Privacy Policy

1. Operator

AxeRocket is operated by Feltan Associates Pte Ltd (UEN 202225620G), a private limited company incorporated in Singapore. Our registered office is 1 Raffles Place, #02-01 One Raffles Place Mall, Singapore 048616. References to “AxeRocket”, “we”, “our” or “us” mean Feltan Associates Pte Ltd acting under the AxeRocket brand. Feltan Associates Pte Ltd is the data controller for personal data processed through axerocket.com.

2. Personal data we collect

2.1 Information you give us

You may provide personal data to us when you:

• Register as a Client, Expert or Recruiter (your email address, password managed by our identity provider, LinkedIn profile URL, and the role-specific profile fields appropriate to each membership).
• Complete the Client questionnaire (employment status, industry and profession, location, target roles, salary expectations, AI familiarity, hobbies, and any free-text concerns you choose to share).
• Complete the Recruiter questionnaire (your name, company, work email, specialism focus by industry / profession / location / seniority).
• Complete the Expert profile (full name, base location, languages, practice area and specialisation tags, and any professional credentials you choose to add).
• Purchase a report or membership through our checkout flow (your email, billing details handled by our payment processor, and your explicit consent to terms, privacy and AI processing recorded as an audit trail).
• Submit feedback or support correspondence (your message and any information you choose to share).

2.2 Information collected automatically

Our infrastructure provider sets a small number of strictly necessary cookies and collects technical logs (IP address, user-agent, request times) for security and platform delivery. If you accept analytics in the cookie banner, our analytics provider sets additional cookies for aggregate measurement. See our cookies policy for detail.

3. Purposes and lawful bases

We process personal data for the following purposes, on the following lawful bases under Article 6 GDPR (and the equivalent bases under the PDPA):

• To operate your account and deliver the membership you have purchased — reports, expert and recruiter matching, dashboards, market intelligence (performance of a contract; Art 6(1)(b)).
• To generate your AxeRocket report using AI-assisted processing of your questionnaire answers, persona and public reference data (performance of a contract together with your explicit consent collected at checkout for AI processing; Art 6(1)(b) and Art 6(1)(a)).
• To process payments, issue receipts, and meet our tax, accounting and consumer-protection record-keeping obligations (legal obligation; Art 6(1)(c)).
• To prevent fraud, secure the platform, keep service logs, and enforce our terms (legitimate interests in security and platform integrity; Art 6(1)(f)).
• To send transactional email (account, password reset, report-ready, purchase receipts) which is necessary to operate the service (performance of a contract; Art 6(1)(b)).
• To send marketing email, where you have opted in (consent; Art 6(1)(a)). You may withdraw consent at any time from your account settings or the unsubscribe link in every marketing email.
• To understand how the platform is used in aggregate, where you have consented to analytics cookies (consent; Art 6(1)(a)).

4. Who we share personal data with

We use the following processors. Each operates under its own published privacy and security commitments and has its own data processing terms with us.

• Stripe, Inc. — payment processing, subscription billing, customer-portal account management.
• Supabase Inc. — primary database and identity provider. Our primary instance is in Singapore.
• Vercel Inc. — website and edge hosting; serverless API routes.
• Anthropic, PBC (Claude) — AI-driven persona enrichment and report-section drafting. The structured persona JSON is sent; direct identifiers (email, LinkedIn URL) are not.
• Resend, Inc. — transactional and opted-in marketing email delivery.
• Railway Corp. — Playwright-based HTML→PDF rendering for finished reports.
• n8n GmbH — workflow automation (report-job relay, safety-net poller).
• Mapbox, Inc. — map rendering for Layoff Radar; aggregate geolocation only.
• Google LLC (Google Analytics 4) — optional aggregate analytics, only if you accept analytics cookies.
• Matched Experts and Recruiters (inside the platform) — where you are matched, your profile fields are visible to matched counterparties inside their respective Zones. Recruiters are revealed to matched Clients by default as part of their subscription; they can switch this off in their settings at any time.

We do not sell personal data, do not share it with advertisers, and do not transfer it outside this processor chain except where required by law.

5. Automated processing and AI report generation

Your AxeRocket report is generated by an AI pipeline (Anthropic Claude) that receives a structured version of your questionnaire answers and persona. The report is advisory; it is not a legally binding decision about your employment, your career, or any third party. It does not produce legal or similarly significant effects on you within the meaning of Article 22 of the GDPR.

Expert and Recruiter matching uses automated scoring to surface relevant counterparties; the outcomes are suggestions, not decisions, and humans (you, and where applicable, the matched counterparty) act on them. You can ask us for human review of any matching outcome that affects you, and you can opt out of being surfaced to matched parties from your account settings.

6. International transfers

Several of our processors are based outside Singapore (principally in the United States and the European Economic Area). Where personal data is transferred outside Singapore we take reasonable steps to ensure that the recipient is bound to a standard of protection comparable to the PDPA, including by reliance on Standard Contractual Clauses or equivalent safeguards. Where the GDPR applies to your data, we rely on the appropriate Article 46 transfer mechanism for each recipient.

7. Retention

• Account and report records: retained for the life of your account. On account closure, role profile, questionnaire answers, persona, reports, target roles, inbox and matches are deleted; consent records and feedback are anonymised (the user link is removed but the audit row is kept).
• Purchase and payment records: retained for seven years to meet Singapore tax and accounting obligations. After account closure these records are no longer linked to a live user identity.
• Support correspondence: retained for two years from the last interaction, then deleted unless an active dialogue remains open.
• Server and security logs: retained on a rolling basis for operational purposes only, typically up to 90 days.
• Analytics data: retained for 14 months at the analytics provider (GA4 default), only where you have consented to analytics cookies.

8. Your rights

Subject to the PDPA and, where applicable, the GDPR, you have the right to:

• Request access to the personal data we hold about you.
• Request correction of personal data that is inaccurate.
• Withdraw any consent you have given us, which will not affect the lawfulness of processing carried out before withdrawal.
• Object to processing carried out on the basis of legitimate interests, including any use of your data for direct marketing.
• Request restriction of processing, where the GDPR applies to your data.
• Request a portable copy of the personal data you have given us — available as a one-click JSON export from your account settings.
• Request deletion of personal data we no longer need to retain — available as a self-service action from your account settings.
• Lodge a complaint with the Personal Data Protection Commission of Singapore, or with your local data protection authority if the GDPR applies to your situation.

To exercise any right that is not available as a self-service control, write to privacy@axerocket.com. We respond inside thirty days.

9. Data Protection Officer

We have not appointed a Data Protection Officer. Article 37 of the GDPR does not require us to, given the scale and nature of our processing. Data-protection enquiries should be sent to privacy@axerocket.com.

10. Security

We use commercially reasonable technical and organisational measures to protect personal data, including encryption in transit, Row-Level Security on our database, least-privilege access for our processors, and consent-record audit logging. No internet-based service is perfectly secure; if we become aware of a data breach affecting your personal data we will notify you and, where required, the relevant authority within the timeframes set by law.

11. Children

AxeRocket is intended for adult professionals (18+) and is not directed at children. We do not knowingly collect personal data from anyone under the age of eighteen. If you believe we have inadvertently done so, please contact us and we will delete the data.

12. Changes to this policy

We may update this policy from time to time. Where material changes affect how we handle your personal data, we will re-prompt for consent at next visit and, for active members, give notice by email. The current version, and its effective date, will always appear on this page.

13. How to contact us

Data-protection questions and any of the requests above should be sent to privacy@axerocket.com, or by post to the registered office set out in section 1 above.