We respect your privacy and are committed to protecting it through our compliance with this privacy policy (“Policy”). This Policy describes the types of information we may collect from you or that you may provide (“Personal Information”) through the leveler.global website (“Website”), Website Services, enquiries, emails, instant messaging, calls, meetings, proposed engagements, Advisory Services, or other business or professional communications with us, and our practices for collecting, using, maintaining, protecting, and disclosing that Personal Information. It also describes the choices available to you regarding our use of your Personal Information and how you can access and update it.

 

This Policy applies to users of the Website and Services, including individuals acting on behalf of a business or other legal entity. Where you provide personal data on behalf of another person or organisation, you confirm that you have the authority to do so or that the relevant individual has been informed of this Policy. By using the Website or Services, submitting personal data to us, or communicating with us, you acknowledge that this Policy has been made available to you. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

 

Automatic Collection of Information

 

When you open the Website, our servers automatically record information that your browser or automated feed reader sends. This data may include information such as your device’s IP address, browser type and version, operating system type and version, language preferences or the webpage you were visiting before you came to the Website and Services, pages of the Website and Services that you visit, the time spent on those pages, information you search for on the Website, access times and dates, and other statistics.

 

Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding the usage and traffic of the Website and Services. We use hCaptcha (Intuition Machines, Inc., United States) to detect and prevent automated abuse; this service may use a manual checkbox or image challenges to distinguish human users from bots. This statistical information is not otherwise aggregated in such a way that would identify any particular User of the system.

 

Collection of Personal Information

 

You can access and use the Website and Services without revealing any information by which someone could identify you as a specific individual. However, as we primarily provide Business-to-Business (B2B) services, we may ask you to provide certain Personal Information when you act as a representative of a business or legal entity (for example, your professional name, title, and business email address).

 

We receive and store any information you knowingly provide to us when you fill any forms on the Website or provide data to us via any other means. When required, this information may include:
 

• Professional Contact Information (such as business email address, work phone number, etc).

• Employment Details (such as your job title, department, and the name of the entity you represent).

• Project Materials (such as articles, feedback, or data willingly submitted on behalf of your organisation).

 

Use and Processing of Collected Information

 

Depending on the context, we may handle personal data as a data user/controller or as a processor/service provider acting on behalf of a client, prospective client, strategic partner, contractor, advisor, counterparty, or other Business Contact. For Website enquiries, business development, marketing communications, administration, and operation of our own systems, Leveler Limited normally determines the purposes and means of processing. Where a client, prospective client, strategic partner, contractor, advisor, counterparty, or other Business Contact provides project materials and instructs us to process data solely for a defined engagement or proposed engagement, our role may be closer to that of a processor or service provider, subject to the relevant engagement terms.

 

In order to make the Website and Services available to you, or to meet a legal obligation, we may need to collect and use certain Personal Information. If you do not provide the information that we request, we may not be able to provide you with the requested products or services. Any of the information we collect from you may be used for the following purposes:

 

• Send professional updates, invitations, service information, and, where permitted, marketing communications.

• Send administrative information.

• Send product and service updates.

• Respond to enquiries and offer support.

• Improve user experience.

• Enforce terms and conditions and policies.

• Protect from abuse and malicious users.

• Respond to legal requests and prevent harm.

• Run and operate the Website and Services.

 

Depending on how you interact with the Website and Services and where you are located, we may rely on one or more lawful bases or permitted grounds for processing Personal Information, including: your consent; performance of a contract or pre-contractual steps; compliance with legal obligations; protection of our legitimate business interests; protection against abuse, fraud, or security threats; and responding to lawful requests.

 

Where laws such as the EU GDPR or UK GDPR apply, we will identify and rely on an applicable lawful basis for the relevant processing activity. Where consent is required for a specific activity, such as certain direct-marketing communications or optional cookies, we will seek consent through the relevant collection point, communication, cookie banner, or other appropriate mechanism. You may withdraw consent or object to certain processing where applicable law gives you that right.

