Effective Date: 1 January 2026 | Last Updated: 26 April 2026
1. Introduction
AskRev ("we", "us", "our") is committed to protecting the personal data of our users in accordance with the Personal Data Protection Act (PDPA) 2012, ISO/IEC 27001:2022 information security standards, and applicable data protection regulations. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use the AskRev platform.
2. Data Controller
AskRev Pte Ltd is the data controller responsible for your personal data. Our Data Protection Officer (DPO) can be reached at dpo@askrev.co.
3. Personal Data We Collect
| Category | Data Types | Legal Basis (PDPA) |
|---|---|---|
| Account Data | Name, email, phone, company name | Consent & Contractual Necessity |
| Usage Data | Login activity, feature usage, device/browser info | Legitimate Interest |
| Business Data | Customer lists, campaign data, revenue metrics | Contractual Necessity |
| Payment Data | Billing address, payment method (via Stripe) | Contractual Necessity |
4. Purpose of Data Processing
We process personal data strictly for the following purposes, consistent with ISO 27001 Annex A.8 (Asset Management) and PDPA Section 18:
- Providing and maintaining the AskRev platform
- AI-powered campaign generation and customer targeting
- Analytics and performance reporting
- Customer support and communication
- Legal compliance and fraud prevention
- Service improvement through anonymized usage analysis
5. Consent & Notification (PDPA Sections 13-17)
Under the PDPA, we obtain your consent before collecting, using, or disclosing personal data. You may withdraw consent at any time by contacting dpo@askrev.co. We will notify you of the likely consequences of withdrawal. Deemed consent applies where you voluntarily provide data for a stated purpose.
6. Data Retention
In accordance with ISO 27001 Annex A.8.10 and PDPA Section 25, we retain personal data only as long as necessary for the purpose of collection, or as required by law. Inactive accounts are purged after 24 months. Business data is deleted within 30 days of account termination upon request.
7. Data Transfers
Where data is transferred outside Singapore, we ensure adequate protection through Standard Contractual Clauses (SCCs) or equivalent safeguards as required by PDPA Section 26. All cross-border transfers comply with ISO 27001 Annex A.5.14 (Information Transfer).
8. Your Rights Under PDPA
- Access: Request a copy of your personal data (Section 21)
- Correction: Request correction of inaccurate data (Section 22)
- Withdrawal: Withdraw consent for data processing (Section 16)
- Portability: Receive your data in a structured, machine-readable format
- Complaint: Lodge a complaint with the Personal Data Protection Commission (PDPC)
9. Security Measures (ISO 27001)
We implement controls aligned with ISO/IEC 27001:2022, including:
- AES-256 encryption at rest, TLS 1.3 in transit
- Role-based access control (RBAC) with least-privilege principle
- Regular penetration testing and vulnerability assessments
- Incident response plan with 72-hour breach notification
- Annual internal and external ISMS audits
10. Contact
For privacy inquiries or to exercise your rights, contact our Data Protection Officer at dpo@askrev.co or write to: AskRev Pte Ltd, Singapore.