AS UPDATED ON :- 25/02/2026
We respect your privacy and are committed to protecting your Personal Data. This Privacy Policy (the “Policy”) outlines how Kindness Parcel PTE. LTD. (“Company” or “us” or “we” or “our“) and its affiliates and our third-party service providers collect, use, store, process, transfer, and disclose your information through our website https://kindnessparcel.com/ (“Website”), our Services and any of our other websites, mobile or digital applications, or any other services we offer from time to time by or in connection therewith (collectively referred to as the “Platform”). At our Platform, we enable registered Users (“Hosts”) to create digital event pages (“Events”), invite participants (“Guests”), and facilitate the collection of contributions that are split between a charitable donation component and a Host gift component (the “Services”). By reviewing this Policy, you will gain a comprehensive understanding of your privacy rights and choices.
Your access to and/or utilisation of our Platform and/or Services signifies your agreement to be governed by this Policy. By providing us with your Personal Data, you expressly consent to the use and disclosure of your Personal Data as outlined in this Policy. This Policy, along with the Terms of Service and other policies published on the Platform from time to time, is applicable to your use of the Services, and you explicitly agree and acknowledge to read the Privacy Policy in conjunction with the Terms of Service.
Please note that the capitalised terms not defined in this Policy are defined in the Terms of Service.
The term “Personal Data” shall mean data, whether true or not, about an individual who can be identified from that data alone or from that data and other information to which the Company has or is likely to have access. This may include, without limitation, any information that you voluntarily provide to us, such as your name, email address, phone number, Event-related information and information that is collected automatically through your use of our Platform or Services (including IP address, location, device identifiers, browser type, and usage data), to the extent such information identifies or is capable of identifying an individual.
By accessing and utilising the Platform and/or Services, or furnishing your Personal Data, you explicitly agree and acknowledge that you accept the terms delineated in this Policy. The terms ‘you‘, ‘your‘, or ‘User’ in the context of this Policy collectively pertain to the Hosts, Guests, Charities, or any individual or entity utilising our Platform and Services, whether for personal use or on behalf of others.
By visiting the Platform or providing your information, you acknowledge that your Personal Data will be processed in accordance with this Privacy Policy and applicable data protection and privacy laws, including but not limited to Singapore’s Personal Data Protection Act, 2012 (“PDPA”), any amendments thereof and other relevant regulations governing data protection and privacy. This Privacy Policy shall be governed by and construed in accordance with the laws of Singapore. Nothing in this Privacy Policy shall limit or exclude any rights or remedies available to data subjects under applicable data protection laws.
IF YOU DO NOT CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AS SET FORTH IN THIS PRIVACY POLICY, PLEASE REFRAIN FROM ACCESSING AND/OR USING OUR PLATFORM AND SERVICES.
1. TO WHOM DOES THIS POLICY APPLY?
1.1. This Policy is inclusive and applies to all Users of our Platform and/or Services, irrespective of their browsing intent or their extent of utilising the Services offered on our Platform.
1.2. The applicability of this Policy extends to Users regardless of the device type used for accessing our Platform and/or Services, whether it be a laptop/desktop or a mobile/tablet device.
1.3. The Platform and Services are intended for use by individuals who are able to provide valid consent. We do not knowingly collect or solicit Personal Data from individuals under the age of eighteen (18). If you are below the age of 18, you confirm that you are using the Platform with the consent of a parent or legal guardian. Where Personal Data is provided on behalf of a minor, the parent or legal guardian represents that they have the authority to provide such consent. If you do not meet these criteria, please refrain from using our Platform and Services or providing Personal Data to us.
2. WHAT IS THE INFORMATION THAT WE COLLECT FROM YOU?
2.1. For Hosts: To utilise our Platform and avail our Services, Hosts are required to register on the Platform and provide us with certain Personal Data. This may include, but is not limited to, the following:
2.1.1. Basic Information: including your full name and password.
2.1.2. Contact Information: such as email address.
2.1.3. Verification Data: We may collect information and logs relating to account verification, login confirmations, or payment confirmations.
