We may earn a commission from links on this page. Learn more

Privacy Policy

Your privacy is important to us. This Privacy Policy explains how SG Review Lab collects, uses, and protects your personal information in compliance with the Singapore Personal Data Protection Act (PDPA) and the EU General Data Protection Regulation (GDPR).

1. Who We Are

SG Review Lab is a beauty review website operated in Singapore. We are committed to protecting your personal data and being transparent about how we use it.

For any privacy-related inquiries, you may also use our contact form.

2. Information We Collect

2.1 Information You Provide Directly

  • Newsletter subscriptions: Email address and optionally your name
  • Contributor registration: Name, email, display name, and profile information
  • Contact forms: Name, email, and message content
  • Comments and reviews: Name, email, and content you submit

2.2 Information Collected Automatically

  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring website
  • IP address (anonymized for analytics, hashed for security purposes)
  • Device information

3. Legal Basis for Processing Your Data

Under GDPR and PDPA, we process your personal data based on the following legal grounds:

  • Consent: When you subscribe to our newsletter, create a contributor account, or submit comments. You may withdraw consent at any time.
  • Legitimate Interest: For website analytics, security monitoring, and improving our services, where such processing does not override your rights.
  • Contractual Necessity: To provide services you have requested, such as managing your contributor account.
  • Legal Obligation: When required to comply with applicable laws and regulations.

4. How We Use Your Information

We use collected information to:

  • Send newsletters and promotional content (only with your explicit consent)
  • Process and manage contributor accounts and reviews
  • Respond to your inquiries and support requests
  • Improve our website, content, and user experience
  • Analyze site traffic and usage patterns
  • Prevent fraud, spam, and abuse
  • Comply with legal obligations

5. Cookies and Tracking Technologies

We use the following types of cookies:

5.1 Essential Cookies

Required for basic site functionality (e.g., login sessions, security). These cannot be disabled.

5.2 Analytics Cookies

Used to understand how visitors interact with our site. We use Google Analytics with IP anonymization enabled. You may opt out by using browser settings or the Google Analytics Opt-out Browser Add-on.

5.3 Affiliate Cookies

When you click affiliate links, third-party cookies may be set to track referrals. These cookies are subject to the respective affiliate networks' privacy policies.

5.4 Cookie Consent

By using our website, you consent to the use of essential cookies. For analytics and affiliate cookies, we rely on your continued use of the site as implied consent, though you may disable these through your browser settings at any time.

To manage cookies: Most browsers allow you to refuse or delete cookies. Please refer to your browser's help documentation. Note that disabling certain cookies may affect site functionality.

6. Third-Party Services & International Data Transfers

We use third-party services that may process your data outside of Singapore. These transfers are necessary for the operation of our services:

  • Google Analytics (USA): Website analytics with IP anonymization. Privacy Policy
  • Email Service Provider: To manage and send newsletters. Data may be processed in the USA or EU.
  • Affiliate Networks: To track purchases and commissions when you click affiliate links.
  • Cloud Hosting: Our servers may be located outside Singapore.

These service providers are contractually obligated to protect your data and process it only as instructed by us. Where data is transferred outside Singapore, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent measures.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

  • Newsletter subscribers: Until you unsubscribe or request deletion. Inactive subscribers (no email opens for 24 months) may be removed automatically.
  • Contributor accounts: For as long as your account is active, plus 12 months after account closure for legal and audit purposes.
  • Comments and reviews: Indefinitely while published, or until you request deletion.
  • Contact form submissions: Up to 12 months after the inquiry is resolved.
  • Analytics data: Aggregated and anonymized data may be retained indefinitely. Identifiable data is retained for up to 26 months.
  • Security logs: IP hashes and security-related data are retained for up to 12 months.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • SSL/TLS encryption for all data transmission
  • Secure server infrastructure with regular updates
  • Password hashing and secure authentication
  • Limited access to personal data on a need-to-know basis
  • Regular security assessments

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Under PDPA and GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data we hold.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Restrict Processing: Request limitation of how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time for consent-based processing.

Under Singapore PDPA: You may withdraw your consent for the collection, use, or disclosure of your personal data at any time by contacting us. We will inform you of the likely consequences of withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

10. Children's Privacy

Our website is not intended for children under 13 (or 16 in some jurisdictions). We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Posting a prominent notice on our website
  • Updating the "Last updated" date below
  • Sending an email to subscribers (for material changes)

We encourage you to review this policy periodically.

12. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with:

  • Singapore: Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg
  • EU: Your local Data Protection Authority

We encourage you to contact us first so we can address your concerns directly.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Last updated: January 2026