Privacy Policy

WhereHDB is an independent, AI-native, map-first home-decision product for Singapore homes, starting with resale HDBs. This policy covers personal data collected through the WhereHDB website and related product features, including listing and map exploration, filters, facility context, account features, AI features where enabled, feedback, support, operations, product communications, and billing features where enabled.

It does not cover third-party websites, listing platforms, map providers, identity providers, payment processors, or public datasets that have their own privacy practices.

Account and login data may include your email address, role, account status, login timestamps, verification status, authentication method records, session records, and security metadata.

Account audit records may include actions taken on or through an account, the affected subject, the resulting value, the user or system actor, and the time of the event. This may include account creation, login or session events, role or status changes, security changes, account deletion, admin actions, and related operational events.

If third-party sign-in or account linking is enabled and you choose to use it, the identity provider may send us information needed to create, sign in to, or link your account.

Profile data may include information you choose to provide for account, buyer, seller, agent, or verification-related features.

Listing, search, and map data may include searches, filters, map viewport state, selected listings, listing detail requests, facility proximity requests, settings, and related usage events. This information is generally processed to render the map, return listings, preserve browser state, troubleshoot requests, and secure the service. We do not describe ordinary search, filter, or map state as a stored account history unless a feature specifically saves it, such as AI conversation history, feedback, security records, or billing records.

Product analytics and error-monitoring data may include page routes, feature interactions, listing identifiers, source-link redirects, saved-filter actions, AI feature usage, checkout flow states, referrer or filter context, device and browser metadata, and event timestamps. Optional analytics may include session replay recordings so we can understand product friction, rendering issues, and broken workflows. We use aggregated or bucketed properties where practical, and we configure analytics to avoid intentionally collecting passwords, payment card details, sensitive government identifiers, or arbitrary form input content. Optional analytics is controlled separately from necessary cookies and browser storage.

Where AI features are enabled, we may store prompts, conversation records, AI-generated responses, related usage records, and feedback on AI responses. For signed-in users, these records may be linked to your account and conversation. For visitors who are not signed in, we may store a pseudonymous guest identifier, guest conversation records, and related usage records so that the current conversation can work and we can understand usage patterns.

AI usage records may include capability, availability, usage, cost, performance, and service outcome information. Listing, search, filter, page, and source-link context may also be processed as input to an AI request, even if that context is not separately saved as a general browsing history.

Feedback may include your message, page context, submission time, browser or device context, account context if you are signed in, and a pseudonymous guest identifier if you are not signed in. Feedback is routed to product, support, or operations systems; it is not described as a general database record of your browsing activity.

Product update subscriptions may include the email address you provide, subscription topic, submission time, delivery status, unsubscribe status, and related email-service records. These records are used to send product updates, research notes, release information, and early feature availability notices to people who asked to follow the project.

If billing features are enabled, we may collect billing records such as purchase, plan, credit, checkout, subscription, payment status, receipt, refund, and audit information. Payment card details are entered and processed through payment processors. WhereHDB stores billing and entitlement records, not payment card details.

We may also collect technical, security, and operations data such as request logs, authentication and abuse-prevention records, error logs, and device or browser metadata. These records may be kept in infrastructure, logging, monitoring, or security systems rather than the primary application database.

We use personal data to create, verify, authenticate, and secure accounts; provide map, listing, search, filter, facility, account, AI, feedback, and billing features; detect abuse, scraping, spam, fraud, and security incidents; maintain logs and audits; improve WhereHDB; communicate service, account, security, legal, and support messages; and comply with legal, regulatory, accounting, tax, and dispute obligations.

If you join the product updates list, we use your email address to send WhereHDB product updates. You can unsubscribe or request deletion subject to legal, security, and operational limits.

Where AI-assisted search or listing analysis is enabled, prompts, submitted content, current product context, conversation history, and related metadata may be processed by WhereHDB and service providers. Different providers or processing paths may be used depending on the capability, availability, reliability, safety, cost, and abuse-prevention needs of the feature.

