1. Introduction

MatterGuard Pte. Ltd. ("Company", "we", "us", or "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use the MatterGuard platform ("Service").

2. Data Controller and Processor

For the purposes of the PDPA:

• Data Controller: The law firm or organization that subscribes to MatterGuard is the data controller for client and matter data entered into the Service.
• Data Processor: MatterGuard acts as a data processor, processing personal data on behalf of and under the instructions of the data controller.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 User Account Data

• Name and email address
• Job title and role within the organization
• Login credentials (encrypted)
• Activity logs and audit trails

3.2 Client/Matter Data (Processed on Behalf of Data Controllers)

• Client names and contact information
• Identity documents (as uploaded by users)
• Beneficial ownership information
• Risk assessment data
• Screening results
• Due diligence documentation

3.3 Technical Data

• IP addresses and browser information
• Device identifiers
• Usage patterns and feature interactions

4. Purpose of Processing

We process personal data for the following purposes:

• Providing and maintaining the Service
• User authentication and access control
• Generating audit trails for compliance purposes
• Customer support and service improvement
• Security monitoring and fraud prevention
• Compliance with legal obligations

5. Legal Basis for Processing

Under the PDPA, we process personal data based on:

• Consent: Where users have provided consent for specific processing activities
• Contractual Necessity: Processing necessary to perform our contractual obligations
• Legal Obligation: Processing required to comply with applicable laws
• Legitimate Interests: Processing necessary for our legitimate business interests, provided such interests do not override individual rights

6. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including:

• Active Accounts: Data is retained while the account remains active
• Post-Termination: Client data is available for export for 30 days after termination, then securely deleted
• Audit Logs: Retained for 7 years to meet regulatory requirements
• Legal Holds: Data may be retained longer if required for legal proceedings

7. Data Disclosure

We may disclose personal data to:

• Service Providers: Third-party vendors who assist in providing the Service (see Subprocessor List)
• Legal Authorities: When required by law, court order, or regulatory request
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell personal data to third parties.

8. International Data Transfers

Personal data may be transferred to and processed in countries outside Singapore. When transferring data internationally, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses
• Data processing agreements with subprocessors
• Compliance with PDPA transfer requirements

9. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Role-based access controls
• Regular security assessments and penetration testing
• Employee security training
• Incident response procedures

10. Your Rights Under PDPA

Under the PDPA, individuals have the following rights:

• Access: Request access to your personal data
• Correction: Request correction of inaccurate personal data
• Withdrawal of Consent: Withdraw consent for processing (where applicable)
• Data Portability: Request a copy of your data in a portable format

To exercise these rights, contact our Data Protection Officer at [email protected].

11. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Policy and applicable data protection laws:

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The "Effective Date" at the top of this policy indicates when it was last revised.

13. Contact Us

For questions about this Privacy Policy or our data practices, please contact: