Legal draft
Privacy notice
This draft explains how personal data may be handled when you use this website or send a project brief to PSOI Tech OS. It has not been legally reviewed and should be reviewed by Singapore counsel before being treated as a final policy.
1. Who this notice covers
This notice covers personal data collected through the public PSOI Tech OS website, including the project brief form and related correspondence. It does not replace the terms of any signed client agreement.
2. Data we may collect
Depending on what you submit or how the site is configured, this may include:
- Identity and business contact details submitted through the project brief
- Company and project information, including budget, timeline, systems and intended outcome
- Consent record, referral source, UTM parameters, landing page and referrer
- Technical and usage information produced by configured hosting, security and analytics services
The project-brief endpoint may process a network address in short-lived server memory to apply rate limits. Hosting and security services may retain their own request records under their configured terms and retention settings.
Please do not place passwords, private keys, production data, regulated records or other sensitive information in the initial project brief.
3. Why we use it
Personal data may be used to:
- Assess, qualify and respond to enquiries
- Prepare a proposed scope and communicate about a potential engagement
- Protect the website and prevent spam or misuse
- Understand website and funnel performance using privacy-conscious analytics
- Meet applicable record-keeping or legal obligations
Consent will be sought where required. Data may also be handled where reasonably necessary to respond to your request, take steps toward a contract, protect the service, or meet obligations permitted by applicable law.
4. Where data may be sent
- The configured lead-delivery service when enabled
- The configured notification email service when enabled
- Hosting, security and analytics providers used to operate the website
A submitted brief is processed by the site infrastructure. When configured, it may be forwarded to a lead-management webhook or notification service so the team can respond. Relevant information may also be shared with professional advisers or delivery suppliers when necessary and subject to appropriate obligations.
Service providers may process data outside Singapore. Where cross-border transfers occur, reasonable steps should be taken to ensure a standard of protection comparable to applicable Singapore requirements. A final vendor list and transfer review should be confirmed before this draft is approved.
Personal data is not intended to be sold. It should not be disclosed for unrelated purposes without notice or another basis permitted by law.
5. Retention
Enquiry information should be retained only for as long as reasonably needed for the stated purposes, an active business relationship, dispute handling and applicable legal obligations. A specific retention schedule must be confirmed by the business owner.
6. Access, correction and withdrawal
People may request access to or correction of their personal data through the published contact or DPO channel. Identity may need to be verified before a request is completed, and applicable legal exceptions may apply.
Consent for future use may also be withdrawn where consent applies. Withdrawal will not affect uses already made lawfully and may limit the ability to respond or provide services.
7. Security
Reasonable administrative and technical safeguards should be used for lead data, including controlled access, protected credentials, input validation, transport encryption where supported, and review of the services that receive submissions. No internet transmission or storage method can be promised to be completely secure.
8. Cookies and analytics
The site may use essential storage and privacy-conscious analytics when configured. Non-essential tracking should not be enabled without an appropriate notice and consent approach.
Configured measurement may include aggregate site use and conversion events, such as a project brief being started or submitted. Browser settings can restrict cookies, although doing so may affect some features.
9. Third-party services and links
Service providers should receive only the information needed for their role and remain subject to their own terms, security measures and data-location practices. The final notice must name or describe configured providers accurately.
Hosting, email, lead-management, analytics, calendar-booking and other configured services may process limited data for their stated function. Their own terms and privacy notices apply. Links to external websites are provided for convenience; PSOI Tech OSdoes not control how those sites handle data.
10. AI and project data
AI-assisted tools may support delivery, but client data should not be entered into an external AI service without an agreed purpose, appropriate access controls and a review of the service settings. Any engagement-specific handling rules, exclusions or approved tools should be recorded in the project agreement.
11. Updates and contact
This notice may be updated when the website, service providers or legal requirements change. Material changes should be identified on this page. Questions and complaints will be reviewed and answered within a reasonable period.