Privacy Notice

In compliance with Singapore's Personal Data Protection Act (PDPA) 2012 (revised 2020) and the Cybersecurity Act 2018.

What we collect

To provide compliance management services we collect: contact details (name, email, phone), company identifiers (UEN, registered address, FYE), stakeholder details (directors, shareholders, secretaries) including identification numbers where required for ACRA/IRAS submissions, and copies of supporting documents that you upload.

Purpose

Personal data is used solely to: (a) maintain your account; (b) prepare and submit statutory filings on your behalf; (c) send compliance reminders; and (d) maintain audit records. We do not sell, rent, or share data with third parties for marketing purposes.

Storage and security

All data is encrypted in transit (HTTPS/TLS). Passwords are hashed using bcrypt. Two-factor authentication is required for all accounts. Document files are stored outside the public web root and access is logged. SHA-256 file hashes ensure integrity.

Retention

Compliance records and supporting documents are retained for at least 5 years from the close of the relevant financial year, in line with the Companies Act and Income Tax Act. Audit logs are retained for at least 12 months.

Your rights

You may request access to, correction of, or withdrawal of consent for the use of your personal data by writing to your administrator or to dpo@your-domain.sg. We will respond within 30 days as required under the PDPA.

Data Breach Notification

In the event of a notifiable data breach (as defined under the PDPA), we will notify the PDPC within 3 calendar days and affected individuals as soon as practicable.