A Singapore-first privacy posture with global transparency and rights awareness.

For Singapore-facing operations, Command Secrets treats the Personal Data Protection Act as a core baseline for the collection, use, disclosure, and protection of personal data. The service also aims to present a transparency standard that aligns in practical terms with major global privacy regimes, including the GDPR, UK GDPR, and California consumer privacy rules where applicable.

The purpose of this page is to explain what categories of information may be collected, why they may be used, how long they may be retained, what rights users may request, and how Command Secrets approaches security, support, and lawful operational disclosure. This page is written in plain customer-facing language and does not replace any narrower contract, platform term, or legally required request-verification process that may apply in a specific case.

Where the website or app introduces new features, plan types, data fields, or integrations, this notice may be updated so the public-facing explanation remains accurate and reasonably current.

Depending on the product flow, this may include identity and contact details, login or account references, billing-related records, subscription history, customer-service correspondence, device and browser signals, report-delivery logs, and user-provided analytical inputs such as birth-related details, names, language preferences, and behavioural decision logs.

If a customer uploads, submits, or types information into the service, that information may be stored and processed to generate individualized results, customer support replies, delivery records, anti-fraud checks, and account continuity. Command Secrets does not ask customers to disclose more information than is reasonably necessary for the requested service path, and users should avoid submitting third-party personal data unless they are authorised to do so.

Some technical data may also be recorded automatically for service integrity, including IP-related logs, request timestamps, browser details, security events, crash diagnostics, broken-link detection, and anti-abuse indicators used to protect the website and customer outputs.

Typical uses may include providing access to the website or application, creating and delivering analytical outputs, managing subscriptions, verifying ownership of an account, responding to billing or support requests, improving service reliability, detecting abuse, handling legal or regulatory obligations, and preserving evidence where account misuse, fraud, or intrusion is suspected.

Command Secrets does not present this public page as a promise that personal data will never be disclosed under any circumstances. Data may be shared with hosting providers, infrastructure vendors, payment processors, technical contractors, legal advisers, or competent authorities where such sharing is reasonably necessary for operating the service, protecting rights, investigating abuse, or complying with law.

Command Secrets does not sell personal data in the ordinary commercial sense described by many privacy laws. If a jurisdiction grants a right to request information about sharing, correction, deletion, access, or restriction, Command Secrets may require reasonable verification before acting on that request so that customer data is not disclosed to the wrong person.

For Singapore users, Command Secrets aims to respect core PDPA expectations around consent management where required, appropriate notification, access and correction handling, protection of personal data, and controlled retention. For users in the European Union or United Kingdom, the service also recognises that transparency, access, rectification, erasure, restriction, objection, portability, and complaint rights may apply in specific circumstances under the GDPR or UK GDPR.

For California residents, the service also recognises that rights may include knowing what personal information is collected and how it is used, requesting deletion subject to legal exceptions, correcting inaccurate information, limiting certain sensitive-information uses, opting out of sale or sharing where relevant, and being free from discrimination for exercising statutory privacy rights.

Because rights depend on law, geography, customer status, and technical context, Command Secrets may ask for enough information to verify identity, narrow the request, or explain why part of a request cannot be fulfilled exactly as submitted. Requests may be declined where law permits refusal, where identity cannot be verified, where retention is required, or where disclosure would adversely affect the rights or security of others.

Command Secrets may retain data for as long as reasonably necessary to provide the requested service, maintain account continuity, answer disputes, prevent fraud, preserve report history for legitimate customer retrieval, comply with legal obligations, or protect the business where misuse, chargebacks, or security events need review. Different categories of data may therefore have different retention periods.

Security controls may include password protection, restricted internal access, logging, infrastructure-level safeguards, watermarking for report outputs, security review of broken-link and crash events, and technical controls designed to reduce crawling, cloning, scraping, unauthorised developer-tool interference, and hostile intervention against customer-facing surfaces. No online system can promise absolute security, so users should also protect their own credentials and devices.

Because digital infrastructure may involve cloud providers, regional vendors, and globally distributed technical services, personal data may be stored or processed outside a user's home jurisdiction. Where cross-border handling occurs, Command Secrets aims to do so under reasonable contractual, technical, or operational safeguards appropriate to the service context.

Privacy, access, correction, deletion, objection, withdrawal, support, and billing-related requests should be submitted through the public support path so they can be reviewed and logged through a controlled operational process. Command Secrets may need to confirm identity before releasing, correcting, or deleting account-linked information.

Where marketing communications are introduced, Command Secrets aims to provide unsubscribe or opt-out controls appropriate to the communication channel. Singapore telephone marketing practices, if ever used, would also need to respect Do Not Call requirements where applicable.

If Command Secrets materially changes the way personal data is handled, this notice may be revised so that users can review the updated public position before continuing to use the service.