Legal

Privacy Policy

Last updated: 27 May 2026  ·  Effective: 27 May 2026

← Back to App
Contents
  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Legal Basis for Processing
  5. Third-Party Processors
  6. Data Retention
  7. Your Rights Under PDPA
  8. Security Measures
  9. Data Breach Procedure
  10. Cookies & Tracking
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact & DPO

1. Who We Are

CompanyGold Evolution
UEN202443296N
CountrySingapore
DPOMuhd Nazrullah

Gold Evolution ("we", "us", "our") is the data controller for personal data collected through our gold trading platform. We are committed to protecting your privacy and complying with the Personal Data Protection Act 2012 (PDPA) of Singapore.

2. Data We Collect

We collect and process the following categories of personal data:

Identity & KYC Data

Financial Data

Account & Technical Data

We do not collect or store full NRIC/FIN numbers in plain text. They are hashed using SHA-256 on submission and only the last 4 characters are retained for display purposes.

3. How We Use Your Data

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Third-Party Processors

We use the following trusted third-party services. All have signed Data Processing Agreements (DPAs) where applicable. We remain responsible for ensuring they handle your data appropriately.

Supabase Database, authentication, and file storage. Hosted in Singapore (ap-southeast-1). Privacy Policy
Netlify Web hosting and deployment. US-based. Privacy Policy
Cloudflare DDoS protection, CDN, and bot/captcha (Turnstile). US-based. Privacy Policy
Resend Transactional email delivery (via Supabase). US-based. Privacy Policy
Anthropic AI-assisted payment proof screening (Claude API). US-based. Only payment proof images are analysed; no identity data is sent. Privacy Policy
GoldAPI.io Live gold price data feed. No personal data is transmitted.

Some processors (Netlify, Cloudflare, Resend, Anthropic) are located outside Singapore. Where personal data is transferred internationally, we ensure adequate protections are in place through contractual safeguards.

6. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

7. Your Rights Under PDPA

As a data subject under Singapore's PDPA, you have the following rights:

Right to Access

You may request a copy of the personal data we hold about you. Contact our DPO at hello@goldevolutionsg.com. We will respond within 30 days.

Right to Correction

If your data is inaccurate or incomplete, you may request corrections through your profile settings in the app, or by contacting our DPO.

Right to Withdraw Consent

You may withdraw your consent to data processing at any time. Please note that withdrawing consent may prevent us from providing our services to you.

Right to Erasure (Account Deletion)

You may request deletion of your account and personal data. Submit a request through your profile page in the app or by emailing hello@goldevolutionsg.com. We will process your request within 30 days, subject to our legal retention obligations.

Right to Data Portability

You may request an export of your personal data in a machine-readable format.

To exercise any of these rights, contact our Data Protection Officer:
Muhd Nazrullah · hello@goldevolutionsg.com

If you are dissatisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

8. Security Measures

We implement appropriate technical and organisational measures to protect your data:

9. Data Breach Procedure

In the event of a data breach, we follow this 5-step procedure in accordance with PDPA mandatory breach notification requirements:

  1. Contain (0–2 hours) — Immediately isolate affected systems, revoke exposed credentials, and suspend relevant services to prevent further data exfiltration.
  2. Assess (2–24 hours) — Identify the scope of the breach, determine what categories of personal data were affected, and estimate the number of individuals impacted.
  3. Notify PDPC (within 3 days) — If the breach is likely to result in significant harm, notify the Personal Data Protection Commission (PDPC) within 3 calendar days of discovery, as required under the PDPA.
  4. Notify Affected Individuals (within 3 days) — Contact affected users directly via email with a clear description of: (a) what data was compromised, (b) what we have done to address it, and (c) what steps they should take to protect themselves.
  5. Review & Document (within 30 days) — Conduct a full post-incident review, document the breach in our internal data breach register, implement corrective measures, and update policies as needed.
If you suspect unauthorised access to your account, contact us immediately at hello@goldevolutionsg.com or via WhatsApp at +65 8335 8410.

10. Cookies & Tracking

Our platform uses minimal tracking technologies:

We do not use advertising cookies, analytics tracking, or any third-party marketing pixels.

11. Children's Privacy

Our platform is intended for individuals aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has registered an account, please contact us immediately at hello@goldevolutionsg.com and we will delete the account.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and display a notice in the app at least 14 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.

Your continued use of our services after the effective date constitutes acceptance of the updated policy.

13. Contact & DPO

For any privacy-related queries, requests, or complaints, please contact our Data Protection Officer:

NameMuhd Nazrullah
RoleData Protection Officer, Gold Evolution
Response timeWithin 30 days of receipt

You may also lodge a complaint with the Personal Data Protection Commission (PDPC):
www.pdpc.gov.sg