# Privacy Policy — B2B SaaS (Essential Only, No Marketing, DPO Required)

> **Sample document &mdash; not legal advice.** This document was drafted by the LawCrew AI agent team and is published at `lawcrew.ai/samples` as a showcase of how our pipeline approaches a common Singapore Privacy Policy scenario. This run completed automated drafting, self-critique, adversarial review and deterministic gates, then routed to lawyer review (Self-critique flagged 1 high issue(s); adversarial flagged 2 high concern(s)). **It is not legal advice and is not tailored to any specific transaction.**
>
> LawCrew is a legal-technology service, not a law firm. For your own matter, run an intake through the product and engage an independent Singapore-qualified lawyer to review before signing.
>
> *Sample Privacy Policy #01 &middot; Agent-drafted; routed to lawyer review &middot; Published 2026-05-26*

---

# Privacy Policy

Last updated: 2026-07-01

## 1. Who We Are

NexusOps Pte. Ltd. operates https://nexusops.sg and related services. This Privacy Policy explains how we collect, use, disclose, retain, protect, and transfer personal data in Singapore.

## 2. Personal Data We Collect

We may collect contact details from business customers and their authorised employees and contractors who access the platform under a corporate subscription agreement. We collect this personal data only for purposes that a reasonable person would consider appropriate in the circumstances and where consent or another permitted basis applies.

## 3. Purposes and Consent

We collect, use, and disclose personal data for: Provision and management of the workflow automation platform under subscription agreement; account administration; technical support and troubleshooting; service improvement and security monitoring; invoicing and payment processing; regulatory compliance and audit obligations.

Our primary basis is collection and use necessary to provide requested services. Individuals may withdraw consent by contacting our Data Protection Officer, subject to legal or contractual consequences that we explain at the time of withdrawal.

## 4. Disclosure to Third Parties

We do not routinely disclose personal data to third-party recipients except where required by law or with consent.

## 5. Cross-Border Transfers

We do not routinely transfer personal data outside Singapore. If that changes, we will use a transfer basis that provides a standard of protection comparable to Singapore data-protection law.

## 6. Protection and Accuracy

We apply reasonable security arrangements to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, and similar risks. We also take reasonable steps to keep personal data accurate and complete where it is likely to be used to make a decision about an individual or disclosed to another organisation.

## 7. Retention

Contact details and account data are retained for the duration of the active subscription plus 3 years following the expiry or termination of the subscription agreement, to satisfy contractual audit and dispute resolution requirements. System access logs are retained for 1 year from the date of creation. Where we are under a legal obligation to retain data for a longer period, we will retain it for that longer period. We stop retaining personal data, or remove the means by which it can be associated with an individual, when retention is no longer necessary for legal or business purposes.

## 8. Access, Correction, and Questions

Individuals may request access to, or correction of, their personal data by contacting our Data Protection Officer:

| Field | Details |
| --- | --- |
| Name | Ms. Priya Krishnaswamy |
| Email | dpo@nexusops.sg |
| Address | NexusOps Pte. Ltd., 1 Fusionopolis Way, #08-02 Connexis South, Singapore 138632 |
| Phone | +65 6123 4567 |

## 9. Marketing

We do not use personal data for direct marketing unless we obtain consent or another permitted basis applies.

## 10. Cookies

The service uses essential cookies for login, security, and service delivery. We use session authentication cookies and CSRF-protection tokens that are strictly necessary for platform login, secure session management, and delivery of the contracted service. These cookies are not used for tracking or analytics.

## 11. Complaints and Updates

Individuals may contact our Data Protection Officer with privacy questions or complaints. If we are unable to resolve a complaint to the individual's satisfaction, the individual may refer the matter to the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg. We may update this Privacy Policy from time to time and will publish the updated version with a new last-updated date.