Privacy Policy

Last Updated: December 19, 2025

Lythe Pte. Ltd. ("Lythe", "we", "us", or "our") is committed to protecting the privacy of individuals whose personal data is collected and processed when using Lythe’s services. This Privacy Policy explains how we collect, use, disclose, store, transfer, and protect personal data in connection with Lythe’s platform and our AI agent interface known as "Skye."

Lythe is a chat-first matching network that helps connect students to gigs. Users typically interact with Skye through messaging channels (including WhatsApp and Telegram) and may also interact with our website(s) and web forms (collectively, the "Services"). If you do not agree with this Privacy Policy, please do not use the Services.

If you have questions about this Privacy Policy, please contact us at: team@lythe.ai.

1. What does this Privacy Policy apply to?

This Privacy Policy applies to personal data processed by Lythe in connection with the Services, including when you:

  • message or interact with Skye through messaging channels (including WhatsApp and Telegram);
  • create or update a profile for matching;
  • post, apply for, accept, coordinate, or complete gigs;
  • visit our websites, forms, or landing pages; or
  • communicate with us for support, feedback, or operational reasons.

This Privacy Policy does not apply to third-party services that you may access through links or integrations. Those third parties are responsible for their own privacy practices. Please review their policies.

2. Important terms

To make this Privacy Policy easier to read, we use certain defined terms:

  • Personal Data: data about an individual who can be identified from that data (alone or together with other data), as defined under Singapore’s Personal Data Protection Act 2012 ("PDPA").
  • Messaging Platforms: third-party messaging services used to communicate with Skye (e.g., WhatsApp and Telegram).
  • Skye: Lythe’s AI agent interface used for onboarding, matching, and coordination.
  • Gig: a task, job, assignment, event role, project, or short-term work opportunity made available through the Services.
  • Service Providers: third parties that provide services to Lythe to operate the Services (e.g., cloud hosting, analytics, AI processing, automation, security tooling).

3. Personal data we collect

We collect personal data in the following ways:

  • Personal data you provide directly to us.
  • Personal data collected automatically when you use the Services.
  • Personal data we receive from third parties (where applicable).

The types of personal data we collect depend on how you use Lythe.

3A. Personal data you provide

When you use the Services, you may provide the following categories of personal data:

  • Contact and account identifiers: name, phone number, Telegram username/handle, email address (if provided), and messaging platform identifiers.
  • Profile and matching information: school, year of study, skills, interests, languages, experience, availability, preferred gig types, preferred locations, and other information you share to improve matching.
  • Gig information: gig postings you create, gig requirements, gig applications, messages exchanged for coordination, and any attachments you share (e.g., images, documents).
  • Support and feedback: information you provide when you contact us for support, submit feedback, or report issues.
  • Payment and payout information (if applicable): limited information needed to facilitate payments or payouts and maintain financial records, subject to minimization.

3B. Personal data collected automatically

We may collect certain information automatically, including:

  • Usage data: features used, interactions with Skye, gig flow events (e.g., viewing, applying, accepting), and timestamps.
  • Device and technical data (web): IP address, browser type, device type, operating system, and general location derived from IP (approximate).
  • Logs and diagnostics: security logs, error logs, and performance metrics used for debugging, reliability, and abuse prevention.

Messaging Platforms may also process and provide metadata under their own policies. Lythe receives only the information that is made available to us via those platforms.

3C. Personal data from third parties

In some cases, we may receive personal data from third parties, for example:

  • Gig partners or organizers who provide gig details and coordination information related to your participation.
  • Service Providers that help detect fraud or abuse or provide analytics signals.
  • Publicly available sources, only where relevant and permitted (e.g., to verify brand safety for a gig organizer).

3D. Sensitive personal data

Lythe does not require sensitive personal data (for example, NRIC, passport numbers, health or medical information) for standard matching. Please do not send sensitive personal data unless we explicitly request it, and you choose to provide it.

If you choose to provide sensitive personal data, you consent to our processing of it for the purpose you provided it.

4. How we use personal data

We use personal data for the following purposes:

  • To provide, operate, and maintain the Services, including Skye’s messaging workflows.
  • To create and maintain user profiles, and to match users to gigs based on skills, availability, and preferences.
  • To facilitate gig posting, gig discovery, introductions, and coordination between users.
  • To send service communications, including confirmations, updates, reminders, and important notices.
  • To prevent, detect, and investigate fraud, spam, abuse, or violations of our Terms.
  • To troubleshoot, debug, and monitor performance, reliability, and security.
  • To improve matching quality and product experience, including evaluating and correcting system outputs and fixing errors.
  • To comply with legal obligations, respond to lawful requests, and enforce our Terms.
  • To manage business operations (e.g., audits, reporting, risk management) in a manner consistent with this Privacy Policy.
  • To match users to gigs based on skills, availability, preferences, and your provided location (e.g., campus/area) or distance to a gig.
  • To estimate distance / recommend nearby gigs using your provided location.

We may process messages and profile inputs through AI-enabled systems and automated workflows to perform matching and coordination. We aim to minimize data use, restrict access, and apply safeguards appropriate for chat-based services.

5. Consent, notification, and legal bases (Singapore PDPA)

Lythe operates in Singapore and is committed to complying with the PDPA. In general, we collect, use, and disclose personal data with your consent and after notifying you of the purposes for which your personal data will be processed.

