Privacy & Cookie Policy

Effective date: 11 July 2026

1) Who we are

Untangle Me (UEN: 53497581W), registered at 20 third street, east coast park, Singapore 455500 ("we", "us", or "our"), operates untangle-me.com and related services (the "Services"). We are responsible for the collection, use and disclosure of personal data under Singapore’s Personal Data Protection Act 2012 (the PDPA).

2) Scope

This policy explains how we handle personal data when you use our website, mobile site and any online products that link to this policy. It also describes our use of cookies and similar technologies.

3) Personal data we collect

We collect the following categories of personal data, depending on how you interact with us:

  • Identifiers & contact details: name, email address, phone number, postal address, account identifiers.
  • Transactional & usage data: pages viewed, actions taken, timestamps, referring/exit pages.
  • Device & technical data: IP address, device type, operating system, browser type, approximate location (e.g., city-level), unique identifiers, and cookie IDs.
  • Communications & support: content of enquiries, chat transcripts, feedback forms.
  • Marketing preferences: newsletter and notification settings, opt-in/opt-out status.
  • Third‑party data: where permitted, we may receive information from service providers (e.g., analytics, payment processors) or business partners.

4) How we use personal data (purposes)

We collect, use and disclose personal data for the following purposes:

  • Service delivery: providing and operating the website, enabling features, processing transactions.
  • Account & support: creating and managing accounts, responding to enquiries, providing troubleshooting.
  • Security & fraud prevention: detecting, investigating and preventing malicious or illegal activities, and enforcing our terms.
  • Analytics & improvements: measuring performance, understanding usage, and improving our Services.
  • Marketing & promotions: sending updates or offers by email/SMS/phone (with required consents); personalising content and ads.
  • Compliance: meeting legal, regulatory and audit obligations, and responding to lawful requests.

5) Marketing and the Do Not Call (DNC) provisions

If we send marketing messages (SMS, MMS, WhatsApp, calls, or fax) to Singapore telephone numbers, we will comply with the PDPA’s Do Not Call provisions. This includes screening numbers against the DNC Registry and/or obtaining clear and unambiguous consent. You can withdraw consent or opt out of marketing at any time via the instructions in our messages or by contacting our DPO (see Section 14).

6) Cookies and similar technologies

We use cookies, web beacons, pixel tags, SDKs and local storage to run the site and understand how it is used. Cookies are small files placed on your device. We classify our cookies as:

  • Strictly necessary: required for core site functionality (e.g., session management, security). These cannot be switched off in our systems.
  • Performance/analytics: help us measure traffic and improve performance (e.g., page load metrics, popular pages).
  • Functional: remember choices (e.g., language, region) and provide enhanced features.
  • Advertising/targeting: deliver and measure ads, and build audiences. These may be set by us or our advertising partners.

Your choices

  • Cookie banner & preferences: On your first visit (and periodically thereafter), we show a banner that lets you accept all, reject non‑essential, or manage granular preferences. You can change your choices anytime at the “Cookie settings” link in the website footer.
  • Browser settings: You may block or delete cookies via your browser or device settings. If you block strictly necessary cookies, parts of the site may not work.
  • Mobile SDKs: To limit ad tracking on mobile, adjust device settings (e.g., "Limit Ad Tracking" on iOS or "Opt out of Ads Personalization" on Android).

We only place non‑essential cookies (e.g., analytics/advertising) after you have provided consent via the banner or your browser/device settings, where applicable.

7) Our basis for handling personal data under the PDPA

We rely on one or more of the following:

  • Consent: You have been notified of the purposes and you consented.
  • Deemed consent: Where collection/use/disclosure is reasonably necessary to provide a requested product/service or to conclude/perform a contract with you; or where you have been notified and given a reasonable opportunity to opt out (deemed consent by notification), where appropriate.
  • PDPA exceptions: For example, where necessary for legitimate interests (after assessing and mitigating any likely adverse effects), to prevent or detect fraud, to ensure network or information security, for business improvement, or for research where conditions are met.

8) Cross‑border transfers

If we transfer personal data outside Singapore, we will ensure the receiving organisation provides a standard of protection comparable to the PDPA, by using appropriate contractual safeguards or other legally permitted mechanisms.

9) Disclosure to third parties

We share personal data with:

  • Service providers/Processors: hosting, storage, analytics, security, customer support, email/SMS delivery, payment processing, ad tech partners.
  • Business partners: where you use co‑branded services or participate in joint promotions.
  • Authorities or legal recipients: where required by law, regulation or court order, or to protect our legal rights or those of others.
  • Corporate transactions: in connection with a merger, acquisition, financing or sale of assets, subject to appropriate confidentiality and data protection safeguards.

