帮助中心

Last Updated: 7 April 2026 XinXin Network ("XinXin", "we", "our", or "us") is operated by a Singapore-registered entity. We are committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 of Singapore ("PDPA") and all applicable regulations. This Privacy Policy ("Policy") explains how we collect, use, disclose, and protect your personal data when you use our services. Please read this Policy carefully before using our platform. --- ## 1. Personal Data We Collect ### 1.1 Information You Provide Directly - Account Information: Name, nickname, email address, mobile number, password (stored encrypted), profile photo (optional); - Identity Information: Identity tag (personal/merchant/agent), and identity documents you voluntarily submit for verification purposes; - Contact Information: Contact details you provide when posting listings or communicating with other users, including but not limited to phone numbers, WhatsApp numbers, and email addresses; - Posted Content: Listings, images, descriptions, and location data you submit to the platform; - Messages: Private messages exchanged with other users; - Payment Information: For paid services (e.g., listing promotion), payments are processed by third-party payment service providers (e.g., Creem). We do not store your full credit card information. ### 1.2 Information Collected Automatically - Device Information: Device model, operating system, browser type, IP address; - Access Logs: Access timestamps, pages viewed, click behaviour, search queries; - Cookies and Similar Technologies: Used to remember your preferences, optimise user experience, and analyse traffic (see Section 6). ### 1.3 Information from Third Parties With your consent, we may collect information from: - Supabase authentication service (for third-party account login); - Social accounts you choose to link (subject to those platforms' privacy policies). --- ## 2. Purposes of Data Collection We collect and use your personal data for the following purposes: | Purpose | Description | |---|---| | Service Delivery | Account registration, posting listings, browsing content, user-to-user messaging | | Identity Verification & Security | Verifying user identity, flagging suspicious merchant accounts, maintaining platform security, preventing fraud | | Recommendations | Displaying listings and content relevant to your location and browsing preferences | | Customer Support | Responding to enquiries, handling complaints, resolving account issues | | Marketing (with consent) | Sending platform updates, new features, and promotional communications via email or SMS (unsubscribe at any time) | | Legal Compliance & Risk Management | Meeting statutory obligations, cooperating with regulatory authorities, detecting and preventing violations | | Service Improvement | Analysing usage data to optimise platform features and user experience | --- ## 3. Consent ### 3.1 Obtaining Consent Under the PDPA, except where permitted by law, we will seek your consent before collecting, using, or disclosing your personal data. When you register or first use a specific feature, you will be shown a summary of this Policy and required to indicate your agreement before proceeding. ### 3.2 Withdrawal of Consent You may withdraw your consent at any time. Withdrawal does not affect processing activities carried out before the withdrawal. To withdraw consent, contact us using the details in Section 13 or adjust your preferences in your account settings. Please note that withdrawing certain consents may prevent you from using part or all of the platform's features. --- ## 4. Use and Disclosure of Personal Data ### 4.1 How We Use Your Data - Display your posted listings on the platform (contact details may be shown in a tiered manner based on your membership level); - Operate, maintain, and improve our services; - Send you account- and service-related notifications; - Conduct statistical analysis and research (in anonymised form). ### 4.2 Who We Disclose Data To Except as described below, we will not sell or rent your personal data to third parties: | Recipient | Purpose of Disclosure | |---|---| | Other Platform Users | Contact details you publish are visible to other users; private message recipients can see your basic profile information | | Service Providers | Third-party technology providers (e.g., cloud infrastructure, analytics) who process data only as necessary to deliver their services to us, under strict confidentiality obligations | | Payment Processors | Creem (a Singapore-licensed payment service provider) processes your online payments; Alipay (as a backup channel) | | Legal & Regulatory Bodies | Where required by law, court order, or government authority | | Business Transfers | In the event of a merger, acquisition, or asset sale, personal data may be transferred as a business asset | ### 4.3 Cross-Border Data Transfers Where your personal data is transferred outside Singapore (including to our servers or service providers in other jurisdictions), we ensure such transfers comply with the conditions specified under the PDPA, including but not limited to: ensuring the recipient provides an adequate level of data protection, or entering into contractual arrangements to ensure equivalent protection. --- ## 5. Data Retention We retain your personal data only for as long as is reasonably necessary for the purposes set out in this Policy: | Data Category | Retention Period | |---|---| | Account basic information | Duration of account activity; deleted within 6 months of account closure (unless otherwise required by law) | | Posted content | Permanently retained as platform records until deleted by the user or 6 months after account closure | | Message history | 24 months from last interaction; deleted immediately upon account closure | | Access logs | 90 days (for security analysis and troubleshooting) | | Verification documents | 6 months after verification expiry | | Financial records | 7 years (per Singapore tax law requirements) | After the above periods, data will be securely deleted or anonymised unless a continuing legal obligation requires otherwise. --- ## 6. Cookies Policy ### 6.1 Types of Cookies We Use - Essential Cookies: Required for core platform functions (e.g., login state, session management); - Preference Cookies: Remember your language, region, and other settings; - Analytics Cookies: Help us understand how users interact with the platform to improve services; - Marketing Cookies: Used to deliver personalised content recommendations (enabled only with your consent). ### 6.2 Managing Cookie Preferences You may refuse or delete certain cookies through your browser settings. Please note that disabling essential cookies may impair the normal operation of certain platform features. --- ## 7. Your Rights Under the Singapore PDPA, you have the following rights: ### 7.1 Access Right You have the right to request a written copy of the personal data we hold about you. Submit your request using the contact details in Section 13. We will respond within 30 days. ### 7.2 Correction Right If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. ### 7.3 Withdrawal of Consent You may withdraw previously given consent at any time (see Section 3.2). ### 7.4 Data Portability Right (where applicable) Where technically feasible, you have the right to receive your personal data in a structured, commonly used, machine-readable format. ### 7.5 Right to Lodge a Complaint If you believe our data processing has harmed your rights, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore: - Website: [https://www.pdpc.gov.sg](https://www.pdpc.gov.sg/) - Address: 10 Pasir Panjang Road, #11-01 Mapletree Business City, Singapore 117438 --- ## 8. Data Security We implement industry-standard security measures to protect your personal data, including but not limited to: - Transport Encryption: Full-site HTTPS/TLS encryption; - Storage Encryption: Sensitive data (e.g., passwords) stored using one-way hash encryption; - Access Controls: Strict restrictions on employee and third-party access to personal data; - Regular Security Reviews: Periodic vulnerability scans and penetration testing; - Breach Response: In the event of a data breach meeting PDPA notification thresholds, we will notify the PDPC within 30 days and, where feasible, notify affected individuals as soon as possible. While we endeavour to implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security for any security incident. --- ## 9. Do Not Call Registry Where we send you marketing text messages or make marketing calls, we commit to complying with Singapore's Do Not Call (DNC) Registry. If you have registered your phone number with the Singapore DNC Registry, we will not send you such messages unless you have explicitly consented to receiving them. To opt out of marketing communications, contact us using the details in Section 13 or reply with an unsubscribe instruction. --- ## 10. Third-Party Links Our platform may contain links to third-party websites. We are not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies before providing any personal data. --- ## 11. Children's Privacy Our platform and services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we may have collected personal data from a minor, please contact us immediately so that we can take appropriate action. --- ## 12. Changes to This Policy We may update this Policy from time to time. For material changes, we will notify you by: - Publishing a notice on the platform homepage; - Sending an email to your registered address; - Displaying a prompt when you next log in. The "Last Updated" date at the top of this Policy indicates the most recent revision. Your continued use of our services constitutes acceptance of the updated Policy.