Privacy Policy
Last Updated: 8 May 2026 Effective Date: 8 May 2026
Beta Notice: Revive is currently in beta. This Privacy Policy may be updated as the service evolves. Material changes will be notified via the Service or email.
1. Introduction
The Brand Canvas Pte. Ltd. ("we", "us", "our", "Company") operates the Revive platform ("Service") at https://revive.sg.
This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA), as amended.
We are committed to handling your personal data responsibly and transparently. By using the Service, you consent to the practices described in this policy.
2. Data Protection Officer (DPO)
In compliance with the PDPA's Accountability Obligation, we have appointed a Data Protection Officer:
- Name: Hanae Kojima
- Role: Data Protection Officer, The Brand Canvas Pte. Ltd.
- Email: hanae@thebrandcanvas.sg
You may contact our DPO for any questions, requests, or complaints regarding your personal data.
3. Personal Data We Collect
We collect the following categories of personal data:
3.1 Information You Provide Directly
Account Registration
- Name
- Email address
- Phone number (if provided)
- Company name
- Job title / position
- Password (stored as a one-way hash, never accessible to us)
Listing Information
- Property/equipment/event details and descriptions
- Photos and images you upload
- Pricing and contact preferences
- Location information of listings
Communications
- Chat messages between users
- Support inquiries
- Feedback and reviews
3.2 Information Collected Automatically
- IP address
- Browser type and version
- Device information (type, operating system)
- Pages visited, time spent, and clicks within the Service
- Referring URLs
- Cookies and similar tracking technologies (see Section 9)
3.3 Information from Third Parties
We do not currently obtain personal data from third parties. If this changes, we will update this policy and notify you.
4. Purposes of Collection (PDPA Notification Obligation)
We collect, use, and disclose your personal data for the following purposes:
4.1 Service Operation
- Creating and managing your account
- Displaying your listings to other users
- Facilitating communication between users via chat
- Operating the wishlist feature
- Authenticating your identity at login
4.2 Service Improvement
- Analyzing usage patterns to improve features
- Debugging issues and improving stability
- Developing new features based on user behavior
4.3 Communications
- Sending account-related notifications (e.g., password reset, security alerts)
- Sending Service updates and new feature announcements
- Responding to your inquiries
4.4 Legal and Safety
- Complying with legal obligations (e.g., responding to lawful requests)
- Preventing fraud, abuse, and policy violations
- Protecting the rights and safety of users and the Company
4.5 Marketing (with consent)
- Sending promotional emails or messages — only with your prior consent (PDPA Consent Obligation)
- You may withdraw consent at any time (see Section 7)
We will not use your personal data for purposes beyond those listed without obtaining your fresh consent.
5. Legal Basis for Collection
Under the PDPA, we rely on the following bases:
- Your consent (express or deemed) for service operation and marketing
- Legitimate interests in operating, improving, and securing the Service
- Legal obligation when responding to lawful authorities
- Contractual necessity to deliver the Service you have requested
6. Disclosure of Personal Data
We do NOT sell your personal data. We may disclose your personal data to:
6.1 Other Users (with your knowledge)
- Your name (or business name), profile information, and listings are visible to other registered users
- Your chat messages are shared only with the user(s) you choose to chat with
- Your contact information is NOT shared automatically; it is exchanged only when you choose to do so
6.2 Service Providers (Data Processors)
We use trusted third-party providers to operate the Service. These include:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | Singapore (ap-southeast-1) |
| Vercel | Web hosting and content delivery | Singapore (sin1) |
| GoDaddy | Domain registration and DNS | United States |
These providers are bound by data protection agreements and are required to protect your data to PDPA-comparable standards.
6.3 Legal Disclosures
We may disclose your data when required by:
- Singapore law or court order
- Government investigations
- Protection of our or others' legal rights, property, or safety
6.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you of any such change.
7. Your Rights Under the PDPA
You have the following rights regarding your personal data:
7.1 Right to Access
You may request a copy of the personal data we hold about you and information about how it has been used or disclosed in the past 12 months.
7.2 Right to Correction
You may request correction of any inaccurate or incomplete personal data.