2.1.4. Financial Information: We may collect certain financial information for the purpose of processing payouts and facilitating remittances, including bank account details or PayNow details. Where applicable and strictly on a voluntary basis, we may also collect national identification information such as NRIC or FIN details only where required or permitted under applicable law, including for tax reporting or tax deduction purposes in connection with donations made to eligible Charities. You acknowledge that provision of such information is optional and that failure to provide it may affect your ability to avail certain tax-related benefits.
2.1.5. Event-related Information: While creating or managing Events through the Platform, you may voluntarily provide information such as Event titles, descriptions, venue details, schedules, participant details, Charity selection, and other information relevant to the Event.
2.2. For Guests: When utilising the Platform through an Event link, Guests may be required to provide certain information necessary for contributions and the delivery of Services. This may include, but is not limited to, the following:
2.2.1. Basic Information: This may include the name.
2.2.2. Contact Information: Such as email address, where provided by the Guest or, where applicable, by the Host for Event participation purposes.
2.3. Additionally, while the Users utilise our Platform and/or Services, we may collect the following information-
2.3.1. Transaction data: Payment-related information required to process contributions is collected directly by our third-party payment processor. We do not access, store, or collect your bank account or credit/debit card details. We may, however, receive transaction references, payment status confirmations, and related metadata for record-keeping and reconciliation purposes. All payment transactions are subject to the payment processor’s applicable privacy policies and terms of service.
2.3.2. Social Media Platforms: If you contact us or subscribe to our content through third-party social media platforms, we may collect publicly available data such as name, contact information, profile handle, or other metadata using social listening or analytics tools.
2.3.3. Communication with us: This can include any information contained in communications you send to us, including inquiries, support requests, feedback, or promotional correspondence.
2.3.4. Device Identification data: This includes information that may assist us in identifying your device, including browser type, version, your operating system, etc; and
2.3.5. Other Data: This can include the following, based on your interaction with the Platform:
2.3.5.1. number of times you accessed our Platform;
2.3.5.2. the length of time you spent on the Platform;
2.3.5.3. the period from which you became and have continued to be active on the Platform; and
2.3.5.4. other similar statistics we may collect with the intention of improving the user experience of the Platform.
2.4. You agree to provide us with your Personal Data whenever you use our Services by performing any of the following functions:
2.4.1. Accessing our Platform by means of any web browser or any device;
2.4.2. Register for an account or create an Event;
2.4.3. Making a contribution;
2.4.4. Expressing your interest in our Services on the Platform;
2.4.5. Inquiring about our Services through our Platform;
2.4.6. Initiating and maintaining correspondence with us.
2.5. We take reasonable and appropriate measures to ensure that Personal Data collected through our Platform is secure and handled in accordance with applicable data protection laws. Personal Data is retained only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.
2.6. You understand and agree that all Personal Data, sensitive or otherwise, collected through our Platform is provided solely by the User. We do not collect any personal or sensitive information without the User’s explicit input and consent. Users are responsible for the accuracy and completeness of the information they provide. By using our Platform and Services, you acknowledge that you are bound by the terms and policies of our third-party service providers.
2.7. We rely on trusted third-party service providers for hosting, storage, and payment processing, including Hostinger, Google Analytics, Brevo, etc. These service providers maintain their own security and privacy controls, and we recommend reviewing their privacy policies as referred to in Clause 5 of this Policy.
2.8. While we implement reasonable security measures to protect your Personal Data, you acknowledge and agree that we shall not be liable for any loss or damage resulting from any disclosure (whether inadvertent or otherwise) of any Personal Data concerning your credit cards, debit cards or bank account details during any payment transactions. Furthermore, we are not responsible for any loss or damage related to any Personal Data that is provided by the Hosts while utilising our Services. You acknowledge and agree that any such transactions are subject to the third-party provider’s terms and are at your own risk.
2.9. You understand that our payment partner(s) provide you with the convenience of storing your payment methods on the Platform. By opting for this feature, you consent to the storage of your Personal Data, including your payment method. We do not store or process such financial information on our systems.
