BeanRails
Problem Features How it Works Pricing
Log in Start Free Trial →
Legal

Privacy & Data Protection Policy

In accordance with the Personal Data Protection Act 2012 (No. 26 of 2012)

📅 Last reviewed: March 2026 🏭 BeanRails Pte. Ltd. · UEN: 202609147Z

1. Introduction and Scope

1.1 Purpose

This Privacy & Data Protection Policy (“Policy”) has been developed by BeanRails Pte. Ltd. (“BeanRails”, “we”, “us”, “our”) to provide transparency about our data protection practices and to demonstrate our commitment to safeguarding the personal data of all individuals who interact with our services.

This Policy serves to: (a) explain what personal data we collect and why; (b) ensure compliance with the PDPA and applicable data protection laws; (c) inform you of your rights and how to exercise them; and (d) establish our internal framework for responsible data stewardship.

1.2 Scope and Application

Persons Covered

This Policy applies to registered users and subscribers, website visitors and browsers, individuals who contact us through any channel, business contacts and representatives of corporate customers, end-users of services delivered through our platform, and any other individuals whose personal data we process.

Platforms Covered

This Policy applies to our primary SaaS platform at https://beanrails.com, all associated subdomains and microsites, our mobile applications on iOS and Android under the BeanRails brand, our APIs and integration points, and any offline interactions such as events, printed forms, or telephone communications.

Geographical Scope

This Policy applies globally to all personal data processing activities we conduct, regardless of the location of the data subject. Our primary operations are based in Singapore and we are primarily subject to Singapore law. Where we process personal data of individuals in other jurisdictions, we will comply with applicable local data protection laws.

1.3 B2B Service Designation

BeanRails is primarily a B2B SaaS platform. Our direct customers are organisations, not individual consumers. In many cases, our business customers act as independent data controllers for personal data they input into the platform, while we act as a data processor providing technical infrastructure.

If you are an end-user or data subject of one of our business clients, please direct your privacy enquiries directly to that organisation, as they are the data controller for that data. This Policy primarily governs personal data for which BeanRails is the data controller — i.e., data we collect directly for our own purposes such as account registration, marketing, and support communications.

1.4 Acceptance

By accessing or using our Service, you acknowledge that you have read this Policy and agree to be bound by it. If you do not agree, you should not use our Service or provide us with your personal data.

1.5 Relationship with Other Documents

This Policy should be read alongside our Terms of Use, Data Retention Policy, Service Level Agreement, and Acceptable Use Policy. In the event of conflict, this Policy prevails on data protection matters unless explicitly stated otherwise in a specific agreement.

2. Definitions and Interpretation

The following key terms are used throughout this Policy:

Personal Data: Personal Data means any data, whether true or not, about an individual who can be identified from that data, or from that data and other information we have access to. Examples include name, email address, phone number, IP address, and location data.

Processing: Processing means any operation performed on personal data, including collection, storage, use, disclosure, and deletion.

Data Subject: Data Subject means the individual to whom personal data relates.

Data Controller: Data Controller means the entity that determines the purposes and means of processing personal data. BeanRails acts as Data Controller for data we collect directly.

Data Processor: Data Processor means an entity that processes personal data on behalf of a Data Controller. BeanRails acts as Data Processor when processing data on behalf of our business customers.

Consent: Consent means a freely given, specific, informed, and unambiguous indication of agreement to the processing of personal data. Pre-ticked boxes or silence do not constitute valid consent.

PDPA: PDPA means the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore, including all amendments and guidelines issued by the PDPC.

PDPC: PDPC means the Personal Data Protection Commission of Singapore, the statutory body responsible for administering the PDPA.

Words in the singular include the plural and vice versa. “Including” is deemed followed by “without limitation”. References to statutes include amendments and successor legislation.

3. Personal Data We Collect

We collect only personal data that is adequate, relevant, and necessary for the purposes described in this Policy. We do not collect excessive data beyond what is reasonably required.

3.1 Information You Provide Directly

Account Registration and Profile

Full name and email address (required for account creation)

Password and authentication credentials (stored in encrypted/hashed format)

Contact telephone number(s)

Organisation name, business registration number, and your role

Country, city, and time zone for account settings and localisation

Communication and Correspondence

Support tickets, chat transcripts, and email correspondence with our team

Sales and business enquiries, demo requests, and quote requests

Survey and feedback responses

Marketing communication preferences and opt-in/opt-out records

Payment and Billing

Billing contact name, email, and address

Last four digits of card, expiry date, and payment processor transaction IDs (full card numbers are not stored by us)

Transaction history, invoice records, and subscription details

Tax identification numbers where required by law

3.2 Information Collected Automatically

Device and Connection Information

IP address (used to derive approximate location at city/region level)

