WUKONG PRIVACY POLICY
Effective Date: March 23, 2026
DingTalk (Singapore) Private Limited and its Affiliates (collectively, “DingTalk,” “we,” “us,” or “our”) respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store, transfer, and otherwise process personal data in connection with Wukong, including its websites, applications, software, APIs, browser or device integrations, agentic and automation features, models, plugins, extensions, tools, documentation, content, and related services (collectively, the “Services”).
This Privacy Policy is intended to help you understand:
(a) what personal data we collect;
(b) how we use personal data;
(c) when and why we disclose personal data;
(d) how we protect and retain personal data;
(e) your rights and choices; and
(f) how to contact us.
Please read this Privacy Policy carefully before using the Services. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, we will obtain your consent to the collection, use, disclosure, or other processing of your personal data. If you do not agree with this Privacy Policy, you should not access or use the Services.
This Privacy Policy does not apply to third-party products or services that are not controlled by DingTalk, even if they are accessible through or integrated with the Services. Such third-party products or services are governed by their own privacy policies and terms.
1.Scope and Application
1.1 This Privacy Policy applies to personal data processed by DingTalk in connection with your access to and use of the Services, whether you are an individual user, organisation user, administrator, developer, customer, prospect, website visitor, or support contact.
1.2 This Privacy Policy also applies to personal data we process when you communicate with us, request information, participate in promotions, surveys, beta testing, events, or research, or otherwise interact with us in connection with the Services.
1.3 If a specific feature, service, integration, promotion, or jurisdiction is subject to a separate privacy notice, supplementary notice, or specific consent flow, that specific notice or supplementary notice will apply to the extent of any inconsistency.
2.Who We Are
2.1 The Services are provided by DingTalk (Singapore) Private Limited and its Affiliates.
2.2 For the purposes of applicable data protection laws, DingTalk (Singapore) Private Limited and/or the relevant Affiliate providing the applicable Service will generally act as the controller, business, or organisation responsible for deciding how your personal data is processed, unless otherwise stated.
3. Key Definitions
For purposes of this Privacy Policy:
“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with DingTalk.
“Controller” includes equivalent concepts under applicable law.
“Personal data” means information relating to an identified or identifiable natural person, and includes equivalent concepts such as “personal information” where used under applicable law.
“Sensitive personal data” means personal data that is subject to additional protection under applicable law, such as certain financial information, precise geolocation, government identifiers, health information, biometric data, children’s data, or other specially protected categories of personal data.
“User Content” means content submitted to, generated by, or processed through the Services, including prompts, instructions, files, text, images, audio, video, code, workflow data, and outputs.
4.The Personal Data We Collect
We may collect personal data from you directly, automatically from your use of the Services, from your organisation, from third-party services you choose to connect, and from other lawful sources.
4.1 Personal Data You Provide to Us
We may collect the following categories of personal data that you provide directly to us:
(a) Account and profile information, such as your name, display name, username, email address, profile photo, login credentials, and account preferences.
(b) Authentication and identity information, such as single sign-on identifiers, enterprise identity information, verification information .
(c) Communications information, such as the support tickets, survey responses, feedback, ratings, and any communications you send to us.
(d) Payment and transaction information, such as billing name, billing address, invoice details, tax information, subscription details, payment status, transaction history, refund records, and limited payment-related information received from payment processors. We generally do not receive your full card number or financial authentication credentials.
(e) User Content, including prompts, questions, instructions, files, images, audio, video, code, configurations, credentials, context, links, browser input, website or app interaction data, task requests, uploaded materials, and any personal data included in such content.
(f) Information provided in connection with promotions, events, research, or marketing activities.
4.2 Personal Data We Collect Automatically
When you access or use the Services, we may automatically collect certain information, including:
(a) Device and technical information, such as device type, device model, device identifiers, operating system, browser type, language settings, time zone, application version, crash data, memory and storage information, system configuration, and network type.
(b) Log and usage information, such as IP address, approximate location inferred from IP, access dates and times, pages viewed, clicks, session identifiers, referring URLs, search activity, feature usage, interactions with the Services, workflow and task execution logs, diagnostic logs, error logs, performance logs, and security event logs.
(c) Security and risk information, such as suspicious login attempts, device risk signals, anomalous behavior patterns, abuse indicators, fraud signals, and authentication logs.
(d) Cookies and similar technologies data, as further described in Section 13 below.
4.3 Personal Data We Receive from Third Parties
We may receive personal data from third parties, including:
(a) Third-party login or identity providers, such as when you choose to sign in through an external account or enterprise identity service.