2.10. This Policy will not apply to any unsolicited information provided by you through the Platform or through any other means. This includes, but is not limited to, information posted on any public areas of the Platform. All such unsolicited information shall be deemed to be non-confidential, and we will be free to use and disclose such unsolicited information without limitation.
2.11. Access to your Personal Data is limited to employees, agents, partners, and third parties, who we reasonably believe will need that information to enable us to provide Services to you. However, we are not responsible for the confidentiality, security, or distribution of your own Personal Data by our partners and third parties (who have their own privacy policies) outside the scope of our agreement with such partners and third parties.
2.12. When you use our Platform, we collect and store your information, which is provided by you from time to time. In general, you can browse the Platform without telling us who you are or revealing any Personal Data about yourself. Once you give us your Personal Data, you are not anonymous to us. Where possible, we indicate which fields are required and which are optional. You always have the option to not provide information by choosing not to use a particular service, product, or feature on the Platform.
3. HOW DO WE COLLECT THE INFORMATION?
3.1. We employ various methods to gather information, ensuring a comprehensive understanding of User interactions and preferences. The collection of Personal Data is facilitated through the following processes:
3.1.1. Information you give us: When you provide us with the information referred to in Clauses 2.1, 2.2 and 2.3 through the methods outlined in Clause 2.4.
3.1.2. Social Media Management: We collect and analyse publicly available Personal Data through various tools to understand how Users engage with our social media channels and interactions. This information helps us identify trends in User behaviour, optimise our content strategy, and improve our social media presence. The data collected may include metrics such as interaction frequency, engagement patterns, and demographic details of our audience. We ensure that the data is used only for the purposes outlined in this Policy, maintaining strict confidentiality and compliance with applicable data protection laws. The insights gained enable us to enhance our social media efforts to better cater to User preferences and deliver a more engaging experience.
3.1.3. Session Management: We study session metrics to understand how Users interact with the Platform. This helps us learn the average time Users spend on the Platform and when they prefer to engage. We use tools like Google Analytics 4 (or alternatives) to collect anonymous data, including the number of views, how long the Users stay, and where they’re visiting from. This data allows us to optimise the User experience, making informed enhancements to cater to user preferences and behaviours.
3.1.4. User Analytics: We analyse User behaviour and preferences by collecting and analysing Personal Data and maintaining a track within the Platform to track and ensure accuracy, promptly identify any unusual behaviour, and detect fraudulent activities, allowing us to take immediate corrective action.
3.2. In addition to direct user interactions, we leverage cookies and similar technologies to enhance the functionality and User experience on the Platform. These allow us to collect and process additional information for various purposes:
3.2.1. Cookies: We utilise cookies, which are small text files stored on your device’s hard drive by web browsers. These cookies help us and third parties identify Users, track preferences, analyse usage patterns, and optimise the Platform’s functionality to provide a customised experience. Cookies enable us to store preference information and understand browsing activities. You may manage cookie preferences through your browser settings. Below is the limited list of the categories of cookies we use, along with their purposes:
3.2.1.1. Strictly Necessary Cookies: These cookies are needed to run our Platform, to keep it secure if you are logged in, and to obey regulations that apply to us. They also help us keep your details safe and private.
3.2.1.2. Functional Cookies: These cookies are used for remembering things such as your region or country, your preferred language, and accessibility options like large font or high-contrast pages.
3.2.1.3. Performance Cookies: These cookies tell us how you and our other Users use our Platform. We combine all this data together and study it. This helps us to improve the performance of our Services and/or the Platform.
3.2.1.4. Session Cookies: We use session cookies, which are stored temporarily during your browsing session and deleted when you close your browser or application. These cookies support Platform functionality and help us analyse usage, including pages visited, links clicked, content viewed, and time spent on each page.
3.2.1.5. Analytics Cookies: Analytics cookies collect data about your use of the Platform, allowing us to improve its performance. These cookies provide aggregated information to monitor site functionality, track page visits, identify technical issues, analyse User traffic, and measure the effectiveness of our advertising, including emails sent to you.
