Privacy Policy
Pangolin Intelligence Pte Ltd (“Pangolin Intelligence”, “we”, “us” or “our”) is committed to protecting the personal data of individuals in accordance with the Personal Data Protection Act 2012 of Singapore (“PDPA”). This Privacy Policy explains how we collect, use, disclose, store, and protect personal data in the course of our business.
This Privacy Policy applies to personal data we handle through our website pangolinintelligence.com, our services, consulting engagements, events, communications, and related interactions (collectively, the “Services”).
- 1) What is personal data?
- 2) What personal data we collect
- 3) How we use personal data
- 4) Consent and PDPA exceptions
- 5) Data Processing for Risk Intelligence & Compliance
- 6) How we disclose personal data
- 7) Accuracy
- 8) Protection and security
- 9) Retention
- 10) Transfers outside Singapore
- 11) Cookies
- 12) Access, correction, withdrawal of consent
- 13) Marketing preferences
- 14) Contact (DPO)
- 15) Changes to this policy
Company details
Pangolin Intelligence Pte Ltd (UEN: 202551205W)
Registered Office: 160 Robinson Road #14-04, Singapore 068914
1) What is personal data?
“Personal data” means data about an individual who can be identified from that data, or from that data and other information we have or are likely to have access to.
2) What personal data we collect
A. Personal data you provide
- Name, email address, phone number
- Company/organisation name, job title, business contact details
- Information you submit via forms, email, or other communications (e.g., enquiries, meeting notes, support requests)
- Billing and invoicing details and payment-related information (where applicable)
- Any other information you choose to provide
B. Personal data collected automatically (online)
- Device and network information (e.g., IP address, browser type, device identifiers)
- Usage data (e.g., pages visited, access times, referring pages)
- Cookies and similar technologies (see Section 10)
C. Personal data from third parties
- Business contact details from our clients, partners, service providers, referrals, or public sources (where permitted)
- Risk and integrity signals shared by partners for security and abuse prevention purposes (where applicable and permitted)
3) Purposes: how we use personal data
We may collect, use, and disclose personal data for one or more of the following purposes:
- Providing the Services, including delivering consulting work, reports, briefings, and requested outputs
- Responding to enquiries, communicating with you, and providing customer support
- Managing business relationships with clients, vendors, and partners
- Contracting and administration, including onboarding, invoicing, payments, accounting, and audits
- Security and misuse prevention, including maintaining the integrity and security of our systems and services
- Improving our Services, including analytics, troubleshooting, quality assurance, and internal process improvement
- Marketing and updates about our Services (where permitted and subject to your preferences)
- Legal and regulatory compliance, including responding to lawful requests and managing risk
- Any other purpose that we notify you of at the time of collection, unless an exception under the PDPA applies
4) Consent and PDPA exceptions
Where required under the PDPA, we will obtain your consent to collect, use, or disclose your personal data. In certain situations, the PDPA permits collection, use, or disclosure without consent (including for specific legitimate interests, investigations, legal, security, and business improvement purposes). Where we rely on such exceptions, we will do so in accordance with the PDPA.
You may withdraw your consent at any time (see Section 11). Withdrawal of consent may affect our ability to provide some Services.
5) Data Processing for Risk Intelligence & Compliance
To detect, assess, and prevent fraud, money laundering typologies, scams, and the abuse of partner platforms, we may process personal data in reliance on the Legitimate Interests Exception and/or the Investigations Exception under the PDPA, where applicable. This processing is conducted as part of our risk intelligence and security consulting services and is based on online research and collaboration with clients and partners, rather than offline surveillance or fieldwork. Where we rely on the Legitimate Interests Exception, we conduct a Legitimate Interests Assessment (LIA) to assess necessity and proportionality and to balance our interests against the individual’s interests, and a summary is available upon request.
Data Categories
We may process public blockchain data, network identifiers (e.g., IP addresses and device/browser signals), and identity information (e.g., KYC attributes provided by partners, or identity details available from public sources where permitted) to provide risk intelligence, security advisory, and platform integrity services. While on-chain transaction data is publicly accessible, when we link or associate blockchain activity with an identifiable individual (for example, through partner-provided information or other permitted sources), we treat that linked information as personal data and apply the protections described in this Policy.
Safeguards
To protect this information, we strictly limit access on a need-to-know basis (including where access is limited to the sole consultant), use strong authentication (e.g., multi-factor authentication), apply encryption in transit and at rest where supported, and maintain audit logs where available through our systems and service providers. We apply data minimisation and purpose limitation, processing only the attributes necessary to produce defensible risk assessments and verified outputs, and we retain data only for as long as needed for those purposes.
6) How we disclose personal data
We may disclose personal data to:
- Service providers that process data on our behalf (e.g., cloud hosting, email, collaboration tools, analytics, billing, payment processors), under contractual confidentiality and security obligations
- Professional advisers (e.g., lawyers, auditors, accountants)
- Clients and partners, where disclosure is necessary to deliver the Services or as instructed/authorised (and where permitted)
- Regulators, law enforcement, or authorities, where required or permitted by law
- A successor entity in connection with a merger, acquisition, reorganisation, or sale of assets (subject to applicable safeguards)
We do not sell personal data.
7) Accuracy
We take reasonable steps to ensure personal data we use or disclose is accurate and complete, especially where it may affect you or our Services. Please notify us if your information changes.
8) Protection and security
We implement reasonable security arrangements to protect personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. Measures may include access controls, encryption where appropriate, secure configuration, monitoring, and staff training. In the event of a data breach, we have procedures in place to assess the incident and, where required, notify the Personal Data Protection Commission (PDPC) and affected individuals in accordance with the PDPA.
9) Retention
We retain personal data only as long as it is necessary to fulfil the purposes for which it was collected, or as required/permitted by applicable laws. When personal data is no longer needed, we will securely delete or anonymise it.
Accounting and tax records: Where personal data forms part of our business and accounting records, we generally retain such records for at least 5 years in line with Singapore tax record-keeping requirements.
10) Transfers outside Singapore
We may transfer personal data outside Singapore, for example when using cloud service providers or sharing deliverables with clients and partners located overseas. Where we transfer personal data outside Singapore, we will take steps to ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection comparable to that under the PDPA.
11) Cookies and similar technologies
Our website may use cookies and similar technologies to operate the website and provide core functionality, remember preferences, and understand usage and improve performance.
You can manage cookies through your browser settings. Disabling cookies may affect website functionality.
12) Your rights: access, correction, withdrawal of consent
Subject to the PDPA, you may request to:
- access personal data we hold about you,
- correct inaccurate or incomplete personal data, and/or
- withdraw consent for certain uses or disclosures (where applicable).
We may need to verify your identity before processing your request. Where permitted under the PDPA, we may charge a reasonable fee for access requests and will inform you if a fee applies.
13) Marketing preferences
Where we send you marketing communications, you may opt out at any time by using any unsubscribe mechanism provided or by contacting us using the details below.
14) Contact us (Data Protection Officer)
If you have questions, requests, or complaints about this Privacy Policy or our handling of personal data, please contact our Data Protection Officer:
Data Protection Officer
Pangolin Intelligence Pte Ltd (UEN: 202551205W)
Email: privacy@pangolinintelligence.com
Registered Office: 160 Robinson Road #14-04, Singapore 068914
15) Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be published on our website or otherwise made available to you, and will take effect from the stated effective date.
© 2026 Pangolin Intelligence Pte Ltd • Back to home