(b) Your organisation, where your employer, administrator, or organisation provisions your account or authorises you to use the Services.
(c) Payment processors and transaction partners, which may provide payment confirmations, subscription status, transaction reference numbers, and related billing information.
(d) Third-party services and integrations that you choose to connect to the Services, including plugins, APIs, models, storage providers, browsers, productivity tools, websites, and enterprise applications.
4.4 Sensitive Personal Data
The Services may allow you to submit or process content that contains sensitive personal data. Because Wukong is an AI assistant and automation service, User Content you submit may include personal data about you or others, including sensitive personal data. You should carefully consider whether it is necessary and lawful to provide such information.
Unless expressly stated otherwise, please do not provide sensitive personal data unless you have determined that you are legally permitted to do so and that appropriate safeguards are in place.
4.5 Personal Data of Others
If you provide personal data relating to another person, you are responsible for ensuring that you have all necessary rights, notices, consents, and other legal bases to provide that information to us and to permit us to process it in accordance with this Privacy Policy.
5.How We Use Personal Data
We may collect, use, disclose, and otherwise process personal data for the following purposes, as permitted by applicable law:
Purpose / Activity | Categories of Personal Data | Retention Period |
To create, verify, manage, and administer your account | ● Account and profile information; ● authentication and identity information; ● communications information; ● device and technical information; ● log and usage information | For as long as you maintain an account with us. |
To provide, operate, and maintain the Services and their core functionality, including AI interactions, output generation, file analysis, workflow execution, browser interaction, automation, plugins, tools, and integrations | ● Account and profile information; ● authentication and identity information; ● User Content; ● device and technical information; ● log and usage information; cookies and similar technologies data; ● information received from third-party services you connect | For as long as necessary to provide the Services |
To process payments, subscriptions, invoices, refunds, and related financial administration | ● Account and profile information; ● payment and transaction information; ● communications information; ● device and technical information; ● information from payment processors and transaction partners | For as long as necessary to complete the transaction and maintain required financial and tax records under applicable law |
To provide customer support, investigate complaints, resolve disputes, and respond to your requests | ● Account and profile information; ● communications information; ● User Content relevant to the request; ● payment and transaction information where relevant; ● device and technical information; ● log and usage information | For as long as necessary to resolve the relevant matter and thereafter as needed for legal, audit, and recordkeeping purposes |
To secure the Services, authenticate users, detect and prevent fraud, abuse, misuse, harmful activity, unauthorised access, and security incidents | ● Account and profile information; ● authentication and identity information; ● device and technical information; ● log and usage information; security and risk information; payment and transaction information where relevant | For as long as reasonably necessary for security, fraud prevention, and legal compliance purposes |
To troubleshoot, debug, monitor performance, repair errors, and maintain service quality | ● Device and technical information; ● log and usage information; security and risk information; ● account and profile information; ● relevant User Content where necessary | For as long as reasonably necessary for diagnostics, security, and service improvement purposes |
To conduct analytics, research, testing, quality assurance, and product development | ● Device and technical information; ● log and usage information; communications information; ● User Content, typically in de-identified, aggregated, or otherwise minimised form where appropriate and permitted by law | For as long as reasonably necessary for the relevant research, development, and improvement purpose, subject to applicable law |
Subject to your settings, and applicable law, to improve our products, services | ● User Content; ● log and usage information; ● device and technical information; ● feedback; communications information | For as long as reasonably necessary for service improvement and related lawful business purposes, subject to applicable law |
To comply with applicable laws, regulations, legal process, governmental requests, industry standards, and compliance obligations | ● Any categories of personal data relevant to the applicable legal or compliance requirement | For as long as required by applicable law, regulation, legal process, or compliance needs |
To enforce our agreements and policies and to establish, exercise, or defend legal claims | ● Any categories of personal data reasonably necessary for the relevant matter, including account data, communications, payment information, User Content, log data, and security records | For as long as necessary for the relevant dispute, claim, investigation, or limitation period |
For other purposes disclosed to you at the time of collection, with your consent where required, or as otherwise permitted by law | ● Any categories of personal data relevant to the disclosed purpose | As disclosed at the time of collection or as otherwise permitted |
6.Legal Bases for Processing
Where required by applicable law, we rely on one or more of the following legal bases to process personal data:
(a) Performance of a contract: where processing is necessary to provide the Services to you, to perform our contract with you, or to take steps at your request before entering into a contract.
(b) Legitimate interests: where processing is necessary for our legitimate interests or those of a third party, and those interests are not overridden by your rights and interests. These may include interests in operating and improving the Services, securing our systems, preventing abuse, managing our business, supporting customers, conducting analytics, and protecting legal rights.
