PDPA Compliant

Privacy Policy

Last updated: 23 March 2026. We protect your child's data like it's our own.

The Short Version (TL;DR)

  • No Ads, Ever: We do not sell your personal data or run advertisements.
  • Local Storage: Your child's data is encrypted and securely stored right here in Singapore.
  • You have the right to forget: You can request full deletion of your account and data at any time, processed within 30 days.

👋 1. Who We Are & Scope

Superholic Lab is an online educational platform operated by Superholic Lab Pte. Ltd. in Singapore.

We comply fully with Singapore's Personal Data Protection Act 2012 (PDPA) and act as the Data Controller. This policy applies to all personal data collected through www.superholiclab.com for parents, guardians, and children.

📝 2. Data We Collect & How We Use It

Account Data: Parent's name and email. Children's profiles require only a first name and school level.

Usage Data: Quiz results, topic progress, and AI tutor chat history. This is used exclusively to personalise the learning experience and build your Mission Control dashboard.

Payment Data: Processed securely via Stripe, Inc. We do not store your credit card numbers on our servers.

We never use your data for advertising or sell it to third parties.

🔒 3. Security & Storage

Your data is stored in Supabase (PostgreSQL), hosted on secure AWS servers located physically in Singapore (ap-southeast-1).

We enforce strict row-level security (RLS) policies so users can only access their own data. All data is transmitted over HTTPS, and passwords are cryptographically hashed using bcrypt.

🤝 4. Sharing with Third Parties

We share data only with essential service providers who are contractually bound to protect it:

  • Supabase: Database and authentication.
  • Stripe: Secure payment processing.
  • Anthropic: The engine behind our AI Tutor. Crucially, Anthropic does not use any API inputs (your child's chat logs) to train their foundation models.
  • Plausible Analytics: A privacy-first, cookie-free analytics provider.

🧸 5. Children's Data & Your PDPA Rights

Under the PDPA, you have complete control over your family's data. You have the right to:

  • Access & Correction: View or fix the data we hold about you.
  • Withdrawal: Withdraw your consent for data usage (which will pause your service).
  • The Right to Forget (Deletion): Request full deletion of your account and child's data. We process these requests within 30 days.

To exercise these rights, simply email our Data Protection Officer at privacy@superholiclab.com.

🍪 6. Cookies & Tracking

We do not use tracking cookies. Our analytics provider (Plausible) is entirely cookie-free and respects your privacy. We only use local browser storage for functional necessities, like keeping you logged into your session safely.