Privacy Policy
Effective 20 May 2025
Gaussian Pte. Ltd. and its affiliates ("Gaussian," "we," "our," or "us") respect your privacy. This policy explains how we collect, use, disclose, and protect personal data obtained through the gaussian.ai website and any sub-domains (collectively, the "Site"). The policy is designed to meet or exceed the requirements of the EU and UK GDPR, Singapore PDPA, Australia's Privacy Act, the CCPA/CPRA, and sector-specific rules such as HIPAA and GLBA to the extent they apply to marketing-site interactions. Processing that occurs inside the Gaussian SaaS platform is governed by a separate Data Processing Addendum executed with each customer.
1. Scope of This Policy
This policy applies to personal data you provide directly on the Site—for example when you fill out a contact form, subscribe to a newsletter, register for an event, or communicate with us by email using links provided on the Site. It also covers limited data we collect automatically when you visit, such as your IP address and pages viewed. The policy does not cover information we process on behalf of customers inside our cloud platform.
2. Data We Collect
When you engage with the Site we may collect your name, job title, company, business email address, business phone number, industry, and project interests if you choose to share them. In addition, our analytics tools capture device and browser details, IP address, referring URLs, and the time you spend on each page. We also record your marketing preferences—for instance, whether you have opted in to receive product updates. The Site is intended for business audiences; we do not intentionally solicit or store sensitive personal data such as health records or government identifiers.
3. How and Why We Use Personal Data
We use contact details to respond to enquiries, schedule product demonstrations, send newsletters you have requested, and invite you to events. Site-usage data helps us secure the Site, diagnose performance issues, and understand which content resonates with visitors. In regulated industries we may retain certain information to comply with legal or audit obligations. Where the GDPR applies, our lawful bases are legitimate interest, consent, and, where necessary, legal obligation. We keep personal data only as long as necessary for the purpose collected—typically no more than twenty-four months after your last interaction for enquiries and marketing, fourteen months for analytics logs (which are then aggregated), or longer if required to establish, exercise, or defend legal claims.
4. Disclosure of Data
Gaussian does not sell personal data. We share it only with service providers that host our website, manage our customer-relationship systems, send emails, or provide analytics—each bound by strict confidentiality and data-processing agreements. We may also share information with professional advisers under privilege, with law-enforcement agencies when legally compelled, or with successor entities in the event of a merger or acquisition, provided equivalent privacy safeguards remain in place.
5. International Data Transfers
Our remote-first team operates from several jurisdictions, and our cloud infrastructure is located in AWS regions such as Singapore, Sydney, Tokyo, Frankfurt, and Virginia. When personal data originating in the European Economic Area or the United Kingdom is transferred outside those regions, we rely on the EU and UK Standard Contractual Clauses and apply additional technical measures—such as encryption and strict access controls—to protect the data.
6. Data Security
Gaussian employs administrative, technical, and physical safeguards appropriate to the sensitivity of the information we hold. Data is encrypted in transit using TLS 1.3 and at rest using AES-256. Access to systems follows a least-privilege model enforced by multi-factor authentication, with all actions logged. We continuously monitor for intrusion attempts, perform annual penetration tests, and maintain a SOC 2 Type II security program.
7. Your Privacy Rights
Depending on your jurisdiction, you may have the right to access the personal data we hold about you, correct inaccurate information, request deletion, restrict or object to certain processing, receive a portable copy of your data, or withdraw consent for marketing at any time. You can exercise these rights by emailing privacy@gaussian.au. We respond to all requests within thirty days, or ten business days for California residents exercising CPRA rights. You also have the right to lodge a complaint with your local supervisory authority.
8. Cookies and Similar Technologies
The Site uses first-party cookies and privacy-centric analytics tools to maintain security, remember language or region settings, and understand aggregate visitor behaviour. You can disable cookies through your browser; however, some Site features may not function correctly without them.
9. Children's Privacy
The Site is directed to business professionals and is not intended for children under sixteen years of age. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal information, please contact us so that we can delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business developments. When we make material changes, we will revise the "Effective Date" above and provide a prominent notice on the Site or via email. Your continued use of the Site after an update signifies acceptance of the revised policy.
12. Contact Us
Questions about this policy, our privacy practices, or your rights should be sent to privacy@gaussian.au. You may also write to the Gaussian Privacy Office, 68 Circular Road, #02-01, Singapore 049422