Privacy Policy
Last updated: 2 July 2026
Effective date: 2 July 2026
This Privacy Policy explains how VARSITY TECH PTE. LTD., a company incorporated in Singapore (UEN 202545496Z) ("Quandora", "we", "us", or "our"), collects, uses, discloses, and protects personal data when you use the Quandora website, hosted application, API, agent skills and connectors, and related services (collectively, the "Services").
We handle personal data in accordance with the Personal Data Protection Act 2012 of Singapore ("PDPA"). If you access the Services from outside Singapore, please note that your personal data may be processed in Singapore and other jurisdictions as described below.
This Policy forms part of, and should be read together with, our Terms of Service. By using the Services, you consent to the collection, use, and disclosure of your personal data as described in this Policy, unless a different lawful basis applies. In this Policy, "personal data" means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.
1
1
Personal data we collect
Personal data we collect
We collect the following categories of personal data:
a) Account and identity data. When you register, we collect your name (or username), email address, password (stored in hashed form), and, where you sign in via a third-party identity provider (OAuth), the basic profile information that provider shares with us.
b) Payment data. If and when paid features are offered, payments are handled by a third-party payment processor. We do not collect or store full payment-card numbers. We may receive limited transaction details from the processor, such as a confirmation of payment, the last four digits of a card, billing country, and the amount and status of a transaction.
c) User Content you submit. Factor code, formulas, plugins, prompts, parameters, task selections, and other materials you (or an AI agent acting under your direction) submit to theServices, together with the Result Cards and evaluation records generated from them. This content may contain your proprietary research and is treated as confidential — see Section 6.
d) Usage, analytics, and device data. Information about how you interact with the Services, such as pages and features used, requests to our API, timestamps, referring URLs, IP address, browser and device type, operating system, and approximate location derived from IP address. We collect this through cookies and similar technologies (see Section 8) and through server and application logs.
e) Communications. Information you provide when you contact us for support, respond to surveys, join a waitlist, or otherwise correspond with us. We do not intentionally collect special categories of sensitive personal data, and we ask that you not submit such data through the Services.
We collect the following categories of personal data:
a) Account and identity data. When you register, we collect your name (or username), email address, password (stored in hashed form), and, where you sign in via a third-party identity provider (OAuth), the basic profile information that provider shares with us.
b) Payment data. If and when paid features are offered, payments are handled by a third-party payment processor. We do not collect or store full payment-card numbers. We may receive limited transaction details from the processor, such as a confirmation of payment, the last four digits of a card, billing country, and the amount and status of a transaction.
c) User Content you submit. Factor code, formulas, plugins, prompts, parameters, task selections, and other materials you (or an AI agent acting under your direction) submit to theServices, together with the Result Cards and evaluation records generated from them. This content may contain your proprietary research and is treated as confidential — see Section 6.
d) Usage, analytics, and device data. Information about how you interact with the Services, such as pages and features used, requests to our API, timestamps, referring URLs, IP address, browser and device type, operating system, and approximate location derived from IP address. We collect this through cookies and similar technologies (see Section 8) and through server and application logs.
e) Communications. Information you provide when you contact us for support, respond to surveys, join a waitlist, or otherwise correspond with us. We do not intentionally collect special categories of sensitive personal data, and we ask that you not submit such data through the Services.
2
2
How we use personal data
How we use personal data
We use personal data for the following purposes:
To provide the Services — to create and manage your account; authenticate you; receive, host, execute, and evaluate your User Content; return Result Cards; and operate dedup/memory, error-repair, and pricing utilities.
To operate and secure our platform — to monitor performance, prevent and detect fraud and abuse, enforce rate limits, maintain security, and protect the rights and safety of Quandora, our users, and third parties.
To process payments — to facilitate and record transactions (via our payment processor) if you use paid features.
To communicate with you — to send service, security, and administrative messages, respond to your enquiries, and, where permitted, send product updates or marketing (which you may opt out of).
