Privacy Policy

Your privacy matters to us. This Policy explains what personal data TechDirectory collects, why we collect it, and how we use and protect it — in compliance with Singapore's Personal Data Protection Act 2012 (PDPA).

1. Overview

TechDirectory ("we", "us", or "our") operates the website at techdirectory.sg (the "Platform"), a B2B directory connecting Singapore businesses with technology service providers.

This Privacy Policy describes how we collect, use, disclose, and safeguard personal data obtained through your use of the Platform. It applies to all users — visitors, registered users, business representatives who claim listings, and review submitters.

By using the Platform, you consent to the data practices described in this Policy. If you do not agree, please discontinue use of the Platform.

2. Data We Collect

We collect the following categories of personal data:

Category	Examples	When Collected
Account Data	Name, email address, password (hashed), company name, job title	When you register an account
Listing Data	Company name, address, phone number, website URL, service descriptions, logo	When you submit or claim a business listing
Review Data	Review text, star rating, relationship to vendor, reviewer name or alias	When you submit a review
Enquiry Data	Name, email address, phone number, message content	When you submit an enquiry via a company profile
Usage Data	IP address, browser type, pages visited, time on page, referral source	Automatically when you use the Platform
Cookie Data	Session identifiers, preference settings, analytics identifiers	Automatically via browser cookies

We do not collect sensitive personal data such as NRIC numbers, financial account information, health data, or biometric data through the Platform.

3. How We Collect Data

We collect personal data through the following means:

Directly from you — when you register, submit a listing, write a review, or contact us.
Automatically — through server logs, cookies, and analytics tools when you browse the Platform.
From public sources — company information such as registered business names, addresses, and websites may be sourced from publicly available business directories, company websites, and government registries (e.g. ACRA).
From third-party platforms — where you connect a third-party account (e.g. Google Sign-In) to register on the Platform.

4. How We Use Your Data

We use personal data for the following purposes:

Platform Operation: To provide, maintain, and improve the Platform's functionality, including displaying company profiles and processing reviews.
Account Management: To create and manage your user account, authenticate logins, and send account-related notifications.
Review Processing: To verify review eligibility, moderate submitted reviews, and publish approved reviews on company profile pages.
Enquiry Routing: To forward your enquiry messages to the relevant company on your behalf.
Communications: To send transactional emails (e.g. account verification, review approval notifications) and, where you have opted in, platform updates and product announcements.
Analytics & Improvement: To understand how users interact with the Platform and identify areas for improvement.
Legal Compliance: To comply with applicable Singapore laws and regulations, including the PDPA and any lawful requests from authorities.
Fraud Prevention: To detect and prevent fake reviews, fraudulent listing claims, and other abuse of the Platform.

5. Legal Basis for Processing

Under Singapore's Personal Data Protection Act 2012 (PDPA), we process personal data on the following bases:

Consent: Where you have given us explicit consent — for example, when registering an account, submitting a review, or opting into marketing communications. You may withdraw consent at any time by contacting us.
Contractual Necessity: Where processing is necessary to fulfil our agreement with you — for example, to operate your account or process your listing submission.
Legitimate Interests: Where we have a legitimate business interest that does not override your rights — for example, fraud prevention, platform security, and analytics to improve the service.
Legal Obligation: Where processing is required to comply with Singapore law.

Company information sourced from public records (as described in Section 3) is processed under the PDPA's business contact information exception and public availability provisions.

We do not sell, rent, or trade your personal data to third parties. We share data only in the following limited circumstances:

With the reviewed company — when you submit an enquiry, your contact details and message are shared with the company you are enquiring about. Note that submitted reviews are published publicly but reviewers may choose to remain anonymous.
With service providers — we engage trusted third-party providers to operate the Platform, including our database provider (Supabase), email delivery service, and analytics platforms. These providers process data only on our instructions and are bound by data processing agreements.
For legal reasons — we may disclose data if required by law, court order, or a lawful request from a Singapore government authority.
Business transfers — in the event of a merger, acquisition, or sale of all or part of TechDirectory's assets, personal data may be transferred as part of that transaction. We will notify users via email or a prominent notice on the Platform before data is transferred and becomes subject to a different privacy policy.

7. Cookies, Local Storage & Tracking Technologies

The Platform uses cookies and browser localStorage to enhance your experience and provide essential functionality. We do not use third-party advertising cookies and we do not share cookie data with advertising networks.

Specific items we store in your browser:

Name	Storage	Purpose	Retention
`td_token`	localStorage	Supabase session JWT used to keep you logged in across page loads.	Until logout or session expiry (~1 hour rolling).
`td_user`	localStorage	Cached lightweight user profile (id, email, role, tier) so the UI can render without re-fetching.	Until logout.
`td_compare`	localStorage	List of companies you've added to the compare tool. Never sent to our servers.	Until you clear the comparison list or your browser storage.
`td_analytics_consent`	localStorage	Records whether you've accepted or declined non-essential analytics.	13 months (re-prompted after expiry).

