Terms and Policies

Operator: IMPACTLAKE Pte. Ltd. (“Operator”, “we”, “us”, “our”)

Contact: steward@platform.impactlake.com

Governing Language: English. If a translation is provided, the English version prevails.

Effective Date: 1st Jan, 2026

A. TERMS OF SERVICE

1. Definitions

1.1 “Service” means the impactlake online platform, applications, APIs, datasets, indices, visualizations, documentation and related services provided by the Operator.

1.2 “User” or “you” means any person or entity that accesses or uses the Service.

1.3 “Your Content” means any data, text, metrics, models, documents, images, visualizations or other materials you upload, submit, post, input or otherwise make available to or via the Service.

1.4 “Public Corporate Information” means information made publicly available by corporations or public bodies (e.g., integrated reports, statutory filings, press releases, official websites).

1.5 “Personal Data” means information relating to an identified or identifiable natural person; “Anonymised Data” means data that cannot reasonably identify a person, whether by itself or in combination with information reasonably likely to be available; “Pseudonymised Data” means data that remains reasonably re-identifiable (e.g., via keys/quasi-identifiers).

1.6 “Enterprise Agreement” means any written agreement between you and the Operator expressly superseding or supplementing these Terms.

1.7 “Mandatory Local Law” means non-derogable consumer or data-protection rights applicable to the User by virtue of imperative local statutes.

2. Scope and Acceptance

2.1 These Terms govern your access to and use of the Service. By accessing or using the Service, you agree to be bound by these Terms and the incorporated policies and annexes.

2.2 If you use the Service on behalf of an organisation, you represent that you are authorised to bind that organisation and “you” includes that organisation.

3. Account, Eligibility and Access

3.1 You must be legally capable of forming a binding contract and, where required by law, of the minimum age.

3.2 You are responsible for safeguarding your credentials, enabling multi-factor authentication (MFA) where offered, and for all activities under your account.

3.3 We may suspend or terminate access for breach, risk, security concerns or legal reasons, with or without notice, subject to applicable law.

4. Ownership of Your Content; CC BY–Style Licence

4.1 Ownership. You retain all right, title and interest, including copyright, in Your Content.

4.2 Licence for Public, Non-Personal Content. By publicly posting Your Content that does not contain Personal Data, you license Your Content to the Operator and to all Users on Creative Commons Attribution 4.0 International (CC BY 4.0)–equivalent terms, namely: worldwide, royalty-free, perpetual and (to the extent permitted by law) irrevocable, with attribution required, indication of changes, no endorsement implied, and no additional legal/technical restrictions (including no DRM or terms that would curtail the licence).

4.3 Exclusions. Logos, trademarks, third-party materials, portraits and other elements you do not own are excluded from the licence unless you hold the requisite rights and explicitly include them.

4.4 Removal. Removing Your Content does not affect prior lawful uses under the licence or stored caches generated during the licence term.

5. Operator-Collected Public Corporate Information

5.1 The Operator may, using reasonable automated means, collect, normalise and provide facts, metrics and indices derived from Public Corporate Information, employing the Service’s capabilities to the extent technically and legally permissible.

5.2 We focus on facts and other non-copyrightable elements, and on content under open licences. We do not republish original full text or original graphics unless permitted by rights holders or by law.

5.3 If you believe that any material on the Service infringes your rights or is inaccurate, please use the Notice & Takedown procedure (Section H).

6. Personal Data: Upload Rules and Visibility

6.1 Default Prohibition. Uploading Personal Data is prohibited by default, except where the data is (i) publicly available personal information lawfully made public by the data subject or by law, or (ii) aggregated/anonymised statistics that cannot reasonably identify a person.

6.2 No Public Posting of Pseudonymised/Identifiable Records. Pseudonymised or identifiable records must never be publicly posted on the Service. Where permitted under a Data Processing Addendum (DPA) or Data Use Agreement (DUA), such records may be processed in non-public environments with appropriate controls.

