Privacy Policy

Last updated: February 2026

1. Who We Are

Chain of Thought is operated by COT Research Pte Ltd ("we", "us", "our"), a company incorporated in Singapore. We are the data controller for personal data collected through the Service. This Policy describes how we collect, use, disclose, and protect your personal data in accordance with Singapore's Personal Data Protection Act 2012 ("PDPA").

2. Data We Collect

We collect the following personal data:

• Account data: your email address, used to create and authenticate your account.
• Session data: a session token stored in a cookie to keep you logged in.
• Usage data: pages visited, features accessed, and alert preferences, collected to operate and improve the Service.
• Billing data: payment information is collected and stored by Stripe. We receive a tokenised customer reference and subscription status only; we never store raw card details.

3. Purpose and Legal Basis

We use your personal data to:

• Create and manage your account;
• Authenticate your identity on each visit;
• Process subscription payments and manage billing;
• Send transactional emails (account confirmation, password reset, invoices);
• Send optional digest notifications (you may unsubscribe at any time from your account settings);
• Operate, maintain, and improve the Service.

Under the PDPA, we rely on your consent (given at account creation) and the performance of our contract with you as the legal bases for processing.

4. Cookies and Sessions

We use a single, strictly necessary session cookie to keep you authenticated. This cookie does not track you across third-party websites and is deleted when your session expires or you log out. We do not use advertising or analytics cookies.

5. Third-Party Processors

We share personal data with the following sub-processors solely to operate the Service:

• Stripe, Inc. — payment processing. Your payment details are governed by Stripe's Privacy Policy.
• Resend, Inc. — transactional email delivery. Email content is governed by Resend's Privacy Policy.

We do not sell your personal data to any third party.

6. Data Storage and Transfers

Your data is stored in a PostgreSQL database hosted by Neon, Inc. and served via infrastructure provided by Vercel, Inc. Both providers operate data centres outside Singapore. By using the Service, you consent to your personal data being transferred to and processed in these jurisdictions. We have ensured that each provider maintains appropriate technical and organisational security measures.

7. Data Retention

We retain your personal data for as long as your account is active. If you request deletion of your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law or legitimate business necessity (for example, billing records required for tax purposes).

8. Your Rights under the PDPA

Under the PDPA, you have the right to:

• Access the personal data we hold about you;
• Correct inaccurate or incomplete personal data;
• Withdraw consent to the processing of your personal data (noting that this may affect your ability to use the Service);
• Request deletion of your account and personal data.

To exercise any of these rights, contact us at hello@tessara.chainofthought.xyz. We will respond within 30 days.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, or destruction. Passwords are hashed and never stored in plaintext. All data is transmitted over TLS.

10. Contact and Complaints

For privacy questions or to exercise your rights, contact COT Research Pte Ltd at hello@tessara.chainofthought.xyz. If you believe we have not handled your personal data in accordance with the PDPA, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.