Privacy Policy

This policy explains what personal data genLO collects, why we collect it, who we share it with, and how you can exercise your rights under Singapore’s Personal Data Protection Act 2012 (the “PDPA”).

We aim for plain English. If anything is unclear, email our Data Protection Officer at marxk@loop.com.sgand we’ll clarify.

1. Who we are

“genLO” is the SaaS service provided by ASIAPRENEUR CONSULTANTS PTE. LTD., a Singapore company, and runs on the platform built and operated by LOOP Marketing Group Pte Ltd. ASIAPRENEUR CONSULTANTS PTE. LTD. is the data controller for the personal data described below.

Our Data Protection Officer (DPO) is Marxk Madhavan. Contact: marxk@loop.com.sg.

2. What data we collect

When you use genLO, we collect:

• Account data: email address, hashed password (bcrypt via Supabase Auth — we never see your password in plaintext).
• Business profile: the answers you give in the onboarding intake — business name, industry, what you sell, who you serve, how your buyers decide, and your typical sales motion. We use this to propose the funnel that fits how you sell.
• Your website URL:if you give us your website address during onboarding, we read your public homepage once to draft a brand profile (your colours, tone, and what you offer). We read the page you point us at — we don’t crawl your whole site.
• Funnel configuration: the funnel genLO proposes and the steps you build with it — landing pages, lead-capture forms, qualifier questions, booking steps, and follow-up sequences.
• Captured-lead data: the contact details and answers that your own funnel collects from yourprospects (for example, a name and email from a lead-capture form). This is your business data — we store and process it so your funnel works, and we don’t use it for our own purposes.
• Funnel performance data: the real numbers that move through your funnel — visits, leads, booked calls, and the outcomes you record — so genLO can set your actual results beside the projected plan and show you where deals leak.
• Usage data: project history, plan and feature usage, feature requests.
• Technical data: IP address (via Supabase auth logs for security), user agent / browser metadata, session cookies.

3. Why we collect it

• To deliver the service: propose the funnel that fits how you sell, guide you to build it step by step, run your live funnel, and set your real numbers beside the projected plan so you can see where deals leak.
• To keep your account secure: authentication, abuse detection, rate limiting.
• To communicate with you: verification emails, deletion-confirm emails, occasional product updates.
• To improve the service:aggregated, anonymised usage patterns help us prioritise features. We don’t train AI models on your business data, your funnel content, or the leads your funnel captures.

4. Sub-processors

We use a small set of trusted third-party services to deliver genLO. Each one only sees the data they need to do their job.

• Supabase (database, authentication, file storage) — hosted in ap-southeast-1 (Singapore). Privacy policy.
• A website-reader service — when you submit your website URL during onboarding, a third-party reader fetches your public homepage and returns its text so we can draft your brand profile. It receives only the URL you give us.
• An AI text-analysis provider— reads the page text from your brand scan and your intake answers to propose your funnel and draft copy. It processes that text briefly during generation; it doesn’t receive your captured-lead data.
• SMTP2GO (transactional email delivery) — receives your email address and the contents of system emails (verification, deletion confirmation). Privacy policy.
• RunCloud + Hetzner (server hosting for the genLO web app) — handles HTTPS traffic and short-lived files in transit. Hosting region: Hetzner Falkenstein, Germany. RunCloud privacy · Hetzner privacy.

5. International transfers

Our website reader and AI text provider process the website URL you submit and your intake answers on servers outside Singapore. Hosting via Hetzner is in Germany. By signing up, you consent to these transfers for the purpose of delivering the service. We pick sub-processors with published privacy commitments and standard contractual protections.

6. How long we keep your data

• Brand-scan data:the page text we read from the website URL you submit is used to draft your brand profile and isn’t kept beyond what’s needed to build and refine that profile.
• Funnel configuration + captured leads: retained while your account is active, so your funnel keeps running and your numbers stay intact.
• Account data + project metadata: retained while your account is active.
• On account deletion: all user-owned data is hard-deleted within 7 days. Backups roll off within a further 30 days. Aggregate, anonymised analytics may persist.

7. Your rights under PDPA

Under Singapore’s PDPA you have the right to:

• Access the personal data we hold about you.
• Correct personal data that is inaccurate or incomplete.
• Withdraw consentfor further processing (note: this may mean we can’t continue providing the service).
• Delete your account and the data we hold about you.

To exercise any of these rights, email marxk@loop.com.sg from the address on your account, or use the Delete my account button in your dashboard settings. We respond within 30 calendar days.

8. Children

genLO is intended for adults running businesses. The service is not directed at users under 18, and we don’t knowingly collect personal data from anyone under 18.

9. Cookies

We use the smallest set of cookies that lets the service work:

• Session cookie (essential): keeps you logged in. Set by Supabase Auth, expires when you sign out.
• genlo_ref (functional): a 30-day cookie that remembers which referral link brought you to the site so we can credit your referrer. Cleared at signup, anonymised after attribution.

We don’t use advertising trackers, third-party analytics (Google/Facebook), or fingerprinting libraries. No EU GDPR cookie banner is shown because we don’t set non-essential cookies.

10. Security

Passwords are hashed with bcrypt via Supabase Auth. All traffic is HTTPS-only. Storage objects sit behind Supabase Row-Level Security policies that restrict access to the owning user. We rotate secrets, enable 2FA on admin accounts, and apply security patches promptly.

No system is perfect. If you believe your account is compromised, email marxk@loop.com.sg immediately.

11. Updates to this policy

We may update this policy as the service evolves. The version number and effective date at the top of this page reflect the latest revision. For material changes (new sub-processor, new data category, change to retention) we notify active users via email at least 14 days before the change takes effect.

12. Contact us

Data Protection Officer: Marxk Madhavan · marxk@loop.com.sg
Postal: c/o LOOP Marketing Group Pte Ltd, Singapore (full address on request).