Here is the official English version (authoritative version) of the NeXcale Pte. Ltd. Privacy Policy, fully aligned with the Japanese version you finalized. The structure, numbering, and content are faithfully mirrored, written in clear corporate legal English suitable for publication on a global website or SaaS platform.

Article 1. (Basic Policy)

NeXcale Pte. Ltd. (“the Company”) recognizes the proper handling of personal data as an important social responsibility. The Company complies with the Personal Data Protection Act of Singapore (PDPA), the General Data Protection Regulation of the European Union (GDPR), the Act on the Protection of Personal Information of Japan (APPI), and other major data protection laws and regulations, and appropriately manages personal information in accordance with these laws.

Article 2. (Definitions)

“Personal Information” means any information that can identify a specific individual, such as name, address, phone number, and email address.

”Related Information” means information that does not by itself identify a specific individual, including cookies, IP addresses, advertising identifiers, location data, device information, and browsing history.

“Personal Data” means Personal Information and Related Information that are used in association with a specific individual.

“Anonymized Information” means information that has been processed so that individuals cannot be identified and cannot be restored.

Article 3. (Methods of Collection)

We collect Personal Information and Related Information in the following ways:

• Information directly provided by customers when using the service

• Automatic collection via cookies, access logs, or analytics tools

• Lawful provision from partners or contractors

Article 3-2. (Scope of Collected Information)

• Account Information: Name, email address, phone number, transaction history, account settings and contract information

• Provided Information: Data entered or transmitted by users (e.g., location, installation date, specifications, operational data, analytics data, inquiry content)

• Automatically Collected Information: IP address, cookies, browser type, access logs, usage history, device information and location data

• Linking of Related Information: We may combine Related Information with other data to treat it as Personal Information.

• Cookies and Analytics Tools: The Company uses Google Analytics and Google AdSense to operate, manage, and improve its services and user experience.

For details on Google’s data protection policies, please refer to:

• Google Privacy Policy

• Google Analytics Terms of Service Further information on Google Analytics is available here.

Google Analytics

Google AdSense

To opt out

Article 4. (Purpose of Use)

We handle Personal Information and Related Information in accordance with Article 2 and applicable laws.

The Company uses collected personal information for the following purposes:

• To provide, operate, and improve services

• To perform identity verification, authentication, and account management

• To respond to customer inquiries

• To develop and enhance new services and features

• To analyze usage and optimize user experience

• To prevent misuse or violations of laws and regulations

• To deliver advertisements and conduct marketing activities with prior consent

Article 4-2. (Anonymized and Statistical Data)

The Company may create anonymized information that cannot identify individuals and use it for statistical and analytical purposes. Such anonymized information may be aggregated and analyzed in non-identifiable formats and, in some cases, provided to third parties in the form of analytical scores. The Company may use anonymized information for AI model training to improve service quality and model accuracy. Users may opt out of AI model learning through their account settings.

Article 5. (Provision to Third Parties)

The Company will not provide personal information to third parties except in the following cases:

• When the individual has given consent

• When required by law

• When necessary to protect life, body, or property

• When especially necessary for public health or child welfare

• When outsourcing within the scope necessary to achieve the purpose of use

When providing personal data, the Company ensures that the recipient has adequate data protection measures in place and enters into appropriate contractual arrangements.

In cases of corporate mergers, acquisitions, restructuring, asset transfers, partnerships, or similar business reorganizations, the Company may transfer or assign personal data within the scope necessary for business continuity or reorganization. In such cases, the Company will ensure that the recipient maintains appropriate contractual and organizational safeguards in accordance with applicable laws and this Policy.

Article 6. (Management of Contractors)

When outsourcing business operations, the Company carefully selects contractors, obligates them by contract to properly manage personal data, and appropriately supervises their handling of such information.

We may use the following external service:

• Authentication Service: Kinde
  Used for user authentication and login functionality.

Article 7. (Joint Use)

When the Company jointly uses personal data with affiliated companies or business partners, it will disclose the purpose of use, categories of jointly used data, scope of joint users, and the name of the person responsible for managing such data.

Article 8. (Overseas Transfer)

When transferring personal data outside of Singapore, the Company does so only to countries that provide an adequate level of protection, are recognized by the European Commission for adequacy, or are covered by appropriate safeguards such as the Standard Contractual Clauses (SCCs). Transfers of personal data to affiliated companies or contractors located in countries such as Singapore, Australia, or Japan will be made in compliance with applicable laws and with appropriate contractual and security safeguards.

Our data may be stored and managed in the Singapore region using Amazon Web Services (AWS).

Article 9. (Security Measures)

The Company implements technical and organizational security measures to prevent unauthorized access, leakage, loss, destruction, or alteration of personal data.

Article 10. (Access and Correction of Personal Information)

Users may request access to, correction, deletion, or suspension of use of their personal information. Requests should be submitted in writing or by email to the Data Protection Officer listed in Article 12.

The Company will respond as promptly as reasonably possible, typically within 30 business days after receiving the request. If processing requires additional time, the Company will inform the user of the expected timeline.

A reasonable fee may be charged for access requests, which will be communicated before processing begins. If the Company cannot provide or amend the requested data, the user will be informed of the reason, unless exempted by applicable law.

Article 10-2. (Withdrawal of Consent)

Users may withdraw their consent for the collection, use, or disclosure of their personal information at any time by submitting a written or electronic request to the Data Protection Officer listed in Article 12. The Company will process such requests within a reasonable timeframe, generally within 30 business days of receipt.

Withdrawal of consent may affect the Company’s ability to continue providing some or all services. However, the Company may continue to collect, use, or disclose personal information without consent when permitted or required by law.

Article 11. (Retention Period)

The Company retains personal information only for as long as necessary to fulfill the purpose for which it was collected. When such information is no longer required, it will be promptly deleted or anonymized.

Article 12. (Contact Information)

For inquiries regarding the handling of personal data, please contact:

Data Protection Officer

• Email: dpo@enerscale.co
• Address: 175A Bencoolen Street #08-07 Burlington Square, Singapore 189650

Article 13. (Personal Information of Minors)

This service is intended for users aged 18 and above. Users under 18 years of age may use the service only with the consent and supervision of a parent or legal guardian, and it is the responsibility of the user to obtain such consent.

Article 14. (Governing Law and Jurisdiction)

This Policy shall be governed by and construed in accordance with the laws of the Republic of Singapore. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts of Singapore in the first instance.

Article 15. (Compliance with International Laws)

This Policy is formulated in compliance with the PDPA, GDPR, and APPI, as well as other relevant international data protection regulations.

Article 16. (Revisions)

The Company may amend this Policy from time to time without prior notice. Revisions shall take effect upon publication on the Company’s website. Continued use of the Company’s services after such revisions constitutes acceptance of the amended Policy.

Article 17. (Precedence of English Version)

In the event of any discrepancy between the English and Japanese versions of this Policy, the English version shall prevail. However, where Japanese laws specifically apply, the Japanese version shall be interpreted to the extent necessary to comply with such laws.

Article 18. (Relationship with Other Policies and Agreements)

This Policy shall be applied together with other agreements, terms of use, consent forms, or special provisions governing the handling of personal data by the Company. If the provisions of such documents conflict with this Policy, the relevant agreement or special provision shall take precedence.

Effective Date: 17/06/2021
Last Revised: 24/04/2026