PDPA Compliant
We collect, use, and disclose personal data only for legitimate product purposes and respond to access, correction, or deletion requests through our DPO.
Security and trust
Trust controls for every property journey.
Homejourney protects sensitive property, payment, and account workflows with encrypted infrastructure, careful access controls, and Singapore PDPA-aware operating practices.
Security posture designed for trust-sensitive decisions.
Property workflows involve identity, money, communications, and documents. The platform keeps those surfaces protected with controls that are part of the product architecture.
PCI DSS via Stripe
Card data never touches Homejourney servers. Payment processing is handled by Stripe, a PCI Level 1 service provider.
SOC 2 Certified Infrastructure
Core cloud providers such as Supabase, AWS, and Vercel maintain independently audited controls for security and availability.
CSA Cyber Essentials alignment
Security practices are aligned with Singapore Cyber Security Agency baseline controls for access, updates, malware protection, and incident response.
How Homejourney protects data.
These controls cover the path from browser to database, including data storage, abuse prevention, and authenticated access.
Encryption in Transit
All data transmitted between your browser or app and our servers is protected with TLS 1.3. Every production connection uses HTTPS.
Encryption at Rest
Data is stored on encrypted infrastructure. Database backups and file storage are encrypted by default through our infrastructure providers.
Data Residency in Singapore
Primary database and storage infrastructure run in the Asia-Pacific Singapore region, keeping core data close to Singapore law.
Authentication & Access Control
Secure OTP verification, session management, and row-level security policies help ensure users only access their own data.
Input Validation
User input is validated before processing. Parameterised queries and safe output handling reduce injection and cross-site scripting risk.
Rate Limiting
API endpoints use rate limits and scanner blocking patterns to reduce automated abuse, credential attacks, and malicious bot traffic.
Compliance posture
Built around Singapore privacy obligations.
Homejourney uses a PDPA-aware operating model, avoids storing card data, and keeps core data infrastructure in the Singapore region where practical.
PDPA-aware data handling
Secure payment delegation
Least-privilege access controls
Singapore-first infrastructure posture
Your data rights
Clear requests, clear ownership.
What personal data do you collect?
We collect only what is necessary to operate the product: account details, contact information, property preferences, service usage, and support context.
How long do you keep my data?
Active account data is retained while your account is open. After account deletion, personal data is purged within 30 days unless legal retention applies.
Can I request my data or deletion?
Yes. Under the PDPA, you can request access, correction, or deletion by contacting our Data Protection Officer at dpo@homejourney.sg.
Do you share data with third parties?
We share data only with service providers needed to deliver the product, such as Stripe, Supabase, and operational tools. We do not sell personal data.
How do you handle data breaches?
If a notifiable breach occurs, we notify affected users and the Personal Data Protection Commission within the timelines required by the PDPA, including the 3-day breach notification deadline for notifying the PDPC after we determine a breach is notifiable.
Questions about data protection?
Contact the Homejourney Data Protection Officer for access, correction, deletion, or policy questions. Homejourney Pte. Ltd. UEN: 202406236N.