Privacy Policy
Privacy Policy
Last updated: April 21, 2026
1. Introduction
ShiokNest.com ("we", "us", "our") is committed to protecting your privacy and complying with applicable data protection laws, including the Singapore Personal Data Protection Act 2012 (PDPA), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).
This Privacy Policy explains what information we collect, how it is used, and your rights regarding your data when you visit or use our website at shioknest.com (the "Site").
2. Data Controller
ShiokNest.com is operated from Singapore. For the purposes of the GDPR, we act as the data controller for any personal data processed through the Site. For questions about data protection, please contact us using the Feedback form.
2.1 Data Protection Officer (DPO)
In accordance with the PDPA, we have appointed a Data Protection Officer responsible for ensuring compliance with data protection laws. For any data protection inquiries, access requests, or complaints, please contact our DPO via the Feedback form with the subject "DPO Request".
3. Information We Collect
3.1 Data Stored Locally in Your Browser
We use your browser's localStorage to store preferences on your device. This data never leaves your browser and is not transmitted to our servers. It includes:
- Theme preference (light, dark, or Singapore mode)
- Language selection
- Favourite condos and watchlist
- Portfolio holdings and investment tracker data
- Calculator inputs and recently viewed properties
- Cookie consent preferences
- Sidebar state and UI preferences
You can clear all locally stored data at any time by clearing your browser's site data for ShiokNest.com, or via your browser's Settings > Clear Site Data option.
3.2 Server Access Logs
Like all web servers, our hosting provider automatically logs basic connection data (IP address, browser type, pages requested, timestamps). These logs are used solely for server maintenance and security monitoring. We do not correlate these logs with any individual identity.
3.3 Feedback Form Submissions
If you voluntarily submit a message via our Feedback form, we collect the content of your message. No email address or personal identifier is required. Submitted feedback is stored on our server for product improvement purposes.
3.4 Lead Capture & Contact Forms
If you voluntarily submit a contact form to request property assistance, we collect your name, email address, phone number (if provided), and context about your inquiry. This data is stored on our server for lead management purposes. We may contact you based on the information you provided. Lead data is retained for 12 months from submission date, after which it is deleted. You may request earlier deletion by contacting us via the Feedback form.
3.5 User Accounts
You may optionally create a user account to save searches, watchlists, and recent property views. Registration requires an email address and password. Your password is stored securely using one-way hashing (bcrypt). Account data is retained while your account is active. You may delete your account at any time, which will permanently remove all associated data (watchlist, recent views, saved searches).
3.6 Data We Do Not Collect
We do not:
- Collect payment information from visitors
- Use fingerprinting or cross-site tracking
- Build advertising profiles or engage in behavioural targeting
- Sell, rent, or share personal data with third parties for their marketing purposes
4. Cookies and Tracking Technologies
When you first visit the Site, a cookie consent banner allows you to choose your preferences. We categorise cookies as follows:
| Category | Purpose | Required |
|---|---|---|
| Essential | Site functionality, cookie consent state, PHP session (admin only). No tracking. | Yes |
| Analytics | Google Analytics (GA4) measures website traffic, user behaviour, and engagement. Collects page views, device type, browser, and approximate location. Data retained for 14 months. | No |
| Advertising | Google AdSense serves contextual or personalised ads. Google may set cookies to measure ad performance and tailor ads based on browsing history. | No |
You can change your cookie preferences at any time by clicking the cookie settings link in our footer, or by clearing your browser cookies for this site.
5. Third-Party Services
We integrate the following third-party services, each governed by their own privacy policies:
5.1 Google AdSense
If you accept advertising cookies, Google AdSense may set cookies and use web beacons to serve ads and measure performance. Google may collect device identifiers, IP addresses, and browsing data. You can opt out of personalised ads at Google Ads Settings or via DAA opt-out. See Google's Privacy Policy.
5.2 Google Analytics
We use Google Analytics (GA4) to measure website traffic and understand how visitors interact with the Site. Google Analytics collects data including page views, user interactions, device type, browser, operating system, and approximate location. Google may set cookies to distinguish unique users. You can opt out by installing the Google Analytics Opt-Out Browser Add-on. See Google's Privacy Policy.
5.3 Google Maps
We embed Google Maps to display property locations. When Maps loads, Google may collect usage data and approximate location. See Google's Privacy Policy.
5.4 Google Translate
Translation requests are processed through our server using the Google Cloud Translation API. We send only the text to be translated; no personal data or identifiers are included in translation requests.
