Privacy Policy

Last Updated: April 2026

Growuild (UEN: 53520677A) is a web design agency based in Singapore ("Growuild", "we", "us", "our"). We take the privacy of our clients, prospects, and website visitors seriously, and this Privacy Policy describes how we collect, use, disclose, and protect personal data in the course of running our business and operating growuild.com.

This policy is written to align with Singapore's Personal Data Protection Act 2012 (PDPA) and the guidelines issued by the Personal Data Protection Commission (PDPC). It covers any personal data that we handle, whether collected via our website, WhatsApp, email, phone calls, quotations, or any other channel we use to communicate with you.

By engaging our services, contacting us, or continuing to use our website, you confirm that you have read, understood, and agree to the practices described in this Privacy Policy. If you disagree with any part of this policy, please do not submit personal data to us or use our services.

Information We Collect

We only collect personal data that is reasonable and necessary for us to respond to inquiries, deliver our services, and run our day-to-day operations. Depending on how you interact with us, the categories of information we may collect include:

• Contact information: Your name, email address, phone number, WhatsApp number, and business name, typically provided when you message us, fill out a form, or send a quotation request.
• Project details: Information you share about your business, goals, requirements, target audience, brand assets, copy, images, logos, and any files or references you send us so we can scope and build your project.
• Technical data: Standard server log information such as IP address, browser type and version, operating system, referring pages, and pages visited on our website. This data is collected automatically by our hosting and content delivery infrastructure.
• Communication records: Copies of messages exchanged with us through WhatsApp, email, phone, and any other channels, so we can keep an accurate record of project requirements, agreed terms, and support requests.
• Billing information: Invoicing details such as company name, billing address, and UEN where applicable. We do not store full payment card details on our own systems; payment details are handled by third-party payment processors.

We do not ask for, and do not wish to receive, sensitive information such as NRIC numbers, passport numbers, health records, or financial account credentials. Please avoid sending us such data unless we specifically request it for a clearly defined purpose.

How We Use Your Information

We use the personal data we collect only for purposes that a reasonable person would consider appropriate in the circumstances. Typical uses include:

• Responding to inquiries, preparing quotations, and providing information about our packages, add-on services, and timelines.
• Delivering web design, development, redesign, and add-on integration services as agreed in the Scope Document for your project.
• Sending project updates, milestones, revision requests, approval links, draft previews, and other communication necessary to progress your project.
• Issuing invoices, recording payments, and maintaining accounting records in line with Singapore's tax and business record-keeping requirements.
• Improving our website, services, and internal processes by understanding how visitors use growuild.com and where we can reduce friction for clients.
• Complying with our legal, regulatory, contractual, and tax obligations, and responding to lawful requests from public authorities where required.

We do not use your personal data for automated decision-making, profiling, or targeted advertising. We will not use your information for any purpose that is materially different from those described above without first obtaining your consent.

Legal Basis & Consent

Under the Singapore PDPA, organisations may only collect, use, or disclose personal data about an individual with that individual's consent, or where collection, use, or disclosure is authorised or required by law. Growuild relies on the following bases when handling your personal data:

• Express consent: When you voluntarily provide your information to us through a contact form, WhatsApp message, email, or signed quotation, you are giving express consent for us to use that data for the purposes described in this policy.
• Deemed consent: In situations where you voluntarily provide personal data and it is reasonable that you would do so (for example, providing content and images for your new website), consent is deemed to be given for those specific purposes.
• Legal or contractual obligation: We may also process data where necessary to enter into or perform a contract with you, or to comply with a legal or regulatory obligation that applies to Growuild.

You have the right to withdraw your consent to our collection, use, or disclosure of your personal data at any time by contacting us using the details in the Contact Us section. Please note that withdrawing consent may affect our ability to continue providing services or completing a project that is already in progress, and we may need to inform you of the likely consequences before acting on your request.

Sharing & Disclosure

Growuild does not sell, rent, or trade your personal data to anyone. We only disclose personal data where it is necessary to deliver our services, where you have given consent, or where we are required to do so by law. The categories of third parties we may share data with are limited and include:

• Hosting and infrastructure providers such as Cloudflare and Netlify, which host our website and deliver content globally. These providers may process standard request metadata in the course of routing traffic.
• Payment processors used to issue invoices and collect payment. Payment details are entered directly into the processor's system and are subject to their own privacy practices.
• Analytics and performance tools where used, limited to aggregated, non-identifying metrics that help us understand site performance.
• Professional advisors such as accountants, auditors, or legal advisors, strictly on a need-to-know basis and under a duty of confidentiality.
• Public authorities when disclosure is required by law, court order, or a valid request from a regulator.

