offerly

PRIVACY POLICY

Privacy Policy

Effective date: 15 June 2026 Data controller: Offerly (UEN to be confirmed), Singapore ("Offerly", "we", "us"). Governs: offerly.sg and all Offerly services.

We are committed to handling your personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA). This policy explains what we collect, why, how we use and protect it, who we share it with, and your rights.


1. Data Protection Officer (DPO)

In line with PDPA s.11(3), our DPO is:

You may contact the DPO for any question, access/correction request, consent withdrawal, or complaint about how we handle your personal data.


2. What personal data we collect

CategorySpecific dataWhen collected
AccountEmail, full name, Singapore mobile number, date of birth, genderSign-up (2-step)
ProfileDisplay name, avatarProfile edit
LocationDevice location / approximate area (for "near me" search, Map, Qiblah)When you grant location permission
Vendor verificationBusiness name, UEN, halal certificate / proof documents, contact detailsVendor onboarding / claim
User-generated contentReviews, ratings, saved listings, business reports, suggestionsWhen you use those features
Usage / analyticsA persistent visitor identifier and approximate location, device/browser info, pages viewed, actions takenAutomatically (subject to the Cookie & Tracking Notice)
CommunicationsMessages you send us; enquiry content you choose to send a vendorWhen you contact us / a vendor

We collect personal data only for the purposes set out below and limited to what is reasonable for those purposes (PDPA s.18 — purpose limitation).


3. Why we collect it (purposes)

  • Create and manage your account and authenticate you.
  • Provide core features: discovery, "near me" search, Map, Qiblah direction, saving listings, reviews.
  • Verify vendor identity and halal/business claims, and operate the approval queue.
  • Communicate service/transactional messages (sign-up confirmation, password reset, security notices).
  • With your separate, optional consent: marketing and promotional messages by email, SMS, or WhatsApp.
  • Maintain safety, prevent fraud and abuse, and moderate content.
  • Comply with legal obligations and respond to lawful requests.
  • Understand and improve the service through analytics.

4. Consent and your choices

  • By creating an account you acknowledge this Privacy Policy and agree to our Terms of Service.
  • Marketing is separate and optional. We will only send marketing/promotional messages if you have given a distinct, opt-in consent (an unticked checkbox at sign-up or later). You can withdraw this at any time — see Section 9.
  • Where we rely on consent, you may withdraw it at any time by contacting the DPO. Withdrawal does not affect processing already carried out, and may mean we can no longer provide certain features.
  • We record your consents (purpose, policy version, timestamp) so we can honour and evidence them.

5. Minimum age

Offerly is intended for users aged 13 and above. We use the date of birth you provide to apply this. If we learn we have collected personal data from a person below the minimum age without appropriate consent, we will delete it. Where required, certain features (e.g. giveaways) may be further age-gated.


6. Who we share data with

We do not sell your personal data. We share it only as needed to run the service:

  • Service providers / processors acting on our instructions — for example hosting and database, mapping/geocoding, authentication, and email/SMS delivery. A current list is available on request and includes (subject to confirmation): Supabase (database & authentication, Singapore), Vercel (hosting, USA), Cloudflare (video & content delivery, USA), Mapbox (maps & geocoding, USA), Google (Places & Maps geocoding, USA), Resend (transactional email, USA), and GoHighLevel (marketing SMS/WhatsApp, USA).
  • Vendors, when you choose to send an enquiry via "Order Now" / contact — your enquiry is sent to that vendor's own channel (e.g. WhatsApp, Instagram, email). That vendor is a separate data controller and handles your data under its own practices, outside Offerly's control. See Vendor Terms.
  • Authorities / legal — where required by law, regulation, or to protect rights and safety.

7. International / cross-border transfer

Some of our service providers process data outside Singapore. Where personal data is transferred overseas, we take steps so it receives a standard of protection comparable to the PDPA (PDPA s.26 — transfer limitation), for example through contractual data-protection terms with each processor. Our primary database is hosted in Singapore (ap-southeast-1). The processors and their locations are listed in Section 6.


8. Retention

We keep personal data only as long as necessary for the purposes above or as required by law (PDPA s.25 — cessation of retention). Indicative periods:

DataRetention
Account dataWhile your account is active; deleted/anonymised on account deletion (see Data Deletion Policy)
Vendor proof documents (halal cert / UEN)Retained only as long as needed for verification, then purged; access is restricted and logged — see Section 11
Reviews / UGCMay remain after account deletion in anonymised form to preserve listing integrity (see Deletion Policy)
Analytics eventsRetained for up to 24 months then deleted or aggregated; coordinates are coarsened
Consent recordsFor the life of the account plus a period necessary to evidence compliance

9. Your PDPA rights

Under the PDPA you may:

  • Access — request a copy of the personal data we hold about you and how it has been used/disclosed (s.21).
  • Correct — request correction of inaccurate or incomplete data (s.22).
  • Withdraw consent — for any purpose you previously consented to, including marketing.
  • Delete — request deletion of your account and associated personal data (see Data Deletion Policy).

To exercise any right, contact the DPO at hello@offerly.sg. We will respond within a reasonable time and in any case within the timelines required by the PDPA. We may need to verify your identity first.


10. Marketing messages (email / SMS / WhatsApp)

If you opt in to marketing:

  • Every marketing email contains a working unsubscribe link.
  • You can opt out of SMS/WhatsApp marketing by replying as instructed or contacting the DPO.
  • Marketing messages are sent in line with the PDPA Do Not Call provisions and the Spam Control Act. We rely on your recorded consent and honour opt-outs promptly.

Service/transactional messages (e.g. password reset, security alerts) are not marketing and will still be sent while your account is active.


11. Security

We apply reasonable administrative, technical, and physical safeguards to protect personal data (PDPA s.24). Sensitive verification documents (halal certificates, UEN docs) are stored in restricted storage, viewable only by authorised admins, with access logged, and purged per our retention schedule.

In the event of a data breach assessed as notifiable, we will notify the Personal Data Protection Commission and affected individuals as required by the PDPA.


12. Analytics and cookies

We use cookies and similar technologies and collect usage analytics as described in our Cookie & Tracking Notice. Non-essential analytics are subject to your consent.


13. Changes to this policy

We may update this policy. The "Effective date" reflects the latest version. For material changes we will notify you and, where required, ask you to re-acknowledge before continuing to use Offerly.


14. Contact

Questions, requests, or complaints: hello@offerly.sg (DPO) or hello@offerly.sg. You also have the right to complain to the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.