MatchPoint AI Platform Privacy Policy
Effective 8 June 2026
This Privacy Policy describes how Matchpoint Pte. Ltd. (UEN: 202552680Z) (the "Company", "we", "us" or "our") collects, uses, discloses and processes Personal Data in connection with the MatchPoint platform accessible at matchpoint-ai.com (the "Platform"). This Privacy Policy is to be read together with the Terms and Conditions and the Acceptable Use Policy governing your use of the Platform.
The Company is committed to complying with the Personal Data Protection Act 2012 of Singapore ("PDPA") and other applicable data protection laws. By using the Platform, you consent to the collection, use, disclosure and processing of your Personal Data as described in this Privacy Policy.
For ease of reference, the definitions and/or abbreviations used in this Privacy Policy shall be as defined in the Terms.
1. Personal Data We Collect
A table setting out the Personal Data we collect is inserted under Annex 1 below.
The Company collects the minimum Personal Data necessary to operate your Account and provide the Platform's services. We do not engage in analytics tracking, behavioural fingerprinting or marketing list creation.
By providing Personal Data to the Company, you are consenting to the Company using, processing, storing and/or disclosing such Personal Data for the purposes of providing you with the service provided on the Company's Platform. If you are sharing Personal Data that does not belong to you, you are warranting that you have obtained the necessary consents to share such Personal Data.
2. How We Collect Personal Data
We collect Personal Data in the following ways:
- directly from you when you register for an Account, subscribe to a Plan or contact us for support;
- automatically when you use the Platform, including via session cookies required for login (the Platform uses no third-party tracking cookies, analytics cookies or advertising cookies); and
- from Stripe, Inc., when you complete a payment transaction, in the form of a Stripe customer identifier (we do not receive or store your full card details).
3. How We Use Your Personal Data
We use your Personal Data only for the following purposes:
- to create and manage your Account and verify your identity;
- to provide and operate the Platform and its features, including AI Extraction;
- to process payments of the Fees and manage your subscription;
- to enforce your upload quota and Plan entitlements;
- to maintain operational and compliance audit logs;
- to respond to your support enquiries and communicate with you about your Account;
- to comply with applicable laws and regulations, and to cooperate with law enforcement authorities as required; and
- to protect the security and integrity of the Platform.
We do not use your Personal Data for advertising, marketing or the creation of marketing lists. We do not sell your Personal Data to any third party.
4. Disclosure of Personal Data to Third Parties
The Company discloses Personal Data to the following third-party sub-processors, each of which has been engaged on the basis of explicit data protection guarantees and is bound to their own data protection privacy policies:
- Anthropic, for the purposes of extraction via the Claude application programming interface. The data disclosed includes but is not limited to the information provided by you in the Technical Reports;
- Neon, Inc., for the purposes of postgres database hosting. The data disclosed includes but is not limited to all Personal Data provided by you;
- Railway Corp and/or Cloudflare for the purposes of your application computing, worker and PDF file storage. The data disclosed includes but is not limited to the application traffic and PDF files provided by you;
- Stripe, Inc., for the purposes of payment processing and subscription management. The data disclosed includes but is not limited to your email, name, card number and billing address (collected directly by Stripe on a Stripe-hosted page); and
- OpenAI, L.L.C. and/or its affiliates, for the purposes of providing artificial intelligence and natural language processing services through the OpenAI application programming interface. The data disclosed includes but is not limited to the information provided by you in Technical Reports, prompts, queries, inputs, and other content submitted for processing through the Platform.
Beyond the third parties listed above, the Company may disclose your Personal Data:
- to comply with any legal obligation, court order or lawful request by any government or regulatory authority;
- in connection with any actual or proposed merger, acquisition, restructuring or sale of the Company or its assets, subject to appropriate confidentiality obligations; or
- where we reasonably believe that disclosure is necessary to protect the rights, property or safety of the Company, its users or the public.