6.3 Risk-Based Monitoring; Uploader Responsibility. The Operator applies reasonable, risk-based monitoring but has no general duty to monitor or pre-screen. Uploaders remain solely responsible for the legality and accuracy of their uploads. To the maximum extent permitted by law, the Operator disclaims responsibility for defects in user uploads.

6.4 No Re-Identification. You must not attempt to re-identify any anonymised or pseudonymised dataset, nor combine data to single out individuals or organisations.

6.5 Sensitive Categories. Special category data and children’s data are not permitted unless explicitly agreed in writing under a DPA and in a non-public workspace.

7. Acceptable Use

7.1 You agree not to: (a) infringe IP, privacy, publicity or other rights; (b) upload Personal Data in violation of Section 6; (c) misrepresent sources or licences; (d) remove or falsify rights notices; (e) attempt re-identification or singling-out; (f) circumvent technical or access controls; (g) scrape or harvest in breach of posted technical rules or applicable law; (h) introduce malware, spam or abusive content; (i) impersonate or imply endorsement; (j) engage in unlawful or harmful conduct.

8. Attribution Tools and Licence Display

8.1 The Service may display licence badges and auto-generate attribution strings for CC BY–style content. You remain responsible for the accuracy of source and rights statements.

8.2 Where you display CC BY–style content obtained via the Service or API, you must provide appropriate attribution with a link to the licence and indicate any changes.

9. API Terms (Summary; see Annex F)

9.1 API access is licensed on a non-exclusive, revocable basis for integrating with the Service within your authorised scope.

9.2 You must respect rate limits and must not publicly transmit Personal Data or pseudonymised data, nor resell API results as a competing dataset, nor remove attribution or licence notices from CC BY–style content.

9.3 Caching is transient unless expressly permitted.

10. Enterprise Agreements; Order of Precedence

10.1 If you and the Operator execute an Enterprise Agreement, its terms prevail over inconsistent provisions in these Terms.

10.2 The order of precedence is set out in Section H.8.

11. Warranties; Indemnity

11.1 You represent and warrant that: (a) you own or control the necessary rights in Your Content; (b) you have all required legal bases and consents; (c) Your Content complies with law and these Terms.

11.2 You agree to defend, indemnify and hold harmless the Operator, its affiliates and personnel from any claim, loss, liability, damages, costs and expenses (including reasonable legal fees) arising from Your Content, your disclosures, or your use of the Service in breach of these Terms.

12. Disclaimers

12.1 The Service is provided “as is” and “as available” without warranties of any kind, whether express, implied or statutory, including merchantability, fitness for a particular purpose, non-infringement, availability, accuracy or completeness.

12.2 Any guidance provided on the Service is informational only and not legal advice.

13. Limitation of Liability (Single Cap Model)

13.1 To the fullest extent permitted by law, the Operator shall not be liable for indirect, incidental, special, exemplary, punitive or consequential damages, or loss of profits, data, goodwill or business.

13.2 The Operator’s aggregate liability for all claims arising out of or relating to the Service shall not exceed the amounts paid by you to the Operator for the Service in the twelve (12) months preceding the event giving rise to the claim (or SGD 0 if the Service is used free of charge).

13.3 This limitation applies to all causes of action, whether in contract, tort (including negligence), strict liability or otherwise, except to the extent such limitation is not permitted by Mandatory Local Law or in cases of intentional misconduct as finally determined by a competent court.

14. Changes to the Service and Terms

14.1 We may modify or discontinue features, and we may update these Terms. Material changes will be notified by reasonable means. Continued use after the effective date constitutes acceptance.

15. Suspension and Termination

15.1 We may suspend or terminate your access for breach, legal, security or risk reasons. You may stop using the Service at any time. Certain provisions survive termination, including Sections 4.2, 5, 6, 8, 11–13, 17–19 and the annexes as applicable.

16. Notices

16.1 Legal notices and claims should be sent to steward@platform.impactlake.com. We may provide notices via the Service, email or other reasonable means.

