Privacy Policy


Policypal Pte. Ltd. (“PolicyPal”) and its wholly owned subsidiaries, BaoXianBaoBao Pte. Ltd. (“BXBB”), Policypal Tech Pte. Ltd. (“PPT”), website (“VC”, and together "we", “us” or “our”), are part of AMTD Policypal Group, a group of companies that provide technology and online insurance brokerage services as well as financial services, insurance products, communications and other products and services (the “Services”) in Singapore.

This Privacy Policy (“Policy”) sets out our basis for the collection, use, disclosure or processing of any personal data of our customers and users in accordance with the Personal Data Protection Act (“PDPA”) of Singapore. This Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

This Policy explains what information and what Personal Data we collect, why we collect it, how we use and disclose it and how we protect Personal Data in compliance with the PDPA. Please be sure to read this entire Policy before using our Services. When you use, access or interact with our Services, you are agreeing to our Terms of Use and consenting to the practices described in this Policy with respect to the collection, use and disclosure of your information.

By submitting your personal data to us or signing up for any products and/or services offered and/or distributed by us, you agree and consent to PolicyPal, and where appropriate our respective representatives, agents, third party service providers, contractors and/or business partners, collecting, using, disclosing personal data in the manner set forth in the prevailing terms of this Policy, including any future amendments. You acknowledge and agree that PolicyPal may, from time to time, amend and update this Policy in order to ensure it is consistent with future developments, industry trends and/or changes in legal or regulatory requirements. Please note that the purposes set forth in this Policy supplement but do not supersede any other consents you may have previously provided to us or which may provide to us in the future.


For the purpose of this Policy, “personal data” means data, whether true or not, about a customer or user who can be identified include (without limitation):

  1. Name
  2. Address
  3. Email address
  4. Telephone number
  5. Date of birth
  6. Age
  7. Gender
  8. Nationality
  9. Any messages if you write to us using the "contact us" form
  10. Your saving goals or your expenditure
  11. Your residency status
  12. Your income
  13. Your family members’ detail information
  14. Details of the products you are looking for (for example, the size of loan)
  15. Passport number, NRIC or other identification document copies and details (where required for purchasing a product)
  16. Education history
  17. Assets
  18. Employment status
  19. Employer or company details
  20. Details of beneficiaries, such as joint policy holders and minor beneficiaries (where required for purchasing a product)
  21. Family members (where required for purchasing a product or availing of a service)
  22. Details of your property, car (including, without limitation, for car make and model, driving and claim history), travel or other personal information relevant to the purchase of certain insurance products
  23. Financial details about you, including details related to the payment method(s) such as credit card, debit card and/or bank account information (when purchasing a product)
  24. Lifestyle information, and
  25. Information related to any of the above.

Most often, the provision of the above data is on a voluntary basis (if any). However, if you do not provide sufficient information to us, third party products and service providers may not be able to provide the requested information, products or services to you.



Ways we obtain or collect your personal data may include (but not limited to) the followings:

(a)        Information you provide to us

(i) submit an inquiry form available on our website;

(ii) purchase/engage an insurance transaction

(iii) participating any of our campaign/promotion/events

(iv) sign up a PolicyPal user account

(v) sign up PolicyPal direct marketing features. (i.e. Newsletter)

(b)        Automatic collection

We automatically collect and store certain types of information about your use of our Services, including information about your interaction with content and services available through PolicyPal Services. Like many websites, we use "cookies" and other unique identifiers, and we obtain certain types of information when your web browser or device accesses the Services.

(c)        Information from Other Sources or Partners

We might receive information about you from other sources, such as SingPass or insurance companies, which we use for identity verification processes and easier delivery for your next purchase.


Ways we may use your personal data for the followings:

(a)        Purchase of insurance product and/or services

We use your personal information to perform obligations in the course of or in connection with our provision of the products and/or services requested by you such as identity verification, delivery of products and services, processing of payments, and communication with you about orders, products and services, and promotional offers.

(b)        Troubleshooting and improvement of Services

We use your personal information to provide functionality, analyse performance, errors fixing, and improve the usability and effectiveness of the Services.

