Privacy Policy

Effective date: 18 March 2026

1. Introduction

Tio Boh (“we”, “us”, “our”) is a sole proprietorship based in Singapore that operates the Tio Boh mobile application and the website tioboh.com (collectively, the “Service”). The website serves as a marketing and informational resource; the core product is the Tio Boh mobile application.

We are committed to protecting your personal data in accordance with the Singapore Personal Data Protection Act 2012 (“PDPA”) and, where applicable, the European Union General Data Protection Regulation (“GDPR”).

This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data. This policy should be read together with our Terms of Service.

2. Information We Collect

We follow a principle of data minimisation: we collect only what we need to provide and improve the Service. Specifically, we minimally collect your email address for the purpose of creating an account, your name only if you choose to provide it for social features, and diagnostic crash data and usage data in anonymised form for the purpose of improving the app. We generally do not collect your personal data unless you voluntarily provide it to us or authorise us to collect it. Where we collect personal data from you, we will do so in accordance with this policy and with your consent, or as otherwise permitted or required by the PDPA.

Without an Account

You can use Tio Boh without creating an account. When you do, we collect the following information:

• Device information (operating system, device model, app version, device identifiers)
• Anonymised usage data (screens visited, features used, session duration) and diagnostic crash reports, used to improve the app

With an Account

If you choose to create an account to save your progress, we additionally collect:

• Email address (required) — used to create and authenticate your account
• Name (optional) — collected only if you choose to provide it, for use in social features
• Authentication credentials managed by our auth provider
• Learning progress (lessons completed, scores)

Automatically Collected Information

When you access the Service, we automatically collect certain technical information, including your IP address, device type, and app interaction data. This data is used for analytics, performance monitoring, and security purposes.

What the Tio Boh App Does Not Do

To give you a clear picture of our data practices, the Tio Boh mobile application:

• Does not contain any advertisements
• Is not monetised (no in-app purchases, subscriptions, or paid features at this time)
• Has no financial features (no payments, transactions, or handling of financial data)
• Does not collect or use the device Advertising ID (IDFA, GAID, or any equivalent tracking identifier) for advertising or tracking purposes
• Does not collect any health, fitness, or medical metadata of any kind
• Does not collect or store browsing history, search history, web history, or purchase history
• Does not access, collect, or save your photos, videos, or audio data
• Does not collect your location, phone number, or physical address at all

3. How We Use Your Information

We use the personal data we collect for the following purposes:

• Delivering and improving the Hokkien learning experience
• Saving and syncing your learning progress across devices (account holders)
• Generating aggregate, anonymised analytics to improve our product
• Responding to support requests and enquiries
• Sending service-related communications such as security alerts and account updates (account holders)
• Detecting, preventing, and addressing technical issues and security threats

Legal Bases for Processing

Under the PDPA, we process your data based on your consent, which you provide by using the Service. Under the GDPR (for users in the EEA), our legal bases are:

• Performance of a contract: Processing necessary to deliver the Service (e.g., account management, progress syncing)
• Legitimate interest: Analytics and product improvement, provided this does not override your rights. Our legitimate interest is understanding how users interact with the app so we can improve the learning experience.
• Consent: Where we rely on your consent (e.g., optional communications), you may withdraw it at any time

4. Data Sharing and Sub-Processors

We do not sell your personal data. We share your information only with the following third-party service providers (sub-processors), each of which processes data on our behalf under appropriate data processing agreements:

• Google Firebase (Google LLC) — Authentication, cloud database, and app infrastructure. Firebase may process data in the United States and other countries. Firebase Privacy Policy
• Analytics provider — We use a third-party analytics service to understand how users interact with the app. This provider processes usage data on our behalf. We will update this policy to name the specific provider once finalised.
• Cloudflare, Inc. — Website hosting and content delivery for tioboh.com. Cloudflare may process data in various global locations. Cloudflare Privacy Policy
• Legal requirements: Where disclosure is required by Singapore law, regulation, legal process, or enforceable governmental request.

We do not share your personal data with any other third parties. Aggregate, anonymised data that does not identify any individual is not considered personal data under this policy and may be used without restriction.

