# Privacy Policy — Fintech Platform with MAS Regulatory Obligations and Extended Retention

> **Sample document &mdash; not legal advice.** This document was drafted by the LawCrew AI agent team and is published at `lawcrew.ai/samples` as a showcase of how our pipeline approaches a common Singapore Privacy Policy scenario. This run completed automated drafting, self-critique, adversarial review and deterministic gates, then routed to lawyer review (Self-critique flagged 2 high issue(s); adversarial flagged 4 high concern(s)). **It is not legal advice and is not tailored to any specific transaction.**
>
> LawCrew is a legal-technology service, not a law firm. For your own matter, run an intake through the product and engage an independent Singapore-qualified lawyer to review before signing.
>
> *Sample Privacy Policy #05 &middot; Agent-drafted; routed to lawyer review &middot; Published 2026-05-26*

---

# Privacy Policy

Last updated: 2026-07-01

## 1. Who We Are

ClearPay Financial Technologies Pte. Ltd. operates https://clearpay.sg and related services. This Privacy Policy explains how we collect, use, disclose, retain, protect, and transfer personal data in Singapore.

## 2. Personal Data We Collect

We may collect contact details, identification information, financial information from individual consumers and business account holders who register on the ClearPay platform; authorised representatives of corporate customers. We collect this personal data only for purposes that a reasonable person would consider appropriate in the circumstances and where consent or another permitted basis applies.

## 3. Purposes and Consent

We collect, use, and disclose personal data for: Providing payment initiation and account aggregation services under our MAS Major Payment Institution licence; customer identity verification and ongoing due diligence for anti-money laundering (AML) and countering financing of terrorism (CFT) purposes under MAS Notice PSN02; generating consolidated account and transaction reports at the customer's request; fraud detection, security monitoring, and technology risk management in compliance with MAS TRM guidelines; resolving payment disputes; complying with MAS regulatory reporting obligations and statutory audit requirements.

Our primary basis is compliance with legal obligations. Individuals may withdraw consent by contacting our Data Protection Officer, subject to legal or contractual consequences that we explain at the time of withdrawal.

## 4. Disclosure to Third Parties

We may disclose personal data to the following recipients for the stated purposes:

| Recipient | Purpose | Country |
| --- | --- | --- |
| Monetary Authority of Singapore (MAS) | Regulatory reporting, supervisory examinations, and statutory disclosures required under the Payment Services Act 2019 and subsidiary legislation. | SG |
| NETS (Singapore) Pte. Ltd. | Interbank payment routing and settlement for NETS-enabled payment transactions initiated through the platform. | SG |
| BDO LLP | Statutory audit of financial records as required by MAS licensing conditions and the Companies Act 1967. | SG |

## 5. Cross-Border Transfers

We do not routinely transfer personal data outside Singapore. If that changes, we will use a transfer basis that provides a standard of protection comparable to Singapore data-protection law.

## 6. Protection and Accuracy

We apply reasonable security arrangements to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, and similar risks. We also take reasonable steps to keep personal data accurate and complete where it is likely to be used to make a decision about an individual or disclosed to another organisation.

## 7. Retention

Customer identity verification records (including NRIC, passport, and Singpass MyInfo data used for onboarding) are retained for 5 years from the date the customer relationship ends, as required by MAS Notice PSN02 on AML/CFT. Financial transaction records are retained for 7 years from the date of the transaction, in compliance with the Companies Act 1967 and IRAS record-keeping obligations. Account aggregation data and consolidated reports are retained for 5 years. System and access logs relevant to MAS TRM compliance are retained for 1 year. After expiry of the applicable retention period, personal data is securely destroyed in accordance with our data disposal policy. We stop retaining personal data, or remove the means by which it can be associated with an individual, when retention is no longer necessary for legal or business purposes.

## 8. Access, Correction, and Questions

Individuals may request access to, or correction of, their personal data by contacting our Data Protection Officer:

| Field | Details |
| --- | --- |
| Name | Ms. Tan Hwee Lin |
| Email | dpo@clearpay.sg |
| Address | ClearPay Financial Technologies Pte. Ltd., 80 Raffles Place, #22-01 UOB Plaza 1, Singapore 048624 |
| Phone | +65 6456 7890 |

## 9. Marketing

Individuals may opt out of marketing communications by contacting privacy@clearpay.sg.

## 10. Cookies

The service uses essential cookies for login, security, and service delivery. We use only session authentication, CSRF-protection, and fraud-detection cookies that are strictly necessary for secure login, session integrity, and detecting anomalous access patterns on the platform. No analytics or marketing cookies are used. The fraud-detection cookies do not capture content of financial transactions.

## 11. Complaints and Updates

Individuals may contact our Data Protection Officer with privacy questions or complaints. If we are unable to resolve a complaint to the individual's satisfaction, the individual may refer the matter to the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg. We may update this Privacy Policy from time to time and will publish the updated version with a new last-updated date.