(c)        Comply with legal and regulatory obligations

We use your personal information to comply with necessary codes, guidelines, rules and regulations as required by laws, especially regulated activities. (e.g. administer an insurance product and/or transaction). For some instances, we may use your personal information to assist law enforcement and investigation conducted by government and/or regulatory authority.


Information about our users and customers is an important part of our business, and we are not in the business of selling our customers’ personal information to others. We share customers’ personal information only as to circumstances described above and with Affiliates or Partners of PolicyPal that either are subject to this Privacy Notice or follow practices at least as protective as those described in this Privacy Notice.

We may disclose your personal data:

(a)        Transaction involving Insurance Products with third parties

We collaborate and work with third parties insurance companies, financial companies and/or online payment processors (collectively as the “Partners”) in order to provide products and services. To facilitate your request and fulfillment of the insurance product transaction, we may disclose and transfer your personal information to our Partners.  

(b)        Business transfer

As we continue to develop our business, we might sell or buy other businesses or services. In such transactions, customer information generally is one of the transferred business assets but remains subject to the terms and conditions in any pre-existing Privacy Notice (unless, of course, the customer consents otherwise). Also, in the unlikely event that PolicyPal or substantially all of its assets are acquired, customer information will also be one of the transferred assets.


PolicyPal Website/App offer account sign up/registration/log in by using third party social networking platforms (the “SNS”) such as Facebook or Google. When you decide to register an account with us or log in through or otherwise grant access to SNS, we may also collect personal data that is already associated with your SNS account. Should you choose to register or log in to our Services with your SNS account, you are explicitly giving us permission to use, share and store the credentials you provide, including but not limited to your name, email address(es), date of birth, gender, current city, profile picture URL and other information that the SNS makes available to us, in a manner consistent with this Privacy Policy. You should check your SNS privacy settings to understand and change the information sent to us through SNS. Please review each SNS's terms of use and privacy policies carefully before using their services and connecting to our Services in this way.


The consent that you have provided to us for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing.  You may withdraw your consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request via email to our Data Protection Officer at the contact details provided below.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us.  In general, we will seek to process your request within ten (10) business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. If you decide to cancel your withdrawal of consent, please inform us in writing in the manner described above.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.


If you wish to make a request to correct or update any of your personal data which we hold about you, you may do so by contacting us via

If you wish to make a request to delete your personal data which we hold about you, you may submit your request via email to our Data Protection Officer at the contact details provided below.

We may charge you a fee to process your access request. If this is the case, we will inform you of the fee before processing your request.

We will respond to your request as soon as reasonably possible. In general, our response will be within twenty (20) business days. If we are unable to respond to your request within twenty (20) business days after receiving your request, we will inform you in writing before then to let you know when we will be able to respond to your request. If we are unable to provide you with any personal data, to make a correction requested by you or to delete your personal data which we hold about you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).


To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption, use of privacy filters, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis, identity access management and multi-factor authentication for administrative accounts. However, no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we will strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

Our Website/App may contain links to other Website/Apps operated by third parties, which may be co-branded with our logo or trademark, even though they are not operated or maintained by us. We are not responsible for the privacy practices of such third parties that are linked to our Website/App. Once you have left our Website/Apps, we strongly encourage you to refer to the applicable privacy policy of the third parties Website/Apps to understand how they will handle any information they collect from you.


We rely on your personal data to provide Services to you. You shall ensure that at all times the information provided by you to us is correct, accurate and complete. Inaccurate personal data might affect us to continue to provide necessary Services to you. Please update us if there are changes to your personal data by informing our Data Protection Officer via email at the contact details provided below.


We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

We will cease to retain your personal data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected and is no longer necessary for legal or business purposes.


We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.


We may collect certain information from you without you actively providing the information when you navigate the Website or mobile application via cookies. Cookies are small data text files stored in your local browser cache that send information about your previous visits to and activities on the Website or mobile application. You can adjust settings on your browser so that you will be notified when you receive a cookie. Should you wish to disable the cookies associated with these technologies, you may do so by changing the settings on your browser. However, by doing so, you may not be able to use certain functions or enter certain part(s) of our Website/Services.


You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:

Email Address  :

Last updated: January 2024