Singpass.bizGet a quote
← Back to Singpass.biz

PDPA · Singpass.biz

PDPA Notice

Last updated: 23 April 2026

Draft — pending legal review. This document is provided in good faith as a first draft and will be reviewed by Singapore legal counsel before being published as final terms. Please treat it as informational only until then.

1. About this Notice

This PDPA Notice (the “Notice”) is issued by DOUBLEAM AI AUTOMATION MARKETING PTE. LTD., a company incorporated in the Republic of Singapore with Unique Entity Number 202521700C, having its registered office at 60 Paya Lebar Road, #07–54, Paya Lebar Square, Singapore 409051 (“Doubleam”, “we”, “us” or “our”), in accordance with the obligations of a data controller and data intermediary under the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) (as amended) (the “PDPA”).

This Notice supplements our Privacy Policy and sets out our specific practices regarding the handling of Personal Data processed through our Singpass and MyInfo integration services (the “Services”). Capitalised terms not defined here have the meanings given in the Privacy Policy.

2. Our role under the PDPA

We process Personal Data in two capacities:

  • As a Data Controller in respect of information we collect directly from visitors to the Site, prospective customers and existing customers (for example, through the inquiry form, newsletter signup, WhatsApp or our customer-relationship correspondence).
  • As a Data Intermediary within the meaning of Section 4(2) of the PDPA, in respect of End User Personal Data that we receive through the Singpass or MyInfo APIs on behalf of a Customer. In that capacity we process End User Personal Data only for the purposes of performing the integration service on the Customer’s behalf, and only in the manner and for the duration specified in our written arrangement with that Customer.

3. Categories of Personal Data we process

3.1 Data submitted to us directly

  • Identification and contact details (name, work email, company, telephone);
  • Enquiry content (expected verification volume, intended use case, industry);
  • Billing information for paid engagements.

3.2 Data received through Singpass and MyInfo (as Data Intermediary)

Depending on the data scope that the Customer has justified to GovTech for the relevant use case, we may receive and transmit: full name, NRIC / FIN / UIN, residential address, date of birth, nationality, sex, mobile number, email address, CPF contributions, employment details, housing, vehicle particulars and other attributes permitted by GovTech.

4. Purposes and legal basis

Personal Data is collected, used and disclosed for the purposes set out in Section 4 of our Privacy Policy. In respect of End User Personal Data, the lawful basis is the End User’s explicit, informed consent provided at the Singpass authentication screen operated by GovTech (“Singpass consent”), in reliance on which we facilitate the transmission of the Personal Data to the Customer.

5. Disclosure and transfers

End User Personal Data is disclosed to the relevant Customer in accordance with the Singpass consent. We do not disclose End User Personal Data to any other third party except:

  • to GovTech and the Singpass / MyInfo APIs necessary to deliver the Service;
  • to subprocessors strictly required to operate our infrastructure, under contractual obligations of confidentiality and data protection;
  • to law enforcement or regulators where required or permitted by law; and
  • where the End User has given separate consent.

Where Personal Data is transferred outside Singapore, we comply with Section 26 of the PDPA by ensuring that the recipient is bound by legally enforceable obligations to provide a standard of protection comparable to that of the PDPA.

6. Retention

Personal Data handled by us as a Data Controller is retained in accordance with Section 8 of the Privacy Policy. Personal Data handled by us as a Data Intermediary is retained only for so long as strictly necessary to facilitate the verification transaction and to maintain appropriate audit logs. Audit-log retention periods are aligned with the Customer’s instructions and any applicable sector-specific obligations (for example, financial-services retention requirements administered by the Monetary Authority of Singapore).

7. Data protection measures

We implement reasonable administrative, technical and physical safeguards designed to protect Personal Data in our possession or under our control, including:

  • encryption of Personal Data in transit and at rest;
  • role-based access controls and the principle of least privilege among our personnel;
  • periodic key rotation for cryptographic material used with Singpass;
  • staging and production environment separation;
  • regular review of our subprocessors and their security posture;
  • documented procedures for the detection, assessment, containment and notification of data breaches in compliance with the PDPA’s data breach notification obligations.

8. Your rights as a data subject

Subject to the PDPA, you may:

  • request access to Personal Data about you in our possession or under our control, and information about its use and disclosure;
  • request correction of any error or omission;
  • withdraw any consent you have previously given for any specific purpose; and
  • lodge a complaint with our Data Protection Officer or the PDPC.

Requests may be sent to our Data Protection Officer using the contact details in Section 10 below. We will respond within a reasonable time and in any event within thirty (30) days of receipt. A reasonable administrative fee may apply to access requests.

9. Complaints and escalation

If you are not satisfied with how we handle Personal Data, you may lodge a complaint with our Data Protection Officer at info@doubleam.com. If your concern remains unresolved, you may contact the Personal Data Protection Commission of Singapore at www.pdpc.gov.sg.

10. Data Protection Officer

Doubleam has designated a Data Protection Officer who is responsible for the company’s compliance with the PDPA. The Data Protection Officer may be contacted at:

Data Protection Officer
Doubleam AI Automation Marketing Pte. Ltd.
60 Paya Lebar Road, #07–54, Paya Lebar Square, Singapore 409051
Email: info@doubleam.com

11. The 2027 NRIC authentication change

Beginning 1 January 2027, the PDPC’s advisory guidelines restrict the use of full or partial NRIC numbers as a means of online authentication. Doubleam is preparing Customers for this change by deploying Singpass-based authentication flows as a recognised substitute. Customers that process NRIC-based logins on behalf of their end users should contact us in advance of the deadline to scope a migration plan.

12. Updates to this Notice

We may amend this Notice from time to time to reflect changes in our practices, the PDPA or related guidelines published by the PDPC. The “last updated” date above reflects the effective date of the current version.