The information provided here is for AthenaSpace customers and users who have legal questions about our products, terms, policies, and compliance.
Last updated: 2 July 2026
Your privacy is important to us.
At UDD Technologies Pte. Ltd. (collectively referred to herein as "UDD Technologies", "we" or "our"), we value your data privacy and are committed to protecting your personal data. This Privacy Policy ("Policy") describes how UDD Technologies collects, uses, discloses, transfers, stores, and protects personal data and other information in connection with:
This Privacy Policy applies to you when you:
UDD Technologies operates in the following capacities, depending on context:
| Context | UDD Technologies' Role | Applicable Obligations |
|---|---|---|
| Website data and marketing communications | Data Controller | PDPA (Singapore), GDPR (where applicable) |
| Account registration and billing data for SaaS customers | Data Controller | PDPA (Singapore), GDPR (where applicable) |
| Customer content and End User data processed through the Platform | Data Processor | Governed by Data Processing Agreement with Customer |
| Aggregated, de-identified analytics derived from Platform usage | Data Controller | PDPA (Singapore) |
Where UDD Technologies acts as a Data Processor, the Customer is the Data Controller and determines the purposes and means of processing. Our obligations as a processor are governed by the applicable Data Processing Agreement ("DPA") entered into with each Customer. This Policy does not override the terms of any DPA.
This Policy has been drafted to comply with, and should be read in conjunction with, the following legal frameworks:
This Privacy Policy will be continuously assessed against new technologies, business practices, our customers' needs and legal developments, and may be revised accordingly.
This Policy does not apply to any third-party websites, services or applications, even if they are accessible through or are necessary for the use of our Services.
When you access our Platform, use our Services or engage with our Marketing Activities, you acknowledge that you have read this Policy and understand its content.
Your use of our Platform and Services and your interaction through our Marketing Activities, including any dispute over privacy, is subject to this Privacy Policy and the terms of service.
The Personal Data we collect depends on the context of your interactions with UDD Technologies and the choices you make (including your privacy and browser settings), the Services you use, your location and applicable law, but can include the following:
a. Website Visitors and Prospective Customers
b. SaaS Customer Administrators and Users
c. End Users (Processed on Behalf of Customers)
The AthenaSpace Platform may process personal data relating to End Users — employees, visitors, or other individuals within a customer's workplace environment. Such data may include:
UDD Technologies processes End User data solely on the documented instructions of the Customer (acting as Data Controller) and as further described in the applicable DPA.
When you access our website or Platform, we automatically collect certain technical and behavioural data, including:
We do not intentionally collect the following categories of sensitive personal data through our standard Service operations. Customers and End Users should not submit such data to the Platform except where expressly contemplated by a specific contractual agreement and applicable Data Protection Impact Assessment:
We collect personal data directly from you when you:
Automated data collection occurs when you visit our website or access the Platform through mechanisms including:
Data may be received from third-party systems integrated with the Platform at the Customer's direction, including:
Our Services are intended for use by our business customers. As a result, for much of the Personal Data we process through the Services, we act as a processor or service provider on behalf of our business customers. This means that it is our business customers that control what Personal Data we collect through the Services and how we use it. Where our activities as a processor or service provider are clear and consistent across our customer base, we have described those activities herein in the interests of transparency. However, if you are a Service User and have privacy-related questions or concerns about the privacy practices of, or the choices the relevant business customer has made regarding your information via the Services, you should contact the relevant customer (e.g. your employer) directly or review their privacy notices.
We are not responsible for the privacy or data security practices of our business customers, which may differ from those set forth in this Policy.
We process personal data for the following purposes. Where GDPR applies, the corresponding legal basis is indicated in Section 5.
