1. Who We Are
HeyBaby.sg ("we", "us", "our") operates Singapore's pregnancy and parenting information platform at heybaby.sg. We are committed to protecting your personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA) and its subsequent amendments.
If you have questions about how we handle your data, you can reach our Data Protection Officer (DPO) via our Contact page.
2. Data We Collect
We collect personal data only when it is necessary to provide our services or required by law. The categories we may collect include:
| Category | Examples | When Collected |
|---|---|---|
| Account data | Name, email address, hashed password | On registration |
| Profile data | Due date, baby birth date, lifecycle stage, baby name, gender, Singapore area, number of children, partner status | When you complete your profile (optional) |
| Tool usage data | Inputs and results from calculators and tools you run while logged in | When you use a tool |
| Community content | Posts, replies, and threads you create in our community forums | When you post |
| Baby name favourites | Names you save or shortlist in your account | When you save a name |
| Communications | Messages sent via our contact form, support requests | When you contact us |
| Technical data | IP address, browser type, operating system, pages visited, session duration | Automatically on every visit |
| Notification preferences | Daily, weekly, and monthly check-in email preferences | When you update notification settings |
We do not collect payment card information directly — any payments are processed through third-party providers who maintain their own privacy practices.
3. How We Use Your Data
We use your personal data only for the following purposes:
- Providing our services — operating your account, saving your tool results, displaying your community posts, and personalising your dashboard experience based on your pregnancy or parenting stage.
- Communications — responding to contact form submissions, sending account verification emails, and delivering lifecycle check-in emails if you have opted in.
- Service improvement — understanding how our tools and content are used so we can improve them. We use aggregated and anonymised analytics where possible.
- Safety and compliance — detecting and preventing fraud, abuse, or violations of our Terms of Use; complying with legal obligations under Singapore law.
- Administrative — account management, password reset, and audit logging for compliance purposes.
We do not use your data for automated decision-making that produces legal or similarly significant effects.
4. Legal Basis for Processing
Under the PDPA, we collect and use your personal data on the following bases:
- Consent — you have given us clear consent (e.g., newsletter opt-in, notification preferences).
- Contractual necessity — processing is necessary to provide the account-based services you have requested.
- Legitimate interests — to improve our services, prevent abuse, and operate our platform securely, provided these interests are not overridden by your rights.
- Legal obligation — where processing is required to comply with Singapore law.
5. Data Sharing
We do not sell your personal data. We may share data with trusted third parties only where necessary:
- Service providers — hosting providers, email delivery services, and analytics platforms that process data on our behalf under data processing agreements.
- Legal authorities — if required by law, regulation, or a court order in Singapore.
- Business transfers — if HeyBaby.sg is acquired or merged, your data may be transferred as part of that transaction. You will be notified in advance.
Community posts you create are publicly visible to other users of the platform.
6. Cookies and Tracking
We use cookies and similar technologies for the following purposes:
- Essential cookies — required to keep you logged in and maintain your session. These cannot be disabled without breaking the site.
- Preference cookies — remember settings like notification preferences.
- Analytics cookies — help us understand site usage patterns using anonymised data.
You can control cookie settings through your browser. Note that disabling essential cookies will prevent you from staying logged in.
7. Data Retention
We retain personal data for as long as your account is active or as needed to provide services. Specifically:
- Account data — retained until you delete your account or request deletion.
- Tool results and saved names — retained while your account is active; deleted when your account is deleted.
- Community posts — retained unless you delete them individually or request account deletion. Anonymised versions may be retained if they were referenced by other users.
- Contact messages — retained for up to 3 years for audit and follow-up purposes.
- Server logs — retained for up to 90 days then automatically purged.
- Consent records — retained for 7 years to satisfy compliance obligations.
8. Data Security
We take reasonable technical and organisational measures to protect your data:
- Passwords are hashed using industry-standard algorithms and never stored in plaintext.
- All data is transmitted over HTTPS (TLS encryption).
- Database access is restricted to authorised personnel only.
- Admin actions are logged for audit purposes.
No system is completely secure. If you discover a security vulnerability, please contact us responsibly via our Contact page.
9. Your Rights Under the PDPA
Singapore's Personal Data Protection Act gives you the following rights regarding your personal data:
- Right of access — you may request a copy of the personal data we hold about you.
- Right of correction — you may request that we correct any inaccurate or incomplete data. Many fields can be updated directly in your Profile Settings.
- Right to withdraw consent — you may withdraw consent for optional processing (e.g., marketing emails) at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
- Right to data portability — you may request your data in a structured, commonly used format.
- Right to erasure — you may request deletion of your account and associated personal data. Note that some data may be retained where required by law or where it is part of public community content.
To exercise any of these rights, please contact us via our Contact page. We will respond within 30 days as required under the PDPA. We may need to verify your identity before processing your request.
10. Children's Privacy
HeyBaby.sg is intended for adults (parents and caregivers). We do not knowingly collect personal data from children under 18. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.
11. Third-Party Links
Our platform may contain links to external websites (e.g., government health resources, Singapore hospitals). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users via email and update the "Last updated" date at the top of this page. Your continued use of HeyBaby.sg after changes take effect constitutes your acceptance of the revised policy.
13. Contact Our Data Protection Officer
For any privacy-related questions, requests, or concerns, please reach us via:
- Contact form: heybaby.sg/contact/ (login required)
- Platform: HeyBaby.sg, Singapore
We aim to acknowledge all privacy requests within 5 business days and resolve them within 30 days.