 

Professional Communications & Third-Party Direct Marketing
 

Leveler Limited may use your name, professional title, organisation name, business email address, work telephone number, and other business contact details to send professional updates, invitations, service information, and materials concerning Leveler Limited’s B2B advisory services. Where required under the PDPO, we will not use your personal data for direct marketing unless we have informed you of the intended use and provided you with a channel to indicate consent or objection. You may opt out of direct marketing at any time and without charge by contacting us through our contact form or using the unsubscribe instructions in our communications.

 

Our communications may refer to the professional products, services, events, opportunities, or projects of our clients, strategic partners, or other Business Contacts. We will not transfer your personal data to any client, strategic partner, or other third party for that party’s own direct-marketing purposes unless we have obtained your separate written consent.

 

Disclosure of Information

 

Depending on the Website features enabled, Services requested, and communication channels selected by clients, prospective clients, users, authorised representatives, or other Business Contacts, we use or may use contracted companies and service providers to support our operations (“Service Providers”). We share and disclose your information only with the following categories of Service Providers:

 

• Website Hosting & Security: NameSilo, LLC (United States). Supporting infrastructure, security, and DNS services are provided via NuSEC (United States), with physical data storage at PhoenixNAP (United States). SSL encryption is managed via SSL2BUY (Sectigo, United States/UK). We also utilise Vercel Inc. (United States) to host our commenting infrastructure.

• File Storage & Document Collaboration: Google Drive (Google LLC, United States).

• Communication & Collaboration: Titan (Nova Global Limited, United States/Singapore), and Proton (Proton AG, Switzerland).

• Video & Audio Conferencing: Zoom (Zoom Communications, Inc., United States), Teams (Microsoft Corporation, United States), Meet (Google LLC, United States), and Proton (Proton AG, Switzerland).

• Data Analytics: Google LLC (United States) and Mixpanel, Inc. (Netherlands/EU).

• Security & Anti-fraud: hCaptcha (Intuition Machines, Inc., United States).

• Commenting Systems: We use or may use GraphComment (Semiologic SAS, France), Cusdis (hosted via Vercel Inc., United States), Disqus (Zeta Global, United States), or IntenseDebate (Automattic Inc., United States), depending on which commenting feature is enabled on a particular page.

 

Service Providers are not authorised to use or disclose your information except as necessary to perform services on our behalf or comply with legal requirements. Service Providers are given the information they need only in order to perform their designated functions, and we do not authorise them to use or disclose any of the provided information for their own marketing or other purposes.

 

We may also disclose any Personal Information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

 

Transfer of Personal Data Outside Hong Kong

 

As a company based in Hong Kong using global service providers, your Personal Information may be transferred to, stored, or processed outside Hong Kong, including in the United States, Canada, Switzerland, Singapore, France, South Korea, the Netherlands, and the United Arab Emirates. We take reasonably practicable steps to use Service Providers subject to confidentiality, security, and data-protection obligations consistent with the requirements and principles of the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486), where applicable.

 

 

Video and Audio Conferencing

 

To conduct B2B meetings, presentations, and collaborative sessions, we use third-party video and audio conferencing platforms.
 

• Service Providers: We primarily use Zoom, Microsoft Teams, Google Meet, or Proton Meet.

• Data Collection: These providers may collect technical metadata (such as your IP address and device details). If a session is to be recorded for project documentation or minute-taking purposes, we will always notify all participants and obtain explicit consent before the recording begins.

• Privacy Practices: While we prioritise services that offer enhanced privacy features, such as the end-to-end encryption and Swiss-based jurisdiction provided by Proton AG, your interactions through these platforms are ultimately governed by the privacy policies of the respective providers. We employ security features, such as meeting passwords and participant screening, to protect the confidentiality of our professional discussions.

 

Communication via Instant Messaging

 

To facilitate responsive B2B collaboration and for the convenience of our business clients, prospective clients, strategic partners, contractors, advisors, counterparties, authorised representatives, and other Business Contacts, we may occasionally communicate via instant messaging applications (such as WeChat, WhatsApp, Kakao, Signal, or Telegram).