All service providers we work with are expected to handle your personal data securely and confidentially, and to use it only for the purposes for which it was shared with them.

Data Retention

We retain personal data only for as long as it is needed to fulfil the purposes described in this policy, or for as long as required by applicable laws and business record-keeping obligations. Once data is no longer needed, we take reasonable steps to delete, anonymise, or securely dispose of it.

As a general guide, inquiries that do not result in a project are kept for a short period (typically up to twelve months) in case the lead returns. Project-related records, contracts, invoices, and supporting communication are typically retained for up to seven years to meet accounting, tax, and contractual record-keeping requirements in Singapore.

If you would like us to delete specific personal data earlier, you can contact us with a written request. We will honour such requests where we are not required to keep the data for legal or operational reasons, and we will let you know if any of the data must be retained.

Data Security

Growuild implements reasonable security arrangements to protect personal data in our custody from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. Our measures include the use of HTTPS encryption for data in transit, access controls on the devices and accounts we use to manage client work, and the use of reputable third-party platforms for communication, storage, and invoicing.

We limit access to personal data to those who need it to perform their work, and we regularly review the tools and practices we rely on to keep them up to date with current security expectations. Backups and sensitive files are stored on encrypted services where applicable.

Despite these measures, no method of electronic storage or transmission over the internet is completely secure. We cannot guarantee absolute security against all possible threats, but we commit to taking the issue seriously and notifying affected individuals in line with PDPA requirements in the unlikely event of a data breach that is likely to result in significant harm.

Your Rights

As an individual whose personal data is handled by Growuild, you have a number of rights under the Singapore PDPA. We respect these rights and will respond to legitimate requests within a reasonable period. Your rights include:

• Right of access: You may request information about the personal data we hold about you and how it has been used or disclosed in the year preceding your request.
• Right of correction: You may ask us to correct any personal data that is inaccurate, incomplete, misleading, or out of date.
• Right to withdraw consent: You may withdraw any consent you have given to our collection, use, or disclosure of your personal data. Please note that withdrawing consent may affect our ability to continue providing services to you and could impact an ongoing project.
• Right to lodge a complaint: If you believe we have mishandled your personal data, you may first raise your concern directly with us so we can try to resolve it. If you are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore.

To exercise any of these rights, please contact us using the details provided in the Contact Us section of this policy. We may need to verify your identity before acting on a request to prevent unauthorised disclosure of personal data.

International Transfers

Although Growuild is based in Singapore, some of the service providers we rely on operate globally. For example, our website and certain assets are served through global content delivery networks such as Cloudflare, which means that cached copies of publicly accessible pages may be stored on servers located in various jurisdictions to improve loading speed for visitors around the world.

Where personal data is transferred outside of Singapore in the course of our operations, we take reasonable steps to ensure that the receiving organisation provides a standard of protection comparable to that required under the PDPA. This may be achieved through contractual terms, the service provider's own data protection commitments, or other appropriate safeguards.

We do not actively transfer personal project data to third parties outside of Singapore beyond what is necessary for hosting, infrastructure, and communication tools that are commonly used by small businesses worldwide.

Children's Privacy

Our services are directed at businesses, organisations, and adult professionals looking to build or improve a website. Growuild does not market its services to children, and our website is not designed for use by individuals under the age of thirteen (13).

We do not knowingly collect personal data from children. If you are a parent or guardian and you believe that a child has provided personal data to us without your consent, please contact us immediately and we will take reasonable steps to delete the information from our records.

If a project we are working on involves collecting data from minors (for example, a school or tuition centre website), we will discuss appropriate consent and safeguarding measures with the client as part of the scoping process.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our business, our tools, or the regulatory environment. When we make changes, we will update the "Last Updated" date at the top of this page so you can easily see when the policy was last revised.

For material changes that significantly affect how we handle personal data, we will take reasonable steps to notify affected clients through direct communication channels (such as email or WhatsApp) before the changes take effect, where practical.

Your continued engagement with our services or continued use of our website after any updates to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this page periodically so you stay informed about how we handle your information.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise any of your rights under the PDPA, or would like to raise a concern about how we handle your personal data, please get in touch using any of the channels below. We will do our best to respond as quickly as possible.

• Email: support@growuild.com
• Phone / WhatsApp: +65 8980 8793
• Business: Growuild (UEN: 53520677A), Singapore
• Website: growuild.com

For formal data protection requests, please put "PDPA Request" in the subject line of your email so we can route it to the right person and respond within a reasonable timeframe. You can also read our Terms & Conditions and Cookies Policy for more information about how we operate.