Lapins.ai Privacy Policy

Version Date: October 30, 2025

1. About Lapins

This Privacy Policy applies to your use of services provided by Insightbridge and its affiliated companies (“Lapins”, “we”, “us”, “our”). These services (collectively, the “Lapins Services”) include Lapins.ai (the “Community”), as well as any new service forms emerging from technical developments. We attach great importance to the protection of users’ privacy and personal data. This Privacy Policy sets out how we may collect, use, disclose, and otherwise process (“process”) your personal data when you use Lapins Services. If you are located in the European Economic Area (“EEA”) or the UK, there are additional jurisdiction-specific supplemental terms that apply to you. Please see “Jurisdiction-Specific Supplemental Terms” below.

The Community is an AI-powered platform for career growth and skill development, helping individuals navigate job searches, optimize applications, receive expert coaching, and build future-ready skills.

2. Collection of Personal Data

2.1 Personal Data You Actively Provide

When you create an account, search or browse our apps (including the Community), contact us directly, or otherwise use the services, you may provide your profile information, including mobile phone number, email address, avatar, nickname, location, and communication information (e.g., chat messages and images sent via chat functions).

2.2 Personal Data We Collect Automatically

We automatically collect certain information when you use Lapins Services, including technical information (such as Internet or other network activity information, device information), details of transactions and communications over the Community, details of browsing activities on the Community, and other information regarding how you use Lapins Services.
We also employ cookies and similar tracking technologies, which may collect personal data about you. For further information, please refer to Section 3 of this Privacy Policy.

2.3 Personal Data We Receive from Other Sources

2.3.1 Third-Party Account Registration: We may collect personal data about you from third parties, such as through Apple ID or the Google platform, if you choose to register via a third-party account. Exactly what information we receive will depend on your privacy settings on the applicable third-party platform, but typically includes basic profile information such as:
- Your email address
- Your name and/or nickname
You can determine the personal data we can access when authorizing the connection with the single sign-on service.
2.3.2 Legality of Third-Party Sources: We will only collect personal data from third parties for the purposes stated in this Privacy Policy where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data to us.

3. Cookies and Similar Technologies

This section explains how we use cookies and similar technologies (referred to collectively as “Cookies”) to recognize you when you visit our Community. It explains what these technologies are and why we use them, as well as your rights to control them.

3.1 What Are Cookies? Cookies are small text files that your browser receives and stores on your computer or mobile device, which enable your device to be recognized when you visit a website. Lapins also uses other technologies that function in a similar way to cookies, such as Software Developer Kits (“SDKs”), which allow third-party developers to integrate with our mobile application for specific purposes (e.g., authentication).
3.2 Why We Use Cookies: We, and our partners or authorized third-party providers, use Cookies to provide you with a better, faster, and safer user experience. Some Cookies are strictly necessary to make our Services work and to ensure data and IT security and prevent fraudulent activities (“operationally necessary Cookies”). Other Cookies enable us to provide Service functionality or to enhance user experience on our Services (for example, we may provide users with personalized content and advertising in the future).
3.3 Controlling Cookies: Operationally necessary Cookies are strictly necessary to enable access to and use of our Service, and you cannot disable them. We may integrate third-party Cookies in the future; you have the right to decide whether to accept, reject, or customize optional Cookies through our Cookie Settings tool. If you disable non-operationally necessary Cookies, you can still use our Services, although some features and access to certain areas of our Services may be limited.

4. Details and Purposes of Processing

How we process your personal data generally depends on the specific activity you carry out. Our legal bases for processing your personal data will depend on the personal data processed, the specific context in which it is processed, and applicable laws. These include, but are not limited to: consent, the performance of our contract with you, the legitimate interests of Lapins or other parties (for example, safeguarding our Services and users), and compliance with our legal obligations. Where we rely on legitimate interests, we will carry out a balancing test if required by applicable laws (e.g., the GDPR).

We may process personal data for the following purposes:

Enabling you to access Lapins Services (including the Community) and use its functionalities (e.g., searching, browsing, posting content).
Providing you the Lapins Services you request.
Enabling you to register for a Lapins Services (including Community) account.
Providing you with customer service and technical and operational support.
Learning about and understanding the behavior and preferences of our users.
Carrying out campaigns and events.
Detecting and preventing fraud, money-laundering, and other crimes and security incidents.
Conducting research and analytics to ensure the security of Lapins Services, improve the content and layout of Lapins Services, and to enhance product offerings, services, and operational methods and processes.
Handling any disputes or for the purpose of any legal proceedings.
Compliance with legal obligations to which we are subject, including content mitigation, anti-money-laundering, and account verification.

