Introduction
companion-co ("we", "us", or "our") operates Companion, a shared wedding planning workspace for couples. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our website and services.
This policy is intended to align with the Personal Data Protection Act 2012 (PDPA) of Singapore. By using Companion, you acknowledge that you have read this Privacy Policy.
Information We Collect
We collect information you provide directly and information generated through your use of the service:
- Account information from Google sign-in, such as your name, email address, and profile photo.
- Workspace content you and your partner create, including tasks, comments, budget entries, guest lists, RSVP responses, seating plans, and file uploads.
- Invitation and referral activity, such as tokens used to join a workspace or arrive via a referral link.
- Technical and usage data, such as device type, browser, IP address, and pages or features accessed.
How We Use Your Information
We use personal data to operate, maintain, and improve Companion. Specifically, we use it to:
- Authenticate you and provide access to your workspace.
- Enable collaboration between workspace members.
- Store and display the wedding planning content you choose to save.
- Send service-related communications, such as workspace invitations or account notices.
- Monitor security, prevent abuse, and troubleshoot issues.
- Understand product usage so we can improve features and reliability.
Legal Basis Under PDPA
Under the PDPA, we process personal data based on one or more of the following, as applicable:
- Your consent, including when you sign in with Google or accept an invitation.
- Performance of a contract or steps taken at your request before entering a contract, such as providing the service you signed up for.
- Legitimate interests, such as securing our platform and improving the product, where those interests are not overridden by your rights.
- Compliance with applicable legal obligations.
Third-Party Services
Companion relies on trusted third-party providers to deliver the service. These providers may process personal data on our behalf:
- Google — for OAuth authentication through NextAuth.
- Supabase — for database, authentication support, and file storage.
- Vercel — for application hosting and delivery.
Data Retention
We retain personal data for as long as your account or workspace remains active and as needed to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements.
If you request deletion of your account or specific personal data, we will take reasonable steps to remove or anonymise it, subject to legal retention requirements and legitimate business needs such as backup recovery windows.
Your Rights
Subject to the PDPA and applicable law, you may have the right to:
- Request access to personal data we hold about you.
- Request correction of inaccurate or incomplete personal data.
- Withdraw consent where processing is based on consent, understanding that this may affect your ability to use certain features.
- Request deletion of personal data in certain circumstances.
International Transfers
Our service providers may process or store data outside of Singapore. Where personal data is transferred overseas, we take reasonable steps to ensure that recipients provide a standard of protection comparable to that under the PDPA, such as through contractual safeguards where appropriate.
Security
We implement reasonable administrative, technical, and organisational measures designed to protect personal data against unauthorised access, loss, misuse, or alteration. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact companion-co at admin@companion-co.com.