Home/Privacy Policy

Privacy Policy

Last Updated: 1 May 2026

This Privacy Policy explains how ThinkVAL Singapore Pte Ltd ("ThinkVAL", "we", "our" or "us") collects, uses, discloses and protects personal data, in accordance with the Singapore Personal Data Protection Act 2012 ("PDPA"). It applies to our websites and to our products and services (the "Service").

1. Our role: controller and processor

ThinkVAL handles personal data in two distinct capacities:

  • As a data controller — for personal data we determine the purposes of, such as data about website visitors, account holders, billing contacts, and recipients of our marketing. This Privacy Policy governs that data.
  • As a data processor — for personal data contained within the data our business customers submit to the Service ("Customer Data"). For Customer Data, the customer (or its own customers) is the controller and ThinkVAL acts only as a processor on the customer's documented instructions. That processing is governed by the Data Processing Agreement (Annex 1 of our Terms of Service), not by this Privacy Policy. If your personal data sits within a ThinkVAL customer's account, please direct your requests to that customer as the controller.

2. What personal data we collect (as controller)

  • Identity and contact details — name, business email, telephone number, job title, company.
  • Account and login data — username and credentials, account settings, and authentication logs.
  • Billing data — billing contact, billing address, and payment-reference information (card details are handled by our third-party payment processor, not stored by us).
  • Usage, device and cookie data — IP address, device and browser information, pages viewed, and interactions with our website and Service.
  • Communications — correspondence with our sales, support and onboarding teams.

3. How we collect personal data

We collect personal data: (a) directly from you, for example when you enquire, register, contract for or use the Service, or contact us; (b) automatically through your use of our website and Service (including cookies — see Section 9); and (c) from a limited set of service providers acting for us (such as our payment processor). We do not purchase personal data from data brokers, population registers or credit-reference agencies.

4. Purposes for which we use personal data

We use personal data to: provide, operate, secure and improve the Service; create and administer accounts; process payments and manage billing; provide support and respond to enquiries; detect, prevent and investigate security incidents, fraud and misuse; comply with legal and regulatory obligations; and, where you have consented, send you marketing about our products and services. Under the PDPA we rely on your consent (including deemed consent) or, where applicable, an exception permitted under the PDPA (such as legitimate interests or business-improvement purposes), and we will not use your personal data for a new purpose without a lawful basis.

5. To whom we disclose personal data

We do not sell personal data. We disclose personal data only to:

  • Service providers / sub-processors who process data on our behalf and under contract — for example cloud-hosting providers (such as Amazon Web Services, Microsoft or Google), and support, communications and analytics tools — who are permitted to use the data only to provide services to us;
  • Professional advisers (such as legal, audit and accounting) where reasonably necessary; and
  • Authorities or third parties where required or permitted by law, or to establish, exercise or defend legal rights.

6. Transfers outside Singapore

Where we transfer personal data outside Singapore (for example to a cloud region operated by an infrastructure provider), we take reasonable steps to ensure the recipient provides a standard of protection comparable to the PDPA, including through contractual safeguards.

7. How long we retain personal data

We retain personal data only for as long as necessary to fulfil the purposes set out above, including to meet legal, accounting, tax or reporting requirements, after which it is deleted or anonymised. Retention of Customer Data (where we act as processor) is governed by the Data Processing Agreement.

8. How we protect personal data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, use, alteration or loss — including access controls, individual credentials, encryption and/or pseudonymisation where appropriate, network protection, and regular review of our safeguards. Access is limited to personnel who need it to perform their role and who are bound by confidentiality obligations.

9. Cookies

Our website uses cookies and similar technologies to operate the site, remember your preferences, and understand and improve how the site is used. You can control or disable cookies through your browser settings; some features may not function properly without them. Where required, we will seek your consent for non-essential cookies.

10. Your rights under the PDPA

Subject to the PDPA, you may: access the personal data we hold about you and ask how it has been used; request correction of inaccurate or incomplete data; and withdraw your consent to our collection, use or disclosure of your personal data (withdrawal does not affect the lawfulness of processing before withdrawal, and may affect our ability to provide the Service). To make a request, contact us using the details below. You may also lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore.

11. Data we process on behalf of business customers

Where personal data forms part of the Customer Data a business customer submits to the Service, ThinkVAL acts only as a processor on that customer's instructions, and the customer is the controller. We process such data solely to provide the Service and as set out in the Data Processing Agreement (Annex 1 of our Terms of Service). Individuals whose data is held within a customer's account should contact that customer to exercise their rights.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on our website with a revised "Last Updated" date, and where changes are significant we may notify you by other means.

Contact Information

For questions about this Privacy Policy, or to exercise your rights, please contact our Data Protection Officer at privacy@thinkval.com.