5. AI Extraction and Anthropic Claude Application Programming Interface
When you upload a Technical Report to the Platform, the text content of that report is processed by Anthropic's Claude API for the purpose of AI Extraction. The following privacy safeguards apply to this processing:
- No information about you (the User) (i.e., your account email, name, billing address or IP address), is included in any prompt sent to the Anthropic API.
- All calls to the Anthropic API are made with the zero-retention header set, meaning Anthropic does not retain the content of extraction calls and does not use such content for model training.
- The Technical Reports uploaded by Users are, in the vast majority of cases, publicly disclosed documents already filed on regulatory filing services such as SEDAR+, ASX or JSE. Nonetheless, the Company treats all uploaded documents as confidential to the uploading User.
6. Cookies
The Platform uses only the session cookie required to keep you logged in during your browsing session. The Platform does not use any third-party tracking cookies, analytics cookies, advertising cookies or any other non-essential cookies. By using the Platform, you consent to the use of this session cookie.
7. Access Controls
Three access roles exist within the Platform:
- User: can access only their own uploads and Extracted Data, and shared industry-reference projects. Users cannot access other users' uploads, extractions or identity;
- Admin: MatchPoint staff with access to all projects, all users, audit logs and billing reconciliation for support and operational purposes. Admins cannot access card numbers or Stripe-internal data. All admin actions on a user account are logged to the audit log with the admin identifier, timestamp and action type; and
- Anthropic API: the external LLM provider can only see PDF text chunks sent in extraction calls. It cannot access user identity, billing information, file storage, other users' data, or the database.
8. Retention and Deletion
The Company retains Personal Data only for as long as is necessary for the purposes for which it was collected or as required by applicable law:
- Account data and Extracted Data are retained for the life of the Account and deleted within 30 days of Account closure upon request;
- audit log entries are retained on a rolling 13-month basis;
- uploaded PDF files are retained for the life of the Account and may be deleted by the User at any time; and
- Stripe-held billing records are retained by Stripe in accordance with their terms and is independent of the Company.
9. Your Rights
Subject to the provisions of the PDPA and other applicable data protection laws, you have the following rights in relation to your Personal Data:
- Right of Access: you may request access to the Personal Data we hold about you. This request may be subject to an administrative fee which we will inform you of on receipt of your request;
- Right of Correction: you may request correction of any inaccurate or incomplete Personal Data we hold about you;
- Right of Deletion: you may request deletion of your Account and all associated Personal Data. Upon such a request, the Company will: (a) immediately remove your Account from the Platform; (b) delete all uploaded files from Railway storage; (c) delete all Extracted Data from the Platform's database; (d) cancel your Stripe subscription; and (e) anonymise the audit log entries tied to your Account;
- Right to Withdraw Consent: where our processing of your Personal Data is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing carried out before such withdrawal. Please note that the Company will not be able to maintain your Account on the Platform upon your withdrawal of consent.
To exercise any of the above rights, or if you have any questions or concerns about this Privacy Policy or our handling of your Personal Data, please contact our data protection officer, Manessa Mungroo, in writing at support@matchpoint-ai.com.
10. Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of Singapore. Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Singapore.
For all data protection enquiries, please contact: support@matchpoint-ai.com. If you have a dispute with the Company, you undertake to apply your best efforts at resolving such dispute through good faith negotiations with the Company before escalating such dispute.
Annex 1 — Personal Data We Collect From You
| Category | Data Collected |
|---|---|
| Account identity | Email address, display name |
| Authentication | Password, refresh token |
| Billing reference | Stripe customer ID, subscription ID, plan, quota usage |
| Payment information | Card number, CVV, billing address (collected directly by Stripe Inc. on its platform) |
| Uploaded documents | Technical Report PDFs uploaded by the User |
| Extracted data | Structured project data |
| Audit logs | Extraction events, score recomputes, login events |
This Privacy Policy is effective as of 8 June 2026.