Privacy Policy.

1. Who We Are

SGSchoolKaki (“we”, “us”, “our”) is an online education platform operated in Singapore that helps parents discover, shortlist, and inquire with preschools and kindergartens. Our website is https://sgschoolkaki.com.

2. What Data We Collect

2.1 Parents and General Users

• Account data: email address, display name
• Profile data: phone number (optional), child’s age group, postal code for distance-matching
• Inquiry data: message content, contact details, and consent record submitted when you send an enquiry to a preschool
• Shortlist data: centres you have saved to your list
• Usage data: pages visited, features used, session duration, device type and browser, IP address
• Cookie data: authentication tokens, preference settings, analytics identifiers (see Section 8)

2.2 Preschool Operators

• Account data: email address, display name, contact phone
• Verification data: operator licence certificate image uploaded for account verification
• Billing data: payment method details processed by our third-party payment processor (we do not store raw card numbers)
• Listing data: centre photos, descriptions, fees, and programme information you publish on the platform

2.3 Data We Do Not Collect

We do not collect NRIC/FIN numbers, passport numbers, or medical data. We do not knowingly collect personal data from children under 13 without parental consent.

3. Why We Collect It

4. Consent

4.1 Parent Inquiry Consent

Every time a parent submits an inquiry to a preschool operator, we present an explicit consent checkbox: “I consent to SGSchoolKaki sharing my contact details and message with this preschool centre.” The consent record — including timestamp, user ID, centre ID, and consent text version — is stored in our database as an audit trail. You may withdraw consent by contacting us at [email protected]; withdrawal does not retroactively delete inquiry records already received by the operator.

4.2 Operator Signup Consent

Operators provide consent to our Terms of Service and this Privacy Policy at signup. By creating an operator account, operators consent to: receipt of inquiries from parents; platform billing as described in the operator subscription terms; use of their centre data for display on the platform.

4.3 Marketing Communications

Marketing emails (newsletters, feature announcements) are opt-in only. You may unsubscribe at any time via the unsubscribe link in each email or by contacting our DPO.

5. Who We Share With

We do not sell personal data to any third party, ever.

6. How Long We Keep It

Parent inquiry records

7 years from submission (PDPA business-record retention norm; supports dispute resolution)

Parent shortlist + profile

Until account deletion; deleted within 30 days of deletion request

Operator account data

7 years after subscription ends (billing audit trail)

Operator licence certificate

Duration of account plus 7 years (regulatory record)

Analytics data

Up to 26 months (Google Analytics default); aggregated data retained indefinitely

Server access logs

90 days (security monitoring)

7. Your Rights Under Singapore PDPA

You have the following rights. To exercise any of them, email our DPO at [email protected] with your request. We will respond within 10 business days.

• Access: Request a copy of personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion (Erasure): Request deletion of your personal data, subject to legal retention obligations (e.g., the 7-year inquiry record retention).
• Withdrawal of consent: Withdraw previously given consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
• Data portability: Request your account data in a machine-readable format.
• Do-not-contact: Opt out of marketing communications at any time via email unsubscribe link or by contacting us.

If you are unsatisfied with our handling of a request, you may lodge a complaint with the Personal Data Protection Commission (PDPC).

8. Cookies

We use the following cookie categories. For full details, see our Cookie Policy.

9. International Transfers

Most data is stored in Singapore. A limited set of service providers may process certain data outside Singapore:

• Email service provider (overseas): Transactional email delivery only. Transfers protected by Standard Contractual Clauses (SCCs) under PDPA cross-border transfer obligations.
• Payment processor (globally distributed): Payment processing only. Our processor is PCI-DSS Level 1 certified. Governed by a Data Processing Agreement which includes SCCs.
• Content delivery & security network (globally distributed): Request routing and DDoS protection. IP address metadata may transit a global network. Governed by the provider’s privacy policy.

We ensure that these service providers offer comparable data protection standards to Singapore’s PDPA requirements.

10. Updates to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. For material changes — changes that significantly affect how we use or share your personal data — we will notify registered users by email at least 14 days before the change takes effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

Questions or requests regarding this policy should be directed to our Data Protection Officer at [email protected].