Privacy Policy
This policy describes how Cognifin collects, uses, discloses, and protects personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA).
Last updated: 13 March 2026
1. Who We Are
Cognifin is a financial education services provider operating in Singapore. Our registered address is 152 Beach Road, #19-08, Gateway East, Singapore 189721. We offer structured educational programmes to individuals and couples seeking to understand their personal finances in the context of Singapore's regulatory and market environment.
This Privacy Policy applies to personal data collected through our website at cognifin.biz, via our contact forms, during programme enrolment, and throughout the delivery of our services.
By using our website or engaging with our services, you acknowledge that you have read and understood this policy.
2. Data We Collect
We collect personal data only when it is necessary for a legitimate purpose. The categories of data we may collect include:
- Identity data: Full name, date of birth, NRIC or passport number (where required for programme administration).
- Contact data: Email address, phone number, residential or mailing address.
- Financial context data: General information about income range, employment type, or financial circumstances shared voluntarily during advisory sessions. We do not collect bank account or credit card credentials.
- Programme data: Notes and records generated during coaching or advisory sessions, with participant consent.
- Technical data: IP address, browser type, pages visited, and session duration collected automatically via cookies and analytics tools when you visit our website.
- Communication data: The content of messages submitted through our contact form or sent to us by email.
We do not knowingly collect personal data from individuals under the age of 18 without verified parental or guardian consent.
3. How We Use Your Data
We use personal data only for the purposes for which it was collected or for directly related purposes. These include:
- Processing enquiries and responding to contact form submissions.
- Administering programme enrolment and scheduling sessions.
- Delivering educational content and advisory sessions in connection with your enrolled programme.
- Sending programme updates, reminders, and follow-up materials.
- Sending occasional educational communications and programme announcements, where you have provided consent.
- Improving our programmes, website functionality, and participant experience.
- Complying with applicable Singapore laws and regulatory requirements.
We do not use your personal data for automated decision-making that produces legal or similarly significant effects without human review.
4. Disclosure of Personal Data
We do not sell, rent, or trade personal data. We may share personal data with third parties only in the following circumstances:
- Service providers: Trusted vendors who assist us with website hosting, email delivery, payment processing, or analytics, operating under contractual data protection obligations.
- Legal and regulatory obligations: Disclosure to government authorities or law enforcement where required by Singapore law.
- Business continuity: In the event of a merger, acquisition, or transfer of business assets, personal data may be transferred to the successor entity, subject to equivalent privacy protections.
We require all third-party recipients to handle personal data in a manner consistent with the PDPA and this policy.
5. Retention of Data
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. In general:
- Programme records are retained for up to 5 years following the completion of a programme, after which they are securely deleted or anonymised.
- Contact enquiries that do not result in enrolment are retained for up to 12 months.
- Financial and transactional records are retained for a minimum of 5 years in compliance with Singapore accounting and tax obligations.
- Marketing consent records are retained until consent is withdrawn.
Upon expiry of the retention period, data is disposed of in a secure and irreversible manner.
6. Protection of Data
We implement reasonable administrative, technical, and physical safeguards to protect personal data against unauthorised access, disclosure, alteration, and destruction. These measures include:
- SSL/TLS encryption for data transmitted via our website.
- Access controls limiting data access to authorised personnel on a need-to-know basis.
- Secure storage of physical and electronic records.
- Regular review of our information security practices.
No method of electronic transmission or storage is entirely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.
7. Access and Correction
Under the PDPA, you have the right to request access to personal data we hold about you, and to request correction of any inaccuracies. To make such a request, please contact our Data Protection Officer (details in Section 13).
We will respond to access and correction requests within 30 calendar days. If the request requires additional time to process, we will notify you with an explanation and an estimated completion date.
We may charge a reasonable administrative fee for access requests. We will inform you of any applicable fee before processing the request.
There are circumstances under the PDPA where we may decline to disclose certain data or decline a correction. In such cases, we will inform you of the reason to the extent permitted by law.
8. Withdrawal of Consent
Where we rely on your consent to process personal data, you may withdraw that consent at any time by contacting us. Withdrawal of consent will not affect the lawfulness of any processing already carried out before the withdrawal.
Please note that withdrawing consent for certain purposes — such as the delivery of a programme you are enrolled in — may affect our ability to provide those services. We will inform you of the likely consequences before processing your withdrawal.
To opt out of marketing communications specifically, you may use the unsubscribe link included in any such communication, or contact us directly.
9. Third-Party Links
Our website may contain links to third-party websites for reference or informational purposes. Cognifin has no control over the content or privacy practices of those websites and is not responsible for the personal data practices of any external site.
We encourage you to review the privacy policy of any third-party site you visit before submitting personal data.
11. Cross-Border Transfers
Where personal data is transferred outside Singapore — for example, to a cloud hosting provider or analytics platform based in another jurisdiction — we take steps to ensure the recipient provides a standard of protection that is comparable to that under the PDPA.
Such steps may include executing data processing agreements or relying on adequacy determinations recognised under Singapore law.
12. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or the services we offer. When we do, we will revise the "Last updated" date at the top of this page.
Where changes are material, we will take reasonable steps to notify current participants — for example, via email or a notice on our website. We encourage you to review this policy periodically.
Your continued use of our website or services following any update constitutes your acknowledgement of the revised policy.
13. Contact & Data Protection Officer
If you have questions or concerns about this Privacy Policy, or would like to exercise any of your data protection rights, please contact our Data Protection Officer:
Cognifin
152 Beach Road, #19-08, Gateway East, Singapore 189721
Mon–Fri 9:00 AM – 6:00 PM | Sat 10:00 AM – 2:00 PM
We aim to respond to all data protection enquiries within 10 business days.
You also have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore if you believe your personal data has been handled in a manner inconsistent with the PDPA. The PDPC can be reached at www.pdpc.gov.sg.