 

• Business Contact-Led Convenience: We may elect to use these channels only to facilitate agile communication at the request of the relevant client, prospective client, strategic partner, contractor, advisor, counterparty, authorised representative, or other Business Contact. These are not our preferred or primary channels for professional service delivery.

• Confidentiality: We strongly discourage the transmission of sensitive corporate data, financial records, or private personal identifiers via these platforms. Official business documentation and sensitive instructions should be sent via our secure email infrastructure.
• Risk Acknowledgement: While we prioritise services with end-to-end encryption, these applications are managed by third-party providers. By engaging with us on these platforms, you acknowledge that Leveler Limited cannot guarantee the long-term security or data retention practices of these third-party services, which are operated by the following entities:    
   

  •  WeChat: Tencent Holdings Ltd. (Cayman Islands / China).

  •  WhatsApp: Meta Platforms, Inc. (United States).

  •  Kakao: Kakao Corp. (South Korea).

  •  Signal: Signal Technology Foundation (United States).

  •  Telegram: Telegram FZ-LLC (United Arab Emirates / British Virgin Islands).

 

Retention of Information

 

We will retain and use your Personal Information for the period reasonably necessary to fulfil the purposes described in this Policy, comply with legal obligations, maintain business records, enforce our terms and policies, resolve disputes, and protect our legitimate business interests, unless a longer retention period is required or permitted by law.

 

We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

 

Cookies

 

Our website uses cookies – small text files placed on your device. Cookies help us operate the site, understand how it is used, and provide functionality such as comment systems.

 

To ensure full transparency and compliance with global privacy standards, we utilise Google Consent Mode v2. This technology allows us to respect your privacy choices by dynamically adjusting the behaviour of Google services based on your consent status for analytics and performance data.

 

Essential cookies are necessary for the basic operation of the Website, such as maintaining your session and enabling security features. They do not require your consent. These include:

 

• Hosting & Infrastructure: Our website is hosted by NameSilo, LLC (United States) using infrastructure from NuSEC and PhoenixNAP. These providers, along with Vercel Inc. (for commenting services), set essential cookies for security, routing, and performance.
• We also use internal and provider-specific cookies (such as __cookie_law__ and mp_optout) to remember your privacy choices and ensure that our analytics scripts remain deactivated if you choose to opt-out.
• hCaptcha: Provided by Intuition Machines, Inc. (United States), we use hCaptcha to secure our forms. This service is essential for protecting the Website from spam and abuse. It may set a cookie to track the successful completion of the security challenge.

 

Optional cookies are used for analytics, performance measurement, and optional website features such as commenting systems. These include cookies set by our third‑party service providers:

 

 

• Mixpanel & Google Analytics: We use Google Analytics (United States) for high-level traffic trends and Mixpanel (Netherlands/EU) for website engagement analytics.
  • EU Data Residency: Our Mixpanel instance is specifically configured to store data within the European Union, providing enhanced privacy protections for our global B2B users.
  • Anonymization: Both services are configured to respect your privacy; Google Analytics anonymizes your IP address, and Mixpanel tracks behavioural "events" (like article engagement) rather than personal identity, unless you choose to provide it.

 

• Commenting Systems: Our blog pages may use third-party scripts to provide commenting functionality. We use or may use GraphComment, Cusdis, Disqus, or IntenseDebate depending on which commenting feature is enabled on a particular page. GraphComment and Cusdis are privacy-focused services designed to function with minimal or no tracking cookies for readers and do not follow your behaviour across the web. For Disqus and IntenseDebate, if you reject optional cookies, these systems will not set tracking cookies on your device. If you choose to log in to post a comment, the respective provider may set cookies necessary for authentication and security associated with your chosen login or commenting activity.

