Privacy Policy

Effective Date: 1st April 2026

Gravity Supply Chain refers to the Gravity group of companies, which includes:

  • Gravity Supply Chain Holdings Pte Ltd
  • Gravity Supply Chain Solutions Ltd

In this Privacy Policy, references to “Gravity”, “we”, “us”, or “our” mean the relevant entity within the group that is responsible for processing your personal data, depending on the context.

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data:

  • When you visit our website
  • When you use our platform and services (the “Platform”)
  • When we process data on behalf of our customers

This policy also explains our use of artificial intelligence (AI) and automated processing technologies.

Roles and Responsibilities

Depending on the context, Gravity acts as:

  • Data Controller: for personal data relating to website visitors, account holders, and business contacts
  • Data Processor: for personal data processed within the Platform on behalf of our customers

The specific Gravity entity acting as Data Controller depends on your relationship with us, location, and contractual arrangements.

Where we act as a Data Processor, we process personal data strictly in accordance with customer instructions and agreements.

Categories of Personal Data

We may collect and process:

  • Identity and Contact Data (name, email, phone)
  • Account Data (login details)
  • Technical Data (IP address, browser/device info)
  • Usage Data (activity, logs, interactions)
  • Customer Data (processed on behalf of clients within the Platform)

Legal Basis for Processing

Purpose Legal Basis
Platform delivery and account management Contract
Service improvement and analytics Legitimate interests
Security and fraud prevention Legitimate interests
Legal compliance Legal obligation
Marketing communications Consent

How We Use Personal Data

We use personal data to:

  • Deliver and maintain our Platform and Website
  • Provide customer support
  • Monitor performance and security
  • Improve functionality and user experience
  • Comply with legal and regulatory requirements

Use of Artificial Intelligence (AI)

Gravity may use AI-powered features within the platform to assist with delivering our Platform. Where these features are enabled, data you submit may be processed by third-party AI providers acting as sub-processors. A current list of these providers is available upon request. We do not permit AI providers to use your data to train or improve their models. AI-generated outputs are designed to support human decision-making and do not constitute solely automated decisions.
We may use the services of various Service Providers to process your data more effectively, for example, a CRM or Marketing Automation software.

Automated Decision-Making

Where automated processing produces legal or similarly significant effects, individuals have the right to:

  • Request human intervention
  • Express their point of view

Data Sharing and Sub-Processors

We may share data with trusted third parties, including:

  • Cloud infrastructure providers
  • IT and system administration providers
  • Analytics and monitoring providers
  • AI and data processing providers

All third parties are:

  • Bound by contractual obligations
  • Required to implement appropriate security measures
  • Restricted from using data for their own purposes

We do not sell personal data and do not share personal data for cross-context behavioural advertising.

International Data Transfers

We operate globally. Personal data may be transferred between group entities and third parties across jurisdictions.

We implement safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Intra-group agreements

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.

This includes:

  • Customer and account data: for the duration of the relationship and a reasonable period thereafter
  • Financial and transaction data: typically retained for up to seven (7) years for accounting and tax purposes
  • Technical and usage data: retained for security, system integrity, and service improvement purposes

In determining appropriate retention periods, we consider:

  • The nature and sensitivity of the data
  • The purposes for which it is processed
  • Applicable legal requirements

In some circumstances, you may request deletion of your personal data (see “Your Rights” below).

We may also anonymise personal data so that it can no longer be associated with an individual. Where this is the case, we may use such information without further notice.

Your Privacy Rights

Depending on your location and applicable law, you may have the right to:

  • Request access to your personal data
  • Request correction of inaccurate or incomplete data
  • Request deletion of your personal data
  • Object to or restrict processing
  • Request transfer of your personal data (data portability)
  • Withdraw consent where processing is based on consent

Where we process personal data on behalf of a customer (as a Data Processor), you should direct your request to the relevant Data Controller.

To exercise any of these rights, please contact us using the details provided in this policy.

Fees

You will not usually be required to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to act on a request where it is clearly unfounded, repetitive, or excessive.

Verification of Identity

We may request information to verify your identity before responding to a request. This is a security measure to ensure that personal data is not disclosed to unauthorised individuals.

Response Time

We aim to respond to all legitimate requests within one month. If your request is complex or you have made multiple requests, this period may be extended. We will notify you if this is the case.

Data Security

We implement appropriate technical and organisational measures, including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Monitoring, logging, and alerting
  • Security testing and vulnerability management

Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain sessions
  • Analyse usage
  • Improve performance

Users can manage cookie preferences through browser settings.

Do Not Track Signals

Our services do not currently respond to “Do Not Track” signals. Users may manage tracking via browser controls.

Children’s Privacy

Our services are not intended for individuals under the age of 16, and we do not knowingly collect personal data from children.

Changes To This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be published on our website and/or within the Platform.

Contact Information

Email: dpo@gravitysupplychain.com

For the purposes of applicable data protection laws, including the Singapore Personal Data Protection Act 2012, you may contact our Data Protection Officer using the details above.

Complaints

If you have concerns about how we handle personal data, please contact us.

Enterprise Transparency Commitments

To support enterprise customers, we commit to:

  • Clear separation of customer data between tenants
  • No unauthorised use of customer data for AI training
  • Transparency regarding sub-processors
  • Alignment with industry security standards (e.g. ISO 27001, SOC 2 where applicable)

Links To Other Sites

Our Website may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's Website. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.