Privacy Policy

Last updated: 3 June 2026. Operator: Pangaea Capital (the "Operator") trading as CyberInsurance.com.sg.

This Privacy Policy explains how CyberInsurance.com.sg collects, uses, discloses and protects your personal data in compliance with Singapore's Personal Data Protection Act 2012 (PDPA). By using this site or submitting a form, you consent to the practices described here. If you do not agree, please do not use the site or submit personal data.

1. Who we are

CyberInsurance.com.sg is an independent cyber-insurance comparison platform for Singapore businesses and individuals. We are not a Monetary Authority of Singapore (MAS) licensed Financial Adviser, and we are not an insurer. We do not underwrite policies. We refer prospects to licensed insurers and brokers for actual quotes and policy issuance.

2. Personal data we collect

Through the quote form at /quotes/ and any related submission, we may collect:

Identifiers: first name, last name, business email address, business phone number
Business information: industry, company size band, revenue band, claims history, existing security posture indicators
Coverage intent: coverage types of interest, indicative coverage limit, urgency, data types your business handles
Technical metadata: IP address, browser user-agent, submission timestamp, referring URL (collected automatically by Netlify Forms for spam prevention and lead-source attribution)

We do NOT collect NRIC, FIN, or passport numbers via this site. If we ever add such a field, we will update this policy and comply with the PDPA NRIC restriction (PDPC Advisory Guidelines).

3. Purposes for which we use your personal data

Under PDPA Section 13, your personal data is collected only with consent and only for purposes you have been notified of. We use it to:

Generate cyber-insurance quotes from licensed Singapore insurers and brokers on your behalf
Communicate with you about your quote enquiry (email, phone, or both, as you have provided)
Improve the site's educational content based on aggregate enquiry patterns
Detect and prevent abuse of the contact form (anti-spam, fraud prevention)
Comply with applicable Singapore laws, including PDPA Section 26D data-breach notification obligations

We will not use your data for any new purpose without first obtaining your fresh consent.

4. Disclosure to third parties

To obtain quotes for you, we may share your personal data with:

Licensed Singapore insurers — up to 8 cyber-insurance carriers depending on your profile (Chubb, AIG, AXA, MSIG, Tokio Marine, Zurich, Allianz, QBE, and others as the panel evolves)
MAS-licensed Singapore insurance brokers — our partner brokers who place cyber risk on your behalf and provide advice
Technical service providers — Netlify (form hosting + storage), Google Analytics (aggregated traffic analytics, no PII intentionally collected), email delivery providers

We do not sell personal data. We do not share with marketing list brokers, lead aggregators, or any party outside the purposes above.

5. Cross-border data transfer (PDPA Section 26)

Some of our service providers (Netlify, Google, email delivery providers) may store or process data outside Singapore. Where data is transferred outside Singapore, we ensure recipients are bound to a comparable standard of protection — typically through their own published privacy practices and contractual undertakings.

6. Retention

We retain your personal data for as long as reasonably necessary to fulfil the purposes you submitted it for, including any follow-up communication and renewal-cycle reminders. Specifically:

Quote enquiries: 24 months from submission, unless you request earlier deletion
Successful policy referrals: 7 years from policy inception (to meet insurance-industry record-keeping norms)
Anonymous aggregate analytics: retained indefinitely (does not contain personal data)

You may request deletion of your personal data at any time — see Section 9.

7. Security

We implement reasonable security arrangements as required by PDPA Section 24 (Protection Obligation):

HTTPS encryption (TLS) on all site traffic
Form data stored in Netlify Forms with access restricted to the Operator
No storage of payment card or NRIC data on this platform
Quarterly review of access controls and third-party integrations

No security arrangement is impenetrable. In the event of a notifiable data breach under PDPA Section 26B, we will notify the PDPC within 3 calendar days of determination and notify affected individuals as soon as practicable.

8. Cookies and analytics

This site uses Google Analytics (GA4) for aggregate traffic measurement. GA4 sets cookies in your browser. We do not intentionally collect personal data via analytics. You can disable analytics by enabling your browser's "Do Not Track" signal, blocking cookies, or using a privacy-focused browser/extension.

9. Your rights under PDPA

You have the right under PDPA to:

Access the personal data we hold about you (Section 21)
Correct any inaccurate or incomplete personal data (Section 22)
Withdraw consent to our continued processing (Section 16) — this may mean we can no longer assist with your enquiry
Request deletion of your data when our purposes are complete
Be notified if your data is involved in a notifiable data breach (Section 26D)

To exercise any of these rights, contact our Data Protection Officer (DPO) — see Section 11. We will respond within 30 days as required by PDPA, and sooner where possible.

10. Children

This site is intended for businesses and adults aged 18+. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, contact the DPO immediately and we will delete it.

11. Data Protection Officer (DPO)

Under PDPA Section 11, the Operator has designated a Data Protection Officer responsible for ensuring compliance with this policy.

Email: dpo@cyberinsurance.com.sg
Or via: the contact details on our quote form

12. Complaints to the PDPC

If you are unsatisfied with how we have handled your personal data after raising the matter with us, you have the right to lodge a complaint with the Personal Data Protection Commission of Singapore at pdpc.gov.sg.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via a banner on the site for at least 30 days, and the "Last updated" date at the top of this page will be revised. Continued use of the site after a change constitutes acceptance under PDPA Section 13(2) deemed-consent rules.

14. Governing law

This Privacy Policy is governed by the laws of Singapore. Any disputes will be resolved by the Singapore courts.