3.2.1.6. Purpose of Cookies We Use: We utilise Personal Data obtained through cookies to enhance the speed, security of your interaction with us, and overall User experience. These cookies serve various purposes:
3.2.1.6.1. Preferences: Cookies enable the Website to remember information that alters the site’s behaviour or appearance, such as your preferred language or geographic region. By retaining your preferences, we can customise and present advertisements and other content tailored to you.
3.2.1.6.2. Security/Optimisation: Cookies play a crucial role in maintaining security by verifying Users, preventing fraudulent use of Services, and safeguarding User data from unauthorised access. Specific types of cookies assist in blocking various types of attacks, such as attempts to pilfer content from Platform forms.
3.2.1.6.3. Processing: Cookies contribute to the efficient functioning of the Website, allowing us to deliver the Services expected by visitors and/or Users. These cookies facilitate tasks like navigating web pages and accessing secure sections of the Platform.
3.2.1.6.4. Communication: Information collected through cookies may be utilised to communicate with you, including sending newsletters, seeking your opinions and feedback, and providing Services and promotional materials.
3.2.1.6.5. Analytics and Research: Cookies aid in comprehending how individuals utilise our Services, enabling us to enhance them for a better user experience. This data-driven insight helps us refine and improve our offerings.
3.2.2. Web Beacons, Pixel Tags, and Trackers: We may employ Web Beacons, Pixel tags, and tracking URLs, which are tiny graphic images and/or small blocks of code placed on Platform pages, ads, or in the emails that allow us to determine whether you performed a specific action. When you access these pages, or when you open an email, you let us know that you have accessed the web page or opened the email. These tools help us measure responses to our communications and improve our web pages and promotions.
3.2.3. Log Files: Our servers automatically collect information sent by Users’ devices, known as log files. This data may include IP addresses, device information, browser type, and timestamps. Log files are instrumental in analysing trends, administering the Platform, and diagnosing technical issues.
3.2.4. Third-Party Analytics: We may integrate third-party analytics services to further understand user behaviour. These services utilise their own tracking technologies to compile reports on Platform activity, aiding us in improving our Services.
3.2.5. Location Data: As part of our Services, we may also collect precise geolocation data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. We collect this type of data if you grant us access to your location. You can withdraw your consent at any time by disabling the GPS or other location-tracking functions on your device.
3.3. Information from other sources: We may collect Personal Data from other sources, including but not limited to:
3.3.1. If any User or any third party submits a complaint about you, we may receive information relating to the specific complaint made in order to understand and, where relevant, address the complaint; and
3.3.2. To the extent permitted by applicable law, we may receive additional information about you, such as references, demographic data, and information to help detect fraud and safety issues from (i) third-party service providers, other third parties, and/or partners, or (ii) Users and any other individuals, entities, and authorities, and combine it with information we have about you. For example, we may receive background check results or fraud warnings from identity verification service providers for use in our fraud prevention, security investigation, and risk assessment efforts. We may receive information about you and your activities on and off the Platform, including from our Users of our Platform, members of the public, or governmental, public, or tax authorities, or about your experiences and interactions with our partners.
4. WHY DO WE COLLECT YOUR INFORMATION?
4.1. You agree and acknowledge that we shall collect your information only for lawful and legally permissible purposes, which are as follows:
4.1.1. Provision of Services: We process your Personal Data to fulfil our contractual obligations with you. This includes creating and managing your Account, facilitating Event creation and participation, processing payments and contributions, enabling contributions and fund allocation, tax deductions, administering Platform features and functionality, etc.
4.1.2. User Authentication: We collect and use your information to verify your identity whenever you access or use the Platform. This may include registering and authenticating your Account, managing login credentials and password resets and preventing unauthorised access.
4.1.3. Transactions and Payments: To facilitate secure and efficient payment processing and transaction management, including enabling and authorising payment services through third-party payment providers, reconciling transactions and maintaining financial records, detecting and preventing fraud, abuse, money laundering, and security incidents, and complying with applicable legal and regulatory obligations.
4.1.4. Research and development: We will utilise Personal Data to deliver the Services and to develop, test, and enhance the quality and usability of both the Platform and Services. Our primary approach will involve de-identifying this information before utilisation and subsequently integrating it with de-identified browser and device data for these purposes.