Device identifiers, browser type and version, operating system

Device specifications, network connection type, and time zone

Usage and Analytics Data

Pages visited, features accessed, and navigation patterns

Session duration, frequency, and interaction metrics

Search queries, filters applied, and content viewed

Performance data including load times, error rates, and crash reports

Referral sources, UTM parameters, and marketing attribution data

System and Security Logs

Server access logs, error logs, and API usage logs

Authentication events, login/logout records, and security activity

System diagnostic and health metrics

3.3 User-Generated Content and Uploaded Data

As part of using the platform, you may upload or input:

Documents, images, photographs, and other files (including proof-of-service photos and signatures)

Job records, work orders, customer information, and operational data

Text notes, comments, configuration settings, and workflow data

File metadata including file names, sizes, and creation dates

3.4 Location Information

Precise location: Precise geolocation data (GPS, WiFi triangulation) collected only with your explicit permission via device-level consent prompts. Required for field service and driver tracking features.

Approximate location: Approximate location derived from IP address (city/region level).

User-provided location: Addresses or service locations you explicitly enter into the platform.

You can withdraw location permissions through your device settings at any time, though this may limit certain platform features.

3.5 Information from Third-Party Sources

Referral partners: contact information shared by authorised resellers or affiliates

Integration partners: data provided through third-party services you connect to our platform

Publicly available sources: business directories, professional networks, or public records

Identity verification services: where required for compliance or fraud prevention

3.6 Special Categories of Personal Data

We do not knowingly collect special categories of personal data, including racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health information, or data concerning sexual orientation.

If we inadvertently collect such data (for example, if included in uploaded documents), we will identify and delete it promptly upon discovery, and notify you where appropriate.

3.7 Children’s Personal Data

Our Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact admin@beanrails.com and we will take immediate steps to delete it.

3.8 Consequences of Not Providing Personal Data

Certain data is required for basic Service functionality: name and email to create an account, authentication credentials to access the platform, and billing information for paid subscriptions. Other data (such as additional profile details or marketing preferences) is optional and may be withheld without affecting core functionality. We will indicate at the point of collection whether data is required or optional.

4. How We Use Your Personal Data

We process personal data only for purposes that a reasonable person would consider appropriate in the circumstances and that are necessary for the operation of our services.

4.1 Provision and Operation of the Platform

Creating and administering user accounts and managing access permissions

Managing service requests, work orders, job scheduling, and assignments

Supporting dispatch, routing, and logistics coordination

Generating service records, job histories, and operational reports

4.2 Service Fulfilment and Operational Coordination

Assigning technicians, drivers, or personnel to jobs

Enabling communication between organisations, staff, and end-customers

Providing job status updates, arrival notifications, and service confirmations

Recording completion details such as timestamps, locations, photos, and remarks

4.3 Communication and Customer Support

Responding to enquiries, feedback, and support requests

Providing technical assistance and issue resolution

Sending service-related messages, system alerts, and administrative notifications

4.4 Billing, Payments, and Account Management

Managing subscriptions, billing plans, and renewals

Issuing invoices, receipts, and payment confirmations

Maintaining transaction records for accounting and audit purposes

4.5 Platform Improvement and Analytics

Analysing usage trends and operational patterns

Identifying system issues, bugs, and performance bottlenecks

Enhancing features relevant to service and logistics workflows

Where practicable, data used for analytics will be aggregated or anonymised.

4.6 Security and Incident Management

Monitoring access and usage for security purposes

Detecting, preventing, and investigating unauthorised access, misuse, or fraud

Maintaining audit logs and system records

4.7 Legal and Compliance Purposes

Complying with applicable laws, regulations, and lawful requests

Responding to requests from regulatory authorities or law enforcement

Establishing, exercising, or defending legal rights and claims

4.8 Marketing and Service Updates

Where permitted under the PDPA, we may use personal data to send service-related announcements, product updates, and information about new features relevant to your use of BeanRails. You may opt out of non-essential communications at any time by contacting admin@beanrails.com.

4.9 Business Operations

Internal reporting, record keeping, and business planning

Audits and regulatory filings

Corporate transactions such as mergers or acquisitions, subject to appropriate confidentiality safeguards

5. How We Disclose Your Personal Data

We do not sell, rent, or trade personal data. We may disclose personal data only in the limited circumstances described below.

5.1 Service Providers and Data Processors

We engage trusted third-party service providers who process personal data on our behalf and under our instructions. These include:

Cloud infrastructure and hosting providers (for platform operation and data storage)

Payment processors (for subscription billing and transaction processing)

Analytics and monitoring services (for platform performance and usage analysis)

Customer support and communication platforms

Email and notification delivery services

All service providers are required to process personal data only as instructed by us, maintain appropriate security measures, and comply with applicable data protection laws. We conduct due diligence on service providers before engagement.

