Legal & Compliance.
Last Updated: May 12, 2026 • Version 2.1 (PDPA Compliant)
Data Residency
Compliance Standard
Encryption
Uptime SLA
Section 01 — Privacy as a Human Right
We believe data sovereignty is a fundamental right. Our platform is architected to ensure Singaporean businesses retain 100% control over customer data. Our Sovereign AI Mesh ensures your private data is never used to train third-party models.
Singapore (PDPA)
Full alignment with the Personal Data Protection Act of Singapore.
ASEAN Standards
Standardized data protection practices meeting regional requirements.
Section 02 — Technical Protection
Security is at the core of our protocol. All data moving between KopasAI Cloud and WhatsApp Business API is protected by:
- TLS 1.3 Encryption for data in transit.
- AES-256 Encryption for data at rest.
- Mandatory Multi-Factor Authentication (MFA).
- E2EE protocols for sensitive payment instructions.
For deep technical details on our infrastructure security:
Explore Security Whitepaper →Section 03 — Sub-processors
To ensure high-availability, we partner with vetted sub-processors. All data residency remains in Singapore or specified regional nodes.
| Entity | Service | Location |
|---|---|---|
| Google Cloud | Infrastructure & LLM Hosting | Singapore (asia-southeast1) |
| Meta Platforms | WhatsApp API Operations | Global (Edge Nodes) |
| Google Cloud | Payment Gateway | ASEAN |
| PostHog | Product Analytics (Anonymized) | Frankfurt (EU) |
Section 04 — Data Subject Rights
Right to be Forgotten
SME owners can request permanent deletion of their account and data. We purge all records within 30 days of a valid request.
View Deletion Guide →Data Protection Officer (DPO):
Privacy & Compliance Team
KopasAI Sovereign Hub • ASEAN