| Purpose | Categories of Data | Applies To |
|---|---|---|
| Service Delivery — provision, operation, maintenance, and support of the Platform and Services. | Account data, usage data, configuration data, End User data | Customer Users, End Users |
| Account Management — creating and managing user accounts, authenticating users, and enabling access controls. | Account registration data, authentication data | Customer Users |
| Customer Support — responding to inquiries, resolving incidents, and providing technical assistance. | Contact data, support correspondence, usage logs | Website visitors, Customer Users |
| Billing and Contract Administration — processing payments, issuing invoices, and managing contractual relationships. | Billing data, contractual data | Customer Administrators |
| Security and Fraud Prevention — detecting, investigating, and preventing security incidents, fraud, and misuse. | Log data, usage data, technical data | All users |
| Product Analytics and Improvement — analysing aggregated Platform usage to improve features and user experience. | Anonymised/aggregated usage data | Customer Users, End Users (anonymised) |
| Marketing and Communications — sending product updates, newsletters, event invitations, and promotional offers (with consent or legitimate interest). | Contact data, marketing preferences | Website visitors, prospective customers |
| Legal and Regulatory Compliance — meeting our obligations under applicable laws, including retention, audit, and disclosure requirements. | All categories as required | All users |
| Research and Development — developing new product features using de-identified, aggregated datasets. | Anonymised usage and telemetry data | All users (anonymised) |
| Audit, Compliance and Security Evidence — maintaining records required for security monitoring, access control, incident investigation, legal compliance, audit readiness, dispute resolution and certification or assurance processes. | Audit logs, access logs, security logs, administrator activity records, support access records, acceptance records, integration records, import/export records and related metadata | Customer Users, End Users, administrators and support personnel |
We may create, use, retain and disclose Aggregated Data and Anonymised Data for analytics, benchmarking, reporting, research, product development, service improvement, security, operational and other legitimate business purposes.
Aggregated Data and Anonymised Data do not identify you, our customers, Customer Users, End Users or any individual. We do not treat such data as personal data where it cannot reasonably be used to identify an individual.
Where we anonymise or aggregate data, we take steps designed to reduce the risk of re-identification, having regard to the nature of the data, the context of processing, the safeguards applied and the information that we have or are likely to have access to.
Where the GDPR applies to processing activities (i.e., where we process personal data of individuals in the EEA or UK), we are required to identify a legal basis for each processing activity. The following legal bases apply:
Under the PDPA, we may collect, use, and disclose personal data:
Where we use personal data for analytics, service improvement or research, we will use Aggregated Data or Anonymised Data where practicable. Where identifiable personal data is used, we will limit such use to what is reasonably necessary and permitted by applicable law, contract or customer instructions.
UDD Technologies does not sell, rent, or trade personal data. We do not use Customer Data or End User personal data for third-party advertising purposes. We do not disclose Customer Data or End User personal data to third parties for their own independent marketing purposes unless the relevant customer or individual has expressly authorised us to do so, or unless such disclosure is otherwise permitted or required by applicable law.
For the avoidance of doubt, our use of Usage Data, Aggregated Data and Anonymised Data for service operation, security, analytics, benchmarking, reporting, research, product development and service improvement is not treated as a sale of personal data.
We may share personal data in the following circumstances:
We engage authorised affiliates, sub-processors, vendors, contractors and third-party service providers to support the delivery, operation, maintenance, security, analytics, improvement and support of our Services. These parties may process personal data only for the purposes for which they are engaged and are subject to appropriate contractual obligations relating to confidentiality, data protection and security.
Our current categories of sub-processors include:
| Category | Examples | Purpose |
|---|---|---|
| Cloud Infrastructure | Microsoft Azure | Platform hosting, compute, storage, networking |
| Monitoring & Observability | Microsoft Azure, Aikido, Atlassian | Performance monitoring, logging, alerting |
| Customer Support | Atlassian, Salesforce | Support ticket management |
| Marketing Automation | Salesforce, Storylane | Email communications, CRM |
| Analytics | Salesforce, Oracle | Product usage analytics (anonymised/aggregated) |
| Payment Processing | Oracle NetSuite, Salesforce | Billing and payment processing |
| Video Conferencing / Collaboration | Microsoft Teams, Slack | Customer onboarding and support calls |
| Identity / SSO | Microsoft Azure, Microsoft Entra ID | Authentication services |
An up-to-date list of our sub-processors is available upon written request to privacy@udd.tech.
Where UDD Technologies acts as a Data Processor, we disclose processed data to the relevant Customer (as Data Controller) in accordance with the applicable DPA and the Customer's documented instructions. Customers are responsible for the lawful use and further disclosure of such data within their organisations.
Where you are introduced to us through an authorised reseller or channel partner, we may share relevant account and support data with that partner to facilitate service delivery, consistent with the terms of our partner agreements.
We may disclose personal data where required to do so by applicable law, regulation, court order, or at the request of a regulatory authority, including:
Where permitted by law, we will notify the relevant Customer or individual prior to or promptly following such disclosure.
