Skip to main content
← Back

PDPA Notice

Version 0.1 · Last updated: 11 July 2026

This notice summarises how dSoulK (operated by GemXcal Holdings Pte. Ltd., Singapore, UEN 202608346C) handles your personal data under the Singapore Personal Data Protection Act 2012 (“PDPA”). It is a plain-language companion to our full Privacy Policy, which remains the governing document.

1. What we collect

To provide your readings we collect the account details you give us (name or label, email address) and the birth details you enter (birth date, time, city, and gender where provided). Payments are processed by Stripe; we do not store your full card details on our systems. Basic usage data (such as device type and app version) is captured with in-app feedback you choose to submit.

2. Consent

We collect and use your personal data with your consent: when you create an account you accept our Terms and this data handling, and that acceptance is recorded server-side with a timestamp. You may withdraw consent at any time by contacting us (section 6) or deleting your account; withdrawal means we can no longer provide readings that depend on that data.

3. Purpose limitation

We use your data to generate your readings and reports, operate your account and Keys balance, process payments, respond to support requests, and improve the product from feedback you submit. We do not sell your personal data.

4. Retention

We retain your data for as long as your account is active. If you delete your account, personal data including birth details, reports, and transaction history is removed from our live systems within 30 days. Residual copies in backups are automatically aged out within our backup retention period (up to 12 months for the longest tier). This mirrors section 11 of the Privacy Policy.

5. Service providers & transfers

Your data is processed by the service providers we build on — including Supabase (database and authentication), Stripe (payments), and Google (optional sign-in) — whose infrastructure may store data outside Singapore. We rely on the contractual and technical safeguards these providers offer and limit what we share with each to what the service requires.

6. Your rights & contact

Under the PDPA you may request access to, or correction of, your personal data, and you may ask us to delete it. Requests are handled by email — write to our Data Protection Officer:

dpo@dsoulk.com

We respond to data requests within 30 days. If you are not satisfied with our response, you may complain to the Personal Data Protection Commission (PDPC) of Singapore.

For the complete picture — including cookies, analytics, GDPR rights for EU users, and the full retention schedule — see the Privacy Policy and Terms & Conditions.