PRIVACY POLICY
Figro Technology Pte. Ltd. Effective date: May 01, 2025 | Last updated: May 01, 2025
This Privacy Policy explains how Figro Technology Pte. Ltd. ("Figro", "we", "us", or "our") collects, uses, discloses, and protects personal data when you use our platform, website, and related services (collectively, the "Platform"). We are committed to protecting your privacy in accordance with the Singapore Personal Data Protection Act 2012 (PDPA) and, where applicable, the EU General Data Protection Regulation (GDPR) and other regional data protection laws.
By using the Platform, you consent to the practices described in this Privacy Policy.
1. WHO WE ARE
Figro Technology Pte. Ltd. is a company incorporated in Singapore (UEN: [insert UEN]) with its registered address at [insert address]. We operate a SaaS influencer marketing platform that connects brands and businesses with content creators and key opinion leaders (KOLs).
For the purposes of the GDPR, Figro acts as a data controller in respect of personal data we collect directly from you.
2. PERSONAL DATA WE COLLECT
We collect the following categories of personal data:
Account and identity data: full name, email address, phone number, company name, job title, profile photo, and login credentials.
Business and billing data: billing address, payment method details (processed by our payment provider — we do not store full card numbers), invoicing information, and subscription history.
Platform usage data: campaign details, KOL search queries, saved lists, messages sent through the Platform, deliverable submissions, and activity logs.
KOL profile data (for creators): social media handles, platform account identifiers, follower counts, engagement metrics, content categories, pricing rates, and publicly available profile information sourced from third-party data providers.
Connected account data: if you connect a social media account (such as TikTok or YouTube) to the Platform, we collect OAuth tokens and associated account metadata necessary to facilitate platform integrations and API calls on your behalf.
Technical data: IP address, browser type and version, device identifiers, operating system, referring URLs, pages visited, time spent on the Platform, and session identifiers.
Communications data: emails or messages you send to our support team, feedback submitted through the Platform, and responses to surveys.
3. HOW WE COLLECT PERSONAL DATA
We collect personal data in the following ways:
Directly from you when you register an account, complete your profile, subscribe to a plan, connect a social media account, submit campaign data, contact support, or otherwise interact with the Platform.
Automatically through cookies, web beacons, and similar tracking technologies when you use the Platform or visit our website. Please see Section 9 (Cookies) for more detail.
From third-party sources including social media platforms (via OAuth), KOL data providers (such as Scrumball), and publicly available sources, to enrich creator profiles and analytics.
4. HOW WE USE YOUR PERSONAL DATA
We use personal data for the following purposes:
To provide and operate the Platform: account management, campaign creation and management, KOL discovery, deliverable workflows, and payment processing.
To improve and develop the Platform: analyzing usage patterns, diagnosing technical issues, conducting research, and developing new features.
To personalize your experience: tailoring KOL recommendations, campaign suggestions, and dashboard content based on your usage history and preferences.
To communicate with you: sending transactional emails (account confirmations, payment receipts, campaign updates), product announcements, and, where you have opted in, marketing communications.
To comply with legal obligations: fulfilling our obligations under applicable laws, responding to lawful requests from authorities, and maintaining records required by law.
To protect the Platform and users: detecting and preventing fraud, abuse, security incidents, and violations of our Terms of Service.
Where required by the GDPR, we rely on the following legal bases for processing: performance of a contract (providing the Platform), legitimate interests (improving the Platform, fraud prevention), legal obligation, and consent (marketing communications and cookies).
5. HOW WE SHARE YOUR PERSONAL DATA
We do not sell your personal data. We may share it in the following circumstances:
Service providers: we share data with trusted third-party vendors who process data on our behalf, including cloud infrastructure providers, payment processors, analytics services, email delivery providers, and customer support tools. These parties are contractually bound to process data only as instructed.
KOL-Client interactions: when a Client engages a KOL through the Platform, limited profile and contact information may be shared between the parties as necessary to facilitate the campaign.
Third-party integrations: if you connect social media accounts or other third-party services, data may be exchanged with those platforms in accordance with your authorizations.
Legal and regulatory requirements: we may disclose data to law enforcement, regulators, or courts where required by law or to protect our legal rights.
Business transfers: in the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same protections described in this Policy.
6. INTERNATIONAL DATA TRANSFERS
Figro is headquartered in Singapore and serves users globally, including in the US, Korea, Japan, Europe, and the Arab region. Your personal data may be transferred to and processed in countries outside your own, including Singapore and countries where our service providers are located.
Where we transfer personal data from the European Economic Area (EEA) or United Kingdom to countries not deemed adequate by the European Commission, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.
For users in Singapore, all transfers are conducted in accordance with the PDPA's data transfer obligations.
7. DATA RETENTION
We retain personal data for as long as necessary to fulfill the purposes described in this Policy, maintain your account, comply with legal obligations, resolve disputes, and enforce our agreements.
When your account is terminated or upon your request, we will delete or anonymize your personal data within a reasonable period, subject to retention obligations imposed by law (for example, financial records required under Singapore's accounting and tax laws).
KOL profile data sourced from third-party providers is retained in accordance with the data provider's terms and our legitimate interest in maintaining accurate creator directories.
8. YOUR RIGHTS
Depending on your jurisdiction, you may have the following rights in respect of your personal data:
Under Singapore PDPA: the right to access personal data we hold about you, and the right to correct inaccurate or incomplete personal data.
Under GDPR (EEA/UK users): the right to access, rectify, erase, restrict processing of, and port your personal data; the right to object to processing based on legitimate interests; and the right to withdraw consent at any time where processing is based on consent.
Under other applicable laws: residents of certain US states (including California under CCPA), Korea, Japan, and other jurisdictions may have additional rights under their local laws.
To exercise any of these rights, please contact us at [email protected]. We will respond within the timeframe required by applicable law (generally 30 days). We may need to verify your identity before processing your request.
You also have the right to lodge a complaint with your local data protection authority.
9. COOKIES AND TRACKING TECHNOLOGIES
We use cookies and similar technologies to operate and improve the Platform. These include:
Strictly necessary cookies: required for the Platform to function (session management, authentication, security). These cannot be disabled.
Functional cookies: remember your preferences and settings to provide a personalized experience.
Analytics cookies: collect anonymized information about how users interact with the Platform to help us improve performance and usability.
Marketing cookies: used where you have consented to receive targeted communications. These may be set by third-party advertising partners.
You can manage cookie preferences through your browser settings or our cookie consent tool. Disabling non-essential cookies may affect some Platform functionality.
10. SECURITY
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These include encryption of sensitive data at rest and in transit, access controls, regular security assessments, and staff training.
However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, and you use the Platform at your own risk.
If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities in accordance with applicable law.
11. CHILDREN'S PRIVACY
The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will take steps to delete it promptly. If you believe we have collected data from a minor, please contact us at [email protected].
12. LINKS TO THIRD-PARTY SITES
The Platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through the Platform.
13. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email to your registered address and/or by a prominent notice on the Platform at least 14 days before the changes take effect.
Your continued use of the Platform after the effective date of any updated Policy constitutes your acceptance of the revised terms. If you do not agree, you must stop using the Platform and may delete your account.
14. CONTACT US & DATA PROTECTION OFFICER
For questions, requests, or complaints relating to this Privacy Policy or our handling of your personal data, please contact us:
Company: Figro Technology Pte. Ltd.
UEN:
General support: [email protected]