4.1.5. Communicate with you: We use your Personal Data to communicate with you concerning Services, Platform updates, and notifications related to your account and Events via different channels (e.g., phone and email).
4.1.6. Fraud Prevention and Credit Risks: We use your Personal Data to detect, prevent, and investigate fraudulent activity, unauthorised access, abuse, suspicious transactions, chargebacks, payment reversals, and security risks associated with the use of the Platform, Events, and contribution flows. This includes taking measures to protect the integrity of the Platform, its Users, Charities, and payment processes.
4.1.7. Troubleshoot Problems: We use your Personal Data to provide functionality, analyse performance, fix errors, and improve the usability and effectiveness of the Platform and/or Services.
4.1.8. Compliance with law: To comply with applicable laws, regulations, lawful requests, and enforceable legal obligations, and to establish, exercise, or defend legal claims.
4.1.9. Enhancing User Experience: To analyse User behaviour and preferences for improving our Services and User experience, and to be able to provide location-specific services, if any.
4.1.10. Marketing and Promotional Communications: Where permitted by applicable law and subject to your preferences, to send you marketing or promotional communications relating to the Platform or Services. You may opt out of receiving such communications at any time in accordance with this Privacy Policy.
4.2. In the course of operating the Platform and/or Services, we collect and utilise Personal Data in accordance with our Privacy Policy.
4.3. By using the Platform and Services, you acknowledge and consent to the collection, use, and disclosure of your Personal Data in specific situations, particularly where it is required to deliver our Services. Wherever data protection laws require us to collect and process certain Personal Data based on your consent, we will obtain this consent at the time of data collection. Your Personal Data may also be disclosed on our Platform if authorised by you for the purpose of utilising our Services. Additionally, we may communicate with you through various means, including messaging, calls, or emails, through third-party service providers to facilitate the performance of our Services where necessary. Furthermore, your Personal Data may be processed to the extent required to comply with legal obligations.
5. WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY?
5.1. We disclose Personal Data only where it is necessary, reasonable, and lawful to do so for the purposes described in this Privacy Policy.
5.1.1. Other Users: When you create or participate in an Event, certain limited information may be shared between Hosts and Guests solely for Event-related purposes. This may include your name and other information relevant to facilitating participation in the Event. We do not permit the use of such information for unrelated purposes.
5.1.2. Charity: Where you select a Charity in connection with an Event, we may share certain Personal Data of the Host with the relevant Charity as is reasonably necessary to facilitate the charitable donation component of the Event. This may include the Host’s name, contact details, contribution amounts attributable to the charitable portion, and any other information required by the Charity for record-keeping, regulatory compliance, issuance of tax receipts (where applicable), and acknowledgement of donations. Such information is shared solely for charitable, administrative, and compliance-related purposes, including compliance with applicable tax and regulatory requirements, and is not used by the Charity for unrelated purposes.
5.1.3. Third-party Service Providers: We collaborate with and engage third parties for their services to carry out various functions on our behalf, such as payment processing, data analysis, email communications, hosting services, storage, customer service, marketing assistance, etc. While these third-party service providers may have access to the necessary Personal Data to fulfil their functions, they are prohibited from using it for any other purposes. Moreover, they are obligated to process the Personal Data in compliance with applicable laws. While we do not own or control these third parties, when you interact with them and choose to use their services, you are providing your information to them. Your use of these services is subject to the privacy policies of those providers, including but not limited to the following:
| Sr. No. | Service Providers | Purpose / Function | Links |
|---|---|---|---|
| 1 | Hostinger | Hosting Services, storage, backups, CDN/WAF (traffic protection) | https://www.hostinger.com/ |
| 2 | Brevo | Email communications | https://www.brevo.com/ |
| 3 | Google Analytics 4 | Analytics | https://policies.google.com/ |
| 4 | Microsoft Clarity | Performance & behaviour monitoring | https://clarity.microsoft.com/ |
| 5 | Wordfence | Security / WAF | https://www.wordfence.com/ |
| 6 | PayNow | Payment processing | https://www.paynow.com/ |
| 7 | ______________ | Payment processing | ______________ |
5.1.4. Employees and Contractors: Employees and contractors of the Company have access to Personal Data strictly on a need-to-know basis for their job functions or contractual obligations. They comply with this Policy and are trained to protect Personal Data. Confidentiality obligations prohibit unauthorised disclosure or misuse of Personal Data. We monitor compliance and may enforce disciplinary action for breaches, ensuring appropriate security measures are in place to safeguard all accessed Personal Data.
