brainbuzz
EN 中文 Log in Sign up
Privacy policy

Privacy policy

Last updated: 17 May 2026

This policy describes how Vivek Hathiramani ("we", "us") handles personal data collected through brainbuzz.sg. It applies to all visitors and users of the site.

Who is collecting your data

Vivek Hathiramani, operating the BrainBuzz platform and LearnUp tuition service as a natural person under Singapore law. Vivek is also the Data Protection Officer (DPO) responsible for handling privacy questions and requests.

Contact: dpo@brainbuzz.sg

What personal data we collect

  • Inquiry and signup forms: parent name, parent email, parent phone number, student name, student level, school, programme(s) of interest, and any free-text note you provide.
  • Enrolled families: the above, plus a family identifier, class schedule, homework submissions, and progress reports we write about each enrolled student.
  • Website usage: approximate IP address, browser type, pages viewed, referring website. Logged for security and to understand how the site is used; not tied to your name unless you have an account.
  • Email correspondence: any email you send to addresses ending in @brainbuzz.sg.

We do not collect NRIC numbers, financial account details, or sensitive personal information such as health data.

Why we collect it

  • To respond to your inquiry or signup, confirm a tuition placement, and run lessons.
  • To assign homework, receive submissions, and write progress reports for enrolled families.
  • To send you transactional emails (inquiry confirmations, lesson reminders).
  • With your separate consent, to send you newsletters or promotional updates.
  • To meet legal and regulatory obligations.

We will not use your data for any new purpose without obtaining fresh consent.

Who we share it with

Your personal data may be processed by these third-party service providers, each chosen for their security practices and contractually bound to protect your data:

  • Google Cloud Platform (United States) — hosting infrastructure for the site and database.
  • GoDaddy (United States) — domain registration and DNS.
  • Microsoft 365 / Exchange Online Protection (United States and Singapore data centres) — handles inbound email to @brainbuzz.sg addresses.
  • Resend (United States) — sends transactional emails from @brainbuzz.sg.

We do not sell, rent, or trade your personal data with anyone for marketing purposes. We share data with law enforcement only when legally required to do so.

Cross-border transfers

Some of these service providers store or process data outside Singapore (primarily in the United States). Each is bound by data protection commitments comparable to the PDPA — typically the EU Standard Contractual Clauses or equivalent — providing protection consistent with Singapore law.

How long we keep it

Type of dataRetention
Inquiry leads that didn't convert12 months from inquiry date
Active student recordsDuration of enrolment, plus 12 months after the last lesson
Web access logs30 days
Encrypted backups12 months

After these periods, data is securely deleted from primary storage and backups during the next scheduled retention cycle.

How it's protected

  • The database is on a hardened server with restricted access. Database files are readable only by the application user.
  • All website traffic is encrypted in transit (HTTPS via TLS).
  • Backups are encrypted before leaving the server.
  • Access to admin functions requires authentication.
  • We do not log personal data in plain text.

Your rights

Under the PDPA, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correct — ask us to update inaccurate or incomplete data.
  • Withdraw consent — stop us from using your data for purposes you previously agreed to.
  • Delete — ask us to delete data we no longer need for the stated purpose (subject to legal retention requirements).
  • Object to direct marketing — opt out of newsletters or promotional emails at any time.

To exercise any of these rights, email dpo@brainbuzz.sg. We will respond within 30 days.

Cookies and tracking

We use only essential cookies — these support your login session and security. We do not use third-party advertising cookies or cross-site tracking. If we add web analytics in the future, we will use a privacy-preserving option (self-hosted Plausible or equivalent) that does not collect personal data, and we will update this policy before doing so.

Children's data

BrainBuzz is intended for use by parents on behalf of their children. We collect data about students only with the consent of their parent or legal guardian. If you believe we have inadvertently collected data from a child without parental consent, please email dpo@brainbuzz.sg and we will delete it.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will reflect changes. For material changes that affect how we use existing data, we will notify active account holders by email and re-request consent where required.

Complaints

If you believe we have mishandled your personal data, please first contact the DPO at dpo@brainbuzz.sg so we can address it. You also have the right to lodge a complaint directly with Singapore's Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.