Website.sg

Privacy Policy

Last updated: 12 March 2026

Website.sg (“we”, “us”, or “our”) operates the website at www.website.sg. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore.

1. Data We Collect

We collect the following personal data when you use our platform:

  • Account information: Name, email address, and password (hashed) when you register
  • Google account data: Name, email, and profile picture if you sign in via Google
  • Website content: Business information, images, and text you add to your website
  • Payment data: Billing information processed securely through Stripe (we do not store credit card numbers)
  • Contact form submissions: Name, email, and message content when you contact us
  • Usage data: Pages visited, browser type, IP address, and device information collected via Google Analytics
  • Cookies: Session cookies for authentication and analytics cookies for site improvement

2. How We Use Your Data

  • To create and manage your account
  • To provide, maintain, and improve our website builder service
  • To process payments and manage subscriptions
  • To send transactional emails (account verification, password reset, billing notifications)
  • To respond to your enquiries and support requests
  • To analyse usage patterns and improve our platform
  • To comply with legal obligations

We do not sell your personal data to third parties. We do not send marketing emails unless you explicitly opt in.

3. Data Sharing

We share your data only with the following trusted third-party service providers:

  • Stripe: Payment processing (PCI DSS compliant)
  • Supabase: Database hosting and file storage
  • Vercel: Website hosting and deployment
  • Resend: Transactional email delivery
  • Google: Authentication (Google Sign-In) and analytics (Google Analytics)

4. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

5. Data Security

  • All data is transmitted over HTTPS (TLS encryption)
  • Passwords are hashed using bcrypt
  • Payment data is handled by Stripe and never stored on our servers
  • Database access is restricted and encrypted at rest

6. Your Rights Under PDPA

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Withdrawal of consent: Withdraw your consent for data processing at any time
  • Deletion: Request deletion of your account and personal data

To exercise any of these rights, contact us at privacy@website.sg. We will respond within 30 business days.

7. Cookies

  • Essential cookies: Required for authentication and core functionality
  • Analytics cookies: Google Analytics cookies to understand how visitors use our site

8. International Data Transfers

Your data may be processed in countries outside Singapore by our service providers. We ensure all transfers comply with PDPA requirements through appropriate contractual safeguards.

9. Children

Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

You may also lodge a complaint with the Personal Data Protection Commission (PDPC).