17. Governing Law; Mandatory Local Law; Forum

17.1 These Terms are governed by the laws of Singapore. Disputes shall be submitted to the exclusive jurisdiction of the courts of Singapore.

17.2 Mandatory Local Law protections of the User’s habitual residence remain unaffected to the extent required by law.

18. Export Control and Sanctions

18.1 You must comply with applicable export control and sanctions laws and shall not use the Service in prohibited jurisdictions or for prohibited end uses.

19. Miscellaneous

19.1 Entire Agreement. These Terms, together with the documents incorporated by reference, comprise the entire agreement, subject to any Enterprise Agreement.

19.2 Severability. If any provision is unenforceable, the remainder remains in effect.

19.3 No Waiver. Failure to enforce is not a waiver.

19.4 Assignment. You may not assign without our consent; we may assign in connection with corporate transactions.

19.5 Force Majeure. We are not liable for delays or failures due to causes beyond reasonable control.

B. PRIVACY POLICY

1. Roles and Scope

1.1 For private workspaces, your organisation is Controller, and the Operator acts as Processor under the DPA (Annex G).

1.2 For account administration, logs, security and platform analytics, the Operator acts as Controller.

2. Categories of Data

2.1 Account identifiers, contact details, authentication data (including MFA metadata), device and usage information, logs, support records.

2.2 User-submitted content and metadata.

2.3 Cookies/telemetry as described in Section 7.

3. Purposes and Legal Bases

3.1 Provide, operate, secure and improve the Service; prevent abuse; provide support; generate non-identifiable aggregate statistics and benchmarks; comply with legal obligations.

3.2 Legal bases include contract necessity, legitimate interests, consent (where required), and compliance with law.

4. Personal Data Upload Rules

4.1 As per Terms §6: Personal Data not allowed except for publicly available personal information or anonymised/aggregated data; no public posting of pseudonymised/identifiable records.

4.2 We implement risk-based monitoring and safeguards but have no general duty to pre-screen. Uploaders bear ultimate responsibility.

5. Disclosures and International Transfers

5.1 We may share data with service providers (sub-processors), affiliates, professional advisors, and as required by law.

5.2 International transfers are made under appropriate safeguards where required (e.g., SCCs/contractual measures).

6. Security and Retention

6.1 We apply encryption in transit and at rest, access controls (RBAC), MFA, audit logs, vulnerability management and least-privilege practices.

6.2 We retain data no longer than necessary, and delete or anonymise data upon request or termination, subject to legal holds and backups.

7. Cookies and Tracking

7.1 We use essential cookies for login, session management and security.

7.2 Analytics cookies may be used with consent where required by law.

8. Your Rights

8.1 Subject to law, you may request access, rectification, deletion, restriction, objection, and portability.

8.2 You may lodge a complaint with a competent supervisory authority.

9. Changes

9.1 We may update this Policy and will notify you of material changes.

10. Contact

10.1 steward@platform.impactlake.com

C. ACCEPTABLE USE POLICY (AUP)

1. Prohibited Conduct

You must not: (a) infringe IP or privacy rights; (b) upload Personal Data in breach of Terms §6; (c) attempt re-identification or singling-out; (d) misrepresent sources/licences or remove rights notices; (e) scrape or harvest in violation of posted technical rules or law; (f) introduce malware or spam; (g) circumvent rate limits or access controls; (h) use the Service to compete by reselling CC BY–style content without required attribution/licence notices.

2. Enforcement

The Operator may monitor for abuse, investigate, restrict access, remove content, suspend accounts, and preserve logs, consistent with law.

D. NOTICE & TAKEDOWN POLICY

1. How to Report

Send notices of alleged infringement, privacy violations, licence errors, or re-identification risks to steward@platform.impactlake.com with: (a) your contact details; (b) description and URL; (c) basis of claim; (d) requested action; (e) good-faith statement.

2. Process and Timelines

We target acknowledgement within 24 hours and initial action within 72 hours. Actions may include restriction, unpublishing, removal, account measures and notifications. We may request additional information.

