Legal
Privacy Policy
Effective 19 April 2026
Version 1.0
This Privacy Policy explains how Restive Collective Pte Ltd (“Restive”, “we”, “us”) collects, uses, discloses, and protects personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA).
1.Who we are
Restive Collective Pte Ltd is a Singapore-incorporated company offering social media and marketing consultancy services.
- Data Protection Officer (DPO): Markus Ng
- DPO contact: restivecoad@gmail.com
- General enquiries: restivecollective@gmail.com
2.Personal data we collect
We may collect the following personal data:
- From our application form (/qualify): your name, email address, business name, website or Instagram handle, WhatsApp number (optional), revenue range, current marketing activities, challenges, desired outcomes.
- From correspondence (email or WhatsApp): any information you voluntarily provide.
- From our website: session identifiers, UTM parameters, referring URL, country (derived from IP — we do not store full IP addresses), and browser type. This is used for analytics only.
We do not knowingly collect personal data from children under 13. If you believe we have, please contact our DPO and we will delete it.
3.How we use your personal data
We use your personal data only for the purposes you were informed of at collection:
- To evaluate your application for our services
- To contact you (by email or WhatsApp) about your application
- To deliver services, if we enter into an engagement
- To improve our services through anonymised analytics
- To comply with legal or regulatory obligations
We do not use your data for marketing unless you provide separate, explicit consent.
4.Consent
We collect, use, and disclose personal data only with your consent or as permitted by law. By submitting an application form, you consent to our processing of your data for the purposes above.
You may withdraw consent at any time by emailing restivecoad@gmail.com. Withdrawal does not affect the lawfulness of processing before withdrawal.
5.Who we share your data with
We share personal data only with:
- Our team members who need access to process your application or deliver services
- Trusted service providers acting on our instructions under data-processing contracts (listed in Section 6)
- Legal or regulatory authorities when required by law
We do not sell personal data to any third party.
6.Service providers and overseas transfer
Some of our service providers are based outside Singapore. When personal data is transferred overseas, we ensure it is protected by contractual commitments and industry-standard security measures.
| Provider | Purpose | Region |
|---|---|---|
| Vercel | Website hosting | Singapore / US edge |
| Supabase (planned) | Database | Singapore |
| Resend | Transactional email | US |
| Twilio (planned) | WhatsApp messaging | Singapore / Australia |
| Anthropic (Claude API, planned) | AI-assisted responses | US |
| Meta (Facebook / Instagram) | Ad platform, Lead Ads | US |
| Plausible / GA4 (if used) | Anonymised analytics | EU / US |
7.Data retention
We retain personal data only as long as necessary:
- Applications that do not result in an engagement: up to 24 months from last interaction, unless you request earlier deletion.
- Client relationships: for the duration of the engagement plus 6 years after (for business records and tax obligations).
- Newsletter subscribers: until you unsubscribe.
8.Your rights under PDPA
You have the right to:
- Access — request a copy of the personal data we hold about you
- Correct — ask us to correct inaccurate or incomplete data
- Withdraw consent — for any specific processing purpose
- Request deletion — we will delete unless retention is legally required
To exercise any right, email restivecoad@gmail.com. We will respond within 30 days, as required by PDPA.
9.Data security
We protect personal data with reasonable security arrangements:
- Encryption in transit (HTTPS) and at rest
- Access controls and role-based permissions
- Secrets management via environment variables
- Audit logging for administrative actions
- Regular review of dependencies and access
- Incident response procedures
Despite our best efforts, no system is fully secure. If we become aware of a data breach that meets the PDPA notification threshold, we will notify the Personal Data Protection Commission and affected individuals in accordance with the law.
10.Cookies and tracking
Our website uses minimal first-party analytics to understand general traffic patterns without identifying individuals. When we run ad campaigns involving third-party tracking (for example, Meta Pixel), we will disclose this and obtain appropriate consent.
11.Changes to this policy
We may update this policy from time to time. Material changes will be communicated through the site, and the effective date at the top of this page will be updated. Continued use of our services after changes means you accept the updated policy.
12.Contact
For questions about this policy or your personal data:
- Email: restivecoad@gmail.com
- DPO: Markus Ng
- Company: Restive Collective Pte Ltd
If you are unsatisfied with our response, you may lodge a complaint with the Personal Data Protection Commission of Singapore.