6. Legal Basis for Processing (GDPR)
For visitors from the European Economic Area (EEA), United Kingdom, or Switzerland, we process data on the following legal bases:
- Consent (Art. 6(1)(a) GDPR) — for advertising cookies (opt-in via cookie banner)
- Legitimate interests (Art. 6(1)(f) GDPR) — for server access logs (security and maintenance), essential cookies (site functionality)
You may withdraw consent at any time by changing your cookie preferences. Withdrawal does not affect the lawfulness of processing before withdrawal.
7. Your Rights Under the GDPR
If you are in the EEA, UK, or Switzerland, you have the right to:
- Access — request a copy of any personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — request limited processing of your data
- Data portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — revoke consent for advertising cookies at any time
Because we do not collect personal data on our servers (beyond basic access logs), most of these rights are satisfied by design. Locally stored data (localStorage) is already under your full control. To exercise any right, contact us via the Feedback form.
You also have the right to lodge a complaint with your local data protection authority.
8. Your Rights Under the CCPA/CPRA
If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to Know — you may request disclosure of the categories and specific pieces of personal information we have collected
- Right to Delete — you may request deletion of personal information we hold
- Right to Opt-Out of Sale/Sharing — you may direct us not to sell or share your personal information
- Right to Non-Discrimination — we will not discriminate against you for exercising these rights
- Right to Correct — you may request correction of inaccurate personal information
- Right to Limit Use of Sensitive PI — you may limit how we use sensitive personal information
We do not sell or share personal information as defined by the CCPA/CPRA. If you accept advertising cookies, Google AdSense may use data for ad targeting, which could constitute "sharing" under CCPA. You can opt out of this by selecting "Essential Only" in our cookie banner or by clicking "Do Not Sell or Share My Personal Information" in the footer.
To exercise your rights, contact us via the Feedback form. We will respond within 45 days as required by law.
9. Your Rights Under Singapore PDPA
Under the Personal Data Protection Act 2012 (PDPA), you have the right to:
- Request access to your personal data held by us
- Request correction of any errors in your personal data
- Withdraw consent for the collection, use, or disclosure of your personal data
If you have created a user account or submitted a contact form, you may exercise these rights by contacting us. Most data is stored locally on your device and controlled entirely by you.
To exercise your access, correction, or deletion rights under the PDPA, submit a request via our Feedback form with the subject "PDPA Access Request", "PDPA Correction Request", or "PDPA Deletion Request". We will respond within 30 days as required by the PDPA. A reasonable fee may apply for access requests.
10. Data Retention
- localStorage data: Persists until you clear it. We do not set expiration dates on locally stored preferences.
- Server access logs: Retained by our hosting provider per their standard retention schedule (typically 30–90 days).
- Feedback submissions: Retained indefinitely for product improvement, unless you request deletion.
- Lead capture submissions: Retained for 12 months, then deleted. You may request earlier deletion.
- User account data: Retained while your account is active. Deleted upon account deletion, including watchlist, recent views, and saved searches.
- Analytics cookies: Google Analytics data retained for 14 months per GA4 default settings.
- Advertising cookies: Set and managed by Google per their cookie retention policy.
11. International Data Transfers
Our server is located in Singapore. If you access the Site from outside Singapore, your connection data (IP address) will be processed in Singapore. Third-party services (Google AdSense, Google Maps, Google Translate) may transfer data to servers in the United States or other jurisdictions. Google provides appropriate safeguards through Standard Contractual Clauses and other mechanisms described in their privacy documentation.
12. Data Security
We implement appropriate technical and organisational measures to protect data, including:
- HTTPS encryption for all connections
- Content Security Policy (CSP) headers
- HttpOnly, SameSite session cookies
- Rate limiting on form submissions
- Regular security reviews of our codebase
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
12.1 Data Breach Notification
In the event of a notifiable data breach under the PDPA, we will:
- Notify the Personal Data Protection Commission (PDPC) within 3 calendar days of assessing the breach is notifiable
- Notify affected individuals as soon as practicable if the breach is likely to result in significant harm
- Take remedial actions to contain the breach and prevent recurrence
A breach is notifiable if it results in, or is likely to result in, significant harm to affected individuals, or is of a significant scale (500+ individuals).
13. Children's Privacy
The Site is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided personal data to us, please contact us via the Feedback form and we will promptly delete it.
14. Do Not Track Signals
Some browsers send "Do Not Track" (DNT) signals. Because we do not perform server-side tracking of individual users, we effectively honour DNT by default. If you decline advertising cookies, no third-party tracking occurs through our Site.
15. Data Source
All property transaction data displayed on ShiokNest.com is sourced from the Urban Redevelopment Authority (URA) of Singapore. This is publicly available government data and does not contain personal information.
16. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be indicated by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Site after changes constitutes acceptance of the revised policy.
17. Contact
If you have questions, concerns, or wish to exercise your data protection rights, please use the Feedback form to contact us.