Privacy Policy
Last updated: May 2026
This Privacy Policy explains how WeRedd Pte. Ltd., trading as Kernia (“Kernia”, “we”, “us”, or “our”), handles personal data when you visit kernia.ai (the “Website”), interact with our marketing communications, or enquire about our products and services — including Aion, our Organizational Intelligence platform.
We are a Singapore company registered under UEN 202535734G, with our registered address at 37 Sultan Gate, Singapore 198485. For the purposes of the EU General Data Protection Regulation 2016/679 (“GDPR”) and Singapore’s Personal Data Protection Act 2012 (“PDPA”), we are the controller of the personal data described in this policy.
This policy applies to personal data we process as a controller in the context of our website, marketing, sales, recruitment, and general business operations. It does not apply to personal data that our customers submit to the Aion platform, where we act as a processor on the customer’s behalf — that processing is governed by the Data Processing Agreement executed with each customer.
1. Information we collect
1.1 Information you provide directly
We collect personal data you submit through forms, downloads, enquiries, or direct correspondence. This includes:
- Demo and contact enquiries — name, work email, company, role, headcount band, country, and the content of your message.
- ROI calculator — if you choose to receive a personalised report by email, we collect your work email and, optionally, your first name and company, together with the input values you entered into the calculator.
- Gated content downloads — name, work email, company, and role in exchange for access to whitepapers, guides, and reports.
- Partner enquiries — name, company, role, country, and message.
- Newsletter and marketing subscriptions — email address and, where applicable, marketing preferences.
- Careers applications — name, contact details, CV, work history, and any additional information you submit in support of an application.
- Client login — existing customers authenticate through a dedicated login page. Authentication is governed by the Services Agreement executed between Kernia and the customer organisation; this policy covers only the collection of login identifiers and access logs described below.
- Direct correspondence — any other information you choose to share with us by email, LinkedIn, telephone, or at events.
1.2 Information we collect automatically
When you use the Website, we and our service providers automatically collect:
- Device and connection data — IP address, browser type and version, operating system, device identifiers, and referring URL.
- Usage data — pages viewed, time spent, clicks, scroll depth, form interactions, and other behavioural signals captured through analytics and product-experience tools.
- Cookies and similar technologies — as described in our Cookie Policy.
1.3 Information from third parties
We may receive personal data about you from:
- Business contact databases and enrichment providers — for example, to supplement information you have provided or to identify relevant contacts at prospective customer organisations.
- Professional networks — such as public LinkedIn profile information when you connect with us or respond to outreach.
- Referrals and partners — where a partner, reseller, or existing client introduces you.
- Service providers — including our CRM, analytics, and event platforms.
2. How we use personal data
The table below sets out what we use your data for and the legal basis for each purpose:
| Purpose | Lawful basis (GDPR) |
|---|---|
| Responding to enquiries, demo requests, and contact forms | Steps taken at your request prior to entering a contract; our legitimate interest in operating our business |
| Delivering requested materials (e.g., ROI report, gated guides, partner deck) | Performance of a contract or steps taken at your request |
| Sending marketing communications about our products, insights, and events | Consent (where required) or our legitimate interest in marketing to business contacts, subject to your right to object |
| Personalising and improving the Website, including through analytics and heatmaps | Consent for non-essential cookies; our legitimate interest in operating and improving the Website |
| Managing customer relationships, including contracting, billing, and support | Performance of a contract; our legitimate interest in administering customer accounts |
| Evaluating partnership, reseller, and commercial opportunities | Our legitimate interest in developing our business |
| Recruitment and evaluation of job applicants | Steps taken at your request; consent; our legitimate interest in building our team |
| Securing the Website and our systems, and preventing fraud and misuse | Our legitimate interest in security and integrity; legal obligations |
| Complying with legal, regulatory, accounting, and tax obligations | Legal obligation |
| Establishing, exercising, or defending legal claims | Our legitimate interest in protecting our rights |
Under the PDPA, we rely on your consent or on deemed consent, legitimate interests, business improvement, and other applicable grounds as set out in the PDPA.
We do not sell personal data, and we do not use personal data submitted through the Website to train general-purpose AI models.
3. Cookies and similar technologies
The Website uses cookies and similar technologies for strictly necessary operation, analytics, performance measurement, and marketing. Non-essential cookies are set only where you have given consent through our cookie banner. You can review and change your preferences at any time through the cookie settings link in the Website footer.
A full description of the cookies we use, their purposes, and their retention periods is available in our Cookie Policy.
4. How we share personal data
We share personal data only where necessary and under appropriate safeguards, with the following categories of recipients:
- Service providers and sub-processors — we rely on trusted vendors to host our Website, operate our CRM and marketing automation, manage meeting bookings, deliver emails, run analytics and session-replay tools, support customer communications, and process payments. Each provider is contractually required to use personal data only on our instructions and to protect it with appropriate technical and organisational measures.