By category:

Essential (cannot be disabled): td_token, td_user — required to keep you logged in and for security. Without these, claimed accounts cannot post reviews or replies.
Functional: td_compare — supports the company comparison tool; clearing it only removes the comparison list.
Analytics (consent-gated): td_analytics_consent plus any analytics cookies set after you accept the consent banner. We use privacy-respecting analytics that do not build cross-site profiles.

You can clear all localStorage items at any time via your browser's Site Settings page. Doing so will log you out and reset the comparison list.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by law:

Account data is retained for the duration of your account and deleted within 30 days of account closure upon request.
Review content is retained as part of the Platform's public record. You can request erasure of your own reviews at any time via POST /api/user/erase-my-data (logged-in) or by emailing [email protected]; we will action it unless overriding legal obligations apply.
Enquiry data is retained for 12 months from submission, after which it is deleted from our systems.
Procurement leads submitted via /get-matched are retained for 18 months from submission, after which the row is soft-deleted and your contact details are nulled. Leads forwarded to paid-tier vendors may be retained by those vendors under their own retention policies; vendors are contractually required to honour an erasure request you submit to us.
Usage and analytics data is retained in aggregated, anonymised form for up to 24 months.
Legal records are retained for the period required by applicable Singapore law.

9. Security

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

HTTPS encryption for all data transmitted between your browser and the Platform.
Hashed (bcrypt) storage of passwords — we do not store passwords in plain text.
Role-based access controls limiting employee access to personal data on a need-to-know basis.
Regular security assessments of our infrastructure and third-party service providers.

Despite these measures, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password and to notify us immediately if you suspect your account has been compromised.

In the event of a data breach that is likely to result in significant harm to affected individuals, we will notify the Personal Data Protection Commission (PDPC) within 3 business days and notify affected individuals as required under the PDPA Notification Obligation.

10. Your Rights Under the PDPA

As a data subject under Singapore's Personal Data Protection Act 2012, you have the following rights:

Right of Access: You may request a copy of the personal data we hold about you.
Right of Correction: You may request correction of inaccurate or incomplete personal data.
Right of Withdrawal: You may withdraw your consent for us to use your personal data for specific purposes. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Right to Data Portability: Where technically feasible, you may request that we provide your personal data in a commonly used, machine-readable format.
Right to Cease Processing: In certain circumstances, you may request that we cease or limit the use of your personal data.

To exercise any of these rights, please email us at [email protected] with the subject line "PDPA Data Request". We will respond within 30 calendar days. We may need to verify your identity before processing your request.

Self-service endpoints (logged-in users): GET /api/user/my-data returns a JSON export of every record tied to your account. POST /api/user/erase-my-data soft-deletes your reviews and nulls personal data on any procurement leads or enquiries you submitted. Full account deletion (auth credentials + profile) still requires email confirmation to [email protected].

If you have a complaint about another user's content (defamation, fake review, spam, doxxing, copyright), please use the abuse and takedown channel — we respond within 72 hours.

If you are dissatisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.

11. Children's Privacy

The Platform is designed for business users and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us and we will delete the data promptly.

12. Third-Party Links

The Platform contains links to company websites and other third-party content. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any external website you visit through links on our Platform. The inclusion of a link does not constitute our endorsement of that website or its privacy practices.

13. Cross-Border Data Transfers

Your personal data may be processed and stored on servers located outside Singapore. Where we transfer personal data internationally, we take steps to ensure that adequate levels of protection are in place, consistent with the requirements of the PDPA. Our primary infrastructure provider (Supabase) operates under standard contractual data protection clauses and is compliant with major international data protection frameworks.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we will notify registered users by email.

Your continued use of the Platform after any updates constitutes acceptance of the revised Policy. We encourage you to review this page periodically.

15. Contact & Data Protection Officer

In accordance with Section 11 of the PDPA, TechDirectory has designated a Data Protection Officer responsible for overseeing our compliance with the PDPA and addressing data protection concerns.

Data Protection Officer: TechDirectory Editorial Team
DPO email: [email protected]
Privacy enquiries: [email protected]
General enquiries: [email protected]
Website: techdirectory.sg
Regulator: Personal Data Protection Commission Singapore — www.pdpc.gov.sg

We aim to respond to all privacy-related enquiries within 5 business days. In the event of a data breach affecting your personal data, we will notify you and the PDPC within 72 hours of becoming aware of the breach, as required under the PDPA.