# Privacy Policy — Consumer E-Commerce with Marketing Consent and Analytics Cookies

> **Sample document &mdash; not legal advice.** This document was drafted by the LawCrew AI agent team and is published at `lawcrew.ai/samples` as a showcase of how our pipeline approaches a common Singapore Privacy Policy scenario. This run completed automated drafting, self-critique, adversarial review and deterministic gates, then routed to lawyer review (Self-critique flagged 1 high issue(s); adversarial flagged 2 high concern(s)). **It is not legal advice and is not tailored to any specific transaction.**
>
> LawCrew is a legal-technology service, not a law firm. For your own matter, run an intake through the product and engage an independent Singapore-qualified lawyer to review before signing.
>
> *Sample Privacy Policy #02 &middot; Agent-drafted; routed to lawyer review &middot; Published 2026-05-26*

---

# Privacy Policy

Last updated: 2026-07-01

## 1. Who We Are

ShopLocal Singapore Pte. Ltd. operates https://shoplocal.sg and related services. This Privacy Policy explains how we collect, use, disclose, retain, protect, and transfer personal data in Singapore.

## 2. Personal Data We Collect

We may collect contact details, financial information, browsing behaviour from individual consumers who register accounts or make purchases on the platform. We collect this personal data only for purposes that a reasonable person would consider appropriate in the circumstances and where consent or another permitted basis applies.

## 3. Purposes and Consent

We collect, use, and disclose personal data for: Order processing, payment facilitation, and delivery coordination; customer account management and authentication; personalised product recommendations based on purchase history and browsing behaviour; analytics to improve platform performance and user experience; email and SMS marketing communications (with consent); fraud prevention and security monitoring; IRAS-mandated tax record keeping.

Our primary basis is collection and use necessary to provide requested services. Individuals may withdraw consent by contacting our Data Protection Officer, subject to legal or contractual consequences that we explain at the time of withdrawal.

## 4. Disclosure to Third Parties

We may disclose personal data to the following recipients for the stated purposes:

| Recipient | Purpose | Country |
| --- | --- | --- |
| StripeAsia Pte. Ltd. | Payment gateway processing for card and digital wallet transactions. Credit card data is transmitted directly to the processor and is not stored by ShopLocal Singapore Pte. Ltd. The processor is certified to PCI-DSS Level 1. | SG |
| Ninja Van Singapore Pte. Ltd. | Last-mile delivery and logistics fulfilment of customer orders, including parcel tracking updates sent to customers. | SG |
| Klaviyo Inc. | Email and SMS marketing communications platform. Used only where the customer has provided marketing consent. | US |

## 5. Cross-Border Transfers

We may transfer personal data to US using written contractual clauses requiring comparable protection. We take steps to ensure transferred personal data receives a standard of protection comparable to Singapore data-protection law.

## 6. Protection and Accuracy

We apply reasonable security arrangements to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, and similar risks. We also take reasonable steps to keep personal data accurate and complete where it is likely to be used to make a decision about an individual or disclosed to another organisation.

## 7. Retention

Purchase transaction records and financial data are retained for 7 years from the date of the transaction, as required by IRAS tax record-keeping obligations. Customer account profile data and browsing behaviour data are retained for the duration of the active account plus 2 years following account closure or last activity, whichever is later. Marketing consent records are retained for 5 years from the date consent was given or withdrawn. Payment card data is not retained by us; the PCI-DSS processor retains it per their own policy. We stop retaining personal data, or remove the means by which it can be associated with an individual, when retention is no longer necessary for legal or business purposes.

## 8. Access, Correction, and Questions

Individuals may request access to, or correction of, their personal data by contacting our Data Protection Officer:

| Field | Details |
| --- | --- |
| Name | Mr. Darren Lim Wei Jie |
| Email | privacy@shoplocal.sg |
| Address | ShopLocal Singapore Pte. Ltd., 10 Collyer Quay, #10-01 Ocean Financial Centre, Singapore 049315 |
| Phone | +65 6789 0123 |

## 9. Marketing

Individuals may opt out of marketing communications by contacting privacy@shoplocal.sg.

## 10. Cookies

The service uses essential cookies and analytics cookies to understand how visitors use the service. Individuals may opt out of analytics cookies by contacting our Data Protection Officer. We use Google Analytics 4 and Hotjar analytics cookies to measure how visitors interact with the platform, identify popular categories, and improve the customer experience. Analytics cookies are placed only where the visitor has not opted out. Visitors may opt out of analytics cookies by contacting our Data Protection Officer or by adjusting browser settings. Essential session and authentication cookies are used regardless of analytics preferences.

## 11. Complaints and Updates

Individuals may contact our Data Protection Officer with privacy questions or complaints. If we are unable to resolve a complaint to the individual's satisfaction, the individual may refer the matter to the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg. We may update this Privacy Policy from time to time and will publish the updated version with a new last-updated date.