JL / Legal
Privacy Policy
Last updated: 11 July 2026
On this page
Jackal Labs is based in Singapore and handles personal data in accordance with the Personal Data Protection Act (PDPA). This policy explains what personal data we collect, why we collect it, how it is used and protected, and what rights you have over it.
1. Data we collect
Depending on how you use the site, we may collect:
- Contact form data — name, email address, enquiry category, and message content
- Account data (once account features launch) — name, email, password (hashed, never stored in plain text), shipping and contact details
- Order data (once ordering is live) — items purchased, order value, delivery address, order history
- Technical data — basic server logs (such as IP address and request time) generated automatically by our hosting provider for security purposes
We do not collect or store full payment card details. Payments are processed by a compliant third-party payment provider (Stripe), and card data is handled entirely on their secure infrastructure.
Your cart is currently stored only in your browser's local storage and is not transmitted to or stored on our servers.
2. Why we collect it
We use personal data to:
- Respond to enquiries submitted through the contact form
- Create and manage your account, where account features are enabled
- Process, fulfil, and support orders, once ordering is live
- Send order-related updates and, where you've given consent, occasional marketing communications
- Maintain the security of the website and prevent fraud or abuse
We only collect data that is reasonably necessary for these purposes.
3. Cookies and local storage
Jackal Labs does not currently use analytics, advertising, or tracking cookies. The only browser storage in use is local storage for your shopping cart, which stays on your device and is not accessible to us. If this changes — for example, if we add analytics in future — this policy will be updated and, where required, we will ask for your consent first.
This site loads fonts from Google Fonts, which involves your browser making a request directly to Google's servers (this exposes your IP address to Google in the same way any third-party resource on a webpage would, but sets no cookies and is not used for tracking).
4. How we store and protect data
We take reasonable technical and organisational measures to protect personal data, including secure password hashing (never plain text), encrypted connections (HTTPS) across the site, restricted access to any systems holding customer data, and secure handling of environment variables and API keys. No method of transmission or storage is completely secure, but we aim to use practices appropriate to the sensitivity of the data involved.
5. Who we share data with
We do not sell personal data. We may share limited data with trusted third parties strictly to operate the business, such as:
- Payment processing (Stripe)
- Website hosting and infrastructure (Netlify)
- Delivery and courier partners, where an order needs to be shipped
- Email or support tools, where used to respond to enquiries
These providers only receive the data needed to perform their function and are expected to handle it securely.
6. Data retention
We keep personal data only for as long as necessary for the purposes described in this policy, or as required by law (for example, financial record-keeping requirements). Account data is retained while your account is active and deleted or anonymised within a reasonable period after a deletion request or account closure.
7. Your rights
Under the PDPA, you may:
- Request access to the personal data we hold about you
- Request correction of inaccurate or outdated data
- Request deletion of your account or personal data
- Withdraw consent for marketing communications or other consent-based processing at any time
To exercise any of these rights, contact us using the details below. We will respond within a reasonable timeframe.
8. Data breach response
We aim to assess any suspected data breach promptly. Where a breach is assessed to be notifiable under the PDPA, we will notify the Personal Data Protection Commission (PDPC) as soon as practicable, and in any case within the timeframe required by law. Where a breach is likely to result in significant harm to affected individuals, we will also notify those individuals directly.
9. Changes to this policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "last updated" date. Continued use of the website after changes are posted means you accept the updated policy.
10. PDPA and privacy contact
For personal data access, correction, deletion, withdrawal of consent, or any other privacy-related enquiries, contact Jackal Labs at:
Email: [insert privacy/support email]
Business name: [insert registered business name, if applicable]
Business address: [insert business address, if applicable]
Country: Singapore