The following table provides more details on our purposes for processing your personal data and the related legal bases. The legal bases under which your data is processed will depend on the data concerned and the specific context in which we use it.

User Activity / Purpose	Personal Data	Legal Bases
Helping you register and account management	User profile data, such as nickname, avatar, country of residence, account settings. External account data shared by Google/Apple when registering or interacting via an external service (e.g., username, email address, and/or other profile information). Identity verification data, such as mobile phone number, verification code.	Contract Legitimate interests
Providing browsing and searching services, including displaying content based on your individual usage habits	Device data, such as device type, unique device identification numbers, or other identifiers. User usage data captured using Cookies and similar technologies, including browsing records, clicks, likes and comments, search keywords, filtering conditions.	Contract Consent (where required by law); otherwise, Legitimate interests
Helping you correspond and interact with Lapins (inquiries, complaints, service support)	Communication data, such as contact information and inquiry content submitted through the Help Center or other feedback channels. User profile data, including username, residence, email address.	Contract Legitimate interests
Manage your settings	User profile data, including nickname, avatar, gender, personal status/signature, selected region. User preference data, including notification preference, language choice, privacy preference. User usage data, such as clicks and impressions.	Contract Legitimate interests
User profiling and understanding Community trends (aggregated, group-specific, or individual analysis)	Device data, such as device type, unique device identification numbers, or other identifiers. User usage data captured using Cookies and similar technologies, including browsing records, clicks, likes and comments, search keywords, filtering conditions. Account data, such as mobile phone number, IP address, device information when registering. External account data, such as third-party account ID.	Consent (where required by law); otherwise, Legitimate interests
Complying with legal and regulatory obligations and protecting our legal rights (e.g., content mitigation, anti-money-laundering)	Uploaded content (e.g., region and address information). User profile data, such as user ID, nickname, avatar, gender, birthday, profile, status. Communication data, such as content creation/revision timestamps. Account data, such as mobile phone number, IP address, device information when registering. External account data, such as third-party account ID.	Legal obligation Legitimate interests

Where necessary, we may transmit your personal data to third-party service providers and Lapins-affiliated companies in connection with the purposes set out herein. These recipients are contractually obliged to take appropriate security measures with regard to the personal data they receive and limit their use of such data to the purposes necessary to fulfill their contractual obligations.

We may process your personal data by relying on other legal bases, not stated above, if authorized under applicable laws.

5. Disclosure or Sharing of Personal Data

We may disclose, transfer, communicate, or otherwise share your personal data with the following parties:

5.1 Lapins-Affiliated Companies: For purposes such as providing processing services as described in Section 4.
5.2 Third-Party Service Providers: For purposes such as providing cloud computing or other hosting services and AI technology support for certain functions.
5.3 Actual or Potential Buyers / Successors: In connection with any actual or proposed purchase, merger, or acquisition of any part of our business (including agents and advisers).
5.4 Professional Advisors, Law Enforcement, and Government / Regulatory Authorities: For purposes such as legal proceedings or as authorized or required under applicable laws, including criminal investigations into alleged or suspected illegal activity.
5.5 Other Persons: With your consent to the disclosure or as authorized under applicable laws.

6. Data Retention

6.1 Retention Period: We retain your personal data for as long as necessary for the provision of Lapins Services or for other legal or business purposes (e.g., complying with legal obligations or resolving disputes), in accordance with applicable laws.
6.2 Criteria for Determining Retention: Retention periods are determined based on:
- Fulfilling the purpose of the services we provide to you and maintaining corresponding records to address inquiries or complaints.
- Ensuring the safety and quality of the services we provide to you.
- Your consent for a longer retention period.
- Other special agreements or legal/regulatory requirements regarding retention periods.
6.3 Deletion or Restriction: We will delete your personal data in accordance with our data retention and deletion policy. Where we are legally obliged or permitted to retain your personal data longer, we may restrict processing (e.g., by limiting access or anonymizing data) instead of deleting it, as far as legally permissible or required.

7. Your Rights as a Data Subject

7.1 Data Subject Rights: Depending on your jurisdiction and circumstances, you may have the right to access, rectify, erase, restrict processing, and request data portability of your personal data.
7.2 Exercising Your Rights: You can exercise these rights by contacting us as described in Section 13 (“Contact Us”).
7.3 Fees and Refusals: The exercise of these rights is generally free of charge. However, we may refuse requests that are manifestly unfounded or excessive, and/or charge a reasonable fee (at most our actual costs), in accordance with applicable law.

8. Minors

Users under 18 years old are not permitted to create Lapins Services (including Community) accounts. If a minor has provided us with personal data without a parent’s or guardian’s consent, the parent or guardian should contact us to remove such information.

