Privacy Policy

1. Introduction

&7 ("we", "our", or "us") is committed to protecting your personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our website or use our services.

Our registered business address is in Singapore, and we are subject to Singapore's data protection laws.

2. Personal Data We Collect

We may collect the following types of personal data from you:

• Contact Information: Name, email address, phone number, company name
• Business Information: Project requirements, service inquiries, budget information
• Technical Information: IP address, browser type, device information, pages visited
• Communication Data: Messages, inquiries, and correspondence with us

3. How We Collect Personal Data

We collect personal data through:

• Contact forms on our website
• Email communications
• Service inquiries and consultations
• Website analytics and cookies
• Business meetings and discussions

4. Purpose of Collection, Use, and Disclosure

We collect, use, and disclose your personal data for the following purposes:

• Responding to your inquiries and service requests
• Providing web development, automation, and AI services
• Project planning, execution, and delivery
• Communication regarding projects and services
• Improving our website and services
• Complying with legal obligations
• Sending relevant updates about our services (with your consent)

We will notify you of the purposes for collection, use, or disclosure of your personal data and obtain your consent before or at the time of collection.

5. Consent

By submitting your personal data through our website or engaging our services, you consent to the collection, use, and disclosure of your personal data as described in this Privacy Policy.

You may withdraw your consent at any time by contacting us at enquiry@ampersands.co. Please note that withdrawal of consent may affect our ability to provide services to you.

6. Disclosure to Third Parties

We may disclose your personal data to:

• Service Providers: Cloud hosting providers, email services, analytics tools (e.g., Vercel, Microsoft Graph Mail)
• Business Partners: Technology vendors required for project delivery
• Legal Authorities: When required by law or to protect our rights

We ensure that all third parties are bound by confidentiality obligations and comply with applicable data protection laws.

7. Cross-Border Data Transfer

Your personal data may be transferred to and stored on servers located outside Singapore (e.g., cloud infrastructure in the United States or other regions). We ensure that such transfers comply with the PDPA and that comparable levels of data protection are maintained.

We use reputable international service providers such as Vercel and Microsoft Azure that maintain appropriate security measures and comply with international data protection standards.

8. Data Accuracy and Retention

We take reasonable efforts to ensure that your personal data is accurate and complete. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

Typically, we retain:

• Contact form submissions: 3 years from last contact
• Project-related data: Duration of project + 7 years (for legal and business purposes)
• Marketing communications: Until consent is withdrawn

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, collection, use, disclosure, copying, modification, disposal, loss, or similar risks. These measures include:

• SSL/TLS encryption for data transmission
• Secure cloud infrastructure with access controls
• Regular security assessments and updates
• Employee training on data protection
• Restricted access to personal data on a need-to-know basis

10. Your Rights and Access to Personal Data

Under the PDPA, you have the right to:

• Request access to your personal data held by us
• Request correction of inaccurate or incomplete personal data
• Withdraw consent for collection, use, or disclosure of your personal data
• Request information about how your personal data has been used or disclosed in the past year

To exercise these rights, please contact us at enquiry@ampersands.co. We will respond to your request within 30 days. We may charge a reasonable fee for processing your request.

11. Data Breach Notification

In the event of a data breach that affects your personal data and is likely to result in significant harm or impact, we will notify you and the Personal Data Protection Commission (PDPC) within 3 calendar days of assessing the breach, as required under the PDPA.

12. Cookies and Analytics

Our website uses essential cookies for functionality and analytics cookies to understand website usage. We use Vercel Analytics to collect anonymized usage data to improve our website. For more information, please see our Cookie Policy.

13. Children's Data

Our services are directed at businesses and organizations. We do not knowingly collect personal data from individuals under 18 years of age. If you are under 18, please do not provide any personal data to us.

14. Data Protection Officer

For questions about this Privacy Policy or our data protection practices, please contact our Data Protection Officer at:

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on this page with a revised "Last updated" date. We encourage you to review this Privacy Policy periodically.

16. Complaints

If you have concerns about how we handle your personal data, please contact us at enquiry@ampersands.co. If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore: