ZapLah Logo
ZapLah
Smart Shipping • Travel Shopping
Privacy Policy Support: support@zaplah.com

ZapLah Privacy Policy

User Data • Security • Compliance • Rights

Applies to: ZapLah App & Website PDPA-aligned (Singapore) Public, no login required

1. Introduction

ZapLah Pte. Ltd. ("ZapLah", "we", "our", or "us") is committed to protecting your privacy and handling your personal data in accordance with Singapore’s Personal Data Protection Act (PDPA), international data protection principles, and best practices for digital platforms.

This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use the ZapLah mobile application, website, and related services ("Services"). By using the Services, you acknowledge that you have read and understood this Policy and agree to its terms.

2. Definitions

  • "Personal Data": information that can identify an individual.
  • "Processing": any operation performed on Personal Data, including collection, use, disclosure, storage, or deletion.
  • "User": any individual using the ZapLah platform (Requesters or Travellers).
  • "Third-Party Service Providers": external partners supporting hosting, payments, analytics, or communication.
  • "Legal Basis": the lawful grounds upon which ZapLah processes Personal Data.

3. Information We Collect

We collect Personal Data only for purposes reasonably required for platform operation, trust and safety, and legal compliance.

3.1 Personal Information

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • Identity verification data (if required)
  • Profile photo

3.2 Transactional Information

  • Item request and offer details
  • Trip information (e.g. locations, timing, availability)
  • Uploaded proof of purchase and proof of delivery
  • In-app chat messages and attachments
  • Dispute submissions, explanations, and supporting evidence

3.3 Payment Information

All payments are processed securely by Stripe. ZapLah does not store card numbers, CVV codes, or sensitive authentication data. We may receive:

  • Non-sensitive billing details
  • Transaction confirmation details
  • Payment and refund status updates

3.4 Device & Usage Information

  • IP address and device identifiers
  • Device model and operating system
  • App usage logs, screen views, and interactions
  • Crash and diagnostic reports
  • Optional location data (only if you grant permission)

3.5 Cookies & Tracking Technologies

On the website, ZapLah may use:

  • Session cookies
  • Analytics and tracking tools
  • Fraud detection signals
  • Heatmaps and behaviour analytics

These tools are used to improve navigation, usability, security, and content relevance.

4. How We Use Your Information

We use your Personal Data for the following purposes:

4.1 Platform Functionality

  • To create and manage your ZapLah account
  • To display relevant item requests, offers, and trip listings
  • To match Requesters and Travellers based on eligibility and preferences

4.2 Payments and Transactions

  • To process secure payments, refunds, and payment holds
  • To maintain accurate transaction history and financial records

4.3 Communication

  • To enable in-app chat between Requesters and Travellers
  • To send important notifications, such as status updates and confirmations
  • To contact you regarding support requests or account issues

4.4 Safety and Compliance

  • To verify user identities where appropriate
  • To detect, prevent, and investigate fraud, scams, or suspicious activity
  • To comply with legal, regulatory, and law enforcement requirements

4.5 Platform Improvement

  • To analyse usage patterns and user behaviour
  • To conduct performance testing and feature enhancements
  • To identify and fix bugs, crashes, and errors

4.6 AI-Assisted Processing

  • To provide language translation support in chats or content views
  • To assist in detecting duplicate or suspicious behaviours

All AI-assisted processes operate with human oversight and are not used for fully automated decisions with legal effects.

5. Sharing of Information

We disclose Personal Data only when necessary for service delivery, safety, or legal compliance.

5.1 Other Users (for Transactions Only)

To complete a transaction, limited information is shared between Requesters and Travellers, such as:

  • Name
  • Profile photo
  • Relevant details about the request, offer, or meetup arrangements

We do not publicly display sensitive personal information.

5.2 Third-Party Service Providers

ZapLah engages trusted third-party providers, including:

  • Payment processors (such as Stripe)
  • Cloud hosting providers
  • Analytics and crash reporting tools
  • SMS and email communication services

These providers are contractually bound by confidentiality and data protection obligations.

5.3 Legal Compliance and Safety

We may disclose information where required by:

  • Law enforcement agencies
  • Courts or regulatory authorities
  • Government bodies

Or when disclosure is reasonably necessary to:

  • Protect the rights, property, or safety of ZapLah, our users, or the public
  • Prevent or address fraud, malicious activity, or security threats

5.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your data may be transferred as part of the transaction, subject to continued protection consistent with this Policy.

6. Data Retention

We retain Personal Data only for as long as necessary for the purposes described in this Policy, including operations, audits, dispute resolution, and legal compliance.

6.1 Retention Overview

  • Account information: retained while your account is active
  • Transaction records: retained for 5 to 7 years for financial and legal purposes
  • Chat messages and dispute materials: retained until the request, offer, or dispute is fully resolved
  • Proof of purchase and proof of delivery: typically retained up to 12 months after completion or closure of disputes
  • System logs and diagnostic data: retained for approximately 12 to 24 months
  • Legal and regulatory records: retained as required by applicable law

7. Data Security

ZapLah uses a combination of technical and organisational measures to protect your data, including:

  • Encryption for data in transit (for example, TLS 1.2 or higher)
  • Secure cloud infrastructure and firewalls
  • Role-based access controls and least-privilege principles
  • Activity logging and security monitoring
  • Regular reviews and improvements of security practices

While no method of transmission or storage is completely secure, we take reasonable steps to safeguard your information.

8. International Data Transfers

Your data may be processed or stored in Singapore or other jurisdictions. Where data is transferred across borders, ZapLah ensures:

  • Safeguards in line with PDPA requirements
  • Appropriate contractual protections with overseas service providers
  • Security controls and limited access on a need-to-know basis

9. Your Rights

Depending on your jurisdiction and applicable laws, you may have the right to:

  • Request access to the Personal Data we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of certain Personal Data, subject to legal retention requirements
  • Withdraw consent for non-essential processing where consent is the legal basis
  • Object to or request restriction of certain types of processing
  • Request a copy of your Personal Data in a portable format

We may need to verify your identity before processing such requests. You can contact us at support@zaplah.com.

10. Account Deletion and Data Requests

You may request:

  • Full account deletion
  • Removal of specific data where legally permissible
  • Export of your Personal Data

ZapLah may retain certain information where required by:

  • Law or regulatory obligations
  • Fraud monitoring and prevention needs
  • Financial record-keeping and audit requirements
Contact for requests: Email us at support@zaplah.com.

11. Data Breach Response

In the event of a data incident or suspected breach, ZapLah follows a structured response process:

  • Contain and secure affected systems
  • Investigate the cause and extent of the incident
  • Assess potential impact on users and data subjects
  • Notify affected users where required by law
  • Notify the Personal Data Protection Commission (PDPC) where mandatory
  • Implement corrective measures and strengthen controls to prevent recurrence

12. Children’s Privacy

  • ZapLah is not intended for individuals under the age of 18
  • We do not knowingly collect Personal Data from minors
  • If we become aware that we have collected such data, we will take steps to delete it

13. Changes to This Privacy Policy

  • We may revise this Privacy Policy from time to time
  • Material updates will be communicated via the app, email notifications, or website announcements
  • Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy

14. Contact Us

If you have questions, concerns, or data-related requests, please contact:

↑ Back to top