Privacy Policy

Effective Date: 1st January 2026 Last Updated: 1st January 2026

  1. Introduction

WhatIfLabs Pte Ltd (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring that your personal data is handled in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore.

This Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you visit our websites (what-if.sg and kuki.what-if.sg), use our products (including KūkiSense), or engage with our engineering services.

  1. Information We Collect

We collect data in two primary categories: Personal Data (which identifies you) and Device Telemetry Data (which relates to hardware performance).

  1. Personal Data

Depending on how you interact with us, we may collect:

  • Identity Data: Name, job title, and company name (e.g., when you submit a “Services” inquiry).
  • Contact Data: Email address, phone number, and billing/shipping address.
  • Account Data: Username and encrypted passwords if you register for the KūkiSense Dashboard.
  • Marketing Data: Your preferences in receiving newsletters or technical updates from us.
  1. IoT Device & Telemetry Data (KūkiSense)

When you use a KūkiSense device, the hardware automatically transmits specific data to our servers to function correctly. This includes:

  • Environmental Metrics: Real-time sensor readings (e.g., PM2.5, CO2, Temperature, Humidity).
  • Device Diagnostics: Wi-Fi signal strength (RSSI), firmware version, and error logs.
  • Network Info: IP address and MAC address of the device.

Note: Generally, environmental data is not considered “Personal Data” unless it is specifically linked to a user account that identifies an individual.

  1. How We Use Your Data

We collect and use your data for the following purposes:

  1. Service Delivery: To ship products, provide engineering consultancy, and fulfil contractual obligations.
  2. Product Functionality: To visualize air quality data on your dashboard and provide alerts (e.g., pushing a notification when CO2 is high).
  3. Firmware Updates: To identify your device hardware version and deliver Over-the-Air (OTA) updates.
  4. Customer Support: To troubleshoot specific hardware issues you reported to us.
  5. Communication: To send you administrative information (e.g., changes to terms) or marketing newsletters (only if you have opted in).
  1. Disclosure of Information

We do not sell your personal data. We may disclose your data only in the following situations:

  • Service Providers: To third-party vendors who provide services such as cloud hosting (e.g., AWS, Google Cloud), payment processing (e.g., Stripe), or logistics.
  • Legal Compliance: If required by law or to respond to valid requests by public authorities (e.g., a court or government agency).
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business.
  1. Security of Data

We implement industry-standard security measures to protect your data, including:

  • Encryption: Data is encrypted in transit (using TLS/SSL) and at rest where applicable.
  • Access Control: Access to personal data is restricted to employees and contractors who need to know that information to process it for us.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

  1. Retention of Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

  • User Accounts: Retained as long as your account remains active.
  • Sensor Data: Historical sensor data may be anonymized and retained for long-term trend analysis or deleted after a set period (e.g., 12 months) depending on your subscription plan.
  1. International Transfers

As an IoT company, our cloud infrastructure may be hosted on servers located outside of Singapore. When we transfer your personal data across borders, we ensure that the recipient provides a standard of protection comparable to the protection under the PDPA.

  1. Your Rights

Under the PDPA, you have the following rights:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may request that we correct any inaccurate or incomplete personal data.
  • Withdrawal of Consent: You may withdraw your consent for our use of your personal data at any time. Please note that withdrawing consent may affect our ability to provide you with certain products or services (e.g., KūkiSense cloud features).
  1. Contact Us (Data Protection Officer)

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer (DPO):

WhatIfLabs Pte Ltd Email: privacy@what-if-labs.com