To improve the Services — to understand usage, debug, develop new features, and improve our evaluation engine, including through aggregated and de-identified analysis that does not identify you or reconstruct your proprietary logic.
To comply with law — to meet legal, regulatory, tax, accounting, and law-enforcement obligations, and to establish, exercise, or defend legal claims.
We use personal data for the following purposes:
To provide the Services — to create and manage your account; authenticate you; receive, host, execute, and evaluate your User Content; return Result Cards; and operate dedup/memory, error-repair, and pricing utilities.
To operate and secure our platform — to monitor performance, prevent and detect fraud and abuse, enforce rate limits, maintain security, and protect the rights and safety of Quandora, our users, and third parties.
To process payments — to facilitate and record transactions (via our payment processor) if you use paid features.
To communicate with you — to send service, security, and administrative messages, respond to your enquiries, and, where permitted, send product updates or marketing (which you may opt out of).
To improve the Services — to understand usage, debug, develop new features, and improve our evaluation engine, including through aggregated and de-identified analysis that does not identify you or reconstruct your proprietary logic.
To comply with law — to meet legal, regulatory, tax, accounting, and law-enforcement obligations, and to establish, exercise, or defend legal claims.
3
3
Legal basis and consent (PDPA)
Legal basis and consent (PDPA)
We collect, use, and disclose personal data where you have given (or are deemed to have given) consent, or where the collection, use, or disclosure is permitted or required under the PDPA or other applicable law — including where it is necessary to perform our contract with you, for legitimate business purposes that do not have an adverse effect disproportionate to the benefit, or to comply with legal obligations.
Where we rely on your consent, you may withdraw it at any time as described in Section 9. Withdrawing consent may mean we can no longer provide some or all of the Services to you.
We collect, use, and disclose personal data where you have given (or are deemed to have given) consent, or where the collection, use, or disclosure is permitted or required under the PDPA or other applicable law — including where it is necessary to perform our contract with you, for legitimate business purposes that do not have an adverse effect disproportionate to the benefit, or to comply with legal obligations.
Where we rely on your consent, you may withdraw it at any time as described in Section 9. Withdrawing consent may mean we can no longer provide some or all of the Services to you.
4
4
How we disclose personal data
How we disclose personal data
We do not sell your personal data. We disclose personal data only as follows:
a) Service providers and processors. To third parties that perform services on our behalf, such as cloud hosting and infrastructure, database and storage providers, our payment processor, analytics providers, email and communications providers, and customer-support tools. These providers are permitted to process personal data only on our instructions and under obligations of confidentiality and security.
b) AI and connected tools. Where you connect the Services to an AI agent or coding tool (for example, via a Model Context Protocol connector), data flows between the Services and that tool as directed by you. Such tools are operated by third parties under their own terms and privacy policies.
c) Legal and safety. To regulators, courts, law-enforcement, or other authorities where required by law or legal process, or where we reasonably believe disclosure is necessary to comply with law, enforce our Terms of Service, or protect the rights, property, or safety of Quandora, our users, or the public.
d) Corporate transactions. In connection with a merger, acquisition, financing, reorganisation, or sale of assets, subject to the recipient honouring commitments consistent with this Policy.
e) With your consent. For any other purpose disclosed to you at the time and to which you consent.
We do not sell your personal data. We disclose personal data only as follows:
a) Service providers and processors. To third parties that perform services on our behalf, such as cloud hosting and infrastructure, database and storage providers, our payment processor, analytics providers, email and communications providers, and customer-support tools. These providers are permitted to process personal data only on our instructions and under obligations of confidentiality and security.
b) AI and connected tools. Where you connect the Services to an AI agent or coding tool (for example, via a Model Context Protocol connector), data flows between the Services and that tool as directed by you. Such tools are operated by third parties under their own terms and privacy policies.
c) Legal and safety. To regulators, courts, law-enforcement, or other authorities where required by law or legal process, or where we reasonably believe disclosure is necessary to comply with law, enforce our Terms of Service, or protect the rights, property, or safety of Quandora, our users, or the public.
d) Corporate transactions. In connection with a merger, acquisition, financing, reorganisation, or sale of assets, subject to the recipient honouring commitments consistent with this Policy.
e) With your consent. For any other purpose disclosed to you at the time and to which you consent.
5
5
International transfers
International transfers
We are based in Singapore and use service providers that may store or process personal data in other countries. Where we transfer personal data outside Singapore, we take reasonable steps to ensure the recipient provides a standard of protection comparable to that under thePDPA, for example through contractual data-protection commitments, in accordance with the PDPA's transfer-limitation requirements.
We are based in Singapore and use service providers that may store or process personal data in other countries. Where we transfer personal data outside Singapore, we take reasonable steps to ensure the recipient provides a standard of protection comparable to that under thePDPA, for example through contractual data-protection commitments, in accordance with the PDPA's transfer-limitation requirements.
6
6
Confidentiality of your User Content
Confidentiality of your User Content
We recognise that your factor code, formulas, and strategy logic may be highly valuable and proprietary. We operate the Services so that your submitted User Content and individual Result Cards are scoped to your account. We do not publish your proprietary factor code or sell it to third parties. Access within Quandora is limited to personnel and systems that need it to operate, secure, and support the Services. Any analysis we conduct to improve the evaluation engine uses aggregated or de-identified data that does not identify you or reconstruct your proprietary logic. Confidentiality obligations relating to your User Content are also addressed in our Terms of Service.
We recognise that your factor code, formulas, and strategy logic may be highly valuable and proprietary. We operate the Services so that your submitted User Content and individual Result Cards are scoped to your account. We do not publish your proprietary factor code or sell it to third parties. Access within Quandora is limited to personnel and systems that need it to operate, secure, and support the Services. Any analysis we conduct to improve the evaluation engine uses aggregated or de-identified data that does not identify you or reconstruct your proprietary logic. Confidentiality obligations relating to your User Content are also addressed in our Terms of Service.
7
7
Data retention
Data retention
We retain personal data for as long as necessary to provide the Services, maintain your account, and fulfil the purposes described in this Policy, and thereafter as required to comply with our legal, regulatory, tax, and accounting obligations, resolve disputes, and enforce our agreements. When personal data is no longer required for any legal or business purpose, we will take reasonable steps to delete it or anonymise it. Residual copies may persist in routine backups for a limited period before being overwritten.
We retain personal data for as long as necessary to provide the Services, maintain your account, and fulfil the purposes described in this Policy, and thereafter as required to comply with our legal, regulatory, tax, and accounting obligations, resolve disputes, and enforce our agreements. When personal data is no longer required for any legal or business purpose, we will take reasonable steps to delete it or anonymise it. Residual copies may persist in routine backups for a limited period before being overwritten.
8
8
Cookies and similar technologies
Cookies and similar technologies
We use cookies and similar technologies (such as local storage and pixels) to keep you signed in, remember your preferences, maintain security, and understand and improve how the Services are used.
Strictly necessary technologies are required for the Services to function (for example, authentication and security) and cannot be switched off through our systems.
Analytics and performance technologies help us measure and improve the Services.
You can control cookies through your browser settings, and where required we will request your consent for non-essential cookies through a cookie banner or preference tool. Blocking some cookies may affect how the Services function.
We use cookies and similar technologies (such as local storage and pixels) to keep you signed in, remember your preferences, maintain security, and understand and improve how the Services are used.
Strictly necessary technologies are required for the Services to function (for example, authentication and security) and cannot be switched off through our systems.
Analytics and performance technologies help us measure and improve the Services.
You can control cookies through your browser settings, and where required we will request your consent for non-essential cookies through a cookie banner or preference tool. Blocking some cookies may affect how the Services function.
9
9
Your rights and choices
Your rights and choices
Subject to applicable law, you may:
Access and correction. Request access to the personal data we hold about you and request that we correct inaccurate or incomplete data, in accordance with the PDPA. We may charge a reasonable fee for an access request as permitted by law.
