Skip to content
dhari .ai

Legal

Privacy Policy

Last updated: May 2026

Dhari AI ("Dhari", "we", "our", or "us") is committed to protecting the privacy of every individual who interacts with us, our website at dhari.ai, or our services. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have under Singapore's Personal Data Protection Act 2012 ("PDPA").

1. Who we are

Dhari AI is a private company incorporated in Singapore providing agentic AI consulting and solutions to banking, financial services, and enterprise clients. We are the data controller for the personal data described in this policy.

Our Data Protection Officer (DPO) can be reached at security@dhari.ai.

2. What personal data we collect

We collect personal data only when you provide it to us or when it is necessary to deliver our services. This includes:

  • Contact information — name, work email, company, role, and any details you include in messages sent through our contact form.
  • Engagement data — meeting notes, project briefs, and other content you share with us during the course of an engagement.
  • Technical data — IP address, browser type, pages visited, and approximate location, captured automatically by our analytics provider for site improvement purposes. We use Cloudflare Web Analytics which is privacy-respecting and does not use cookies or fingerprinting.
  • AI demo interactions — when you use the live AI agent demo on our website, your messages are sent to the Claude API (operated by Anthropic). We do not store these conversations; they are processed in real time and discarded.

3. How we use your data

We use personal data only for the following purposes:

  • To respond to enquiries and provide the services you request
  • To manage and deliver our consulting engagements
  • To improve our website and service offerings
  • To comply with legal and regulatory obligations
  • To send relevant updates if you explicitly opt in

We do not sell personal data, ever. We do not use personal data to train AI models.

4. Legal basis for processing

Under the PDPA, we process personal data based on the consent you provide when submitting forms or engaging with us, or on the legitimate interests of operating our business in a manner that does not override your privacy rights.

5. Data sharing

We share personal data only with:

  • Service providers acting on our behalf (e.g. Cloudflare for hosting and analytics, Anthropic for AI model inference) under data processing agreements
  • Authorities, when required by law or regulation
  • Clients, when required to deliver an engagement — and only with your explicit consent

All our data processors are bound by contractual obligations to handle data in accordance with the PDPA.

6. Data residency and transfers

Personal data may be processed in Singapore and other jurisdictions where our service providers operate. Where personal data is transferred outside Singapore, we ensure the receiving party provides protection at a comparable standard to the PDPA, as required by section 26 of the Act.

7. Retention

We retain personal data only as long as necessary for the purposes set out above, or as required by law. Contact form submissions are retained for two years from the last interaction. Engagement records are retained for the duration of our contract plus seven years for regulatory and tax compliance.

8. Your rights

Under the PDPA, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate personal data
  • Withdraw consent for further processing (subject to legal/contractual obligations)
  • Lodge a complaint with the Personal Data Protection Commission (PDPC) Singapore

To exercise any of these rights, email our DPO at security@dhari.ai. We will respond within 30 days.

9. Security

We take reasonable steps to protect personal data against unauthorised access, modification, or disclosure. This includes encryption in transit (HTTPS), access controls, regular security reviews, and incident response procedures aligned to MAS TRMG and PDPA requirements.

10. AI-specific disclosures

Where we use AI systems — whether on our own website or in client engagements — we follow the principles set out in our Responsible AI Policy. In particular:

  • We do not use personal data to train foundation models
  • We disclose when AI has been used to generate or influence a decision affecting you
  • We provide a meaningful path to challenge any AI-influenced decision

11. Cookies

Our website uses minimal, essential cookies for site functionality. We do not use tracking cookies or third-party advertising cookies. Our analytics provider (Cloudflare) operates on a cookieless basis.

12. Children's privacy

Our services are not intended for individuals under 18. We do not knowingly collect personal data from children.

13. Changes to this policy

We may update this policy periodically. The "Last updated" date above will always show the most recent version. Material changes will be communicated by email to engagement clients and via a notice on our website.

14. Contact

Questions about this Privacy Policy or our data practices? Contact our DPO at security@dhari.ai.