(c) Consent: where you have given consent to the processing for one or more specific purposes.
(d) Legal obligation: where processing is necessary for compliance with applicable law, regulation, court order, or lawful request.
7.How We Disclose Personal Data
We may disclose personal data to the following categories of recipients, for the purposes described in this Privacy Policy:
7.1 Affiliates
We may disclose personal data to our Affiliates for internal administration, customer support, product operations, engineering, analytics, security, compliance, payment operations, and other purposes consistent with this Privacy Policy.
7.2 Service Providers and Processors
We may disclose personal data to vendors, service providers, contractors, subprocessors, and professional advisers who perform services on our behalf, such as:
(a) hosting and cloud infrastructure providers;
(b) model and AI service providers;
(c) payment processors and billing providers;
(f) security, fraud detection, and identity verification providers.
These recipients are authorised to process personal data only as necessary to provide services to us or as otherwise permitted by law.
7.3 Third-Party Services You Choose to Use
If you enable, connect, or use third-party services, plugins, models, APIs, websites, applications, payment services, or other integrations, we may disclose relevant personal data and User Content to those third parties as necessary to provide the requested functionality.
For example, if you configure a third-party model, plugin, or “bring your own key” integration, relevant data may be transmitted to the third-party service provider under your direction. Such processing may be governed by that third party’s own privacy policy and terms.
7.4 Business Transfers and Corporate Transactions
We may disclose personal data in connection with an actual or proposed merger, acquisition, financing, asset sale, restructuring, reorganisation, change of control, dissolution, bankruptcy, or similar corporate transaction, subject to applicable confidentiality and legal requirements.
7.5 Legal and Compliance Disclosures
We may disclose personal data to courts, regulators, law enforcement, government authorities, tax authorities, auditors, or other third parties where we believe in good faith that disclosure is necessary to:
(a) comply with applicable law, regulation, legal process, or lawful request;
(b) enforce our agreements, terms, or policies;
(c) detect, prevent, or investigate fraud, abuse, security issues, or unlawful activity;
(d) protect the rights, safety, property, or security of DingTalk, our users, or others; or
(e) establish, exercise, or defend legal claims.
7.7 With Your Consent or at Your Direction
We may disclose personal data for other purposes with your consent or at your direction.
8.AI-Specific Processing and User Content
8.1 Because Wukong is an AI assistant and automation product, the Services may process User Content that includes personal data. User Content may be used to:
(a) generate responses and outputs;
(b) execute or facilitate workflows, automations, and tool actions;
(c) enable file understanding, browser interaction, third-party integrations, and task orchestration;
(d) detect safety, security, abuse, or quality issues; and
(e) improve the Services and related technologies, subject to your settings, our contractual commitments, and applicable law.
8.2 If you use a third-party model, third-party plugin, custom model, or other external integration, your User Content may be sent to and processed by the relevant third-party provider. In such case, that third party may act as an independent controller or processor under its own terms and privacy practices.
8.3 If you use browser automation, local file processing, system interaction, webpage access, form filling, or other agentic features, the Services may process information visible or available in the relevant environment, including personal data, to perform the task you request or authorise.
8.4 You are responsible for ensuring that your use of the Services, including your submission of User Content and use of automation or integrations, complies with applicable privacy and data protection laws.
9.Data Retention
9.1 We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud and abuse, and protect our rights.
9.2 Retention periods vary depending on the type of personal data, the context in which it was collected, the nature of the Services, and applicable legal, regulatory, accounting, audit, and security requirements.
9.3 In determining how long to retain personal data, we consider factors such as:
(a) the duration of our relationship with you;
(b) whether your account remains active;
(c) the need to provide the Services and support your use;
(d) legal and regulatory retention obligations;
(e) limitation periods for legal claims;
(f) security, fraud prevention, and abuse detection needs; and
(g) technical and operational constraints, including backup cycles.
9.4 When personal data is no longer needed, we will delete, anonymise, or de-identify it, unless continued retention is required or permitted by law.
10.International Data Transfers
10.1 We process and store personal data we collect in secure servers located in Singapore. We may also, and to the extent permitted by applicable laws, transfer your personal data internationally for one or more of the purposes described in this Privacy Policy
10.2 If you access or use the Services from outside Singapore, your personal data may be transferred to and processed in countries other than your own, which may have data protection laws that differ from those in your jurisdiction.
