Privacy Policy
Last updated: 31 March 2026
This Privacy Policy explains how BTO Budget Calculator ("we", "us") collects, uses, and protects personal information when you use our Service. We are committed to protecting your privacy in accordance with Singapore's Personal Data Protection Act 2012 (PDPA).
1. What Data We Collect
| Data | Why we collect it | Stored where |
|---|---|---|
| Email address | Account authentication, password reset, billing | Supabase Auth (Singapore region) |
| Full name | Personalise your experience | Supabase (Singapore region) |
| Calculator inputs (salary, CPF, flat price) | Save and restore your BTO calculations | Supabase (Singapore region) |
| Budget items | Store your monthly budget plans | Supabase (Singapore region) |
| Feedback messages | Support and product improvement | Supabase (Singapore region) |
| Subscription status | Grant Pro access | Supabase (Singapore region) |
| Stripe customer ID | Billing and subscription management | Supabase + Stripe |
| Usage analytics (anonymised) | Understand how the product is used | Posthog (EU region) |
2. How We Use Your Data
- Provide and improve the Service
- Send transactional emails (email verification, password reset, billing receipts)
- Respond to your feedback and support requests
- Process subscription payments via Stripe
- Detect and prevent fraud or abuse
We do not sell your personal data to third parties. We do not use your financial inputs for advertising.
3. Data Storage and Security
Your data is stored in Supabase (Singapore region, AWS ap-southeast-1). All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Row-Level Security (RLS) policies ensure each user can only access their own data. We perform regular security reviews of our database policies.
4. Third-Party Services
- Supabase — database, authentication, file storage. Privacy Policy
- Stripe — payment processing. We never store your full card details. Privacy Policy
- Vercel — website hosting. Processes IP addresses for request routing. Privacy Policy
- Posthog — anonymised usage analytics. No personal information is sent. Privacy Policy
5. Cookies and Local Storage
We use:
- Supabase session cookie — essential for login; expires on sign-out or session timeout.
- Browser localStorage — stores your calculator state locally so pages load quickly between sessions. No personal identifiers beyond your user ID.
We do not use advertising cookies or third-party tracking cookies.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account (via your Profile page), all your personal data — including calculator states, budget plans, timelines, and profile information — is permanently deleted within 30 days. Anonymised, aggregated analytics data may be retained indefinitely.
7. Your Rights (PDPA)
Under Singapore's PDPA, you have the right to:
- Access — request a copy of personal data we hold about you
- Correction — request correction of inaccurate personal data
- Withdrawal of consent — withdraw consent to collection/use at any time (note: this may affect your ability to use the Service)
- Deletion — delete your account and all associated data via your Profile page
To exercise these rights, contact us via our feedback page.
8. Children's Privacy
The Service is not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us to have it removed.
9. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on the website at least 14 days before they take effect.
10. Contact
For privacy-related inquiries, please contact us via our feedback page.