In the event of a merger, acquisition, restructuring, sale of assets, or insolvency proceedings involving UDD Technologies, personal data may be disclosed to prospective or actual acquirers and their advisors as part of due diligence, subject to appropriate confidentiality obligations. We will notify affected parties of any such change in ownership or control as required by applicable law.
We may share personal data with other third parties where you have provided express prior consent for such sharing.
UDD Technologies is headquartered in Singapore. Our primary cloud infrastructure is hosted on Microsoft Azure, with data centres located in Singapore and other Southeast Asian countries. Personal data relating to Platform users is primarily processed and stored within the Singapore Azure region.
While delivering our Services, personal data may be transferred to, accessed from, or stored in countries other than the country in which it was collected, including other jurisdictions in Southeast Asia, the United States, the EEA, and Australia. Such transfers may occur in connection with:
We implement the following safeguards to protect personal data transferred internationally:
Customers with specific data residency requirements (e.g., a requirement to process data exclusively within Singapore or another jurisdiction) may request data residency configurations as part of their subscription agreement. Please contact our team to discuss data residency options.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal and regulatory obligations, to resolve disputes, and to enforce our agreements. Retention periods are determined with regard to the following criteria:
We may retain Usage Data, Aggregated Data, Anonymised Data, audit logs, security logs and compliance records for longer periods where reasonably necessary for analytics, service improvement, security, compliance, audit, dispute resolution, legal or regulatory purposes, subject to applicable law and our internal retention policies. Where such retained data identifies an individual, we will retain it only for as long as reasonably necessary for the relevant purpose or as otherwise permitted or required by law.
Upon expiry of the applicable retention period, personal data is securely deleted, anonymised, or de-identified using industry-standard methods, such that re-identification is not reasonably possible. Anonymised and aggregated data may be retained indefinitely for analytical and reporting purposes.
Customers may request deletion of their account data and all associated Customer Content at any time by contacting privacy@udd.tech or through the account management console, subject to any applicable minimum retention obligations.
UDD Technologies takes the security of personal data seriously. We implement and maintain a comprehensive information security programme designed to protect the confidentiality, integrity, and availability of personal data processed through our Services. Our information security and privacy programme is intended to support our compliance, assurance and certification readiness efforts, including readiness for SOC 2 assessment where applicable to the scope of our Services.
We have security measures in place to protect against the loss, misuse, and alteration of the information under our control. These security measures include a firewall to prevent unauthorised access to our systems and encryption of all password information. Although we will exercise reasonable care in providing secure transmission of information between your computer and our servers, we cannot ensure or warrant the security of any information transmitted to us over the Internet and we accept no liability for any unintentional disclosure.
We maintain security monitoring, access control and audit evidence processes designed to protect the confidentiality, integrity and availability of personal data and Customer Data processed through the Platform.
These measures may include, as appropriate:
Access to personal data and Customer Data is limited to authorised personnel, service providers and sub-processors who require such access for legitimate business, operational, security, support, compliance or legal purposes and who are subject to appropriate confidentiality and security obligations.
Employee Access
Our corporate values, ethical standards, policies and practices are committed to the protection of customer information. In general, our business practices limit employee access to confidential information, and limit the use and disclosure of such information to authorised persons, processes and transactions.
We may, and we may allow third-party service providers to, use cookies or other tracking technologies to automatically collect information from your computer or mobile device about your browsing activities over time and across different websites following your use of the Site, your interaction with our Marketing Activities, as well as in connection with the Services.
We may use cookies, web beacons, pixels, software development kits, local storage, log files and similar technologies in connection with our Website and Platform.
These technologies may be used for the following purposes:
Where required by applicable law, we will obtain consent before using non-essential cookies or similar technologies. You may be able to manage cookie preferences through your browser settings, device settings, cookie banner or other preference tools made available by us.
Strictly necessary cookies and similar technologies may be required for the Website or Platform to function properly. If you disable such technologies, certain features may not be available or may not operate correctly.
On your first visit to our website, you will be presented with a Cookie Consent Banner through which you may accept or decline non-essential Cookies. You may update your preferences at any time by clicking the "Cookie Settings" link in the footer of our website.
You may also control Cookies through your browser settings. Please note that disabling certain Cookies may affect the functionality of our website. Browser-level Cookie controls do not apply to Cookies set within the authenticated Platform environment.
Some browsers transmit "Do Not Track" (DNT) signals to websites. We currently do not alter our data collection practices in response to DNT signals, as there is no universally accepted standard for DNT. We will revisit this position as standards develop.