E. BENCHMARK / RESEARCH CONTRIBUTION ADDENDUM (Purpose-Limited Licence)

1. Purpose-Limited Licence

Contributor grants the Operator and its authorised researchers a non-exclusive, worldwide, royalty-free licence to use, process and create derivative works from contributed datasets solely for industry research, benchmarking and learning (the “Purpose”).

2. Confidentiality and Access

Source data (raw identifiable or pseudonymised records) is Non-Public Confidential Information. Access is limited to named authorised researchers under MFA-protected environments with audit logs. No onward disclosure except to such personnel.

3. Anonymisation and No Re-Identification

The Operator applies risk-based anonymisation. Re-identification and combination to single out individuals or organisations are prohibited for both Operator and recipients.

4. Public Outputs

Public dissemination is limited to non-identifiable aggregates (e.g., counts, means, correlations) with narrative commentary. No raw or re-identifiable data will be published.

5. Participants and Attribution

Listing of a participant’s name is opt-in and will not link data to any specific participant. Generic attributions may be included.

6. Security, Retention and Deletion

Appropriate safeguards apply. Retention is no longer than necessary for the Purpose. Data is deleted or returned upon request or termination, subject to backups/legal holds.

7. Indemnity and Limits

Contributors remain responsible for the legality of their disclosures and shall indemnify the Operator against third-party claims. The Operator’s liability remains subject to the single cap in the Terms.

F. API TERMS

1. Licence and Scope

API access is provided on a non-exclusive, revocable, non-transferable basis solely to integrate your applications with the Service within your account scope.

2. Restrictions

You shall not: (a) publicly transmit Personal Data or pseudonymised data; (b) attempt re-identification; (c) exceed rate limits; (d) remove attribution/licence notices; (e) resell API outputs as a competing dataset; (f) cache beyond transient periods unless expressly allowed.

3. Monitoring and Termination

We may monitor API use for abuse and may throttle, suspend or terminate keys for breach or risk.

4. Attribution

Where CC BY–style content is displayed, you must show attribution, licence link and indication of changes.

G. DATA PROCESSING ADDENDUM (Controller ↔ Processor)

1. Parties and Scope

This DPA forms part of the Terms between Customer (Controller) and IMPACTLAKE Pte. Ltd. (Processor) where the Processor processes Personal Data on behalf of the Controller.

2. Instructions

Processor shall process Personal Data only on documented instructions from Controller and solely to provide the Service.

3. Security

Processor implements encryption in transit and at rest, RBAC, MFA, logging, vulnerability management, least-privilege access and confidentiality obligations for personnel.

4. Sub-Processors

Processor may engage sub-processors subject to written contracts imposing equivalent obligations. A list is available on request. Controller may object on reasonable grounds.

5. International Transfers

Where required, transfers are subject to appropriate safeguards (e.g., standard contractual clauses, contractual measures).

6. Assistance

Processor assists Controller in responding to data subject requests, conducting DPIAs and meeting other compliance obligations, taking into account the nature of processing.

7. Breach Notification

Processor will notify Controller without undue delay after becoming aware of a Personal Data Breach and provide relevant information and mitigation steps.

8. Deletion or Return

Upon termination or at Controller’s request, Processor will delete or return Personal Data, subject to legal holds and backups.

9. Audit

Subject to confidentiality and reasonable limits, Processor will make available information and allow reasonable audits or assessments.

10. Liability and Order of Precedence

This DPA is governed by and subject to the Terms. In case of conflict, an executed Enterprise Agreement prevails. Processor’s liability is subject to the single cap to the extent permitted by law.

H. ORDER OF DOCUMENTS; MISCELLANEOUS

1. Documents Incorporated

These Terms incorporate: Privacy Policy (B), AUP (C), Notice & Takedown (D), Research Addendum (E), API Terms (F), DPA (G).

2. Order of Precedence

Enterprise Agreement (if any) → DPA (as to processing) → Terms of Service → Privacy Policy → AUP → API Terms → Notice & Takedown → Research Addendum.

3. Contact

All queries and notices: steward@platform.impactlake.com