Privacy Policy
This policy explains what personal data Growuild collects, why, and your rights under Singapore's Personal Data Protection Act 2012 (the PDPA). We are committed to handling personal data responsibly and in line with the PDPA, and we keep what we collect to the minimum we need to do good work for you.
1. Who we are and our Data Protection Officer
Growuild is a web design studio based in Singapore (UEN 53520677A). We are responsible for the personal data we hold. Our Data Protection Officer (DPO) is the point of contact for any question, request, or complaint about personal data and can be reached at [email protected].
2. This website collects no personal data
Our website is built to respect your privacy by default. It uses only privacy-first, cookieless analytics (Cloudflare Web Analytics) to understand which pages are popular; it runs no advertising or tracking pixels and sets no third-party or tracking cookies. We do not build profiles of visitors or track you across other sites. The only thing stored in your browser is a small local preference, such as your light or dark theme and language choice. That preference stays on your own device, is not personal data, is never sent to us or to anyone else, and is not used to identify or track you. You can clear it at any time through your browser settings.
3. What personal data we collect
We only receive personal data that you choose to give us when you get in touch or work with us, for example over WhatsApp or email. Depending on how you contact us, this may include:
- your name and business name;
- your contact details, such as email address and phone number;
- the messages and project information you send us; and
- the content, images, and details you provide for your website.
We do not ask for or store payment card numbers ourselves. Any payments are handled by third-party payment gateways under their own terms and privacy policies.
4. How we use your personal data
We use the personal data you give us only for the purposes you would reasonably expect, namely to respond to your enquiry, prepare a quote, scope and build your website, deliver care plans and add-ons, and send you related project updates and invoices. In line with the PDPA's purpose limitation principle, we do not use your personal data for unrelated purposes without letting you know or, where required, obtaining your consent. We do not sell your personal data to anyone.
5. Consent and withdrawing consent
By contacting us and giving us your personal data, you consent to us collecting, using, and disclosing it for the purposes set out in this policy. You may withdraw your consent at any time by emailing our DPO at [email protected]. We will action your request within a reasonable time. Please note that if you withdraw consent, we may no longer be able to provide a service or continue a project that depends on that data.
6. Who we disclose it to
We do not sell or rent your personal data. We disclose it only to the service providers we genuinely need to run your project, such as hosting and content delivery and payment gateways, and only as far as needed for them to provide their service to us. These providers process data on our behalf or under their own terms. We may also disclose personal data where we are required or permitted to do so by law.
7. Third-party services
Some of the tools involved in delivering our services are run by third parties, such as WhatsApp (messaging), Cloudflare (hosting and content delivery), and payment gateways. When you use these services, or when your data is processed through them, their own privacy policies apply in addition to this one. We encourage you to review their policies, as we are not responsible for how third parties handle data under their own terms.
8. Cookies and local storage
As explained in section 2, our website uses only an essential local preference (your theme and language choice) stored on your own device. We use Cloudflare's privacy-first, cookieless web analytics to count visits and see which pages are popular β it sets no cookies, cannot identify you, and does not track you across other sites. We use no advertising cookies or other tracking technologies. Because we set no tracking or non-essential cookies, no cookie consent banner is required.
9. How long we keep it
We keep personal data only for as long as it is needed for the purpose it was collected, or for as long as we are reasonably required to keep it to meet legal, accounting, or tax obligations. When it is no longer needed, we delete or anonymise it.
10. Keeping it safe
We make reasonable security arrangements to protect personal data in our care against unauthorised access, collection, use, disclosure, copying, modification, or loss, including limiting who can access it and using reputable providers. No method of storage or transmission is perfectly secure, but we work to keep risks low.
11. Your rights under the PDPA
Under the PDPA, you may ask us to give you access to the personal data we hold about you and information on how it has been used or disclosed, to correct any personal data that is inaccurate or out of date, or to withdraw your consent to our continued use of it for a particular purpose. To make any of these requests, please email our DPO at [email protected] and we will respond within a reasonable time. We may need to verify your identity before acting on a request.
12. Overseas transfer of data
Some of our service providers, such as Cloudflare and other hosting or messaging providers, may store or process data on servers located outside Singapore. Where personal data is transferred overseas, we take reasonable steps to ensure it receives a standard of protection comparable to that under the PDPA, in line with the PDPA's transfer limitation requirements.
13. Children
Our website and services are intended for businesses and are not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact our DPO so we can remove it.
14. Changes to this policy
We may update this policy from time to time to reflect changes in our practices or the law. The date at the top shows when it was last revised. Material changes will take effect once the updated policy is posted here.
15. How to contact us
For any question, request, or complaint about how we handle personal data, please contact our Data Protection Officer at [email protected] or by WhatsApp at +65 8980 8793.