 

Do Not Track Signals

 

Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from users who use or visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform. As a result, the Website is not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this Policy, we limit our use and collection of your Personal Information. For a description of Do Not Track protocols for browsers and mobile devices or to learn more about the choices available to you, visit: allaboutcookies.org.

 

Privacy of Children

 

We do not knowingly collect any Personal Information from children under the age of 18. If you are under the age of 18, please do not submit any Personal Information through the Website and Services. If you have reason to believe that a child under the age of 18 has provided Personal Information to us through the Website and Services, please contact us to request that we delete that child’s Personal Information from our Services.

 

We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through the Website and Services without their permission. We also ask that all parents and legal guardians overseeing the care of children take the necessary precautions to ensure that their children are instructed to never give out Personal Information when online without their permission.

 

Social Media & Feed Features

 

Our Website and Services may include social media features, such as the Facebook and X (Formerly Twitter) buttons, Share This buttons, etc. (collectively, “Social Media Features”). This includes our RSS feed buttons. Subscribing to RSS triggers standard web requests including your IP address; we do not use this for individual user tracking. Social Media Features are hosted either by their respective providers or directly on our Website and Services. Your interactions with these Social Media Features are governed by the privacy policy of their respective providers.

Leveler Limited may maintain official social media pages or profiles on third-party platforms, including LinkedIn and Facebook. If you interact with us through those platforms, including by following our page, commenting, reacting, sharing, sending direct messages, or submitting information through platform forms, the relevant platform may process your personal data under its own terms and privacy policy. We may process information made available to us through those platforms for business communications, enquiry handling, relationship management, security, compliance, and, where permitted, professional updates and marketing communications in accordance with this Policy.

 

Links to Other Resources

 

The Website and Services contain links to other resources that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other resources or third parties. We encourage you to be aware when you leave the Website and Services and to read the privacy statements of each and every resource that may collect Personal Information.

 

Information Security

 

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use, or disclosure. We maintain reasonable safeguards for Personal Information. As we use global Service Providers, your information may be transferred to or processed in jurisdictions with different privacy standards from Hong Kong. However, no data transmission over the Internet or wireless network can be guaranteed.

 

Therefore, while we strive to protect your Personal Information, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity, and privacy of any and all information and data exchanged between you and the Website and Services cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.

 

Data Breach

 

In the event we become aware that the security of the Website and Services has been compromised or Users’ Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the User as a result of the breach or if notice is otherwise required by law. Where appropriate, notification may be made by direct communication, website notice, regulator notification, or other reasonable means, depending on the circumstances.

 

Changes and Amendments

 

We reserve the right to modify this Policy or its terms related to the Website and Services at any time at our discretion. When we do, we will revise the updated date at the bottom of this page. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided.

 

An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Website and Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your acknowledgement of the updated Policy, where permitted by applicable law. However, we will not, without your consent, use your Personal Information in a manner materially different than what was stated at the time your Personal Information was collected.

 

Acceptance of This Policy

 

This section explains how this Policy applies when you use the Website or submit personal data to us. By using the Website or Services, submitting personal data to us, or otherwise communicating with us, you acknowledge that you have been provided with this Policy. Where consent is required for a particular use of personal data, we will seek consent through the relevant collection point, communication, or consent mechanism. If you do not agree with this Policy, please do not submit personal data to us or use Website features that require such submission.

 

Contacting Us

 

In accordance with the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"), you have the right to request access to and correction of your Personal Information held by us.
 

If you have any questions, concerns, or complaints regarding this Policy, or if you wish to exercise your data rights, you may:

 

• Submit a request via email or our web contact form at https://leveler.global/contact.
• Contact us via the physical addresses below.

 

LEVELER LIMITED
P.O. Box 95
Yuen Long Delivery Office
New Territories
HONG KONG SAR

 

Registered Office:

21/F, CMA Building
64-66 Connaught Road Central
Central, Hong Kong

HONG KONG SAR

 

We will attempt to resolve complaints or disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible, within the timescales provided by applicable data protection laws.

 

Last updated: 12 May 2026.