10.3 We will take appropriate steps to ensure that cross-border transfers are subject to adequate safeguards, such as contractual protections, transfer impact assessments, recognised transfer mechanisms, or other lawful measures.
11.Data Security
11.1 We use reasonable and appropriate technical, administrative, and organisational safeguards designed to protect personal data against unauthorised access, disclosure, alteration, loss, misuse, and destruction.
11.2 Such safeguards may include access controls, encryption in transit and at rest where appropriate, identity and authentication controls, network security measures, logging and monitoring, vulnerability management, secure development practices, incident response procedures, and employee confidentiality and training obligations.
11.3 However, no system, service, or transmission of data over the internet can be guaranteed to be completely secure. You are responsible for maintaining the security of your account credentials and for using the Services in a secure manner.
11.4 If we become aware of a personal data breach, we will take steps in accordance with applicable law, including notifying affected individuals or regulators where required.
12.Your Rights and Choices
Depending on your jurisdiction and subject to applicable law, you may have certain rights regarding your personal data, including the right to:
(a) request access to personal data we hold about you;
(b) request correction of inaccurate or incomplete personal data;
(c) request deletion of personal data;
(d) request restriction of processing;
(e) object to certain processing;
(f) withdraw consent where processing is based on consent;
(g) request portability of certain personal data;
(h) request information about our processing practices; and
(i) lodge a complaint with a data protection authority or other regulator.
12.2 You may also have choices regarding:
(a) whether to provide certain personal data;
(b) use of cookies and similar technologies;
(c) marketing communications preferences; and
(d) product settings that control certain uses of User Content.
12.3 We may need to verify your identity before responding to a request. We may also decline or limit a request where permitted by law, including where we cannot verify identity, where the request would adversely affect the rights of others, where the request is manifestly unfounded or excessive, or where retention is required by law.
12.4 To exercise your rights, please contact us at: dt_privacy@service.dingtalk.com.
13.Cookies and Similar Technologies
13.1 Cookies We Use
We may use Cookies and similar technologies to collect information generated from your access to and use of the Services. The Cookies currently used are as follows:
(a) Strictly Necessary Cookies
These Cookies are essential for the operation, login, and security of the Services, and cannot be disabled through the Services.
Cookie Name | Purpose | Category |
ds_ssi | Maintains user login status | Strictly necessary (functionality) |
mdsdvid | Helps recognise your device for login security | Strictly necessary (security) |
mdsdvidt | Supports device recognition for login security | Strictly necessary (security) |
(b) Preference Cookies
These Cookies are used to remember your settings and improve your experience. You can manage them through your browser settings.
Cookie Name | Purpose | Category |
mds_lang_tag | Remembers language preference | Non-essential (preference) |
(c) Analytics Cookies
These Cookies are used to understand website traffic and usage patterns so that we can improve the Services. You can manage them through your browser settings.
Cookie Name | Purpose | Category |
ds_bti | Measures website visits and user navigation paths | Non-essential (analytics) |
13.2 How to Manage Cookies
You can manage or disable Cookies through your browser settings. Please note that if you block or disable certain Cookies, some functions of the Services may not work properly. In particular, disabling strictly necessary Cookies may affect login status, account security, or core service functionality.
13.3 Updates to Cookies
We may update the Cookies we use from time to time based on changes to the Services, legal requirements, or security needs.
14.Children and Minors
14.1 The Services are not directed to children and are not intended for users under the age of 18.
14.2 If you are under 18, you should not use the Services unless permitted by applicable law and with the involvement and consent of your parent or legal guardian.
14.3 We do not knowingly collect personal data directly from children in violation of applicable law. If you believe that a child has provided personal data to us in violation of applicable law, please contact us at dt_privacy@service.dingtalk.com, and we will take appropriate steps.
15.Third-Party Services
15.1 The Services may contain links to, integrate with, or support third-party services, websites, plugins, APIs, payment services, login services, analytics tools, models, and cloud products.
15.2 We are not responsible for the privacy, security, or data handling practices of third parties. Your use of third-party services is governed by their own terms and privacy policies.
15.3 You should review the privacy policies of any third-party services you choose to use in connection with Wukong.
16.Changes to This Privacy Policy
16.1 We may update this Privacy Policy from time to time to reflect changes in law, regulation, technology, our processing practices, or the Services.
16.2 If we make material changes, we will provide notice by appropriate means, such as through the Services, on our website, or by email, where required by applicable law.
16.3 The “Effective Date” at the top of this Privacy Policy indicates when the current version takes effect.
17.Contact Us
If you have any questions, comments, complaints, or requests about this Privacy Policy or our processing of personal data, please contact us at: