Privacy Policy

Last updated: 26 April 2026

1. Operator

ComplyVASP is operated by an individual based in Singapore. For privacy-related inquiries, contact us at dongeuishin@gmail.com.

2. Data We Collect

When you sign in with Google, we collect:

Name and email address
Profile picture URL
Google account identifier

We also store the VASP screening reports you generate while using the service.

3. Purpose of Collection

To authenticate your account and maintain your session
To associate screening reports with your account
To manage usage limits per account tier
To respond to support inquiries

4. Third-Party Services

We use the following third-party services to operate ComplyVASP:

Google OAuth — authentication
Neon (PostgreSQL) — database hosting (US)
Vercel — application hosting (US)
Anthropic / Google Gemini / Perplexity — AI features (report generation only; no personal data is sent)

5. Data Retention

Your account data and screening history are retained for as long as your account is active. You may request deletion at any time by emailing dongeuishin@gmail.com. We will action deletion requests within 30 days.

6. Your Rights (PDPA)

Under Singapore's Personal Data Protection Act (PDPA), you have the right to:

Access the personal data we hold about you
Correct inaccurate personal data
Withdraw consent and request deletion of your data

To exercise these rights, email dongeuishin@gmail.com.

7. Cookies & Sessions

We use an HTTP-only session cookie to maintain your login state. No third-party tracking or advertising cookies are used.

8. Governing Law

This policy is governed by the laws of Singapore, including the Personal Data Protection Act 2012 (No. 26 of 2012).

9. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the service after changes constitutes acceptance.