1. Overview
TechDirectory ("we", "us", or "our") operates the website at techdirectory.sg (the "Platform"), a B2B directory connecting Singapore businesses with technology service providers.
This Privacy Policy describes how we collect, use, disclose, and safeguard personal data obtained through your use of the Platform. It applies to all users — visitors, registered users, business representatives who claim listings, and review submitters.
By using the Platform, you consent to the data practices described in this Policy. If you do not agree, please discontinue use of the Platform.
2. Data We Collect
We collect the following categories of personal data:
| Category | Examples | When Collected |
|---|---|---|
| Account Data | Name, email address, password (hashed), company name, job title | When you register an account |
| Listing Data | Company name, address, phone number, website URL, service descriptions, logo | When you submit or claim a business listing |
| Review Data | Review text, star rating, relationship to vendor, reviewer name or alias | When you submit a review |
| Enquiry Data | Name, email address, phone number, message content | When you submit an enquiry via a company profile |
| Usage Data | IP address, browser type, pages visited, time on page, referral source | Automatically when you use the Platform |
| Cookie Data | Session identifiers, preference settings, analytics identifiers | Automatically via browser cookies |
We do not collect sensitive personal data such as NRIC numbers, financial account information, health data, or biometric data through the Platform.
3. How We Collect Data
We collect personal data through the following means:
- Directly from you — when you register, submit a listing, write a review, or contact us.
- Automatically — through server logs, cookies, and analytics tools when you browse the Platform.
- From public sources — company information such as registered business names, addresses, and websites may be sourced from publicly available business directories, company websites, and government registries (e.g. ACRA).
- From third-party platforms — where you connect a third-party account (e.g. Google Sign-In) to register on the Platform.
4. How We Use Your Data
We use personal data for the following purposes:
- Platform Operation: To provide, maintain, and improve the Platform's functionality, including displaying company profiles and processing reviews.
- Account Management: To create and manage your user account, authenticate logins, and send account-related notifications.
- Review Processing: To verify review eligibility, moderate submitted reviews, and publish approved reviews on company profile pages.
- Enquiry Routing: To forward your enquiry messages to the relevant company on your behalf.
- Communications: To send transactional emails (e.g. account verification, review approval notifications) and, where you have opted in, platform updates and product announcements.
- Analytics & Improvement: To understand how users interact with the Platform and identify areas for improvement.
- Legal Compliance: To comply with applicable Singapore laws and regulations, including the PDPA and any lawful requests from authorities.
- Fraud Prevention: To detect and prevent fake reviews, fraudulent listing claims, and other abuse of the Platform.
5. Legal Basis for Processing
Under Singapore's Personal Data Protection Act 2012 (PDPA), we process personal data on the following bases:
- Consent: Where you have given us explicit consent — for example, when registering an account, submitting a review, or opting into marketing communications. You may withdraw consent at any time by contacting us.
- Contractual Necessity: Where processing is necessary to fulfil our agreement with you — for example, to operate your account or process your listing submission.
- Legitimate Interests: Where we have a legitimate business interest that does not override your rights — for example, fraud prevention, platform security, and analytics to improve the service.
- Legal Obligation: Where processing is required to comply with Singapore law.
Company information sourced from public records (as described in Section 3) is processed under the PDPA's business contact information exception and public availability provisions.
6. Sharing Your Data
We do not sell, rent, or trade your personal data to third parties. We share data only in the following limited circumstances:
- With the reviewed company — when you submit an enquiry, your contact details and message are shared with the company you are enquiring about. Note that submitted reviews are published publicly but reviewers may choose to remain anonymous.
- With service providers — we engage trusted third-party providers to operate the Platform, including our database provider (Supabase), email delivery service, and analytics platforms. These providers process data only on our instructions and are bound by data processing agreements.
- For legal reasons — we may disclose data if required by law, court order, or a lawful request from a Singapore government authority.
