Skip to content
Vouus Docs

Privacy Policy

Privacy Policy

Effective Date: [INSERT DATE]

Last Updated: [INSERT DATE]

1. Introduction

This Privacy Policy explains how iPrego Pte. Ltd. (UEN: [INSERT UEN]) (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data in connection with the Vouus platform and related services.

This policy is designed to comply with the Singapore Personal Data Protection Act 2012 (PDPA) and reflects our commitment to transparency regarding data practices.

Scope: This Privacy Policy applies to:

  • visitors to our websites ([MARKETING_WEB_HOST], [DOCS_WEB_HOST]);
  • users of the Vouus platform;
  • business contacts, prospects, and partners; and
  • any other individuals whose personal data we process.

For personal data processed by us on behalf of our customers (as a data intermediary), the customer’s privacy policy governs, and our processing is subject to our Data Processing Agreement.

2. Data Controller and Data Intermediary Roles

As Data Controller: When we collect personal data directly from you (e.g., account registration, website visits, marketing communications), iPrego Pte. Ltd. acts as the data controller responsible for that data.

As Data Intermediary: When our customers upload personal data to the Vouus platform (e.g., employee records, customer information), we act as a data intermediary under PDPA, processing such data on behalf of and under the instructions of our customers.

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Account and Registration Information

  • Full name
  • Email address
  • Company name and job title
  • Phone number (if provided)
  • Country/region
  • Login credentials (password stored in hashed form)

3.2 Usage and Technical Information

  • IP address and device identifiers
  • Browser type and version
  • Operating system
  • Login timestamps and session data
  • Pages visited and features used
  • Referral URLs
  • System activity logs

3.3 Customer-Uploaded Data (Data Intermediary Processing)

Customers may upload business data to the platform, which may include:

  • Employee information (names, contact details, employment data, payroll information)
  • Customer/client records
  • Financial and transactional data
  • Operational data

We process this data solely as instructed by the customer. The customer remains responsible for ensuring lawful collection and use of such data.

3.4 Communications Data

  • Correspondence with our support or sales teams
  • Feedback and survey responses
  • Marketing preferences

3.5 Payment Information

  • Billing address
  • Payment card details (processed through PCI-compliant payment processors; we do not store full card numbers)

4. Purposes of Data Collection

We collect and use personal data for the following purposes:

PurposeLegal Basis (PDPA)
Providing and operating the Vouus platformContractual necessity
Creating and managing user accountsContractual necessity
Processing payments and billingContractual necessity
Providing customer supportContractual necessity / Legitimate interests
Communicating service updates and noticesContractual necessity
Improving service performance and featuresLegitimate interests
Ensuring platform security and preventing fraudLegitimate interests / Legal obligation
Complying with legal obligationsLegal obligation
Analytics and usage insightsLegitimate interests
Marketing communications (with consent)Consent
Responding to access/correction requestsLegal obligation (PDPA)

We do not use personal data for purposes incompatible with those described above without providing notice and, where required, obtaining consent.

By providing personal data to us in the course of using our services, you are deemed to consent to the collection, use, and disclosure of that data for the purposes described in this policy.

For certain purposes (e.g., marketing communications), we will obtain your express consent before processing your data.

You may withdraw your consent at any time by contacting us at [PRIVACY_EMAIL]. Please note:

  • Withdrawal is prospective and does not affect lawfulness of prior processing.
  • Withdrawal of certain consents may affect your ability to use specific features.
  • We will inform you of the consequences of withdrawal when you make such a request.

6. Disclosure of Personal Data

We may disclose personal data to the following categories of recipients:

6.1 Service Providers (Sub-Processors)

We engage third-party service providers to support our operations, including:

  • Cloud infrastructure providers (hosting, storage)
  • Payment processors
  • Customer support tools
  • Analytics services
  • Email delivery services
  • Automation or specialty service providers (where Assisted Features are enabled)

These providers are contractually required to protect personal data and use it only as instructed by us. A list of our sub-processors is available upon request or at [INSERT SUBPROCESSOR PAGE URL].

6.2 Professional Advisors

We may share data with legal, accounting, or other professional advisors where necessary for business operations.

6.3 Regulatory and Law Enforcement Authorities

We may disclose personal data where required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of the Company, our users, or others.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction. We will provide notice before personal data becomes subject to a different privacy policy.

We may share personal data with other parties where you have provided consent.

7. International Data Transfers

As a cloud-based service, personal data may be stored or processed in jurisdictions outside Singapore, including [INSERT PRIMARY REGIONS, e.g., “the United States, European Union, and Asia-Pacific”].

