Consumer Privacy Policy
Last updated: 15 May 2026
1. Overview
This Privacy Policy (“Policy”) describes how MarlinX Technologies Pte. Ltd. (operating as “Directo”, “we”, “us”) collects, uses, discloses, and protects personal data about individuals who access Directo-powered storefronts.
Directo is a technology service that provides infrastructure, software interfaces, and operational workflows enabling Merchants to manage their own customer ordering channels and related business operations. This Policy applies to personal data that Directo collects in its own capacity. Merchants are independent businesses and may separately collect or control personal data in connection with their own orders, fulfilment, customer service, and related business operations.
We handle personal data in accordance with the Personal Data Protection Act 2012 (“PDPA”) of Singapore.
2. How Directo and Merchants Handle Data
When you use authentication or access features provided through Directo, the related personal data is handled by Directo as the responsible organisation under the PDPA.
When you place an order with a Merchant through a Directo-powered storefront, the Merchant is the responsible organisation for personal data submitted in connection with that transaction, including delivery and contact information. In that context, Directo processes such data as a data intermediary acting on the Merchant’s instructions.
3. Personal Data Collected by Directo
We collect the following personal data in connection with providing Directo:
| Category | Specific Data | Source |
|---|---|---|
| Account / Identity | Email address | Provided directly or via Google Sign-In at account creation or sign-in |
| Usage and Technical Data | Basic technical and usage information necessary to operate and secure Directo-powered storefronts, such as device and browser information, basic session and security logs | Automatically collected when you access a Directo-powered storefront |
4. Personal Data We Do Not Collect
Directo’s systems are designed to collect only the minimum personal data necessary to provide our services. We do not collect:
- National identification numbers: We do not collect your NRIC, FIN, passport number, or other government-issued identification numbers.
- Payment card data: We do not collect, store, or have access to your payment card numbers or CVV codes. Payments made through Directo-powered storefronts are processed either by third-party payment service providers under their own terms and policies, or directly by the Merchant.
- Biometric data: We do not collect fingerprints, facial recognition data, or other biometric identifiers.
- Sensitive personal data: We do not intentionally request or require highly sensitive personal data unless necessary for a specific service or required by law.
5. How We Use Your Data
We use personal data to operate and secure Directo, authenticate your account access, enable order submission through Merchant storefronts, send service and security notifications, detect and respond to suspected misuse, and comply with applicable law.
We do not sell your personal data.
6. Sharing and Disclosure
We do not sell, rent, or trade your personal data. We may disclose your personal data in the following circumstances:
- Technology service providers: We engage third-party providers for cloud hosting, security services, and email delivery, engaged under appropriate contractual protections.
- Authentication providers: We use third-party authentication providers to enable account sign-in. Your use of such providers is also subject to their own privacy policies and terms of service.
- Payment service providers: Third-party payment service providers process payment-related information under their own terms and policies.
- Authorities: We may disclose personal data to authorities where required or permitted by law.
- Business transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, personal data may be transferred to the relevant successor entity, subject to applicable legal requirements.
7. Retention
We retain your personal data for no longer than is necessary for the purposes for which it was collected, or as required by applicable law.
| Data Category | Retention Period |
|---|---|
| Account data (email) | Duration of account existence, plus up to 1 year after account closure or inactivity, for dispute resolution and legal compliance |
| Usage and technical logs | Generally up to 1 year from date of collection |
When you delete your Directo account, we will delete or anonymise your personal data within a reasonable period, subject to any obligation to retain it for longer under applicable law.
8. Security
We implement reasonable security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction, which may include encryption, access controls, and incident response procedures. No system is completely secure, and we do not guarantee absolute security. If you believe your Directo account has been compromised, please contact us at support@marlinxtech.com.
9. Your Rights
Subject to the exceptions and limitations set out in the PDPA, you may request access to or correction of personal data we hold about you. Where applicable and subject to the PDPA, you may withdraw consent at any time, though this will not affect processing already carried out and may affect our ability to provide certain services.
To submit a request, please contact us at support@marlinxtech.com. We may ask you to verify your identity before processing your request.
If you are dissatisfied with how we have handled your request or complaint, you may lodge a complaint with the Personal Data Protection Commission of Singapore at www.pdpc.gov.sg.
10. Overseas Transfers
We may engage overseas service providers, including cloud hosting and infrastructure providers, in connection with operating and supporting Directo. Where personal data is transferred outside Singapore, we take reasonable steps to ensure that the receiving party provides a standard of protection comparable to that required under the PDPA, including through appropriate contractual protections where applicable.
11. Data Breach
In the event of a data breach involving personal data for which we are the responsible organisation, we will assess the breach and notify the PDPC and affected individuals as required under the PDPA.
12. Cookies
Directo-powered storefronts use cookies for authentication, session management, and security. Some browser settings allow you to block or delete cookies, but this may affect certain features.
13. Data Collected by Merchants
When you place an order with a Merchant through a Directo-powered storefront, the Merchant may collect additional personal data from you, such as your delivery address and contact details, for the purposes of fulfilling orders and related customer service purposes.
Merchants are independently responsible for personal data they collect and control in their own capacity. Each Merchant operates under its own privacy policy, which you should review for information about their data practices.
14. Minors
By using a Directo-powered storefront, you represent that you have the legal capacity to enter into a binding contract under applicable law. We do not knowingly collect personal data from individuals who lack such capacity. If you are a parent or guardian and believe that a minor has provided personal data through a Directo-powered storefront without appropriate consent, please contact us at support@marlinxtech.com and we will take reasonable steps to delete such data.
15. Changes
We may update this Policy periodically to reflect changes in our data practices or applicable legal requirements. Where changes are material, we will provide notice by updating the “Last updated” date at the top of this page and, where appropriate, through the storefront, account interface, email, or other appropriate channels.
16. Contact
For questions or requests relating to this Policy or personal data handled by Directo, please contact:
MarlinX Technologies Pte. Ltd.
Email: support@marlinxtech.com
Singapore