Last Updated: 7 Jan 2026

Data Protection Statement

Statement of Purpose

At StrongKeep Cybersecurity (“StrongKeep”, “we” ,“us”, “our”), our mission is helping businesses remain secure against online threats, while upholding the highest standards of privacy and trust.

Consistent with this mission, we handle all data with the utmost security and integrity, reflecting our commitment to protecting businesses against cyber risks. As a core principle, StrongKeep does not seek to collect or process personal data. Our systems are purposefully designed to actively minimize and restrict the collection of personal information.

Where the collection of personal data is unavoidable, it is strictly limited to what is necessary for business and legal purposes.

We are committed to transparency and accountability in all our data handling practices, ensuring that your trust and security remain central to everything we do. StrongKeep fully complies with all applicable Singapore data protection laws, including the Personal Data Protection Act 2012 (“PDPA”) and its related regulations, as may be amended, superseded, or replaced from time to time.

Scope of this Data Protection Statement

This Data Protection Statement describes StrongKeep’s policies and procedures for handling data when you visit our website, www.StrongKeep.com, and use our products and services (collectively, the “Services”).

By accessing or using our Services, you acknowledge that you have read, understood, and agreed to the terms of this Statement. Please note that StrongKeep may update this Statement from time to time. Any changes will be posted on our website, and your continued use of our Site or Services after such updates signifies your acceptance of the revised Statement.

Personal Data

StrongKeep does not seek to collect or process Personal Data.

For the purposes of this Statement, “Personal Data” refers to any information, whether true or not, about an individual who can be identified:

• Directly from that data; or

• From that data and other information to which we have or are likely to have access.

Examples of Personal Data include an individual’s identification number, home address, personal mobile phone number, personal photographs and video images, and biometric data such as fingerprints or iris scans.

Our systems are specifically designed to minimize and limit the intake of Personal Data. Where the collection or processing of Personal Data is unavoidable, it is carried out only when strictly necessary for business or legal purposes, including:

• Compliance with applicable laws and regulations, such as assisting law enforcement or supporting investigations conducted by governmental or regulatory authorities;

• Specific purposes related to our Services, which will be separately communicated to you where applicable; and

• Any other purposes for which you have provided your explicit consent.

Types of Data We Handle

In the course of providing our Services, StrongKeep may process various categories of data. Our approach is guided by the principle of data minimization: we only collect and process data that is necessary for legal compliance, business operations, or the provision and improvement of our Services.

Categories of Data We Collect

• Business Contact Information: This includes information such as an individual’s name, job title, business telephone number, business address, or business email address when used for professional purposes. In Singapore, business contact information is excluded from personal data regulation under data protection laws.

• Anonymised Data: Data that has been processed to remove personal identifiers, making it impossible to identify an individual. Where possible, StrongKeep may use techniques such as pseudonymisation and masking to further reduce our exposure to personal identifiers.

• Billing and Payment Information: Details such as credit or debit card numbers, bank account information, GIRO, or cheque details, which may be collected only when necessary to process transactions.

• Network and Browser Data: Technical information such as browser type and version, pages visited, time and date of visits, time spent on pages, and related usage statistics may be collected, as part of our Services to you.

• Device Data: Information such as IP addresses, device identifiers, and system metadata and cybersecurity-related system information may be collected as part of our Services to you.

• Publicly Available Information: Data accessible through public sources or observable at public events or locations. For reference, in Singapore, publicly available information is generally excluded from the scope of personal data protection laws.

• Other Data: Any additional information you provide to us in the course of interacting with our Site or Services, including documents, text, or other materials relevant to your organization’s cybersecurity and compliance activities.

Data Collection Contexts

We may collect data directly from you or through your interaction with our Site and Services. The type of data collected will vary depending on the context, which may include:

1. Using our Site;

2. Making enquiries about our Site or Services;

3. Engaging us or using our Services;

4. Registering to create an account;

5. Placing an order with us;

6. Responding to our surveys;

7. Participating in promotions or other incentives;

8. Subscribing to our mailing list; or

9. Contacting us directly.

Children’s Data

We recognise that children’s personal data requires a high standard of protection. You must be at least 18 years of age to use our Services, and our Site is not of a nature that is likely to be used by minors. We generally we do not collect, use, or disclose personal data of individuals under the age of 13.

Compliance with Singapore’s Direct Marketing Laws

StrongKeep is committed to complying with all applicable direct marketing laws in Singapore. We will endeavour to send you electronic communications (such as emails or SMS messages about our Services or upcoming events) once you have provided your prior and informed consent to receive such messages, or have opted to remain subscribed to our electronic communications.

If you do not wish to receive such electronic communications, please contact us at support@StrongKeep.sg. Each electronic communication will include a clear and easy-to-use unsubscribe option. We will endeavour to respond to requests to unsubscribe promptly.

Where we send any unsolicited electronic communications, we will comply with the requirements to supply you with appropriate contact details to which you may submit an unsubscribe request.

Where sending any specified message (as defined under Section 9 of the PDPA, or as excluded under Schedule 8 of the PDPA) to your Singapore telephone number, we will do so in accordance with our obligations under the PDPA, in particular the Do Not Call (DNC) Registry.