5.1.5. Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honour this Privacy Policy. Affiliates may include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
5.1.6. Business Transfers: If we reorganise or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur and that the transferee may decline to honour commitments we made in this Privacy Policy.
5.1.7. Legal Compliance:
5.1.7.1. We may disclose your information to courts, law enforcement, governmental or public authorities, tax authorities, authorised third parties, or other Users, if and to the extent we are required or permitted to do so by law or where disclosure is reasonably necessary to: (i) comply with our legal obligations, (ii) comply with a valid legal request, such as a subpoena or court order, or to respond to claims asserted against Company, (iii) respond to a valid legal request relating to a criminal investigation to address alleged or suspected illegal activity, or to respond to or address any other activity that may expose us, you, or any other of our Users to legal or regulatory liability, (iv) enforce and administer our agreements with Users, including our Terms, additional legal terms, and policies, (v) respond to requests for or in connection with current or prospective legal claims or legal proceedings concerning the Company and/or third parties, in accordance with applicable law, or (vi) protect the rights, property or personal safety of the Company, its employees, its User, or users of the public. Notwithstanding the above, you understand that before responding to any request for Personal Data, we conduct a thorough legal review to ensure the request complies with applicable laws, is specific, and is valid under the relevant legal framework. Requests that do not meet these criteria will not be processed. We reserve the right to seek clarification or additional information from the requesting authority if needed to validate the request.
5.1.7.2. Where legally required or permissible according to applicable law, we may disclose user information to relevant tax authorities or other governmental agencies, depending on where you are based, for the purpose of the tax authorities’ determination of proper compliance with relevant tax obligations. Where feasible and lawful, we apply data minimisation principles and disclose only the information necessary to comply with such requests.
5.1.7.3. Where appropriate and/or legally required, we may notify the User about legal requests, unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon or harm to us, our Users, or expose us to a claim of obstruction of justice. If a request for Personal Data is deemed unlawful, overly broad, or lacking in sufficient legal basis, we will take appropriate measures to challenge or refuse the request. This may include engaging with the requesting authority to clarify the scope of the request or initiating or participating in legal proceedings to challenge the request where warranted.
5.1.8. Service Improvement: We may share certain aggregated, anonymised information with third parties (for example, for Google Analytics) in order to assess the Platform usage and information pertaining to the ease of navigation.
5.2. We do not ever sell or rent your Personal Data without your express approval.
5.3. We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.
5.4. We may also de-identify or aggregate information and convert it into non-personal information so that it can no longer reasonably be used to identify you (“De-identified Information”). We use and retain De-Identified Information for any of the purposes described in Clauses 4 and 5 of this Policy. We will maintain and use De-Identified Information in de-identified form and will not attempt to re-identify the information, except to confirm our de-identification processes or unless required by law.
5.5. De-identified Information that cannot be used to personally identify particular individuals is referred to as anonymised information. Additionally, De-identified Information that can identify individuals only if it is combined with another, separate piece of information is referred to as pseudonymised information.
5.6. Where possible, we will aim to collect, store, and use anonymised information as a first preference, and if not, then pseudonymised information. Please note that we may retain anonymised information for analytic and service development purposes.
5.7. We may share aggregated, anonymised information to third parties for analytical and/or marketing purposes.
6. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
6.1. In compliance with applicable data protection laws, we retain your Personal Data for a duration no longer than necessary for the purpose for which it was collected or as mandated by relevant laws.
6.2. If you stop using the Services, we may retain your Personal Data for a limited grace period as per our internal data retention policies. Where immediate deletion is not feasible due to technical or legal constraints, we may instead anonymise your data to ensure it can no longer be linked to you, effectively removing all personal identifiers. The anonymised data may be retained solely for analytical, statistical and research purposes.