Some capabilities may process information from links or other user-provided context when available. If a requested capability is unavailable, WhereHDB may still process the rest of your request without that capability.

AI outputs can be inaccurate, incomplete, stale, or unsuitable for your circumstances. Do not include sensitive personal data, NRIC/FIN numbers, financial account information, private family details, medical information, or information about other people in prompts unless a feature specifically asks for it and you are comfortable with that processing.

We use cookies, local storage, and similar browser storage for authentication, session refresh, third-party sign-in protection, security, user settings, theme, map/filter state, drafts, pseudonymous guest identifiers, analytics preferences, product analytics, and service functionality. We do not use analytics storage to store payment card details or sensitive government identifiers.

Where analytics is enabled, our cookie preferences distinguish necessary storage from optional analytics storage. Necessary storage is required for WhereHDB to work. Users may accept or reject optional analytics through the cookie banner, block analytics through browser controls, or contact us to withdraw consent for future analytics collection where applicable. We may add marketing cookies later only after updating notices and controls as appropriate.

WhereHDB uses public or third-party listing data, public datasets, facility data, map data, and geospatial sources. These may include resale listing information, listing details, listing images or image URLs, sales agent information shown with listings, public facility locations, map tiles, and other publicly available, licensed, or third-party source data.

Public or third-party data can be incomplete, stale, duplicated, inaccurate, unavailable, or subject to source restrictions.

We may disclose personal data to service providers and other recipients where reasonably needed for the purposes described in this policy. These categories may include infrastructure, hosting, storage, security, analytics, authentication, communications, support, AI gateway and model providers, extraction, mapping, public-data, payment, professional adviser, legal, regulatory, investor, acquirer, or successor recipients.

We do not sell personal data as a standalone business.

We retain personal data only as long as reasonably needed for service operation, account management, security, dispute handling, legal compliance, accounting, product improvement, and auditability. When data is no longer needed, we will delete it, anonymise it, or remove the means by which it can reasonably be associated with you, unless retention is required or permitted by law.

If you delete your account or ask us to delete personal data, we may still retain limited records where reasonably needed for security, fraud prevention, abuse investigation, dispute handling, legal compliance, accounting, tax, payment administration, refunds, chargebacks, auditability, or backup integrity. These retained records may include account audit records, billing records, payment audit records, entitlement records, credit ledger records, receipts, and related operational logs. We limit retained records to what is reasonably needed for those purposes and will delete, anonymise, or de-associate them when those purposes no longer apply.

We use reasonable technical and organisational safeguards designed to protect personal data. No internet service can guarantee absolute security. You are responsible for keeping your account credentials, authenticator app, devices, and browser sessions secure.

WhereHDB and its service providers may process personal data in Singapore and other jurisdictions. Where we transfer personal data outside Singapore, we take steps designed to ensure that the transferred personal data receives a standard of protection comparable to the Singapore PDPA.

You may request access to personal data that we hold about you, correction of inaccurate personal data, deletion of personal data, or withdrawal of consent for future collection, use, or disclosure. Contact [email protected] for privacy questions, complaints, or requests about our data protection policies and practices. We may need to verify your identity, and some requests may be limited by law, security, backup constraints, legal privilege, dispute records, accounting obligations, or legitimate business needs. A deletion request does not necessarily delete audit trails, payment records, credit records, tax records, or security logs that we still need to retain for a valid legal or business purpose.

We may send service, account, security, billing, and operational messages. If we send marketing communications, we will provide a way to opt out where required.

WhereHDB is not directed at children. If you are under 18, use WhereHDB only with the involvement of a parent or guardian.

Third-party websites, listing platforms, maps, payment pages, public datasets, identity providers, payment processors, and other services are governed by their own terms and privacy policies.

We may update this policy as WhereHDB evolves. Material updates may be notified through the website, account notices, email, or another reasonable method.

Operator: HOMEGRID LABS (UEN 53524748J)
Product: WhereHDB
Privacy / DPO contact: [email protected]
Legal notices: [email protected]