9. Security Measures

We implement appropriate organizational and technical measures to protect your personal data. These include:

Limiting access to your personal data to Lapins employees, agents, contractors, and other third parties who require access to carry out their duties and contractual obligations.
Implementing physical access restrictions for our data centers and logical access controls for data and system access.
Employing technical measures to prevent unauthorized access, use, disclosure, modification, or disposal of data and to maintain data accuracy.
Notifying you and regulatory authorities, as required by law, in the event of a data breach.

10. International Transfer of Personal Data

10.1 Transfers Outside Your Jurisdiction: Your personal data may be transferred to recipients located outside your country of residence. We primarily store your personal data in the EEA. We may process your data in other jurisdictions and enable access from those jurisdictions to your personal data. Recipients include:
- Lapins-affiliated companies providing services such as software, tools, systems, content mitigation, safety measures, customer service, and technical and operational support.
- Third-party service providers fulfilling contractual obligations, such as cloud computing or hosting services, and AI technology support.
10.2 Appropriate Safeguards: We only transfer your personal data outside your jurisdiction when appropriate measures are in place, in accordance with applicable laws (e.g., EU Standard Contractual Clauses, UK International Data Transfer Agreements).

11. Language

To the extent permitted by applicable law, if there is any conflict between the English version and another language version of this Privacy Policy, the English version shall prevail.

12. Privacy Policy Updates

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments.
When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes and applicable laws. You may receive notifications concerning major changes through various channels (e.g., via our apps). We recommend you check back frequently to see any updates. Please refer to the date at the top of this Privacy Policy to see when it was last updated.

13. Contact Us

For any questions or comments regarding this Privacy Policy or to exercise your data subject rights under applicable laws, you may contact our Data Protection Officer via privacy@Lapins.com.

Jurisdiction-Specific Supplemental Terms

If you belong to a jurisdiction outside Singapore, please refer to the set of supplemental terms that are applicable to your jurisdiction, unless you are from a jurisdiction with no specific requirements.

14. Visitors from the European Economic Area and United Kingdom

This section applies if you are based in the European Economic Area (“EEA”) or United Kingdom (“UK”). The data controller of your personal data is Insightbridge.

14.1 Legal Bases for Data Processing

We process personal data for the purposes set out in this Privacy Policy. Our legal bases to process your personal data will depend on the personal data concerned and the specific context in which we collect it, but include where it is:

Necessary for the performance of a contract between you and Lapins (e.g., to provide requested services and to identify and authenticate you so you may use Lapins Services).
Necessary to comply with legal requirements (e.g., applicable accounting rules and mandatory disclosures to law enforcement).
Necessary for our legitimate interests and not overridden by your rights (e.g., improving Lapins Services, managing our relationship with you, ensuring the security of the Community, detecting or preventing illegal activities such as fraud).
Based on your consent, where required by applicable law.

If we ask you to provide personal data to comply with a legal requirement or to enter into a contract, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory (as well as the possible consequences if you do not provide it). In some instances, you may be required to provide personal data for us to provide services and for you to use all features of Lapins Services. If you have questions about our legal bases for processing, please contact us using the details in Section 13 (“Contact Us”).

14.2 Disclosure of Personal Data

Further to Section 5, we may disclose your personal data to the following parties as our data processors:

Lapins-affiliated companies acting as processors on our behalf, for purposes such as providing processing services described in Section 4.
Third-party service providers acting as processors on our behalf, for purposes such as providing cloud computing or hosting services and AI technology support (e.g., AI tools supporting content generation features).

14.3 International Data Transfers

Transfers of your personal data to countries outside the EEA and/or UK may be legitimized by an adequacy decision from the European Commission or UK Government. Where no adequacy decision applies, we implement appropriate measures (e.g., EU Standard Contractual Clauses, UK International Data Transfer Agreement or Addendum). Upon your request, you may receive a copy of the applicable safeguards by contacting us as described in Section 13 (“Contact Us”).

14.4 Your Rights

If you are a resident of the EEA or UK, depending on the circumstances, you may have the following data protection rights, which you can exercise by contacting us using the details in Section 13 (“Contact Us”):

The right to access your personal data and confirm the existence of processing.
The right to correct, update, anonymize, block, or delete your personal data.
The right to object to processing of your personal data when it is based on our legitimate interests, unless we can demonstrate a compelling interest to continue processing.
The right to ask us, in some situations, to restrict processing of your personal data or request portability of your personal data.
If processing is based on consent, the right to withdraw consent at any time (withdrawal will not affect the lawfulness of processing prior to withdrawal).
The right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you.
The right to lodge a complaint with a data protection authority about our collection and use of your personal data.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. If you are aware of changes or inaccuracies in your information, please inform us so our records may be updated or corrected.