Skip to main content
Acepeak
Legal

Privacy policy.

How AcePeak collects, uses, shares, and protects personal data across our platform, websites, and apps — our two roles as controller and processor, and the rights you have by region.

Last updated June 22, 2026

Overview & two roles

This Privacy Policy explains how Ace Peak Invest Pte Ltd (Singapore Company Registration No. 201707906Z, registered office 1 Scotts Road, #24-10, Shaw Centre, Singapore 228208) (“AcePeak”, “we”) collects, uses, shares, and protects personal data in connection with the AcePeak cloud communications and contact center platform (the “Services”), our websites, and the admin and agent applications.

Two roles. For data about our business customers, their administrators, billing contacts, and website visitors, AcePeak is the controller and this policy applies. For personal data a business customer processes about its own callers, contacts, and end-customers through the Services, the customer is the controller and AcePeak is a processorunder the Data Processing Agreement — there, the customer’s own privacy notice governs.

1. Controller, DPO and representatives

Controller: Ace Peak Invest Pte Ltd, 1 Scotts Road, #24-10, Shaw Centre, Singapore 228208.

  • Privacy contact — privacy@acepeak.com
  • Data Protection Officer — dpo@acepeak.com (inbox monitored)
  • EU Representative (GDPR Art. 27) — appointment in progress
  • UK Representative (UK GDPR Art. 27) — appointment in progress
  • Singapore — we comply with the PDPA 2012; complaints to the PDPC (pdpc.gov.sg).

2. Personal data we collect (as controller)

  • Account & admin data — business contact name, work email, phone, role, company, credentials (hashed).
  • Billing data — payment-method details via our payment processor (Stripe); limited token/transaction data, not full card numbers.
  • Verification data — identity/address documents where a number type or regulator requires it.
  • Technical & usage data — device, IP, browser, app version, language, diagnostic logs.
  • Support/sales data — content of messages to our support and sales teams.

Website cookies are described in our Cookie Policy.

3. Customer end-user data (as processor)

To provide the platform, AcePeak processes data about your callers and contacts — caller/called numbers, call detail records, message metadata and content, voicemail, call and screen recordings, transcripts, AI-interaction data, and contact records — only on your documented instructions under the Data Processing Agreement, not for its own purposes.

4. Why we use personal data and our legal bases

As controller we use account, billing, technical and support data to create/manage accounts and numbers; provide and secure the Services; process payments; provide support; comply with telecom and tax law (caller-ID authentication, robocall mitigation, lawful record retention, lawful requests); prevent fraud/abuse; send service messages; and, with consent where required, marketing. GDPR/UK GDPR bases: contract, legitimate interests, legal obligation, and consent (marketing).

5. Sharing and sub-processors

We do not sell personal data. We share it with sub-processors that run the Services (see our Sub-Processor List); telecom carriers and messaging providers needed to connect calls/deliver messages; payment, professional, and security providers; and authorities where a binding legal requirement applies. Where a business customer uses the platform, AcePeak is its processor under the DPA.

6. International transfers

We are based in Singapore and use providers in the EEA, UK, US, and other regions. For transfers from the EEA/UK to countries without an adequacy decision we rely on EU Standard Contractual Clauses and the UK IDTA, with transfer impact assessments and safeguards. Hosting regions are listed in our Sub-Processor List.

7. Retention

  • Account data — life of the account, then deleted/anonymised after closure (subject to legal holds).
  • Telecom records — as long as the law requires (typically 3–12 months).
  • Recordings/transcripts — per customer configuration (platform default 7 days, extendable), then deleted.
  • Support data — limited period after resolution, then deleted.

8. Your rights — by region

  • EEA/UK (GDPR) — access, correction, deletion, restriction, portability, objection, withdraw consent; complain to your DPA (UK: ICO; EU: edpb.europa.eu).
  • United States— access, correction, deletion, opt-out of sale/share (we do not sell); we honour Global Privacy Control. Email privacy@acepeak.com with “US Privacy Request”.
  • Canada — PIPEDA access/correction; Quebec Law 25 portability and incident rules; OPC complaints; CASL for marketing.
  • Brazil & Latin America — LGPD rights; contact our DPO/Encarregado; complain to the ANPD.
  • Africa — South Africa POPIA, Nigeria NDPA, Kenya DPA, Ghana DPA rights; complaints to the relevant national regulator.
  • Singapore — PDPA access/correction; complaints to the PDPC.

To exercise rights, email privacy@acepeak.com. Where AcePeak is a processor, we refer your request to the relevant business customer.

9. AI features

Optional AI features are covered by our AI Transparency & Responsible-Use Addendum, including EU AI Act transparency. We do not use customer content to train generative AI models without documented consent.

10. RCS Business Messaging (planned service)

AcePeak operates an RCS Business Messaging (RBM) service in partnership with Google and authorised carrier aggregators. When you opt in to receive RCS messages from AcePeak, the following applies.

What we collect

  • Mobile number (provided at signup)
  • Opt-in timestamp and IP address (audit evidence of consent)
  • Message delivery status (sent, delivered, read, failed)
  • Interaction events (button taps, suggested-reply postbacks, opt-out keyword replies)
  • Opt-out preferences stored per-user on your account

How we use it

  • To deliver the RCS messages you have consented to receive (onboarding, transactional, opt-in promotional)
  • To honour STOP / UNSUBSCRIBE / CANCEL / END / QUIT keyword replies and in-app opt-out toggles within seconds
  • To respond to HELP / INFO keyword replies with AcePeak support information
  • To produce delivery and engagement reports for AcePeak account holders

Legal basis. Explicit consent collected via a pre-unticked checkbox that you must tick to complete registration. Submissions without consent are rejected server-side.

Your rights.Opt out at any time via reply keyword (STOP, UNSUBSCRIBE, CANCEL, END, QUIT, OPTOUT — case-insensitive) or via Settings → Notifications → “Receive RCS messages from AcePeak”. You may also email privacy@acepeak.com (handled within 24 hours) or request access/deletion of your data via the same address. Once opted out, your number is added to a suppression list and receives no further RCS messages from us.

Third parties.RCS messages are routed through our carrier aggregator partner (Infobip) and Google’s RBM platform. Their handling of routing data is governed by Google’s RCS Business Messaging Terms of Service and Infobip’s Privacy Policy.

Retention. Opt-in/opt-out timestamps and audit logs are retained for 24 months after account closure to comply with carrier and regulatory requirements. Message bodies are retained for 90 days.

11. Security, children, and changes

We protect data with encryption in transit and at rest, access controls, and regular security reviews (see the DPA security annex). The Services are not directed to children and are for business use only. We will notify you of material changes and seek consent where the law requires.

Contact

Legal: legal@acepeak.com · Privacy: privacy@acepeak.com · DPO: dpo@acepeak.com · Security: security@acepeak.com · Abuse: abuse@acepeak.com · Support: support@acepeak.com

Ace Peak Invest Pte Ltd, 1 Scotts Road, #24-10, Shaw Centre, Singapore 228208.

This document is provided for transparency and is not legal advice.

Questions about your data?

Reach our team for export, erasure, or any privacy-related request. We respond within one business day.

Contact us