Singpass.bizGet a quote
← Back to Singpass.biz

Privacy · Singpass.biz

Privacy Policy

Last updated: 23 April 2026

Draft — pending legal review. This document is provided in good faith as a first draft and will be reviewed by Singapore legal counsel before being published as final terms. Please treat it as informational only until then.

1. Introduction

This Privacy Policy (the “Policy”) describes how DOUBLEAM AI AUTOMATION MARKETING PTE. LTD., a company incorporated in the Republic of Singapore with Unique Entity Number 202521700C, having its registered office at 60 Paya Lebar Road, #07–54, Paya Lebar Square, Singapore 409051 (“Doubleam”, “we”, “us”, or “our”), collects, uses, discloses, protects and otherwise processes Personal Data in connection with the Singpass.biz website at https://singpass.biz (the “Site”) and the Singpass and MyInfo integration services (together, the “Services”) that we provide to businesses operating in Singapore (each, a “Business Client”).

This Policy is issued in compliance with the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) (as amended) (the “PDPA”) and should be read together with our PDPA Notice and Terms of Service.

2. Definitions

  • “Personal Data” means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.
  • “Singpass” and “MyInfo” refer to the national digital identity and personal data services operated by the Government Technology Agency of Singapore (“GovTech”).
  • “End User” means an individual who authenticates via Singpass through an integration that we operate or host on behalf of a Business Client.

3. Personal Data we collect

We collect Personal Data in the following ways:

3.1 Information you provide directly to us

  • Contact details submitted through the inquiry form or newsletter signup on the Site (such as name, work email address, company name, expected verification volume and a description of your intended use case).
  • Information you send us via WhatsApp, email or during discovery calls.
  • Billing and invoicing information if you engage our paid Services.

3.2 Information collected through our Singpass / MyInfo integration

When an End User authenticates via a Singpass or MyInfo flow that we operate for a Business Client, we necessarily receive Personal Data returned by the Singpass and MyInfo APIs. Depending on the scope the Business Client has justified to GovTech, this may include: full name, NRIC / FIN / UIN, residential address, date of birth, nationality, sex, mobile number, email address, CPF contributions, employment details, housing, vehicle particulars and other attributes permitted by GovTech.

In respect of such End User Personal Data, we act as a Data Intermediary of the Business Client within the meaning of Section 4(2) of the PDPA. We receive, transport and pass such Personal Data to the Business Client strictly to fulfil the verification purpose requested by the End User. We do not retain or re-use such Personal Data for our own independent purposes.

3.3 Information collected automatically

  • Technical data such as IP address, browser type, device identifiers, referring URL and pages viewed, used for site security, analytics and debugging.
  • Cookies and similar technologies necessary to deliver the Site and measure aggregate usage.

4. Purposes for which we collect, use and disclose Personal Data

We collect, use and disclose Personal Data for the following purposes (each a “Purpose”):

  • Responding to your inquiries, preparing quotes and providing the Services;
  • Operating, maintaining, securing and improving the Site and the Services;
  • Acting on behalf of a Business Client to facilitate End User authentication and identity verification through Singpass and MyInfo;
  • Transmitting End User Personal Data received via Singpass / MyInfo to the relevant Business Client pursuant to our arrangement with that Business Client;
  • Complying with applicable laws, regulations, codes and the directions, guidelines and requirements of GovTech, the Personal Data Protection Commission (“PDPC”), the Infocomm Media Development Authority (“IMDA”) and other government bodies in Singapore;
  • Sending you service-related communications and, where you have consented, occasional marketing communications about our Services;
  • Preventing, detecting and investigating fraud, misuse, security incidents and breaches of our Terms of Service.

5. Legal basis for processing

We rely on one or more of the following bases under the PDPA when we process Personal Data: your consent (including deemed consent); the performance of a contract with you or at your request; legitimate interests which are not overridden by your interests and fundamental rights; compliance with legal obligations; and the exceptions set out in the First and Second Schedules of the PDPA.

6. Disclosure of Personal Data

We do not sell Personal Data. We may disclose Personal Data to:

  • Business Clients. Personal Data received through our Singpass or MyInfo integrations is passed to the Business Client who engaged us, in line with the End User’s consent at the point of authentication.
  • GovTech and Singpass / MyInfo APIs. We interact with the Singpass and MyInfo APIs operated by GovTech to deliver the Services.
  • Service providers and subprocessors. We engage carefully selected third parties to host our infrastructure, capture form submissions (for example, Formspree), deliver email, analyse aggregate Site usage and process payments. These providers are bound by contract to process Personal Data only on our instructions and to maintain appropriate safeguards.
  • Professional advisers and auditors. Our lawyers, accountants, auditors and insurers where necessary.
  • Authorities. Law enforcement, regulators, courts or tribunals where required or permitted by law.
  • Successors. In the event of a merger, acquisition, reorganisation or sale of business, subject to appropriate confidentiality undertakings.

7. Transfers outside Singapore

Some of our subprocessors operate infrastructure outside Singapore. Where we transfer Personal Data out of Singapore, we take reasonable steps to ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection that is comparable to the PDPA, as required by Section 26 of the PDPA.

8. Retention

  • Inquiry and newsletter data. Retained for so long as necessary to respond to you and to continue any business relationship, and thereafter for up to seven (7) years for record-keeping and tax purposes.
  • End User Personal Data handled as a Data Intermediary. Retained only for so long as strictly necessary to transmit the data to the relevant Business Client and to provide audit logs for the verification transaction. Audit log retention is guided by the Business Client’s direction and applicable law, and typically does not exceed the minimum required for regulatory audit (for example, seven (7) years for financial services under MAS guidelines).
  • Site technical logs. Retained for up to twelve (12) months for security and diagnostics.

9. Your rights under the PDPA

Subject to the PDPA and applicable exceptions, you may:

  • request access to Personal Data about you that is in our possession or under our control, and information about the ways in which that Personal Data has been or may have been used or disclosed within a year of your request;
  • request correction of any error or omission in Personal Data about you;
  • withdraw any consent you have previously given us to collect, use or disclose your Personal Data for any Purpose; and
  • request a written copy of any Personal Data about you that is in our possession or under our control.

We will respond to your request within a reasonable time, and in any event within thirty (30) days of receipt, in accordance with the PDPA. A reasonable administrative fee may apply to access requests.

10. Security

We put in place reasonable administrative, technical and physical safeguards to protect Personal Data in our possession or under our control against unauthorised access, collection, use, disclosure, copying, modification or disposal. Notwithstanding the foregoing, no method of transmission over the internet or method of electronic storage is completely secure and absolute security cannot be guaranteed.

11. Children

The Site and the Services are not directed at individuals under the age of thirteen (13) and we do not knowingly collect Personal Data from such individuals.

12. Updates to this Policy

We may amend this Policy from time to time to reflect changes in our practices, technology, legal requirements and other factors. The “last updated” date above reflects the effective date of the current version. We encourage you to review this Policy periodically.

13. Contact us

If you have questions about this Policy or wish to exercise any of your rights under the PDPA, please contact our Data Protection Officer at info@doubleam.com, or by post to the registered office address set out in Section 1 above.

You also have the right to lodge a complaint with the Personal Data Protection Commission of Singapore. More information is available at www.pdpc.gov.sg.

14. Governing law

This Policy is governed by the laws of the Republic of Singapore.