6.3. However, we may retain the information for the longer of: (a) the period your Account remains active; or (b) any applicable statutory limitation or record-keeping period, or other legal, regulatory, or contractual obligation that requires longer retention. Where no such basis exists, and subject to counterparty rights and applicable law, we will delete or de-identify these records upon request.
6.4. Additionally, we may continue to retain your Personal Data for the following purposes, including but not limited to:
6.4.1. Legitimate Business Interest: We may retain your Personal Data as necessary for our legitimate business interests, such as the prevention of money laundering, fraud detection and prevention, and enhancing safety. For example, if we suspend your Account for fraud or safety reasons, we may retain information from that Account to prevent you from opening a new Account in the future;
6.4.2. Legal, Tax, Reporting, and Auditing Obligations: We may retain and use your Personal Data to the extent necessary to comply with our legal, tax, reporting, and auditing obligations;
6.4.3. Exercise or Defend Legal Rights or respond to claims, requests, or investigations;
6.4.4. Shared Information: Information you have shared with others, such as reviews and forum postings, may continue to be publicly visible on the Platform, even after your Account is cancelled; and
6.4.5. Residual Copies: Residual copies of your Personal Data (either in the form of De-Identified Information or identified information) may remain in our backup systems for a limited period of time, primarily to ensure compliance with legal obligations and to protect against accidental or malicious loss and destruction. We strive to anonymise your data to prevent any personal identifiers from being linked to you. However, in rare cases where legal or operational requirements necessitate it, identifiable information may be retained temporarily. Such retention is strictly limited and governed by applicable laws.
7. HOW DO WE PROVIDE FOR THE SECURITY OF YOUR PERSONAL DATA WITH US?
7.1. We prioritise the security of your Personal Data and have implemented industry-standard technical and organisational measures to protect it against unauthorised access, collection, use, disclosure, copying, modification or disposal, or similar risks.
7.2. Personal Data is stored using a combination of secure storage mechanisms, including, without limitation relational database storage for application and Platform data, including user accounts, form submissions, transactional records, and audit logs, file or object storage for user-uploaded content, hosted within our cloud infrastructure, and encrypted backups stored separately from production systems to support data recovery, disaster recovery, and business continuity.
7.3. We safeguard Personal Data through layered security controls, which may include:
7.3.1. enforced secure connections using industry-standard encryption protocols (such as SSL/TLS);
7.3.2. encryption of data stored within managed database and storage services;
7.3.3. role-based access control (RBAC) for administrative and system access, including Platform and backend management areas;
7.3.4. access controls based on the principle of least privilege for databases, storage systems, and servers;
7.3.5. regular security updates and patching of operating systems, application runtimes, web servers, and Platform components; and
7.3.6. network-level protections, including firewall controls, web application firewalls (WAF), and measures to mitigate distributed denial-of-service (DDoS) and automated bot attacks.
7.4. Access to Personal Data is strictly limited to authorised personnel under internal access control protocols, who require such access to perform their job functions or contractual obligations. All such access is subject to confidentiality and security obligations. Accessing your information is facilitated through a secure server, and once in our possession, your data is subject to strict security guidelines to prevent unauthorised access.
7.5. We work to protect the security of your Personal Data during transmission by using encryption protocols. We use multi-layered controls to help protect our infrastructure, constantly monitoring and improving our applications, systems, and processes to meet the growing demands and challenges of security. We may update or modify such security measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Service.
7.6. You understand and agree that, despite the security measures in place, we cannot be held liable for any issues related to data security. Nevertheless, we implement reasonable physical, electronic, and procedural safeguards to maintain the confidentiality and integrity of your information. As part of this commitment, it is imperative that you also review and adhere to the terms of service and privacy policy of our third-party service providers.
7.7. The safety and security of your information also depend on you. You are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Platform, as the information you share may be viewed by any User of the Platform.