Where we process your personal data on behalf of a business customer, we may not be the party that determines how and why your personal data is collected or used. In such cases, the relevant customer is generally responsible for responding to your request.
If you submit a request to us in relation to personal data that we process on behalf of a customer, we may:
We may be unable to respond directly to your request where doing so would conflict with the customer's instructions, affect the rights of other individuals, compromise security, disclose confidential information, or breach applicable law.
Subject to applicable law and certain limitations, individuals whose personal data we process have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of personal data we hold about you, together with information on how it has been used or disclosed, subject to applicable exceptions. Where we process your personal data on behalf of a customer, we may refer your request to that customer or seek that customer's instructions. | Submit a written request to privacy@udd.tech or contact the relevant customer where your data is processed through that customer's use of the Platform. |
| Correction | Request correction of inaccurate or incomplete personal data, subject to applicable law. Where your account or profile is managed by a customer, the customer may need to make or approve the correction. | Via account settings, by contacting privacy@udd.tech, or by contacting the relevant customer. |
| Deletion (Erasure) | Request deletion of personal data where there is no overriding legal, contractual, security, audit, compliance or business reason for continued retention. Where we process your personal data on behalf of a customer, the customer may be responsible for determining whether deletion is appropriate. | Contact privacy@udd.tech or the relevant customer. |
| Restriction of Processing | Request that we restrict processing of your personal data in certain circumstances (GDPR). | Contact privacy@udd.tech |
| Data Portability | Receive your personal data in a structured, machine-readable format, where technically feasible (GDPR). | Contact privacy@udd.tech |
| Object to Processing | Object to processing based on legitimate interests or for direct marketing purposes. | Contact privacy@udd.tech or use unsubscribe links |
| Withdraw Consent | Withdraw consent where we rely on consent for the relevant processing activity. Withdrawal of consent does not affect processing carried out before withdrawal. Where consent was obtained by a customer, you should contact that customer to withdraw consent. | Contact privacy@udd.tech, use in-product controls where available, or contact the relevant customer. |
| Opt-Out of Marketing | Opt out of marketing communications at any time. | Use the unsubscribe link in our emails or contact privacy@udd.tech |
| Lodge a Complaint | Lodge a complaint with the relevant supervisory authority (PDPC in Singapore; applicable DPA in EEA/UK). | See contact details of supervisory authorities below |
Where personal data is processed by UDD Technologies as a Data Processor on behalf of a Customer, End User rights requests should be directed in the first instance to the relevant Customer (as Data Controller). If you are unable to reach the Customer, you may contact us at privacy@udd.tech and we will forward your request to the appropriate Customer and provide reasonable assistance.
The Website and AthenaSpace Platform are not directed at and are not intended for use by individuals under the age of eighteen (18) years. We do not knowingly collect personal data from children under the age of eighteen (18).
If you believe that we have inadvertently collected personal data from a minor, please contact us immediately at privacy@udd.tech and we will take prompt steps to delete such data from our systems.
The AthenaSpace Platform is provided to business customers who determine how the Platform is configured and used within their own environments.
Our business customers are responsible for:
Where you are an End User of one of our business customers, you should review that customer's privacy notice or contact that customer directly to understand how your personal data is collected and used through its deployment of the Platform.
Our Website and Platform may contain hyperlinks to third-party websites, applications, or services that are not operated by UDD Technologies. Such links are provided for reference and convenience only and do not constitute an endorsement of those third parties.
The AthenaSpace Platform may also offer integrations with third-party applications (e.g., Microsoft 365, Google Workspace, room booking systems, third-party content providers) enabled at the Customer's direction. Once data is transmitted to a third-party application, that party's own privacy policy and terms govern their collection and use of that data. We are not responsible for the privacy practices or content of third-party services.
We encourage you to review the privacy policies of any third-party services before providing them with your personal data.
We may revise this Privacy Policy periodically. UDD Technologies reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you use our Sites or our Services or engage with our Marketing Activities. This Privacy Policy was last updated on the date indicated above.
Please feel free to contact us if you have any questions or concerns about our Privacy Policy.
Email us at privacy@udd.tech or contact us at the address below:
Attention to: Internal Audit & Compliance Department
UDD Technologies Pte. Ltd.
16 Kallang Place, #06-07,
Singapore 339156
Contact number: +65 6741 4644