7.3 Right to Withdraw Consent
You may withdraw your consent for the collection, use, or disclosure of your personal data at any time. Note that withdrawal may affect our ability to provide the Service to you.
7.4 Right to Account Deletion
You may delete your account, after which we will delete or anonymize your personal data, subject to legal retention requirements.
7.5 How to Exercise Your Rights
Submit requests to: hanae@thebrandcanvas.sg
We will respond to verifiable requests within 30 days as required by the PDPA. We may charge a reasonable fee for access requests as permitted by law.
8. Data Retention
We retain your personal data only for as long as necessary:
| Data | Retention Period |
|---|---|
| Active account data | While your account is active |
| Closed account data | Up to 12 months after deletion (for fraud prevention and legal compliance), then deleted or anonymized |
| Chat messages | While both users have active accounts |
| Listings (after deletion) | 30 days in soft-delete, then permanently deleted |
| Server logs | Up to 90 days |
| Backup data | Up to 90 days |
Some data may be retained longer if required by law (e.g., financial records under tax law).
9. Cookies and Tracking Technologies
We use cookies and similar technologies for:
- Essential cookies: Authentication and session management (required for login)
- Functional cookies: Remembering your preferences
- Analytics cookies: Understanding usage patterns (anonymized)
You can control cookies via your browser settings. Disabling essential cookies may break the Service.
We do not currently use third-party advertising cookies.
10. Data Security
We implement reasonable technical and organizational security measures to protect your personal data, including:
- Encryption in transit: HTTPS/TLS for all data transmission
- Encryption at rest: Database and file storage encrypted by Supabase
- Access controls: Row-Level Security (RLS) policies, role-based access
- Authentication: Hashed passwords, secure session tokens
- Infrastructure: Hosted on enterprise-grade providers (Supabase, Vercel)
- Regular reviews: Ongoing monitoring of security practices
However, no system is 100% secure. You are responsible for keeping your password confidential and notifying us of any suspicious activity.
11. Cross-Border Data Transfers
Your data is primarily stored in Singapore (Supabase ap-southeast-1, Vercel sin1).
Some service providers (e.g., GoDaddy DNS) operate from outside Singapore. When data is transferred outside Singapore, we ensure:
- The recipient is bound by contractual obligations to provide PDPA-comparable protection
- The transfer complies with Section 26 of the PDPA
12. Data Breach Notification
In the event of a data breach that is likely to cause significant harm or affects 500 or more individuals, we will:
- Notify the Personal Data Protection Commission (PDPC) within 3 calendar days as required by the PDPA
- Notify affected individuals as soon as practicable
- Take immediate remedial action
13. Children's Privacy
The Service is intended for users 18 years and older acting in a business capacity. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, please contact our DPO immediately so we can delete it.
14. Marketing Communications
If you have consented to receive marketing communications:
- We will only send messages relevant to the Service
- Each message will include an unsubscribe option
- You may withdraw consent at any time by contacting hanae@thebrandcanvas.sg or using the unsubscribe link
We comply with Singapore's Spam Control Act 2007 and the Do Not Call (DNC) Registry for any marketing via SMS or phone calls.
15. Third-Party Links
The Service may contain links to third-party websites (e.g., supplier websites, social media). We are not responsible for the privacy practices of these sites. Please review their privacy policies before sharing any personal data.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be notified via:
- Email to your registered address
- A prominent notice on the Service
- An updated "Last Updated" date at the top of this policy
We encourage you to review this policy regularly.
17. Complaints
If you believe we have not handled your personal data appropriately, please contact our DPO at hanae@thebrandcanvas.sg first. We will respond within 14 business days.
If you are not satisfied with our response, you have the right to file a complaint with the Personal Data Protection Commission (PDPC):
- Website: https://www.pdpc.gov.sg
- Phone: +65 6377 3131
18. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
Data Protection Officer Hanae Kojima The Brand Canvas Pte. Ltd. Email: hanae@thebrandcanvas.sg Website: https://revive.sg
This Privacy Policy was last updated on 8 May 2026.
By using Revive, you acknowledge that you have read and understood this Privacy Policy.