7.8. While we take comprehensive measures to safeguard your information, Users acknowledge and accept the inherent security implications of data transmission over the Internet and the World Wide Web. Despite our efforts, complete security cannot be guaranteed, and inherent risks persist. Users bear the responsibility of safeguarding login credentials for their Accounts. Any transmission of Personal Data is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Platform. While acknowledging these risks, we remain committed to continually enhancing our security protocols to address emerging threats and maintain the trust of our Users.
8. HOW DO WE HANDLE DATA BREACHES AND SECURITY INCIDENTS?
8.1. Pursuant to Clause 7 of this Policy, we strive to prevent data breaches and security incidents to the best of our ability. However, should a data security breach occur, we have an incident response plan (“Incident Response Plan”) in place as outlined in this Clause. In the event of a data breach or security incident, the Company maintains a proactive approach to ensure swift resolution and mitigate potential risks. Additionally, we take appropriate measures to contain the impact of any breach while ensuring compliance with applicable data protection laws.
8.2. We have established a comprehensive Incident Response Plan designed to address such occurrences promptly and effectively. This includes continuous system monitoring, robust access controls, and incident reporting protocols as part of our preventive and detective measures:
8.2.1. Identification: We promptly identify and acknowledge any signs of a data breach or security incident within our systems or infrastructure.
8.2.2. Containment: Immediate action is taken to contain the impact of the breach, preventing further unauthorised access or damage to data.
8.2.3. Notification: Where a data breach is assessed to be notifiable under the Personal Data Protection Act 2012, we prioritise transparency by notifying the Personal Data Protection Commission of Singapore and affected Users as required by law and within the prescribed timelines. Where notification to Users is required, such notification will be made as soon as practicable and will include relevant information regarding the nature of the breach and recommended protective steps.
8.2.4. Collaboration: We cooperate with the PDPC and other relevant regulatory authorities in connection with any data breach or security incident, including providing information as required under applicable law. Where appropriate, and depending on the nature of the incident, we may also cooperate with law enforcement agencies in relation to suspected criminal activity; and
8.2.5. Post-Incident Assessment: Following the resolution of the incident, we conduct thorough assessments to evaluate the effectiveness of our response measures and identify areas for improvement to prevent recurrence of such incidents. Corrective measures are implemented wherever necessary, and logs and forensic investigations are maintained to support compliance, auditing, and security reviews. Our employees are trained on the Incident Response Plan to ensure preparedness and effective response.
9. DO WE TRANSFER YOUR PERSONAL DATA ACROSS THE BORDER?
9.1. Storage Information: User data is securely stored on our servers and databases, utilising third-party storage partners, including Hostinger. At present, our primary production environment and backup systems are hosted in Singapore. It’s important to note that certain circumstances may necessitate the transfer of your Personal Data to countries outside your residential country. Such cross-border transfers may occur in connection with the purposes outlined in this Policy, and may involve our infrastructure and storage partners, who help manage and store data on our behalf.
9.2. You understand and accept that other countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information it holds and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies, and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar processes. In addition, a number of countries have agreements with other countries providing for the exchange of information for law enforcement, tax, and other purposes.
9.3. If we transfer your Personal Data to third parties for purposes stated in this Policy, we will take commercially reasonable steps to put in place appropriate controls and safeguards to ensure that your Personal Data is kept accurate, adequately protected, and processed only for specified and reasonable purposes in a manner that is fair, transparent and has a lawful basis, and is stored for no longer than is absolutely necessary.
10. WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?
11. ARE CHILDREN ALLOWED TO USE OUR PLATFORM AND/OR SERVICES?
12. HOW CAN YOU EXPRESS YOUR COMPLAINTS AND FEEDBACK?
13. HOW ARE CHANGES MADE TO THIS POLICY?
This Policy may be updated at our sole discretion or due to changes in the law. Such changes, unless otherwise stated, will be effective from the day and date of posting on the Platform. We reserve the right to update the Policy without obligation to notify Users. It is recommended to regularly review this Policy for any changes, as your continued access and use of the Platform will be considered your approval and acceptance of all modifications to this Policy. In cases where applicable law mandates, we may notify you of updates through email. If you do not agree with this Policy governing our Platform, please refrain from using the Platform or the Services provided by us.