PDPA Compliant · Singapore

Privacy Policy

Effective: 1 January 2025  ·  Last Updated: 16 May 2026  ·  Jurisdiction: Singapore

Table of Contents

1. About This Policy
2. Data We Collect
3. Consent
4. Purpose of Collection
5. Disclosure to Third Parties
6. Data Protection
7. Access & Correction
8. Retention & Deletion
9. Your Rights
10. DPO Contact
11. Policy Updates
1

About This Policy

Preamble

This Privacy Policy ("Policy") is issued by EcoVault (hereinafter "EcoVault", "we", "our", or "us"), a platform operated from India, providing F&B compliance management services to Singapore-based establishments. This Policy governs the collection, use, disclosure, and protection of personal data submitted by users ("you", "User", or "Establishment") through the EcoVault platform, website, and application (collectively, the "Services").

This Policy is prepared in accordance with the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore ("PDPA"), as amended from time to time. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy.

2

Personal Data We Collect

PDPA Section 13 — Consent Obligation

EcoVault collects only such personal and business data as is necessary for the provision of compliance management services to F&B establishments in Singapore.

CategoryData ElementsCollection Point
Identity DataFull name of account holder / authorised representativeAccount registration
Contact DataBusiness email address, contact numberAccount registration
Establishment DataF&B establishment name, registered address, licence numberOnboarding / profile setup
Compliance RecordsGrease trap logs, pest control records, temperature logs, inspection dates, service provider detailsMaintenance log uploads
Usage DataLogin timestamps, IP address, browser/device type, platform interaction logsAutomatically via cookies and server logs

We do not collect sensitive personal data such as NRIC numbers, financial account details, or health information unless expressly required and separately consented to.

3

Consent

PDPA Section 13 — Consent Obligation

EcoVault collects personal data only with your express or deemed consent. Consent is obtained at the following stages:

  • Account Registration: By completing sign-up and agreeing to this Policy, you provide express consent to the collection and use of your identity and contact data.
  • Maintenance Log Upload: By submitting compliance records, you consent to their collection, storage, and processing.
  • Report Export: By initiating a data export or report share, you separately authorise the disclosure of your compliance records to the designated recipient.

You may withdraw consent at any time by contacting our DPO. Withdrawal may affect our ability to continue providing the Services.

4

Purpose Limitation

PDPA Section 18 — Purpose Limitation Obligation

EcoVault collects, uses, and discloses personal data only for the following purposes:

  1. Facilitating the onboarding and management of F&B establishment compliance profiles;
  2. Tracking and managing maintenance compliance activities including grease trap servicing, pest control, and temperature monitoring;
  3. Generating automated compliance reports and reminders;
  4. Enabling audit-ready documentation for submission to NEA and SFA;
  5. Communicating service announcements and maintenance reminder notifications;
  6. Ensuring the security, integrity, and performance of the platform.
No third-party marketing. Your personal data will not be sold, rented, or disclosed to any third party for marketing or advertising purposes. EcoVault does not engage in data brokering.
5

Disclosure to Third Parties

PDPA Section 18 — Authorised Disclosure

EcoVault does not disclose your personal data to any third party except in the following circumstances:

  • Regulatory Authorities (User-Initiated): You may export and share compliance records with NEA or SFA officers directly from your dashboard. Such disclosure occurs only upon your explicit action.
  • Service Providers: Trusted third-party providers (e.g., cloud hosting) who process data on our behalf under contractual obligations consistent with this Policy.
  • Legal Obligation: If required by law, court order, or governmental authority.
  • Business Transfer: In the event of a merger or acquisition, subject to equivalent data protection obligations.
6

Data Protection

PDPA Section 24 — Protection Obligation

EcoVault implements the following security measures:

  • Encrypted servers compliant with industry security standards;
  • Transport Layer Security (TLS) encryption for data transmission;
  • Role-based access controls (RBAC);
  • Regular security assessments and vulnerability scanning;
  • Internal data protection training for staff.

In the event of a notifiable data breach under the PDPA, EcoVault shall comply with mandatory breach notification obligations to the PDPC and affected individuals.

7

Access & Correction Rights

PDPA Sections 21 & 22

You have the right to:

  • Access (Section 21): Request access to personal data EcoVault holds about you, including compliance records.
  • Correction (Section 22): Request correction of any error or omission in your personal data.

EcoVault provides in-platform tools to directly edit, update, or delete your maintenance logs and establishment profile at any time. For data not editable via dashboard, submit a formal request to our DPO. We will respond within 30 calendar days.

8

Data Retention & Deletion

PDPA Section 25 — Retention Limitation Obligation
  • Active account data retained for subscription duration + 3 years following account closure;
  • Compliance records retained for minimum period prescribed under relevant legislation;
  • Usage and server log data retained for up to 12 months;
  • Upon expiry, data is securely deleted or anonymised using industry-standard methods.
9

Your Rights Under the PDPA

PDPA 2012 — Individual Rights Summary
  • Right to be informed — Notified of purposes for which your data is collected, used, or disclosed;
  • Right of access — Request a copy of your personal data held by EcoVault;
  • Right to correction — Request that inaccurate data be corrected;
  • Right to withdraw consent — Withdraw consent for any use or disclosure of your data;
  • Right to data portability — Request transfer of your data in a machine-readable format;
  • Right to lodge a complaint — Make a complaint to the PDPC at www.pdpc.gov.sg.
10

Data Protection Officer

PDPA Section 11(3) — DPO Appointment

EcoVault has appointed a Data Protection Officer responsible for ensuring PDPA compliance and serving as the primary contact for all personal data-related inquiries.

Data Protection Officer — EcoVault
dpo@ecovault.online

All requests acknowledged within 5 business days, addressed within 30 calendar days.

11

Amendments to This Policy

EcoVault reserves the right to amend this Privacy Policy at any time. Material amendments will be communicated via email or in-platform notice at least 14 days prior to taking effect. Continued use of the Services constitutes acceptance of the amended Policy.

The most current version will always be accessible at ecovault.online/privacy.

Governing Law & Jurisdiction: This Privacy Policy is governed by the laws of the Republic of Singapore. Any dispute shall be subject to the exclusive jurisdiction of the courts of Singapore.
© 2026 EcoVault · Questions? dpo@ecovault.online
Terms & Conditions← Back to Home