Moolah collects personal data to:

• Facilitate transactions, account management, and platform functionality.

• Communicate account status, orders, promotions (with consent), and platform updates.

• Improve platform performance and customer experience through analytics and feedback.

• By providing personal information, customers give explicit consent for its collection, use, and disclosure as described in this policy.

• Customers can opt out of marketing communications at any time and have external control over the types of notifications they receive.

Moolah employs rigorous security measures, including:

• Data Encryption: Personal information is encrypted both in transit and at rest.

• Access Control: Only authorised personnel can access personal data on a need-to-know basis.

• Regular Security Audits: Periodic assessments identify and mitigate security vulnerabilities.

• Industry-Standard Practices: Moolah utilises SSL encryption, multi-factor authentication, and frequent system updates to secure customer data.

Moolah retains personal data only for as long as it is needed to fulfil the stated purposes or as required by law. Data is securely deleted or anonymised once it is no longer necessary.

Moolah shares limited user data with third-party providers only when necessary (e.g., for payment processing, identity verification). These providers comply with equivalent data protection standards and are restricted to using the data solely for specified purposes.

For payment processing and identity verification, Moolah uses third-party providers such as Stripe and Singpass. Personal data collected directly by these providers is processed and stored by them in accordance with their own privacy policies and regulatory obligations. Moolah does not store, retain, or have direct access to full payment card details or government-issued identity credentials submitted through Stripe or Singpass.

Under the PDPA, customers have the right to:

• Access and Correct Data: Request access to or correction of personal data.

• Withdraw Consent: Withdraw consent for data collection, use, or disclosure.

• Request Data Portability: Obtain a copy of personal data or request transfer to another provider, subject to regulatory guidelines.

In the event of a data breach that may compromise customer data, Moolah will promptly notify affected customers and regulatory authorities, taking swift action to secure data and prevent further breaches.

Moolah may use cookies and similar technologies to personalise user experience and gather data on platform usage. Customers can manage cookie preferences and will be informed about cookies when accessing the platform.

If data is transmitted outside of Singapore, Moolah ensures the receiving party maintains data protection standards comparable to PDPA requirements, including securing data and limiting access to necessary functions.

Moolah’s services are available to individuals aged 18 and above. For users under 18, parental or guardian consent and supervision are required. Moolah does not knowingly collect data from minors without appropriate consent. If such data is inadvertently collected, it will be promptly deleted.

Moolah adheres to the PDPA and reviews its privacy practices regularly. This Privacy Policy may be updated as needed, and significant changes will be communicated to customers. Updates are effective immediately upon posting.

Customers may submit data access, correction, or portability requests via their account settings or by contacting Moolah’s Data Protection Officer. Moolah processes these requests within a reasonable timeframe in line with PDPA guidelines.

Customers can withdraw consent by deleting their account or contacting support. Account deletion does not affect prior data collection activities based on previously provided consent.

Moolah provides ongoing training on PDPA compliance to staff and monitors data protection policies to prevent unauthorised data access, disclosure, or misuse.

Customers who feel their data has not been handled in line with PDPA standards may contact Moolah’s Data Protection Officer to file a complaint. Moolah will investigate and resolve the matter within a reasonable period and notify the customer of the outcome.

Personal data is stored securely in Singapore unless otherwise stated and is retained only as long as necessary to fulfill its purpose. Retention periods comply with legal and regulatory standards.

Customers with questions, requests, or complaints regarding data practices may contact Moolah’s Data Protection Officer at support@moolah.com.sg