Privacy Policy
Last updated: June 2026
1. Introduction
Post Code Labs (“we”, “us”, or “our”) is committed to protecting your personal data in accordance with the Singapore Personal Data Protection Act 2012 (“PDPA”) and its subsidiary legislation. This policy explains how we collect, use, disclose, and protect personal data obtained through our website and services.
By using our website or engaging our services, you acknowledge that you have read and understood this policy. This policy applies to personal data relating to individuals who interact with us as website visitors, prospective clients, and clients.
2. Personal Data We Collect
We collect personal data that you voluntarily provide to us, as well as certain data collected automatically when you use our website. Categories of personal data we may collect include:
- Identity and contact information: name, email address, phone number, and job title or company name provided via enquiry or contact forms.
- Enquiry content: details of your project, question, or request submitted through our website forms.
- Technical and usage data: IP address, browser type and version, pages visited, and referral source, collected automatically when you visit our website.
We collect only the personal data that is necessary for the purposes set out in this policy. We do not collect sensitive personal data (such as data relating to health, financial accounts, or national identification numbers) through our website.
3. How We Collect Your Personal Data
We collect personal data through the following means:
- Directly from you: when you submit a contact or enquiry form, request a quote, or otherwise communicate with us.
- Automatically: through cookies, web server logs, and similar technologies when you browse our website (see Section 8).
4. Purposes of Collection, Use, and Disclosure
We collect, use, and disclose your personal data only for purposes that a reasonable person would consider appropriate in the circumstances. These purposes include:
- Responding to your enquiries and requests for proposals.
- Providing, managing, and improving our professional services.
- Communicating with you about your engagement or about our services where you have consented.
- Maintaining business records and fulfilling our contractual obligations.
- Complying with applicable laws, regulations, and lawful orders.
- Operating, maintaining, and improving our website and infrastructure.
Where we intend to use your personal data for a purpose not stated at the time of collection, we will notify you and, where required by the PDPA, seek your consent before doing so.
5. Disclosure of Personal Data
We do not sell or rent your personal data to any third party.
We may disclose your personal data in the following limited circumstances:
- Group affiliates: We may share your personal data with related corporations and affiliates within our group of companies for the same purposes described in this policy.
- Service providers: We engage third-party service providers to operate our business (including website hosting, email delivery, analytics, and advertising-measurement services). These providers access your personal data only as necessary to perform services on our behalf and are contractually required to protect it.
- Legal requirements: We may disclose personal data to government authorities, law enforcement bodies, or other parties where required or authorised by applicable law.
6. Overseas Transfers
Some of our service providers are located outside Singapore (for example, cloud infrastructure and email delivery services based in the United States or the European Union). Where we transfer personal data to recipients outside Singapore, we take reasonable steps to ensure that those recipients provide a standard of protection at least comparable to the protection under the PDPA, including through contractual arrangements.
7. Retention of Personal Data
We retain personal data only for as long as it is necessary for the purposes for which it was collected, or as required or permitted by applicable law.
- Records relating to client engagements are generally retained for seven years from the conclusion of the engagement, in line with Singapore's statutory limitation periods.
- Enquiry data submitted through our website forms where no engagement results — including quote requests and free code-audit requests — is retained for up to 24 months from submission, after which it is automatically deleted from our active systems by a scheduled purge.
- Website analytics and log data is retained in accordance with the default retention periods of our analytics provider (typically 13 to 26 months).
When personal data is no longer required, we delete it from our active databases. Residual copies held in short-term, encrypted database backups are overwritten as those backups age out, within 30 days of deletion.
8. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to operate the site and to collect usage data. Cookies are small text files stored on your device. We use:
- Essential cookies: required for the website and its features to function correctly, such as cookies that maintain a signed-in session or secure a sign-in flow. These are always set.
- Analytics cookies: used to understand how visitors use our site (for example, pages visited and time on site) so we can improve it. These are set only after you accept them through the cookie banner.
- Advertising measurement cookies: set by Google Ads (the Google tag) to measure whether a visit that began from one of our adverts led to an enquiry, so we can judge which campaigns are effective. These are set only after you accept them through the cookie banner. We use them to measure conversions only — not for advertising personalisation or remarketing.
You can change your cookie choice at any time using the “Cookie settings” link in the website footer, or control cookies through your browser settings. If you decline, we set no analytics or advertising-measurement cookies; we may still measure site usage and advert effectiveness in aggregate using methods that store nothing on your device. Disabling essential cookies through your browser may affect the functionality of our website.
9. Security
We implement reasonable physical, technical, and administrative measures to protect your personal data from unauthorised access, disclosure, alteration, and loss. These measures include encrypted data transmission (HTTPS), access controls, and secure hosting infrastructure.
In the event of a data breach that is notifiable under the PDPA, we will notify the Personal Data Protection Commission within three calendar days of assessment and will notify affected individuals where required by law.
10. Your Rights
Under the PDPA, you have the following rights in relation to your personal data held by us:
- Access: You may request information about the personal data we hold about you and how it has been used or disclosed.
- Correction: You may request that we correct personal data about you that is inaccurate or incomplete.
- Deletion: You may request that we delete personal data we hold about you where we no longer have a legal or business need to retain it. On such a request we will remove your data from our active systems, subject to the backup overwrite period described in Section 7.
- Withdrawal of consent: You may withdraw consent to our collection, use, or disclosure of your personal data at any time by giving us reasonable notice. On withdrawal we will cease retaining the affected data where we have no other lawful basis to keep it, and securely delete it. Please note that withdrawal of consent may affect our ability to provide certain services to you.
To exercise any of these rights, please contact our Data Protection Officer using the details in Section 11. We will respond to your request within 30 calendar days.
11. Data Protection Officer
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy and the PDPA. For any queries, access or correction requests, or complaints relating to the handling of your personal data, please contact our DPO at:
Data Protection OfficerPost Code Labs
Email: [email protected]
12. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or in applicable law. When we do, we will revise the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after any update constitutes acceptance of the revised policy.