Privacy Policy
Last updated: 9 July 2026
SG Stocks Brief is operated by a sole proprietor registered with ACRA in Singapore. This policy explains what personal data we collect, why we collect it, and your rights under Singapore's Personal Data Protection Act (PDPA).
What we collect
- Email address — when you sign up, so we can authenticate you with one-time sign-in codes. No passwords are stored.
- Uploaded PDF text — when you use the AI summariser, the extracted text of your PDF is sent to a third-party AI service to generate a summary. The PDF file itself is deleted from our server immediately after text extraction; only the generated summary is stored against your account.
- Summary metadata — filename you uploaded, document type (annual report / AGM minutes), page count, timestamp, and a credit-usage counter. These are stored against your account.
- Server logs — IP address, browser type, and requested URL, retained for up to 30 days for security and abuse prevention.
Why we collect it
- To authenticate you and let you sign in without a password.
- To generate AI summaries on your request.
- To enforce free-tier limits (3 summaries per account) and prevent abuse.
- To understand which documents are most summarised — only in aggregate, never tied to your email in any externally-shared form.
Third parties we use
- An email-delivery service — used to send sign-in codes and verification emails. It sees only the recipient email address.
- A third-party AI service — receives the extracted text of any PDF you submit to the summariser. Subject to their own privacy policy; we do not send your email address, IP, or any other identifying information alongside the text.
- A VPS hosting provider — hosts our server and database in Singapore.
We do not sell your data, do not use it for advertising, and do not share it with any party other than those listed above.
Retention
- Your email and account are kept until you ask us to delete the account.
- Generated summaries are kept until you delete them, or until your account is deleted.
- Uploaded PDFs are not stored at all — they exist only in a temporary file during text extraction and are removed before the summary returns.
- Server logs are kept up to 30 days, then rotated out.
Your rights under PDPA
You may at any time:
- Request a copy of the personal data we hold about you.
- Ask us to correct or update any inaccurate information.
- Withdraw consent and request account deletion.
- Lodge a complaint with the Personal Data Protection Commission of Singapore.
Send any of the above requests to loopinmok@gmail.com. We will respond within 30 days.
Changes to this policy
We may update this policy as the service evolves (for example, when we add paid subscriptions or new third-party providers). Material changes will be notified by email to registered users.