Privacy Policy
Last updated: 8 July 2026
This Privacy Policy explains how [Registered Business Name], a Sole Proprietorship registered in Singapore (UEN [UEN]), which operates Nagi (“we”, “us”), collects, uses, and protects personal data. We handle personal data in accordance with Singapore’s Personal Data Protection Act (PDPA). If you operate in Malaysia, we also have regard to Malaysia’s Personal Data Protection Act 2010.
1. Who this policy covers
This policy applies to the businesses and individuals who sign up for and use Nagi(“account holders”). Separately, when you as a business use Nagi to record your own customers’ information, you are the controller of that data and we process it on your behalf — see section 7.
2. Information we collect
- Account information — your name, email address, phone number, and password (stored only as a secure hash).
- Business information — your business name, type, settings, tax configuration, and region.
- Payment information — processed by Stripe. We receive limited billing details and subscription status, but we never see or store your full card number.
- Operational data you enter — your product catalogue, transactions, staff records, and the customer records you choose to store.
- Usage and log data — IP address, actions taken in the app, and timestamps, recorded for security, auditing, and troubleshooting.
- Essential cookies — a session cookie used to keep you signed in.
3. How we use your information
- to provide, operate, and maintain the service;
- to process subscriptions and payments through Stripe;
- to authenticate you and keep your account secure;
- to respond to support requests and communicate service-related notices;
- to detect, prevent, and address technical issues, fraud, or abuse;
- to improve and develop the service.
4. Legal basis and consent
We collect and use personal data where you have consented (for example, by creating an account), where it is necessary to perform our contract with you, or where we have a legitimate interest such as securing the service. You may withdraw consent as described in section 11, subject to legal or contractual restrictions.
5. How we share information
We do not sell your personal data. We share it only with:
- Stripe, our payment processor, to handle subscriptions and billing;
- cloud infrastructure providers that host the service on our behalf;
- authorities or third parties where required by law, regulation, or valid legal process; and
- a successor entity in connection with a merger, acquisition, or sale of assets, subject to this policy.
6. Data retention
We retain your personal data for as long as your account is active and as needed to provide the service. After account closure, we may retain certain data for a reasonable period to comply with legal, tax, or accounting obligations, after which it is deleted or anonymised.
7. Data about your own customers
When you use Nagi to store information about your customers (such as names, contact details, loyalty points, and purchase history), you are the data controller for that information and you are responsible for obtaining any necessary consents and providing any required notices to your customers. We act as your data processor and handle that information only to provide the service to you and on your instructions.
8. How we protect your data
- data is transmitted over encrypted (HTTPS) connections;
- passwords are stored using one-way hashing, never in plain text;
- access to production systems is restricted and credentials are rotated;
- we log and monitor access for security and auditing.
No method of transmission or storage is completely secure, but we take reasonable steps to protect your data and will notify affected users and authorities of a data breach where required by law.
9. International data transfers
Our infrastructure may store and process data on servers located outside your country. Where personal data is transferred across borders, we take reasonable steps to ensure it remains protected to a standard comparable to the PDPA.
10. Your rights
Subject to applicable law, you may:
- request access to the personal data we hold about you;
- request correction of inaccurate or incomplete data;
- withdraw consent to our processing (this may limit your ability to use the service);
- request deletion of your data, subject to our legal retention obligations.
To exercise these rights, contact us at contact@nagiapp.co.
11. Cookies
Nagi uses a single essential session cookie to keep you signed in. We do not use advertising or third-party tracking cookies. Disabling the session cookie will prevent you from logging in.
12. Children
Nagi is intended for businesses and is not directed at children. We do not knowingly collect personal data from anyone under 18.
13. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by the “Last updated” date above, and where appropriate we will notify you within the service.
14. Contact us
For any questions about this policy or how we handle your data — including data protection requests — contact our data protection contact at contact@nagiapp.co. See also our Terms of Service.