Effective date: 15 June 2026 Data controller: Offerly (UEN to be confirmed), Singapore ("Offerly", "we", "us"). Governs: offerly.sg and all Offerly services.
We are committed to handling your personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA). This policy explains what we collect, why, how we use and protect it, who we share it with, and your rights.
1. Data Protection Officer (DPO)
In line with PDPA s.11(3), our DPO is:
- Name: Data Protection Officer
- Email: hello@offerly.sg
You may contact the DPO for any question, access/correction request, consent withdrawal, or complaint about how we handle your personal data.
2. What personal data we collect
| Category | Specific data | When collected |
|---|---|---|
| Account | Email, full name, Singapore mobile number, date of birth, gender | Sign-up (2-step) |
| Profile | Display name, avatar | Profile edit |
| Location | Device location / approximate area (for "near me" search, Map, Qiblah) | When you grant location permission |
| Vendor verification | Business name, UEN, halal certificate / proof documents, contact details | Vendor onboarding / claim |
| User-generated content | Reviews, ratings, saved listings, business reports, suggestions | When you use those features |
| Usage / analytics | A persistent visitor identifier and approximate location, device/browser info, pages viewed, actions taken | Automatically (subject to the Cookie & Tracking Notice) |
| Communications | Messages you send us; enquiry content you choose to send a vendor | When you contact us / a vendor |
We collect personal data only for the purposes set out below and limited to what is reasonable for those purposes (PDPA s.18 — purpose limitation).
3. Why we collect it (purposes)
- Create and manage your account and authenticate you.
- Provide core features: discovery, "near me" search, Map, Qiblah direction, saving listings, reviews.
- Verify vendor identity and halal/business claims, and operate the approval queue.
- Communicate service/transactional messages (sign-up confirmation, password reset, security notices).
- With your separate, optional consent: marketing and promotional messages by email, SMS, or WhatsApp.
- Maintain safety, prevent fraud and abuse, and moderate content.
- Comply with legal obligations and respond to lawful requests.
- Understand and improve the service through analytics.
4. Consent and your choices
- By creating an account you acknowledge this Privacy Policy and agree to our Terms of Service.
- Marketing is separate and optional. We will only send marketing/promotional messages if you have given a distinct, opt-in consent (an unticked checkbox at sign-up or later). You can withdraw this at any time — see Section 9.
- Where we rely on consent, you may withdraw it at any time by contacting the DPO. Withdrawal does not affect processing already carried out, and may mean we can no longer provide certain features.
- We record your consents (purpose, policy version, timestamp) so we can honour and evidence them.
5. Minimum age
Offerly is intended for users aged 13 and above. We use the date of birth you provide to apply this. If we learn we have collected personal data from a person below the minimum age without appropriate consent, we will delete it. Where required, certain features (e.g. giveaways) may be further age-gated.
6. Who we share data with
We do not sell your personal data. We share it only as needed to run the service:
- Service providers / processors acting on our instructions — for example hosting and database, mapping/geocoding, authentication, and email/SMS delivery. A current list is available on request and includes (subject to confirmation): Supabase (database & authentication, Singapore), Vercel (hosting, USA), Cloudflare (video & content delivery, USA), Mapbox (maps & geocoding, USA), Google (Places & Maps geocoding, USA), Resend (transactional email, USA), and GoHighLevel (marketing SMS/WhatsApp, USA).
- Vendors, when you choose to send an enquiry via "Order Now" / contact — your enquiry is sent to that vendor's own channel (e.g. WhatsApp, Instagram, email). That vendor is a separate data controller and handles your data under its own practices, outside Offerly's control. See Vendor Terms.
- Authorities / legal — where required by law, regulation, or to protect rights and safety.
7. International / cross-border transfer
Some of our service providers process data outside Singapore. Where personal data is transferred overseas, we take steps so it receives a standard of protection comparable to the PDPA (PDPA s.26 — transfer limitation), for example through contractual data-protection terms with each processor. Our primary database is hosted in Singapore (ap-southeast-1). The processors and their locations are listed in Section 6.
8. Retention
We keep personal data only as long as necessary for the purposes above or as required by law (PDPA s.25 — cessation of retention). Indicative periods:
| Data | Retention |
|---|---|
| Account data | While your account is active; deleted/anonymised on account deletion (see Data Deletion Policy) |
| Vendor proof documents (halal cert / UEN) | Retained only as long as needed for verification, then purged; access is restricted and logged — see Section 11 |
| Reviews / UGC | May remain after account deletion in anonymised form to preserve listing integrity (see Deletion Policy) |
| Analytics events | Retained for up to 24 months then deleted or aggregated; coordinates are coarsened |
| Consent records | For the life of the account plus a period necessary to evidence compliance |
9. Your PDPA rights
Under the PDPA you may:
- Access — request a copy of the personal data we hold about you and how it has been used/disclosed (s.21).
- Correct — request correction of inaccurate or incomplete data (s.22).
- Withdraw consent — for any purpose you previously consented to, including marketing.
- Delete — request deletion of your account and associated personal data (see Data Deletion Policy).
To exercise any right, contact the DPO at hello@offerly.sg. We will respond within a reasonable time and in any case within the timelines required by the PDPA. We may need to verify your identity first.
10. Marketing messages (email / SMS / WhatsApp)
If you opt in to marketing:
- Every marketing email contains a working unsubscribe link.
- You can opt out of SMS/WhatsApp marketing by replying as instructed or contacting the DPO.
- Marketing messages are sent in line with the PDPA Do Not Call provisions and the Spam Control Act. We rely on your recorded consent and honour opt-outs promptly.
Service/transactional messages (e.g. password reset, security alerts) are not marketing and will still be sent while your account is active.
11. Security
We apply reasonable administrative, technical, and physical safeguards to protect personal data (PDPA s.24). Sensitive verification documents (halal certificates, UEN docs) are stored in restricted storage, viewable only by authorised admins, with access logged, and purged per our retention schedule.
In the event of a data breach assessed as notifiable, we will notify the Personal Data Protection Commission and affected individuals as required by the PDPA.
12. Analytics and cookies
We use cookies and similar technologies and collect usage analytics as described in our Cookie & Tracking Notice. Non-essential analytics are subject to your consent.
13. Changes to this policy
We may update this policy. The "Effective date" reflects the latest version. For material changes we will notify you and, where required, ask you to re-acknowledge before continuing to use Offerly.
14. Contact
Questions, requests, or complaints: hello@offerly.sg (DPO) or hello@offerly.sg. You also have the right to complain to the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.