5.2 Business Customers

Where we act as a data processor for our business customers, we process personal data in accordance with their instructions and the terms of our data processing agreement. Our business customers are responsible for their own compliance with the PDPA and applicable laws in relation to data they control.

5.3 Legal and Regulatory Disclosure

We may disclose personal data to government authorities, law enforcement agencies, courts, or regulators where required or permitted by law, including to comply with a court order, legal process, or regulatory request. Where permitted, we will notify affected individuals of such disclosure.

5.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of all or substantially all of our assets, personal data may be transferred to the acquiring entity as part of that transaction. We will provide notice before personal data is transferred and becomes subject to a different privacy policy, and affected individuals will have the opportunity to object.

5.5 With Your Consent

We may disclose personal data to third parties with your explicit consent, for purposes not covered by this Policy.

6. International Data Transfers

Our primary operations are based in Singapore. However, some of our service providers and sub-processors may be located in other countries, which means personal data may be transferred to and processed in countries outside Singapore.

Where we transfer personal data internationally, we ensure that:

The recipient country provides a comparable standard of data protection, or

We have put in place appropriate contractual safeguards (such as data processing agreements incorporating standard contractual clauses), or

The transfer is otherwise permitted under the PDPA and applicable law

Key jurisdictions where service providers may process data include the United States and other countries where our cloud infrastructure and software vendors operate. If you wish to know more about our international transfer safeguards, contact us at admin@beanrails.com.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, or to resolve disputes and enforce agreements. Our Data Retention Policy sets out specific retention periods for each category of data and is incorporated into this Policy by reference.

Data may be retained beyond these periods where required for legal proceedings, regulatory investigations, fraud prevention, or enforcement of our agreements, using only the minimum data necessary for such purposes.

8. Your Rights Under the PDPA

Subject to the exceptions and qualifications under the PDPA, you have the following rights in relation to your personal data:

8.1 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw consent at any time by contacting us at admin@beanrails.com. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. Note that withdrawing consent for essential processing may affect your ability to use the Service.

8.2 Right to Erasure

You may request deletion of your personal data where it is no longer necessary for the purpose it was collected, or where you have withdrawn consent and there is no other legal basis for processing. This right is subject to our legal obligations to retain certain data (such as billing records).

8.3 How to Exercise Your Rights

Submit all PDPA requests in writing to:

Email: admin@beanrails.com

Subject line: “PDPA Request – [Type of Request]”

Post: BeanRails Pte. Ltd., 68 Circular Road, #02-01, Singapore 049422

We will acknowledge your request within 5 business days and respond within 30 days. If we require additional time, we will notify you and provide a revised timeline. We may request proof of identity before processing your request.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and platform. A cookie is a small text file placed on your device when you visit our website or use our platform.

You can control cookies through your browser settings. Disabling essential cookies may prevent certain platform features from working. For more information, consult your browser’s help documentation.

10. Security of Personal Data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or disclosure. Our security measures include:

Encryption of data in transit (TLS/HTTPS) and at rest

Access controls and role-based permissions limiting data access to authorised personnel

Multi-factor authentication for administrative and privileged access

Regular security assessments, vulnerability scanning, and penetration testing

Incident response procedures and breach notification protocols

Employee training on data protection and security practices

Data backup and disaster recovery procedures

Notwithstanding these measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of personal data. In the event of a data breach that is likely to result in significant harm, we will notify affected individuals and the PDPC as required by the PDPA’s mandatory breach notification obligations.

Our platform may contain links to third-party websites or integrate with third-party services. This Policy does not apply to those third-party sites or services. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies before providing any personal data.

Where you connect third-party applications or services to our platform via integrations, the sharing of personal data between BeanRails and that third party is governed by the applicable terms of the third-party service and any data processing agreement between us.

12. Changes to This Policy

We may update this Policy from time to time to reflect changes in our data processing practices, legal requirements, or operational needs. When we make material changes, we will notify you by email to the address associated with your account and/or by posting a prominent notice on our platform, at least 30 days before the changes take effect.

The “Last Updated” date at the top of this Policy indicates when it was most recently revised. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Policy.

13. Contact Us

For any questions, concerns, or feedback regarding this Policy or our data protection practices, or to exercise your rights under the PDPA, you may reach us through any of the following channels:

Email: admin@beanrails.com

Post: BeanRails Pte. Ltd., 68 Circular Road, #02-01, Singapore 049422

Please include "Privacy Request" or "PDPA Request" in the subject line of your email so we can direct your enquiry to the appropriate team. We aim to acknowledge all requests within 5 business days and provide a full response within 30 days.