We do not sell personal data.

10) Data retention

We retain personal data only for so long as is reasonably necessary for the purposes stated above or to satisfy legal and business requirements (e.g., record‑keeping). We will securely delete or anonymise data when it is no longer needed.

11) Security

We implement administrative, technical and physical safeguards appropriate to the nature of the personal data we handle. These include access controls, encryption in transit and at rest where appropriate, secure software development practices, and vendor due diligence.

12) Your rights and choices

Under the PDPA, you may:

  • Access your personal data in our possession or control and information about how it has been used or disclosed in the past year.
  • Request correction of errors or omissions in your personal data.
  • Withdraw consent to our use or disclosure of your personal data for any purpose.

To exercise your rights, contact our DPO (Section 14). We may need to verify your identity and may charge a reasonable fee for processing access requests where permitted.

13) Data breaches

We assess suspected data breaches and, where required, notify the Personal Data Protection Commission (PDPC) and affected individuals as soon as practicable. Our notifications will describe the breach, what we are doing about it, and steps you can take to protect yourself.

14) Contacting our DPO

For any request, concern or complaint about how we handle your personal data, please contact:

Data Protection Officer
Untangle Me (UEN 53497581W), attn. Cornelia Wieser
Email: hello@untangle-me.com
Address: 20 Third Street, East Coast Park, Singapore 455500

We will respond within a reasonable time. If you are not satisfied with our response, you may also contact the PDPC.

15) Third‑party sites and services

Our Services may contain links to third‑party websites, plug‑ins or applications. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal data.

16) Children

Our Services are not intended for children under 18. If you are a parent or guardian and believe your child has provided personal data, please contact us to request deletion.

17) Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you via the website or by other appropriate means. Your continued use of the Services after the effective date means you acknowledge the updated policy.

18) Cookie details

These are the cookies and similar technologies we actually use:

Strictly necessary: um_cookie_consent (first-party, local storage) – stores your cookie choice – kept until you delete it. Our contact form is delivered via FormSubmit (formsubmit.co) with a honeypot spam check – no tracking cookies are set.

Analytics (only after you consent via the cookie banner): Google Analytics 4 (_ga, _ga_*) – usage statistics – up to 24 months. Microsoft Clarity (_clck, _clsk, MUID) – usage analysis and heatmaps – up to 13 months.

External media (only after you click play): Bunny Stream video player (iframe.mediadelivery.net). Videos on our site do not load, and no data is sent to the video provider, until you click the play button.

How to manage cookies: Use the “Cookie settings” link in the footer to change or withdraw your choice at any time, or adjust your browser settings to block or delete cookies.

19) For visitors in the European Economic Area, United Kingdom and Switzerland (GDPR)

If you access our Services from the EEA, the UK or Switzerland, the following additional information applies under the EU General Data Protection Regulation (GDPR), the UK GDPR and the Swiss FADP.

Controller: Untangle Me (UEN 53497581W), 20 Third Street, East Coast Park, Singapore 455500; attn. Cornelia Wieser; email: hello@untangle-me.com.

Legal bases (Art. 6 GDPR): consent (Art. 6(1)(a)) for analytics cookies and marketing; performance of a contract (Art. 6(1)(b)) for booking and delivering sessions and processing payments; legitimate interests (Art. 6(1)(f)) for site security, spam protection and defending legal claims. Where we rely on consent, you can withdraw it at any time with effect for the future – for cookies via the “Cookie settings” link in the footer.

Your rights: You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection to processing based on legitimate interests (Art. 21). To exercise these rights, contact hello@untangle-me.com. You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU/EEA member state of your habitual residence or place of work.

International transfers: We are based in Singapore, and some of our service providers process data in the United States. Where personal data of EEA/UK/Swiss visitors is transferred to countries without an adequacy decision, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and, for certified US providers (Google, Microsoft), the EU–U.S. Data Privacy Framework.

Third-party tools: Google Analytics 4 and Microsoft Clarity run only after you consent via the cookie banner. Videos load only after you click play. Our web fonts are self-hosted, so no request is sent to Google Fonts. Messages sent via our contact form are delivered through FormSubmit (formsubmit.co), which forwards your message to our email inbox and does not use it for other purposes (performance of pre-contractual steps, Art. 6(1)(b) GDPR).