Privacy Policy

This privacy policy should be read together with our Terms of Use and describes how Mighty Bear Games Pte. Ltd. and/or any of its affiliates (“Company”, “we”, “us” or “our”) collects and uses personal data when providing the Platform and Services to a customer (“Customer”, “you” or “your”). Capitalised terms that are not defined in this Privacy Policy have the meaning given to them in our Terms of Use.

If you do not want your personal data collected and used by us in accordance with this Privacy Policy in general or any part of it, you should not use the Platform and Services.

If you have questions or concerns regarding this privacy policy, please contact our data protection officer using the contact details below (Section 10).

1. Types of Data and How We Collect Data

We collect the following categories of personal data when you use the Platform and Services:

1. Account and identity name, email address, username, company name, profile photo, and other information you provide when you register for an Account.
2. Contact and billing address, payment and invoicing details, billing history. We do not store full payment card details – these are processed by our third‑party payment providers.
3. User content and inputs, including text, images, logos, and other content you upload or submit to the Service (including prompts used with the Company’s Data and AI Artifacts) and any Outputs generated by the Services from Customer Content.
4. Usage and interaction features used, including pages visited, session length, clicks, preferences, and settings.
5. Device and technical IP address, device identifiers, browser and operating system, screen resolution, language, and timestamps of access.
6. Cookies and tracking identifiers set by cookies and similar technologies for essential functionality, analytics, performance, and (with your consent) marketing.
7. Support and communications messages, feedback, and other information you provide when contacting support or communicating with us.
8. De-identified and/or aggregated data created from the above (used for analytics, product improvement, and research), which cannot reasonably be used to re‑identify you.

We collect personal data directly from you, from your use of the Platform and Services and from third‑party service providers (e.g., payment processors, analytics providers). We may also receive limited data from public sources or business partners. We do not collect special category (sensitive) personal data. The Service is not intended for children under the minimum age required by applicable law; we do not collect data from children.

2. How We Use Data

We use personal data to provide, operate, and improve the Platform and Services and to meet our legal and business obligations. This use includes:

1. managing your information and Accounts;
2. providing access to features and functionalities of the Platform and Services;
3. communicating with you about your Account, updates, requests, customer support and technical support;
4. improving, developing, and personalising the Platform and Services (e.g. product analytics, feature usage, A/B testing);
5. subject to your consent (and your right to opt out by clicking on the unsubscribe link in the message or contacting us), to send (whether directly or through our service providers) you e-mails or other messages and/or newsletters about us, the Platform and the Services;
6. measuring interest and engagement in the Platform and Services;
7. creating de-identified and/or aggregated data for analytics and research;
8. authenticating and verifying customer identities for access;
9. ensuring quality control, stability and safety;
10. detecting, preventing and responding to abuse, fraud, security incidents, illegal activities and any non-compliance with the Terms of Use;
11. debugging, identifying and repairing any issues with the Platform and Services
12. performing audits (along with related testing) and other compliance activities; and
13. complying with legal obligations and responding to lawful requests from authorities.

3. Lawful Bases for Processing (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on the following lawful bases for processing personal data. For each processing purpose below, we indicate the primary lawful basis we use; where more than one basis may apply, we will rely on the basis most appropriate to the specific processing activity.

1. Performance of a contract: Processing necessary to provide the Platform and Service, manage your Account, process subscriptions and payments, and fulfil our obligations under the Terms of Use.
2. Legitimate interests: Processing necessary for our legitimate business interests such as improving and securing the Platform and Services, preventing and detecting fraud and abuse, maintaining service quality, and communicating with you about your account and service-related updates.
3. Legal obligation: Processing required to comply with applicable laws, regulations, tax or reporting obligations, or court orders.
4. Consent: Processing based on your consent for optional activities such as analytics, marketing communications, and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Sharing

We do not sell personal data. We may share data with: (a) service providers who process data on our behalf (hosting, payments, analytics); (b) professional advisors; (c) law enforcement where required by law; and (d) a successor entity in connection with a merger or acquisition. Please also refer to our DPA (https://trysecretsauce.ai/legals/data-processing) on subprocessors we work with.

5. International Transfers

Please refer to our DPA (https://trysecretsauce.ai/legals/data-processing) on how international transfers of personal data are handled.

6. Retention

We retain personal data for as long as your Account is active or as needed to provide the Services to you. Please refer to our DPA (https://trysecretsauce.ai/legals/data-processing ) for how we manage the return or deletion of personal data.

7. Your Rights

You may access, correct, or withdraw consent for the processing of your personal data. To the extent the GDPR or UK GDPR applies, you additionally have the right to erasure, data portability, and to lodge a complaint with a supervisory authority. Contact us to exercise any of the above rights. We will respond within the timeframes required by applicable law.

8. Cookies

The Service uses essential cookies for functionality and, with your consent, analytics cookies. You can manage preferences through your browser settings.

9. Changes

We may update this Privacy Policy in accordance with the amendment provisions in the Terms of Use.

10. Contact

We have appointed a Data Protection Officer. For privacy enquiries or to exercise your rights, contact: Data Protection Officer at privacy@trysecretsauce.ai or 75 Ayer Rajah Crescent, #02-13, Singapore, 139953.