- Professional advisors — lawyers, auditors, accountants, and insurers, where necessary for the operation of our business.
- Affiliates — companies within our corporate group, where applicable, for the purposes described in this policy.
- Business partners and resellers — where you have engaged us through, or requested to be introduced to, a partner.
- Authorities and regulators — where we are required to disclose personal data by law, court order, or valid legal process, or where disclosure is necessary to protect our rights, property, or the safety of others.
- Successors in a business transaction — in connection with a merger, acquisition, reorganisation, financing, or sale of assets, subject to continued protection consistent with this policy.
A current list of material sub-processors involved in the delivery of the Aion platform is maintained and provided to customers under the Data Processing Agreement. This policy addresses the sub-processors that support the Website and our marketing, sales, and business operations; the categories are available on request.
5. International transfers
Kernia operates from Singapore and works with customers, partners, and service providers in the European Economic Area, the United Kingdom, Singapore, the United States, and other jurisdictions. When we transfer personal data outside the jurisdiction in which it was collected, we do so under appropriate safeguards:
- For transfers from the EEA or the UK to countries not deemed to provide an adequate level of protection, we rely on the Standard Contractual Clauses adopted by the European Commission and, where applicable, the UK International Data Transfer Addendum, together with any supplementary measures required.
- For transfers from Singapore, we ensure that the recipient is bound to provide a standard of protection comparable to that required under the PDPA.
You may request a copy of the transfer safeguards we rely on by contacting us at the address below.
6. Retention
We retain personal data only for as long as necessary for the purposes set out in this policy, and in accordance with legal, accounting, or reporting requirements. Indicative retention periods are:
- Enquiry and lead data — up to 24 months from your last interaction with us, unless you become a customer or ask us to delete it earlier.
- Marketing subscribers — until you unsubscribe or object, and for a short period thereafter to honour your preferences.
- Customer records — for the duration of the contractual relationship and for up to 7 years after termination, in line with Singapore tax and accounting requirements.
- Recruitment data — up to 12 months after the conclusion of the relevant recruitment process, unless you consent to a longer period.
- Website logs and analytics — typically 14 months, or a shorter period where technically feasible.
When data is no longer needed, we delete or anonymise it.
7. Security
We maintain technical and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration, and destruction. These include access controls, encryption in transit, pseudonymisation where appropriate, network and application security monitoring, staff confidentiality obligations, and regular review of our security posture.
No system is completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at the address below.
8. Your rights
Under applicable law, you have the following rights over your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification / correction — ask us to correct data that is inaccurate or incomplete.
- Erasure — ask us to delete personal data where there is no overriding reason for us to retain it.
- Restriction — ask us to limit how we process your personal data in certain circumstances.
- Portability — receive the personal data you have provided to us in a structured, commonly used, machine-readable format.
- Objection — object to processing based on our legitimate interests, including direct marketing.
- Withdraw consent — where we rely on your consent, withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
Under the PDPA, you have the right to request access to and correction of your personal data, and to withdraw consent to the collection, use, or disclosure of your personal data at any time.
You also have the right to lodge a complaint with a supervisory authority. In Singapore, this is the Personal Data Protection Commission (PDPC). In the EEA, this is your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO). Please come to us before going to a regulator; we’d rather fix it directly.
To exercise any of these rights, contact us at privacy@kernia.ai. We will respond within the timeframes required by applicable law. We may need to verify your identity before acting on your request.
9. Customer data processed through Aion
When Kernia processes personal data on behalf of a customer through the Aion platform, we act as a processor. The customer is the controller of that personal data and is responsible for providing a privacy notice to the relevant individuals, ensuring a lawful basis for the processing, and responding to requests from those individuals.
Our handling of customer data in that capacity is governed by the Data Processing Agreement executed between Kernia and the customer, not by this Privacy Policy. If you are an employee or contractor of a Kernia customer and have questions about how your data is being processed through Aion, contact your employer directly.
10. Links to third-party websites
The Website may contain links to third-party websites, tools, and services that are not operated by us. This Privacy Policy does not apply to those third parties, and we are not responsible for their practices. We encourage you to review their privacy policies before providing them with personal data.
11. Children
The Website and Aion are not directed at children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided personal data to us, please contact us and we will delete it.
12. Changes to this Privacy Policy
We update this policy when our practices change, when we add or amend services, or when law requires it. The revised date at the top of the page shows when it last changed. Where the changes are material, we will notify you through the Website or by other appropriate means before they take effect.
13. Contact us
For any questions about this Privacy Policy or how we handle personal data, or to exercise any of your rights, please contact us:
WeRedd Pte. Ltd. (trading as Kernia)
37 Sultan Gate, Singapore 198485
Email: privacy@kernia.ai
