Privacy Policy

1. Who We Are

COEkaki ("we", "us", "our") operates the website coekaki.com, a Singapore-based platform that tracks Certificate of Entitlement (COE) prices, trends, and provides car ownership tools. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA).

2. Data We Collect

Account Information

When you register, we collect your name and email address. If you sign in via Google, we receive your Google profile name, email, and avatar.

Usage Data

We automatically collect pages visited, time spent, browser type, device type, IP address, and referring URL through Google Analytics. This data is anonymised and aggregated.

Subscription & Payment Data

If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription status but never store your credit card number, CVV, or full card details.

Cookies

We use essential cookies (session, CSRF token, theme preference), analytics cookies (Google Analytics), and advertising cookies (Google AdSense). You can manage cookie preferences via our consent banner.

Price Alerts & Predictions

If you set up price alerts or submit predictions, we store your alert thresholds, category preferences, and prediction values linked to your account.

3. How We Use Your Data

• Provide and improve our services (COE tracking, calculators, alerts)
• Send you price alerts and bidding notifications you opted into
• Send email digests and newsletters (with your consent)
• Process subscription payments via Stripe
• Analyse site usage to improve performance and content
• Prevent fraud and enforce our terms

We do not sell your personal data to third parties.

4. Third-Party Services

We share data with these service providers who process data on our behalf:

• Stripe — Payment processing (Stripe Privacy Policy)
• Google Analytics — Site analytics (Google Privacy Policy)
• Google AdSense — Advertising (with your cookie consent)

5. Data Retention

We retain your account data for as long as your account is active. Usage analytics are retained in anonymised form for up to 26 months. If you delete your account, your personal data is removed within 30 days, though anonymised analytics may persist.

6. Your Rights Under PDPA

You have the right to:

• Access — Request a copy of your personal data
• Correction — Update inaccurate personal data via your profile page
• Withdrawal of consent — Opt out of marketing emails at any time
• Deletion — Request deletion of your account and associated data

To exercise these rights, visit your profile page or email us at the address below.

7. Data Security

We protect your data with HTTPS encryption, hashed passwords (bcrypt), CSRF protection, rate limiting, and security headers (HSTS, X-Frame-Options, X-Content-Type-Options). API keys are stored as hashed values.

8. Children's Privacy

Our service is not directed to individuals under 13. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the site constitutes acceptance of the updated policy.

10. Contact Us

For privacy inquiries or data requests:

COEkaki
Email: privacy@coekaki.com