if you navigate away from the website you are logged in to and then return to it, you will need to log in to it again.

We will not use cookies for any purpose other than those mentioned in this Policy. You can manage or delete cookies based on your own preferences. For details, visit AboutCookies.org. You can clear all the cookies stored on your computer, and most web browsers provide the option of blocking cookies. However, by doing so, you have to change the user settings every time you visit our website. Find out how to manage cookie settings for your browser here:

In addition to cookies, we may also use other similar technologies, such as web beacons and pixel tags, on our websites and applications. For example, we may send you an email that contains a click-through URL linking to a Whale web page. If you click the link, we will track your visit to help us learn about your preferences for products and services and improve our customer service. A web beacon is a transparent image embedded in a web page or email. We use pixel tags in emails to find out whether an email has been opened. If you do not want to be tracked in this manner, you can click the unsubscribe link in the email.

By using our websites and applications, you consent to the use of cookies, web beacons, and pixel tags as described above.

VI. How We Provide, Transfer, and Disclose Your Personal Data

1. Provide

We do not share your personal data with companies, organizations, and individuals outside whale's jurisdiction, except in the following circumstances:

a) When your explicit consent or authorization have been obtained.

b) When administrative, judicial, and other competent authorities make relevant requests in accordance with relevant laws and regulations.

c) When providing the core functionality of our relevant products and services, including to our affiliates and partners.

d) When based on social public interests in accordance with relevant laws and regulations.

2. Transfer

We will not transfer your personal data overseas, or to any company, organization or individual, except in the following cases:

a) When your explicit consent or authorization have been obtained.

b) When necessary in accordance with the requirements of laws, regulations, legal procedures, administrative, or judicial compulsion.

In the case of asset transfer, acquisition, merger, reorganization, or bankruptcy liquidation, if the transfer of personal data is involved, we will inform you of the relevant situation and require new companies and organizations holding your personal data to continue to be bound by this policy. We will require the new company or organization to seek your explicit consent again if their stated goals or use of personal data changes.

3. Disclose

We will not disclose your personal data publicly, except in the following cases:

a) When your explicit consent or authorization have been obtained.

b) As a global company, we may share personal data with our affiliates. We do so only for specific, clear, and legitimate purposes, and share only the data necessary to provide services.

c) We may share your personal data with our partners, in accordance with this Policy, if we have authorized them to offer certain services.

d) Disclosure Based on Law: We may disclose your personal data in the event of a mandatory request by law, legal process, litigation, or competent government authority.

VII. How We Store Personal Data

In general, we will not transfer your personal data overseas, unless required to comply with laws and regulations and having obtained your explicit consent. If we transfer outside of our country, we will comply with the relevant country's regulations and seek your consent.

We only keep your personal data for the period necessary to provide Whale products and fulfill their purposes, and strictly comply with the relevant requirements of laws, regulations, and regulatory policies regarding the minimum period of retention.

VIII. How We Protect Personal Data

We have used industry-standard security measures to protect your personal data from unauthorized access, disclosure, use, modification, damage, or loss. To ensure the security of your data, we are committed to using a variety of security technologies and supporting management systems to minimize the risk of your data being leaked, damaged, misused, altered, accessed, or disclosed without authorization. For example, data shall be encrypted, transmitted, and stored using network security layer software (SSL); Whale's services will be used to authenticate and firewall, blocking unauthorized and malicious access; a unified role and permission control system shall be established to strictly restrict access to data centers; when transmitting and storing personal data, security measures such as encryption, permission control, de-identification, and anonymization shall be employed.

We have obtained the information security level protection level 3 certification, the ISO/IEC27001/IEC information security management system certification, the ISO/IEC 27017 information security control measures certification, and the ISO9000 quality management system certification.

Our data security capabilities: We have a personal information protection responsibility unit that conducts personal information security impact assessments for personal information collection, use, provision, commissioning, etc. Meanwhile, we have established an internal control system to handle tasks, including but not limited to creating emergency response plans for personal information security incidents, organizing emergency response trainings and emergency drills on a regular basis, managing and controlling permissions and behaviors of employees with access to personal information, training on laws, regulations, and practices related to information security protection, and organizing examinations on security for all employees.

