Singapore
Jurisdiction
PDPA-aligned privacy handling
Privacy policy
Personal data handled with context and consent.
This policy explains how Homejourney collects, uses, discloses, and protects personal data under Singapore's Personal Data Protection Act.
Last updated: 5 May 2026
A readable privacy posture before the full policy.
The full policy is detailed by design. These are the core operating principles behind how Homejourney handles personal data.
30 days
DPO response
Target response for legitimate requests
Stripe
Payment data
Card details do not touch our servers
SG
Storage region
Primary storage in ap-southeast-1
1. Introduction
Homejourney Pte. Ltd. (UEN: 202406236N) ("Homejourney", "we", "us", or "our") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 ("PDPA") of Singapore.
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our websites, mobile applications, and related services.
By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.
2. Data Protection Officer
We have appointed a Data Protection Officer to oversee our compliance with the PDPA.
Data Protection Officer Homejourney Pte. Ltd. Email: dpo@homejourney.sg Phone: +65 8851 6851
We will respond to all legitimate requests within 30 business days.
3. Personal Data We Collect
We collect personal data that you voluntarily provide and data generated through your use of our services.
- Account information: name, email address, phone number, profile photo
- Identity verification: CEA registration number for agents, and NRIC or FIN only when required for loan applications through Singpass MyInfo with explicit consent
- Property preferences: search history, saved properties, budget, and preferred locations
- Financial information: income range and CPF balances only through Singpass MyInfo with consent, never stored permanently
- Transaction data: booking history and payment records, while card details are handled by Stripe
- Communications: platform messages, support tickets, and feedback
- External AI connector data when you choose to invoke Homejourney tools through a connected AI assistant, including property addresses, unit numbers, owner listing draft details, and handoff context
- Device and usage data: IP address, device type, operating system, browser, app version, usage patterns, and crash reports
- Location data: approximate location for property search relevance, only with permission
4. Purposes of Collection
We collect and use your personal data for the following purposes.
- Providing property search, agent matching, home services, financial tools, eSIM purchases, and exam preparation
- Creating and managing accounts, verifying identity, and sending service notifications
- Responding to enquiries and sending marketing communications only where permitted
- Personalising property recommendations, search results, and content
- Improving services through analytics, diagnostics, and product research
- Fulfilling legal obligations, preventing fraud and abuse, and processing payments
- Creating private drafts, bookings, finance enquiries, or handoff links when you use connected AI assistant features
5. Consent
We obtain consent before collecting, using, or disclosing personal data, except where permitted under the PDPA.
You may withdraw consent by contacting dpo@homejourney.sg. Withdrawing consent for certain processing may affect our ability to provide some services.
For marketing communications, you can opt out through unsubscribe links or account preferences.
6. Disclosure to Third Parties
We do not sell your personal data. We share data only with categories of recipients needed to provide and protect the service.
- Service providers such as Supabase, Vercel, Stripe, PostHog, Sentry, and Airalo
- Property agents when you initiate contact through the platform
- Business partners only when you book a service or request a handoff
- Connected AI assistants only when you authorize the connection and invoke Homejourney tools
- Legal authorities when required by law or needed to protect users, the public, or Homejourney
- Corporate transaction counterparties, with appropriate confidentiality protections
7. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected.
- Active account data is retained while your account is open and for 30 days after account deletion
- Transaction records are retained for 7 years where required by Singapore tax and accounting regulations
- Communications are retained for 2 years for service improvement and dispute resolution
- External AI connector context is retained only for short-lived handoff and support purposes unless saved into a record
- Aggregated analytics may be retained indefinitely for product improvement
- Legal hold data is retained as long as required by applicable legal proceedings
8. Data Security
We implement technical and organisational measures to protect personal data.
- TLS encryption for data in transit
- AES-256 encryption for data at rest
- Row-level security policies for user-scoped records
- Security audits, vulnerability assessment, and strict access controls
- Automated threat detection, rate limiting, and incident response processes
- 3-day breach notification workflow for notifying the PDPC after we determine that a data breach is notifiable
- Primary data storage in Singapore where practical
9. Your Rights Under PDPA
Under the PDPA, you have the following rights.
- Access: request a copy of the personal data we hold
- Correction: request correction of inaccurate or incomplete data
- Withdrawal of consent for specific processing purposes
- Data portability where technically feasible and applicable
- Complaint to the Personal Data Protection Commission if you believe data has been mishandled
10. Cookies & Analytics
We use cookies and similar technologies for essential functionality and analytics.
- Essential cookies for session management, authentication, and security
- PostHog for privacy-conscious product analytics
- Vercel Analytics for anonymised web vitals
- Sentry for error tracking and technical diagnostics
11. Children
Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.
12. International Transfers
Your personal data is primarily stored in Singapore. Some service providers may process data in other jurisdictions, and we use contractual obligations to provide protection comparable to the PDPA.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by posting a notice or sending a notification.
Your continued use of our services after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy, contact us.
Homejourney Pte. Ltd. Data Protection Officer Email: dpo@homejourney.sg Phone: +65 8851 6851 Website: homejourney.sg
You may also file a complaint with the Personal Data Protection Commission at www.pdpc.gov.sg.
PDPA Compliant
This privacy policy is designed for Singapore's Personal Data Protection Act 2012 and is reviewed as Homejourney products and data flows evolve.
Privacy posture
Personal data stays tied to the service you asked us to provide.
Homejourney does not sell personal data. We share information only where needed for product delivery, compliance, safety, or a user-directed handoff.
Consent-led personal data use
Limited service-provider disclosure
User access and correction rights
No sale of personal data