Data Storage

StrongKeep may engage reputable commercial third party data storage providers or data processors to store any of the data we collect, including Personal Data.

In the limited circumstances where we process your Personal Data, such data may be transferred to, stored in, and processed across different jurisdictions, including by staff or contractors located in various countries. When transferring Personal Data outside Singapore, we ensure that it receives a level of protection comparable to that required under the PDPA. By submitting your Personal Data, you consent to its transfer, storage, and processing in accordance with this Statement.

We take commercially reasonable steps to ensure your data is handled securely and in accordance with this Statement and all applicable laws. However, please note that while we strive to protect your data, the transmission of information over the internet is not completely secure, and any transmission to our Site is at your own risk.

Cookies and Links to Other Websites

Cookies

When you visit our Site, a record of your visit is logged. The following data is supplied by your browser:

• Your IP address and/or domain name;

• Your operating system (type of browser and platform);

• The date, time and length of your visit to the website; and

• The resources you accessed and the documents you downloaded.

This information is used to compile statistical information about the use of our Site. It is not used for any other purpose. If you do not want ‘cookies’ to be used, please disable them via your browser settings.

Links to other websites

Our Site may contain links to third party websites, and similarly, third party websites may also have links to our Site. If you follow a link to any of these other websites, kindly note that these websites have their own privacy policies and that we do not accept any responsibility or liability for your access to these websites. Please check their individual privacy policies for more information on how your data or any other data is handled by these websites.

Data Sharing

We may, from time to time, disclose certain data to third parties for the purposes outlined in this Statement. The type of data disclosed and the parties involved will vary depending on the context in which we interact with you and may include:

• Our employees: for the performance of their duties in delivering and supporting our Services.

• Our affiliates, business partners, suppliers, vendors, consultants, professional advisors, auditors, and sub‑contractors: in connection with the Services they perform for us or pursuant to our agreements with them.

• Analytics and search engine providers (eg. Google Analytics): to assist us with the improvement and optimization of our Site and Services, provided that disclosure does not involve the sale of data or where disclosure is the primary purpose of the contract.

• Government agencies and regulatory bodies: where required to comply with applicable laws or regulations.

• Law enforcement officials: where disclosure is necessary to support investigations or lawful requests.

• Other parties: where you have provided consent or where disclosure is supported by a lawful basis.

All third parties receiving data from StrongKeep are required to handle it in accordance with applicable laws.

Data Received from Third Parties

We may receive some personal data from third parties. The amount of data collected, the purposes, and the lawful bases for processing are determined by the respective privacy documents of these parties.

• Google, for the purpose of authentication to our platform. Transfer to any other app of information received from Google API will adhere to Google API Services User Data Policy, including the Limited use requirements. Google Privacy Policy

• Microsoft, for the purpose of authentication to our platform. Microsoft Privacy Statement

Data Protection and Cybersecurity Standards

StrongKeep is committed to safeguarding all data, whether personal, business, operational, or technical, against unauthorized access, use, disclosure, alteration, or loss. To achieve this, we implement a combination of administrative, physical, and technical measures designed to ensure resilience and security across our systems. These measures include, but are not limited to:

• Up‑to‑date antivirus and malware protection;

• Encryption of data in storage and transmission;

• Strict access controls and authentication protocols;

• Secure disposal and data minimization practices; and

• Disclosure of data internally and to authorized third‑party providers only on a need‑to‑know basis

StrongKeep operates in alignment with established cybersecurity standards and industry best practices, continually reviewing and enhancing our safeguards to address evolving threats.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While absolute security cannot be guaranteed, StrongKeep strives to maintain the highest levels of protection and is committed to ongoing improvement of our information security measures.

Use of Artificial Intelligence

StrongKeep leverages Artificial Intelligence (“AI”) technology as part of our ongoing commitment to enhancing cybersecurity and improving the quality and effectiveness of our Services. AI may be used to analyze data patterns, detect and respond to cyber threats, automate processes, and optimize the performance of our Services.

By using our Services, you acknowledge and agree that StrongKeep may use and process your data for the purposes of training and testing our AI models. Any such use will be in accordance with applicable laws.

Retention of Data

We retain your data only as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by applicable laws. With respect to Personal Data, we will cease retain your Personal Data, or remove identifying information from such data, as soon as it is reasonable to assume that:

• Retention no longer serves the original purpose; and

• Retention is no longer necessary for legal or business reasons.

In some cases, we may anonymize your Personal Data for research or statistical purposes, in which case it can no longer identify you and may be used indefinitely without further notice.

You may have specific rights under Singapore’s data protection laws to request access, correction, or deletion of your Personal Data. Depending on the nature and scope of your request, we may not be able to continue providing our Services or maintain our relationship with you, and we will inform you if this is the case.

Please note that your request does not affect our right to continue to process Personal Data where this is permitted or required under applicable laws. There are also exceptions and conditions to your requests, which apply under relevant laws.

Data Breach Notification

In the event that a data breach (as defined under applicable law) occurs, we will promptly assess the impact of the data breach and if required, notify the relevant regulatory authority. Where required, a notification will be made in accordance with applicable laws.

Contact Information

For any queries regarding StrongKeep’s processing of your data please contact [support@strongkeep.com].

Effect Of Statement

This Statement applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your data by us.

‍