Privacy Policy
Booppa Smart Care LLC ("Booppa", "we", "us" or "our") is committed to protecting the privacy of visitors to our website and users of our services. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under Singapore’s Personal Data Protection Act 2012 (PDPA).
Scope
This policy applies to personal data collected through our website, applications, services, or provided directly to us by customers, suppliers, job applicants and other business contacts.
Data Protection Officer (DPO)
If you have any questions, concerns or requests relating to your personal data (including access, correction or deletion requests), please contact our Data Protection Officer (DPO):
Personal Data We Collect
- Contact information (name, email, phone)
- Company information (company name, role, industry)
- Transaction and billing details (when you purchase services)
- Technical data (IP address, browser, device and cookies)
- Usage data (pages visited, features used, timestamps)
How We Use Personal Data
We process personal data for the following purposes:
- To provide and improve our services and customer support;
- To process payments and manage billing;
- To send service-related notifications and reports (including PDPA audit reports);
- To detect, prevent and investigate security incidents and fraud;
- To comply with legal obligations and regulatory requests;
- To maintain audit trails and consent logs to demonstrate lawful basis for processing under PDPA.
Consent and Cookie Management
We obtain consent before loading optional trackers. Our cookie banner provides the options to Accept All, Reject Optional, or Settings. Non-essential third-party trackers (analytics, pixels, marketing) are blocked by default until you provide explicit consent. You may change your preferences at any time via the cookie banner.
Consent Records & Logging
We maintain a secure log of consent records that contains:
- Timestamp of consent
- Anonymized IP address
- Consent status (e.g., "Full Consent", "Necessary Only")
- Privacy Policy version accepted
- Optional metadata (e.g., user agent)
These records are retained to demonstrate compliance with PDPA and to respond to any regulatory inquiries. Retention may vary by service tier: Essential tier logs are retained for 30 days, while Pro and Suite tiers retain consent and audit logs longer (including unlimited historical retention for Suite where contracted). If you wish to request access to your consent records, please contact the DPO at the email above.
Third-Party Trackers and Integrations
We only load third-party trackers (e.g., analytics, advertising, Hotjar, Facebook Pixel, Google Analytics) after obtaining explicit consent. Our front-end implements gating logic: any script that collects personal data or performs cross-site tracking is not executed until Accept All is selected. If you detect a tracker loading without consent, please report it to the DPO immediately.
Data Retention
We retain personal data only as long as necessary to fulfill the purposes outlined above, to comply with legal obligations, or to resolve disputes. Retention periods may vary depending on the product tier and contractual agreement:
- Essential tier: logs retained for 30 days.
- Pro and Suite tiers: extended or unlimited retention as specified in your contract.
Where local law requires a longer retention period, we will retain data as necessary to comply with those obligations.
Disclosure of Personal Data
We do not sell or rent your personal data. We may disclose data to third-party service providers only to fulfill the purposes listed above, for example:
- Stripe: For secure payment processing.
- Polygon Network: For public (but hashed/anonymized) on-chain verification.
- Regulatory Authorities: When required by Singapore law.
Your Rights
Under the PDPA you may request access to or correction of your personal data, withdraw consent, or request deletion where applicable. To exercise these rights, contact our DPO at evidence@booppa.io. We will respond to valid requests within a reasonable timeframe and in accordance with PDPA requirements.
Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration or destruction. This includes encryption for data at rest and in transit, access controls, and regular security assessments.
Transfers Outside Singapore
Where we transfer personal data outside Singapore (for example to cloud providers or subprocessors), we will ensure appropriate safeguards are in place and that transfers comply with applicable data protection laws.
Contact & Complaints
If you have any questions, complaints or wish to exercise your rights, please contact our DPO at:
Last updated: December 2025 • Privacy Policy version: 2025-12-22