01
Introduction & Data Controller
This Privacy Policy explains how BP Optima Pte Ltd ("BPOptima," "we," "our," or "us") collects, uses, and protects your personal information when you use our platform.
Data Controller
Entity
BP Optima Pte Ltd
Registration
UEN: 202544773H
Address
32 Pekin Street, #05-01, Singapore 048762
Legal Contact
Oversight
Internal Data Privacy Committee (Board-level)
02
What Information We Collect
We collect information you provide directly and automatically when you use our services.
| Source | Data Collected |
|---|---|
| Lead Forms & Contact | Name, email, company, role/title, process descriptions, automation requirements, budget ranges, timeline expectations |
| Process Playground | Process descriptions, workflow details, monthly volume estimates, current tools and systems used |
| Fortune Machine | Industry selection preferences, spin history, fortune card interactions, LinkedIn share activity |
| Analytics & Usage | Session identifiers, page paths, scroll depth, time-on-page, interaction events, device/browser/screen data |
| Technical Data | IP address (session management & fraud prevention), browser type & version, operating system |
03
How We Use Your Information
- Service Delivery : Process evaluations, architecture brief generation, automation recommendations
- Communication : Responding to inquiries, sending blueprints, providing support
- Product Improvement : Understanding which features drive value, optimizing user experience
- Analytics : Measuring engagement, tracking conversion funnel, reducing bounce rates
- Compliance : Fraud prevention, legal obligations, dispute resolution
- Marketing : Sending relevant content with your consent, case studies, product updates
04
Data Security & Encryption
All prospect data is fully encrypted at rest and in transit using industry-standard AES-256 encryption.
- Infrastructure hosted on Supabase (SOC 2 Type II certified)
- Access controls limited to authorized personnel only
- Regular security audits and vulnerability assessments
- Automated backup systems with encrypted storage
- Multi-factor authentication for internal access
- Incident response procedures with 24-hour notification SLA
05
Data Sharing & Third Parties
We do NOT sell your data. Period. We share data only in these limited circumstances:
- Service ProvidersSupabase (database), Lovable Cloud (hosting) under strict data processing agreements
- AnalyticsAnonymous session tracking only; no personally identifiable information is shared
- Legal RequirementsWhen required by law, court order, or government request
- Business TransfersIn the event of merger or acquisition, with user notification
- With Your ConsentWhen you explicitly authorize sharing
06
International Data Transfers
Our primary data servers are located in Singapore. We operate regional offices in Singapore (headquarters), Indonesia (Jakarta), Vietnam (Ho Chi Minh City), and Thailand (Bangkok).
For EU visitors, we comply with GDPR requirements including appropriate safeguards for cross-border transfers (Standard Contractual Clauses). Singapore has been recognized by the EU as providing adequate data protection.
07
Your Rights (GDPR & PDPA Compliance)
Right to Access
Request a copy of all data we hold about you
Right to Rectification
Correct any inaccurate information
Right to Erasure
Request deletion ("right to be forgotten")
Right to Portability
Receive data in machine-readable format
Right to Object
Opt-out of processing for marketing
Right to Withdraw
Revoke consent at any time
To exercise your rights, email legal@bpoptima.com. We will respond within 30 days (GDPR) or 10 business days (Singapore PDPA).
08
Cookies & Tracking Technologies
| Type | Purpose | Required |
|---|---|---|
| Essential Cookies | Session management, security, basic functionality | Yes |
| Analytics Cookies | Engagement tracking: scroll depth, time on page, interaction events | Optional |
We do NOT use third-party advertising cookies, tracking pixels, or cross-site tracking. To disable cookies, adjust your browser settings note that disabling essential cookies may affect site functionality.
09
Data Retention
| Data Type | Retention Period |
|---|---|
| Active Leads | Retained until conversion or opt-out request |
| Inactive Leads | Automatically deleted after 24 months of no engagement |
| Analytics Data | Aggregated and anonymized after 12 months |
| Legal Obligations | May be retained longer if required by law (e.g. tax records for 7 years) |
| Deletion Requests | Processed within 30 days, with confirmation email |
10
Children's Privacy
Our services are intended for business professionals and enterprises. We do not knowingly collect personal information from individuals under 18 years of age. If you believe we have inadvertently collected such information, please contact us immediately at legal@bpoptima.com.
11
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified via email to all registered users and a prominent notice on our website for 30 days. The "Last Updated" date at the top of this page will also be updated. Continued use of our services after notification constitutes acceptance of the updated policy.
12
Contact Information
For privacy-related inquiries, data requests, or complaints:
BP Optima Pte Ltd Data Privacy Office
32 Pekin Street, #05-01, Singapore 048762
Response time: Within 30 days (GDPR) or 10 business days (Singapore PDPA)