- Business transfers — in the event of a merger, acquisition, or sale of all or part of TechDirectory's assets, personal data may be transferred as part of that transaction. We will notify users via email or a prominent notice on the Platform before data is transferred and becomes subject to a different privacy policy.
7. Cookies & Tracking Technologies
The Platform uses cookies and similar tracking technologies to enhance your experience and collect usage data. The types of cookies we use are:
- Essential Cookies: Required for core Platform functionality, including authentication sessions and security. These cannot be disabled.
- Analytics Cookies: Used to understand how visitors use the Platform (e.g. pages visited, time on site). We use anonymised analytics data only.
- Preference Cookies: Used to remember your settings and preferences across sessions.
You can control non-essential cookies through your browser settings. Disabling cookies may affect the functionality of certain Platform features. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set.
We do not use cookies to serve targeted advertising, and we do not share cookie data with advertising networks.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by law:
- Account data is retained for the duration of your account and deleted within 30 days of account closure upon request.
- Review content is retained indefinitely as part of the Platform's public record. If you request deletion of a review, we will assess the request against our content integrity obligations.
- Enquiry data is retained for 12 months from submission, after which it is deleted from our systems.
- Usage and analytics data is retained in aggregated, anonymised form for up to 24 months.
- Legal records are retained for the period required by applicable Singapore law.
9. Security
We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:
- HTTPS encryption for all data transmitted between your browser and the Platform.
- Hashed (bcrypt) storage of passwords — we do not store passwords in plain text.
- Role-based access controls limiting employee access to personal data on a need-to-know basis.
- Regular security assessments of our infrastructure and third-party service providers.
Despite these measures, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password and to notify us immediately if you suspect your account has been compromised.
In the event of a data breach that is likely to result in significant harm to affected individuals, we will notify the Personal Data Protection Commission (PDPC) within 3 business days and notify affected individuals as required under the PDPA Notification Obligation.
10. Your Rights Under the PDPA
As a data subject under Singapore's Personal Data Protection Act 2012, you have the following rights:
- Right of Access: You may request a copy of the personal data we hold about you.
- Right of Correction: You may request correction of inaccurate or incomplete personal data.
- Right of Withdrawal: You may withdraw your consent for us to use your personal data for specific purposes. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
- Right to Data Portability: Where technically feasible, you may request that we provide your personal data in a commonly used, machine-readable format.
- Right to Cease Processing: In certain circumstances, you may request that we cease or limit the use of your personal data.
To exercise any of these rights, please email us at [email protected] with the subject line "PDPA Data Request". We will respond within 30 calendar days. We may need to verify your identity before processing your request.
If you are dissatisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.
11. Children's Privacy
The Platform is designed for business users and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us and we will delete the data promptly.
12. Third-Party Links
The Platform contains links to company websites and other third-party content. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any external website you visit through links on our Platform. The inclusion of a link does not constitute our endorsement of that website or its privacy practices.
13. Cross-Border Data Transfers
Your personal data may be processed and stored on servers located outside Singapore. Where we transfer personal data internationally, we take steps to ensure that adequate levels of protection are in place, consistent with the requirements of the PDPA. Our primary infrastructure provider (Supabase) operates under standard contractual data protection clauses and is compliant with major international data protection frameworks.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we will notify registered users by email.
Your continued use of the Platform after any updates constitutes acceptance of the revised Policy. We encourage you to review this page periodically.
15. Contact & Data Protection Officer
In accordance with Section 11 of the PDPA, TechDirectory has designated a Data Protection Officer responsible for overseeing our compliance with the PDPA and addressing data protection concerns.
- Data Protection Officer: Justin Rustin (Founder)
- DPO email: [email protected]
- Privacy enquiries: [email protected]
- General enquiries: [email protected]
- Website: techdirectory.sg
- Regulator: Personal Data Protection Commission Singapore — www.pdpc.gov.sg
We aim to respond to all privacy-related enquiries within 5 business days. In the event of a data breach affecting your personal data, we will notify you and the PDPC within 72 hours of becoming aware of the breach, as required under the PDPA.