In the case of an unfortunate occurrence of a personal information security incident, we will promptly inform you in accordance with laws and regulations on the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, and suggestions for remedial measures to help you prevent and reduce risks independently. We will inform you of such information by email, letter, telephone, and/or push notification, and when it becomes difficult to notify each personal information subject individually, we will properly and effectively issue a public notice.

The Internet is never completely secure, but we will endeavor to ensure and warrant the security of any information you send to us. If our physical, technical, or administrative protection facilities are damaged, resulting in unauthorized access, disclosure, alteration, or destruction of information, resulting in damage to your legitimate rights and interests, we will bear the corresponding legal responsibility. At the same time, we will also take the initiative to report the handling of personal information security incidents in accordance with the requirements of the regulatory authorities.

Please be sure to take good care of your service login and other identity elements. When you use our services, we will identify you with your login name and other identity factors. Once you leak the above information, you may suffer from losses and other adverse impacts. If you find that your login name and/or other identity factors may have been leaked, please contact us immediately, so that we can take appropriate measures to avoid or reduce related losses.

IX． How to Access & Control Your Personal Data

We ensure the following rights to your personal data:

1. Access or correction of personal data

You have the right to access your personal data, except in exceptional circumstances stipulated by laws and regulations. If you want access to your data, you can log in to the platform and do so. If you are unable to access and correct your personal data, you may contact us at any time through the feedback channels mentioned in this Policy and we will provide support.

2. Delete Personal Data

Under the following circumstances, you can request deletion of your personal data:

a) If we process personal data in violation of laws and regulations,

b) If we collect and use your personal data without your consent,

c）If we process personal data in violation of the agreement with you,

d) If you have deactivated your account, or

e) If we terminate Services and Operations.

3. Change the scope of the authorized consent

Each business function requires some basic personal data to be completed. When it comes to the collection and use of additional personal data, you can give or revoke your consent at any time. After you revoke your consent, we will stop processing the relevant personal data. However, your revocation does not affect any previous personal data handling under your authorization.

4. Close Your Account

You can de-register an account at any time. We will stop providing the products and services to you and delete your personal data as you request unless otherwise specified by laws and regulations. If you are unable to process your deactivation from the client-side, you may feel free to contact us using the feedback options provided in this Policy.

In the following cases, we will not be able to respond to your request:

a) If it is related to the fulfillment of obligations under laws and regulations by personal data processors,

b) If it is directly related to national security and national defense security,

c) If it is directly related to public safety, public health, and major public interests,

d) If it is directly related to a criminal investigation, prosecution, trial, or judicial enforcement,

e) If the personal data processor has sufficient evidence that the personal data subject harbors subjective malice and/or abuse of others' rights,

f) If it is to protect the personal data subject's or other person's life, property, and other major legitimate rights and interests, and it is difficult to obtain their consent,

g) If responding to the personal data subject's request will cause the lawful rights and interests of the personal data subject or other individuals or organizations to be seriously harmed, or

h) If it involves commercial secrets.

X. How We Deal with Children's Personal Data

Our websites, applications, products, and services are not intended for children.

Children, as defined by local applicable laws, are not allowed to register with or use our websites, applications, products, or services without the consent of a parent or guardian.

If you are the parent or guardian of a child and believe that we may have collected personal data concerning your child, please contact us according to " XII. How to Contact Us" in this Policy. We will attempt to delete the data as soon as possible.

XI. How This Policy Is Updated

We may revise or change this Policy and other products or services from time to time, and we will not reduce your current rights without your explicit consent. We will post any changes to this policy on this page. If changes are significant, we will provide a more prominent notice (including, for certain services, email notification of change details).

XII. How to Contact Us

If you have any questions, comments, suggestions, complaints or reports about this Policy, please contact us by email【hello@whale.im】. We will review the issue and respond you as soon as possible. We have designated personal information protection specialists, and you can get in touch with them through email or mail. To communicate with our Data Protection Officer, please email to【dpo@whale.im】. Our address is: 88 MARKET STREET, #21-01, SINGAPORE 048948.