Legal

Security & Data Protection

ONECOMPARE SOLUTION PTE. LTD. is committed to protecting the personal data entrusted to us. This page summarises the administrative, technical, and physical safeguards we apply, in line with Singapore's PDPA and recognised security good practice.

Last updated: 13 June 2026

1. Encryption in transit

All connections to our website and services are protected with industry-standard TLS (HTTPS). Data exchanged between your browser, our platform, and integrated services such as Singpass MyInfo is encrypted in transit. We enforce HTTP Strict Transport Security (HSTS) and secure transport headers.

2. Encryption at rest

Personal data stored in our databases and backups is encrypted at rest using strong, industry-standard encryption managed by our cloud infrastructure provider. Secrets and API keys are stored in a dedicated, access-controlled secrets manager and are never committed to source code.

3. Role-based access control (RBAC)

Access to personal data is restricted on a least-privilege, need-to-know basis. Staff access is governed by defined roles, and sensitive administrative functions require an elevated role. Database access is protected by row-level security policies so that only authorised roles can read protected records.

4. Secure document and data storage

Documents and personal data are stored within access-controlled, encrypted storage. Access is authenticated and authorised, and direct, unauthenticated access to stored records is not permitted. Retrieval of sensitive data is performed only through secured server-side processes.

5. Audit logging and access tracking

We maintain append-only audit logs that record key events, including:

  • Customer consent (including Singpass MyInfo consent, version, and timestamp)
  • MyInfo data retrieval activity
  • Staff access to personal data
  • Data creation and updates
  • Application activity

Audit logs capture relevant metadata (such as event type, actor, timestamp, and request context) to support accountability, investigation, and compliance.

6. Authentication and account security

Staff and administrative access is protected by authenticated sessions. Customer identity verification is supported through Singpass MyInfo, Singapore's national digital identity service. We apply rate limiting, input validation, and anti-abuse controls across our forms and endpoints.

7. PDPA compliance controls

Our processing is governed by the PDPA's data protection obligations, including consent, purpose limitation, notification, access and correction, accuracy, protection, retention limitation, and accountability. We have appointed a Data Protection Officer to oversee compliance.

8. Data minimisation and purpose limitation

We collect and request only the personal data necessary for identity verification, fraud prevention, eligibility assessment, application processing, and loan matching. Data is used only for the purposes for which it was collected and consented to.

9. Incident response

We maintain processes to detect, respond to, and remediate security incidents. In the event of a data breach that meets notification thresholds, we will notify the Personal Data Protection Commission (PDPC) and affected individuals in accordance with the PDPA.

10. Contact

For security or data-protection enquiries, contact our Data Protection Officer at hello@onecomparesolution.com.