Privacy Policy

Last updated: 5 April 2026

1. About This Policy

This privacy policy explains how Zelix Labs Pte Ltd ("Zelix", "we", "us", "our"), a company incorporated in Singapore, collects, uses, discloses, and protects your personal data when you visit our website (zelixlabs.com) or engage our services.

We are committed to complying with the Personal Data Protection Act 2012 (PDPA) of Singapore and, where applicable, the General Data Protection Regulation (GDPR) of the European Union.

2. Data We Collect

2.1 Information you provide directly

When you fill in our audit form or contact us, we collect:

Full name
Business name
Phone number (including country code)
Email address
Industry
Information about your business needs (e.g. bottleneck selection)

2.2 Information collected automatically

When you visit our website, we may automatically collect:

IP address and approximate location
Browser type and version
Device type and operating system
Pages visited, time spent, and referring URL
Cookie and session data

2.3 Information from third parties

We may receive data from third-party platforms used in our service delivery, including respond.io, WhatsApp Business API, CRM platforms, and advertising platforms (Meta, Google).

3. How We Use Your Data

Purpose	Legal Basis (PDPA / GDPR)
To respond to your enquiry and schedule a consultation	Consent / Legitimate interest
To deliver services you have engaged us for	Contractual necessity
To send follow-up messages via WhatsApp or email	Consent
To improve our website and services	Legitimate interest
To send marketing communications (with your consent)	Consent
To comply with legal obligations	Legal obligation

4. Consent and the PDPA

Under the Singapore Personal Data Protection Act 2012 (PDPA):

We collect, use, and disclose your personal data only with your consent, or where permitted under the PDPA.
By submitting our audit form or contacting us via WhatsApp, you consent to the collection and use of your personal data for the purposes described in this policy.
You may withdraw your consent at any time by contacting us. Upon withdrawal, we will cease collecting, using, or disclosing your personal data, unless required by law. Please note that withdrawal of consent may affect our ability to provide services to you.
We will notify you of the purposes for which we collect your data at or before the time of collection.

4.1 Deemed Consent

In certain circumstances, your consent may be deemed under the PDPA, such as when you voluntarily provide your personal data for a purpose that is reasonable and apparent from the circumstances.

4.2 Exceptions

We may collect, use, or disclose your personal data without consent where permitted under the PDPA, including for business asset transactions, legal proceedings, or where necessary in the national or public interest.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

Service providers — third-party tools we use to deliver our services, including respond.io, Make.com (form processing), WhatsApp Business API providers, CRM platforms, and email marketing tools
Advertising platforms — Meta and Google for campaign measurement and retargeting (using anonymised or hashed data)
Professional advisors — legal, accounting, or compliance advisors where necessary
Legal authorities — where required by law, regulation, or legal process

All third-party service providers are required to protect your data and use it only for the purposes for which it was shared.

6. International Data Transfers

Your data may be transferred to and processed in countries outside Singapore, including where our third-party service providers operate (e.g. United States, European Union, Malaysia). Where such transfers occur, we ensure that adequate protection is in place in accordance with the PDPA's transfer limitation obligation and, where applicable, GDPR transfer safeguards.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
Enquiry data is retained for up to 24 months from the date of collection.
Client data is retained for the duration of the service engagement plus 36 months.
When data is no longer needed, it is securely deleted or anonymised.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

End-to-end encryption for WhatsApp communications
Role-based access controls for team members
Secure hosting and transmission (HTTPS/TLS)
Regular review of data access and security practices

While we take reasonable steps to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

9. Cookies and Tracking

Our website uses:

Essential cookies — for theme preference (dark/light mode) stored in session storage
Analytics cookies — Google Analytics (GA4) to understand how visitors use our site
Advertising cookies — Meta Pixel for conversion tracking and retargeting

You can control cookies through your browser settings. Disabling certain cookies may affect your experience on our website.

10. Your Rights

10.1 Under the PDPA (Singapore)

You have the right to:

Access — request a copy of the personal data we hold about you
Correction — request correction of any inaccurate or incomplete data
Withdrawal of consent — withdraw your consent for us to collect, use, or disclose your data

To exercise these rights, contact us using the details below. We will respond within 30 business days. We may charge a reasonable fee to cover administrative costs for access requests.

10.2 Under the GDPR (EU/EEA residents)

If you are located in the EU or EEA, you additionally have the right to:

Erasure — request deletion of your personal data
Restriction — request restriction of processing
Portability — receive your data in a structured, machine-readable format
Object — object to processing based on legitimate interest
Lodge a complaint — with your local data protection authority

11. Do Not Call (DNC) Registry

We respect Singapore's Do Not Call (DNC) provisions under the PDPA. We will not send marketing messages to Singapore telephone numbers registered on the DNC Registry unless we have obtained your clear and unambiguous consent.

12. Children's Data

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this privacy policy from time to time. The updated version will be posted on this page with a revised "last updated" date. We encourage you to review this policy periodically.

14. Data Protection Officer

If you have any questions, concerns, or requests regarding your personal data or this privacy policy, please contact our Data Protection Officer:

WhatsApp: +65 9668 6186
Website: zelixlabs.com

If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore.