← Back to Home

Privacy Policy

Last updated: 27 April 2026

1. Introduction

ServiceSync SG Pte Ltd ("ServiceSync", "we", "us", or "our") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 ("PDPA") of Singapore.

This Privacy Policy explains what personal data we collect, how we use and protect it, and your rights as a data subject.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, phone number, password (hashed)
  • Business data: ACRA UEN, trade category, service areas, PayNow key
  • Booking data: Customer name, phone, address, service date, job descriptions
  • Payment data: Invoice amounts, payment status, PayNow reference numbers, digital signatures
  • Technical data: IP address, browser type, device information, access logs
  • Contact data:If you choose to import contacts, we access names and phone numbers from your device's contact list or uploaded .vcf files. This data is only used to create client records in your account.
  • Location data:We use your device's location (with your permission) to estimate travel times and provide address autocomplete via OneMap SG.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account
  • To facilitate bookings between customers and service providers
  • To process payments and issue invoices
  • To send transactional notifications (booking confirmations, payment receipts)
  • To verify business registration via ACRA
  • To improve our Services and fix technical issues
  • To comply with legal obligations

4. Legal Basis (PDPA Consent)

By creating an account, you consent to the collection, use, and disclosure of your personal data as described in this Policy. You may withdraw consent at any time by deleting your account, though this may affect your ability to use the Services.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Service providers: Customer contact details are shared with the technician assigned to a booking
  • Payment processors: PayNow (processed through DBS/OCBC/UOB banking rails)
  • Infrastructure partners: Supabase (database hosting), Vercel (application hosting) — all data stored in Singapore or APAC regions
  • Legal authorities: When required by Singapore law or court order
  • OneMap SG:Address lookups are processed through Singapore's OneMap service (onemap.gov.sg). No personal data is sent — only the search query text.

6. Data Retention

We retain your personal data for as long as your account is active. After account deletion:

  • Personal profile data is deleted within 30 days
  • Invoice and payment records are retained for 5 years as required by the Income Tax Act and GST regulations
  • Anonymised usage data may be retained indefinitely for analytics

7. Data Security

We implement industry-standard security measures including: encryption in transit (TLS 1.3), encryption at rest (AES-256), Row Level Security (RLS) policies on all database tables, secure cookie-based authentication, and Content Security Policy headers. Access to production systems is restricted to authorised personnel only.

8. Your Rights Under PDPA

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate personal data via your Profile page
  • Withdrawal of consent: Delete your account and associated data at any time
  • Data portability: Request your data in a machine-readable format

To exercise any of these rights, contact our Data Protection Officer at dpo@servicesync.sg.

9. Cookies

We use strictly necessary cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies. No cookie consent is required for strictly necessary cookies under PDPA, but we provide transparency here.

10. International Transfers

Your data is primarily stored and processed in Singapore. Where data is processed outside Singapore (e.g., by infrastructure partners), we ensure adequate protection through contractual safeguards compliant with the PDPA Transfer Limitation Obligation.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app notification at least 14 days before taking effect.

12. Contact & DPO

For privacy-related inquiries or complaints, contact our Data Protection Officer:

Email: dpo@servicesync.sg

If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.

Terms of ServiceHome