Withdraw consent. Withdraw your consent to our collection, use, or disclosure of your personal data, on reasonable notice. We will inform you of the likely consequences, which may include our inability to continue providing the Services.
Marketing opt-out. Opt out of marketing communications at any time via the unsubscribe link or by contacting us.
Account deletion. Request closure of your account and deletion of associated personal data, subject to the retention obligations in Section 7.
To exercise any of these rights, contact our Data Protection Officer at louis@varsity-tech.com. We will respond within the timeframes required by the PDPA. We may need to verify your identity before acting on a request.
Subject to applicable law, you may:
Access and correction. Request access to the personal data we hold about you and request that we correct inaccurate or incomplete data, in accordance with the PDPA. We may charge a reasonable fee for an access request as permitted by law.
Withdraw consent. Withdraw your consent to our collection, use, or disclosure of your personal data, on reasonable notice. We will inform you of the likely consequences, which may include our inability to continue providing the Services.
Marketing opt-out. Opt out of marketing communications at any time via the unsubscribe link or by contacting us.
Account deletion. Request closure of your account and deletion of associated personal data, subject to the retention obligations in Section 7.
To exercise any of these rights, contact our Data Protection Officer at louis@varsity-tech.com. We will respond within the timeframes required by the PDPA. We may need to verify your identity before acting on a request.
10
10
Security
Security
We maintain reasonable administrative, technical, and organisational safeguards designed to protect personal data against unauthorised access, use, disclosure, alteration, and loss — including encryption in transit, access controls, hashing of passwords, and logging. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials and API keys confidential.
We maintain reasonable administrative, technical, and organisational safeguards designed to protect personal data against unauthorised access, use, disclosure, alteration, and loss — including encryption in transit, access controls, hashing of passwords, and logging. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials and API keys confidential.
11
11
Children
Children
The Services are not directed to, and are not intended for use by, individuals under 18 years of age, and we do not knowingly collect personal data from them. If you believe a minor has provided us with personal data, please contact us so we can delete it.
The Services are not directed to, and are not intended for use by, individuals under 18 years of age, and we do not knowingly collect personal data from them. If you believe a minor has provided us with personal data, please contact us so we can delete it.
12
12
Third-party links and services
Third-party links and services
The Services may link to or integrate with third-party websites and services (including exchanges, data providers, and AI tools). This Policy does not apply to those third parties, andwe are not responsible for their privacy practices. Please review their privacy policies.
The Services may link to or integrate with third-party websites and services (including exchanges, data providers, and AI tools). This Policy does not apply to those third parties, andwe are not responsible for their privacy practices. Please review their privacy policies.
13
13
Changes to this Policy
Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will provide reasonable notice by posting the updated Policy with a new "Last updated" date and, where appropriate, notifying you through the Services. Your continued use of the Services after the changes take effect constitutes your acknowledgement of the revised Policy.
We may update this Policy from time to time. If we make material changes, we will provide reasonable notice by posting the updated Policy with a new "Last updated" date and, where appropriate, notifying you through the Services. Your continued use of the Services after the changes take effect constitutes your acknowledgement of the revised Policy.
14
14
Contact us and Data Protection Officer
Contact us and Data Protection Officer
If you have any questions, concerns, or complaints about this Policy or how we handle personal data, or wish to exercise your rights, please contact our Data Protection Officer:
Email: louis@varsity-tech.com
Postal: VARSITY TECH PTE. LTD., Robinson Square, 144 Robinson Road, #13-001 , Singapore 068908
If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission of Singapore (PDPC) at www.pdpc.gov.sg.
If you have any questions, concerns, or complaints about this Policy or how we handle personal data, or wish to exercise your rights, please contact our Data Protection Officer:
Email: louis@varsity-tech.com
Postal: VARSITY TECH PTE. LTD., Robinson Square, 144 Robinson Road, #13-001 , Singapore 068908
If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission of Singapore (PDPC) at www.pdpc.gov.sg.