By using the Services, you consent to our collection, use, and disclosure of your personal data for the purposes set out in this Privacy Policy, unless and to the extent that consent is not required under an applicable PDPA exception.

Where required or appropriate, we will obtain express consent (for example, for certain marketing messages) or provide additional notices at the point of collection.

6. How we disclose and share personal data

We do not sell personal data. We disclose personal data only as reasonably necessary to operate the Services, enable matching, and comply with legal obligations.

6A. Sharing with other users

To enable matching and gig coordination, we may share limited information between users (e.g., gig posters and gig doers). This may include:

  • name or display name;
  • relevant skills and availability summary;
  • gig-specific details and logistics;
  • contact details needed for coordination (e.g., phone number or Telegram handle), where necessary;
  • approximate location (e.g., campus/area) and gig location/venue details needed for coordination (e.g., meeting point/address).

We aim to share only what’s necessary, and we do not share your precise live location unless you choose to provide it (e.g., by sending a location pin in chat).

6B. Sharing with service providers

We use Service Providers to help us operate the Services. These providers may process personal data on our behalf to deliver services such as hosting, storage, monitoring, analytics, AI processing, automation, and security. Where applicable, we treat such providers as data intermediaries and/or processors and require them to protect personal data through contractual obligations.

Examples of Service Providers we use include:

  • Meta (WhatsApp): messaging delivery and messaging account features used to communicate with Skye.
  • Supabase: database and storage used to store profiles, gig data, and service records.
  • Automation/workflow tooling (e.g., orchestration services): to route messages, run workflows, and connect system components.

6C. Legal disclosures and business transactions

We may disclose personal data:

  • to comply with law, regulation, court order, or lawful requests;
  • to protect Lythe’s rights, property, and safety and the rights, property, and safety of users;
  • in connection with corporate transactions such as mergers, acquisitions, financing, or asset sales, subject to appropriate safeguards.

7. International transfers

Some of the Service Providers listed above may process or store personal data outside Singapore. Where personal data is transferred overseas, Lythe takes steps to ensure the transferred personal data is protected to a standard comparable to the PDPA (for example, through contractual and operational safeguards).

8. Data retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by applicable laws, accounting, and regulatory obligations. When personal data is no longer needed, we will cease retention or remove the means by which the data can be associated with you (e.g., deletion or anonymization).

9. Security

We implement reasonable security arrangements to protect personal data in our possession or under our control. These may include access controls, least-privilege policies, monitoring, and encryption in transit where supported. No system is completely secure; therefore, we cannot guarantee absolute security.

10. Accuracy

We take reasonable steps to ensure that personal data collected is accurate and complete, particularly where it is likely to be used to make a decision that affects you or to be disclosed to others. You can help by keeping your profile information up to date and informing us of any changes.

11. Data breach management and notification

If we become aware of a data breach, we will take steps to assess and contain it. Where the breach is notifiable under the PDPA (e.g., it results in, or is likely to result in, significant harm to affected individuals and/or is of significant scale), we will notify the Personal Data Protection Commission (PDPC) and affected individuals as soon as practicable, in accordance with applicable requirements.

12. Your rights and choices (PDPA)

Subject to applicable law, you may have the right to:

  • Request access to your personal data in our possession or under our control and information about how your personal data has been used or disclosed in the past year.
  • Request correction of inaccuracies in your personal data.
  • Withdraw consent for our collection, use, or disclosure of your personal data (where we rely on consent).
  • Opt out of marketing communications, where applicable.

We may need to verify your identity before processing requests. We may charge a reasonable fee for access requests as permitted under the PDPA, and we will notify you of the fee before proceeding.

12A. Withdrawal of consent

You may withdraw your consent at any time by contacting us using the details in Section 16. Withdrawal of consent may affect our ability to provide the Services (for example, matching requires certain profile and contact information). We will inform you of the likely consequences of withdrawal before completing your request.

13. Do Not Call (DNC) and marketing

We may send service-related messages that are necessary to operate Lythe (e.g., match alerts, confirmations, and policy updates). If we send marketing messages to Singapore telephone numbers, we will comply with the DNC provisions and obtain consent where required. You may opt out of marketing messages at any time.

14. Cookies and tracking (website)

Our websites may use cookies and similar technologies for essential functionality, security, analytics, and performance. You can control cookies through your browser settings. Disabling cookies may affect site functionality.

15. Children

The Services are not intended for children under 13. If you are under the age required to provide valid consent in your jurisdiction, you should use the Services only with appropriate permission. If we learn that we collected personal data from a child without valid consent, we will take steps to delete it.

16. Contact us (Data Protection Officer)

Data Protection Officer (DPO)

Email: team@lythe.ai

Address: 33 Bedok Avenue, 469943 Singapore

Privacy Policy URL: https://lythe.ai/privacy-policy

17. Subprocessors and third-party providers

We use the following third-party providers to help operate the Services. This list may be updated from time to time.

  • Meta (WhatsApp) – Messaging platform used for delivery of Skye communications.
  • Telegram – Messaging platform used for delivery of Skye communications.
  • OpenAI (ChatGPT/OpenAI) – AI processing for conversational responses and matching-related automation.
  • Supabase – Database/storage infrastructure for profiles, gigs, and operational records.
  • Mapbox – Mapping/geocoding and location-based features.
  • n8n – Workflow automation/orchestration to run and connect processes across the system.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a revised "Last Updated" date. If changes are material, we will take reasonable steps to notify you through the Services.