Safeguards: Where personal data is transferred outside Singapore, we implement appropriate safeguards to ensure PDPA standards are maintained, including:

  • Contractual clauses requiring equivalent protection
  • Selection of service providers with recognized security certifications (e.g., SOC 2, ISO 27001)
  • Assessment of the data protection laws in the recipient jurisdiction

For customers subject to GDPR: We rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms where required.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy or as required by law.

8.1 Retention Periods

Data CategoryRetention Period
Account informationDuration of account + 3 years after closure
Customer-uploaded dataDuration of subscription + 30 days (then deleted per DPA)
Usage logs12 months (rolling)
Payment records7 years (legal/tax requirements)
Marketing consent recordsDuration of consent + 1 year
Support correspondence3 years after last contact

8.2 Deletion

After the applicable retention period, personal data is securely deleted or anonymized. Customers may request earlier deletion of Customer Data subject to our Data Processing Agreement.

9. Data Security

We implement technical and organizational security measures to protect personal data, including:

  • Encryption: Data encrypted in transit (TLS 1.2+) and at rest
  • Access Controls: Role-based access, multi-factor authentication for employees
  • Infrastructure Security: Cloud infrastructure with SOC 2 Type II / ISO 27001 certifications
  • Monitoring: Intrusion detection, logging, and security incident response procedures
  • Employee Training: Regular security and privacy training for staff

While we take reasonable precautions, no system is completely secure. We cannot guarantee absolute security of personal data.

10. Data Breach Notification

In the event of a data breach affecting personal data, we will:

  1. Investigate the incident promptly to assess scope and impact.
  2. Contain the breach and take remedial measures.
  3. Notify affected individuals and the Personal Data Protection Commission (PDPC) where required under PDPA (i.e., where the breach is likely to result in significant harm and affects a significant number of individuals).
  4. Document the incident and corrective actions.

For Customer Data (data intermediary processing), we will notify the customer in accordance with our Data Processing Agreement so the customer can fulfill its own notification obligations.

11. Your Rights

Under PDPA, individuals have the following rights regarding their personal data:

11.1 Right of Access

You may request access to your personal data that we hold. We will respond within a reasonable time (typically 30 days) and may charge a reasonable fee for processing the request.

11.2 Right of Correction

You may request correction of personal data that is inaccurate or incomplete. We will make corrections and send corrected data to relevant recipients where applicable.

See Section 5.3 above.

11.4 Rights for GDPR-Subject Individuals

If you are located in the EU/EEA/UK and GDPR applies to your personal data, you may also have the following rights:

  • Right to erasure (“right to be forgotten”)
  • Right to data portability
  • Right to object to processing
  • Right to restrict processing
  • Right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at [PRIVACY_EMAIL].

12. Children’s Data

The Vouus platform is designed for business use and is not directed to individuals under the age of 18.

We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

13. Cookies and Tracking Technologies

We use cookies and similar technologies on our websites. For details on the types of cookies we use, their purposes, and how to manage preferences, please see our Cookie Policy.

Our websites and platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

15. Assisted features and privacy

Certain features of the Vouus platform provide optional automation or assisted functionality (“Assisted Features”). Regarding privacy:

  • Customer Data: Customer Data processed by Assisted Features is handled as described in this policy and our Data Processing Agreement.
  • No training on customer data: We do not use Customer Data to train third-party foundation models without the customer’s explicit consent.
  • Third-party subprocessors: Some Assisted Features may rely on third-party services. We ensure appropriate data protection agreements are in place with such providers.
  • See also: Supplemental product practices

16. Do Not Track

Some browsers have a “Do Not Track” (DNT) feature. We do not currently respond to DNT signals because there is no common industry standard for DNT. Our Cookie Policy describes how to manage tracking preferences.

17. Data Protection Officer

In accordance with PDPA requirements, iPrego Pte. Ltd. has appointed a Data Protection Officer (DPO).

For privacy inquiries, access/correction requests, or complaints:

  • Email: [PRIVACY_EMAIL]
  • Mail: Data Protection Officer, iPrego Pte. Ltd., [INSERT ADDRESS], Singapore

We aim to respond to inquiries within 30 days. If you are not satisfied with our response, you may contact the Personal Data Protection Commission (PDPC) at https://www.pdpc.gov.sg/.

18. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

Notification of Changes: Material changes will be communicated via:

  • Email notification to registered users
  • Prominent notice on our website
  • Updated “Last Updated” date

We encourage you to review this policy periodically.

19. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

  • Company: iPrego Pte. Ltd.
  • Email: [PRIVACY_EMAIL]
  • Address: [INSERT REGISTERED ADDRESS], Singapore