5. International Data Transfers

We store your data in Singapore where possible. However, some of our third-party service providers (including Google Firebase and Cloudflare) may process your data in countries outside Singapore and the European Economic Area (EEA), including the United States. Where your data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or reliance on the service provider's compliance with recognised data protection frameworks.

6. Data Retention

We retain your data only for as long as necessary to fulfil the purposes described in this policy:

• Account data: Retained for as long as your account remains active. If you request deletion, we will delete your personal data within 30 days.
• Usage and analytics data: Retained in anonymised, aggregate form for up to 24 months, after which it is purged.
• Automatically collected data: IP addresses and technical logs are retained for up to 12 months for security and diagnostic purposes.

7. Your Rights

Under the Singapore PDPA, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Withdraw your consent for data processing at any time (note: this may affect your ability to use certain features of the Service, such as account-based progress syncing)

For users in the European Economic Area covered by the GDPR, you additionally have the right to:

• Request erasure of your personal data
• Request data portability (receive your data in a structured, machine-readable format)
• Request restriction of processing
• Object to processing based on legitimate interest
• Lodge a complaint with a supervisory authority in your country of residence

To exercise any of these rights, please contact us at contact@tioboh.sg.

Account and Data Deletion

You can delete your account or request deletion of your personal data at any time using our self-service pages:

• Delete your account: https://tioboh.sg/delete-account
• Request data deletion: https://tioboh.sg/delete-data

How We Handle Your Requests

• Response time: We will respond to access, correction, and consent withdrawal requests within thirty (30) business days.
• Extensions: If we are unable to respond within this period, we will notify you in writing of the expected timeframe and the reasons for the delay.
• Fees: We may charge a reasonable fee for processing access requests, as permitted by the PDPA. If a fee applies, we will inform you of the amount before processing your request.
• Declining requests: In certain circumstances, we may be unable to fulfil your request (for example, where doing so would compromise the privacy of others, or where an exemption under the PDPA applies). If we decline your request, we will inform you of the reasons.

Withdrawing Consent

You may withdraw your consent for the collection, use, or disclosure of your personal data at any time by contacting us in writing or by email. We will process your withdrawal request within ten (10) business days. Please note that withdrawing consent may affect your ability to use certain features of the Service, and we will inform you of the likely consequences before processing your request. Withdrawal of consent does not affect our right to continue processing data where permitted or required by law.

8. Accuracy of Personal Data

We take reasonable steps to ensure that the personal data we collect is accurate and complete. If your personal data changes (for example, your email address), you are responsible for notifying us promptly so that we can update our records. You may do so by contacting us at contact@tioboh.sg or by updating your account information directly within the app where available.

9. Data Security

We implement reasonable technical and organisational measures to protect your personal data. All data transmitted between your device and our Service is encrypted in transit using HTTPS/TLS. Authentication credentials are managed by Google Firebase and are never stored by us in plain text. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Data Breach Notification

In the event of a data breach that is likely to result in significant harm to affected individuals, we will notify the Personal Data Protection Commission of Singapore within three (3) calendar days and affected individuals as soon as practicable, in accordance with the PDPA. For users in the EEA, we will notify the relevant supervisory authority within seventy-two (72) hours where required by the GDPR.

11. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us at contact@tioboh.sg and we will promptly delete it.

12. External Websites and Services

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the content, privacy practices, or accuracy of information on these external websites. We encourage you to review the privacy policies of any third-party websites or services before providing them with your personal data. A link to an external website does not constitute an endorsement of that website or its content.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the effective date at the top of this page and notify you via email or an in-app notice where reasonably practicable. For changes that materially affect how we process your personal data, we will seek your renewed consent where required by applicable law. Your continued use of the Service after notification of non-material changes constitutes your acceptance of the updated policy.

14. Data Protection Officer

Our Data Protection Officer is responsible for overseeing our compliance with the PDPA and this Privacy Policy. For any data protection enquiries or to exercise your rights, please contact our DPO at contact@tioboh.sg.

15. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at contact@tioboh.sg.