Privacy Policy

Last updated: 6 April 2026

1. Introduction

ComplyHQ ("we", "us", "our") operates the ComplyHQ platform at complyhq.app. We are committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 ("PDPA") of Singapore. This Privacy Policy explains how we collect, use, disclose, and protect your personal data.

2. Personal Data We Collect

We collect the following types of personal data:

  • Account Information: Name, email address, company name, job title, and password when you create an account.
  • Company Data: Business information you provide during compliance assessments, including industry sector, company size, and data processing activities.
  • Usage Data: Information about how you use our platform, including pages visited, features used, and interaction timestamps.
  • Technical Data: IP address, browser type, device information, and cookies necessary for the operation of our service.
  • Payment Data: Billing information processed securely through Stripe. We do not store full credit card numbers on our servers.

3. Purposes of Collection

We collect and use your personal data for the following purposes:

  • Providing and maintaining our PDPA compliance platform
  • Processing your compliance assessments and generating policies
  • Powering AI-driven compliance guidance and recommendations
  • Processing payments and managing your subscription
  • Communicating with you about your account, updates, and support requests
  • Improving our services through analytics (anonymised where possible)
  • Complying with legal obligations and regulatory requirements

4. Data Protection and Security

All data is encrypted at rest and in transit using industry-standard encryption (AES-256 and TLS 1.2+). Our infrastructure is hosted on Amazon Web Services (AWS) in the Singapore region (ap-southeast-1), ensuring your data remains within Singapore's jurisdiction.

We implement access controls, audit logging, and regular security reviews to protect your personal data against unauthorised access, collection, use, disclosure, copying, modification, or disposal.

5. Disclosure of Personal Data

We do not sell your personal data. We may share your data with:

  • Service Providers: AWS (infrastructure), Stripe (payments), and analytics providers, all bound by data processing agreements.
  • AI Processing: Your compliance data is processed by AWS Bedrock AI services. This data is not used to train AI models and is processed in accordance with AWS's data processing agreements.
  • Legal Requirements: When required by law, court order, or governmental authority.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Upon account deletion, we will delete or anonymise your personal data within 90 days, except where retention is required by law.

7. Your Rights Under the PDPA

Under the PDPA, you have the right to:

  • Access your personal data held by us
  • Correct any inaccurate or incomplete personal data
  • Withdraw consent for the collection, use, or disclosure of your personal data
  • Request deletion of your personal data, subject to legal requirements

To exercise any of these rights, please contact us using the details below.

8. Cookies

We use essential cookies to maintain your authentication session and ensure the proper functioning of our platform. We use Google Analytics to collect anonymised usage data to improve our services. You may disable non-essential cookies through your browser settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our platform or sending you an email. Continued use of our services after such changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

ComplyHQ
Email: support@complyhq.app
Website: complyhq.app/contact