Privacy
Privacy Policy
How NewsFlux Media Pte. Ltd. handles personal data under Singapore law. Last updated: 14 July 2026.
1. Scope and who this policy covers
This Privacy Policy explains how NewsFlux Media Pte. Ltd. (UEN 202611482D, "NewsFlux", "we", "us", "our") collects, uses, discloses and protects personal data when you visit newsflux.pro, subscribe to our newsletter or daily brief, submit a contact or tip form, interact with our cookie banner, or otherwise communicate with our Singapore newsroom at 70 Circular Road, #03-01, Singapore 049424.
We are a digital news publication serving Singapore and APAC readers. We are not a data analytics product, PR wire or paid placement service. Personal data is processed only for legitimate newsroom, operational and compliance purposes described below.
This policy is issued under the Personal Data Protection Act 2012 (PDPA) of Singapore and should be read with our Cookie Policy and Terms of Use.
2. Data Protection Officer and contact channels
We have appointed a Data Protection Officer (DPO) reachable at [email protected]. General editorial contact remains [email protected] and +65 6231 5170 (Mon–Fri 07:30–19:30 SGT).
For access, correction or withdrawal requests, email the DPO with enough detail to identify you and the data concerned. We respond within thirty (30) days unless an extension is permitted under the PDPA.
3. Personal data we may collect
Depending on how you interact with NewsFlux, we may collect:
- Identity and contact data: name, email address, telephone number if provided, and message content from our contact or tip form.
- Enquiry metadata: subject selection (tip, correction, press, general), timestamps, and technical logs associated with form submission.
- Newsletter / membership data: email address, subscription tier, billing references processed by our payment provider (we do not store full card numbers on newsflux.pro).
- Technical and usage data: IP address, browser type, device category, referring URL, pages viewed and session duration — collected via cookies or similar technologies only where permitted (see Section 12).
- Cookie consent records: your banner choices stored locally for six months.
- Comment or community data: if you post in enabled comment areas, display name, comment text and timestamp (subject to moderation).
We do not intentionally collect government ID numbers, health records or financial account details through public forms. Please do not submit sensitive categories unless we have agreed a secure channel.
4. How we collect personal data
Data is collected when you:
- Submit our contact form (POST to /send.php);
- Subscribe to the daily brief or membership (S$ plans in SGD);
- Email or telephone the newsroom;
- Browse newsflux.pro with optional analytics or advertising cookies enabled;
- Interact with embedded social or video players where those third parties set their own cookies.
We may also receive professional contact details from public sources or event registrations for legitimate press outreach.
5. Purposes of collection, use and disclosure
We use personal data only for purposes a reasonable person would consider appropriate, including:
- Responding to tips and enquiries: to assess, follow up and document communication with readers and sources.
- Editorial workflow: to verify leads, process correction requests and coordinate press interviews.
- Newsletter and membership: to deliver the daily brief, manage S$8/month (and other) tiers, and provide ad-light reading where applicable.
- Site operation and security: to maintain newsflux.pro, prevent abuse, detect spam (including honeypot fields), and protect our infrastructure.
- Analytics and advertising: with consent, to understand readership patterns and serve labelled ads that fund independent journalism.
- Legal compliance: to comply with Singapore law, respond to lawful requests, enforce our terms, and protect rights and safety.
- Business records: accounting, audit and internal reporting.
6. Consent and other legal bases
We do not sell personal data lists to third-party marketers. Editorial coverage is not traded for personal data. Access to tip and contact submissions is restricted to editors and operations staff with a need to know.
Under the PDPA, we rely primarily on consent. Contact forms require an explicit, unchecked PDPA consent box before submission. Optional cookies are blocked until you accept or customise via our banner.
We may process data without consent where the PDPA permits — for example, vital interests, legal claims, or reasonable business purposes that are not adverse to your interests — but we limit such use to operational necessities like security logging.
You may withdraw consent by emailing [email protected]. Withdrawal may mean we cannot respond to your enquiry or maintain your subscription.
7. Disclosure to third parties
We may disclose personal data to:
- Service providers: hosting in Singapore, email delivery, newsletter tools, payment processors for SGD membership, consent-managed analytics (e.g. Plausible) and advertising partners (e.g. Google Ad Manager) — bound by contract and purpose limitation.
- Professional advisers: lawyers and accountants under confidentiality.
- Authorities: when required by Singapore law or court order.
- Successors: in a merger or asset sale with notice where required.
We require processors to protect data consistently with this policy. A list of major cookie vendors appears in our Cookie Policy.
8. Overseas transfers
Primary hosting and newsroom operations are in Singapore. Some analytics or advertising vendors may process data in other countries. Where overseas transfer occurs, we take steps required under the PDPA — contractual clauses, vendor due diligence and data minimisation — so that transferred data receives comparable protection.
9. Retention
We keep personal data only as long as needed for the purposes collected:
- Contact and tip enquiries: up to twenty-four (24) months from last correspondence, then deleted unless an active editorial matter continues.
- Newsletter / membership records: for the subscription term plus seven (7) years for tax and audit where applicable.
- Cookie consent choices: six (6) months, aligned with our banner notice.
- Server security logs: typically ninety (90) days unless needed for incident investigation.
- Analytics aggregates (if consented): per vendor policy, generally up to thirteen (13) months.
When data is no longer required, we delete or anonymise it using reasonable technical measures.
10. Protection and security safeguards
We implement administrative, technical and physical safeguards appropriate to the sensitivity of the data, including HTTPS transport, access controls for newsroom systems, staff confidentiality obligations, and spam/abuse filtering on public forms. No internet transmission is perfectly secure; please use discretion when sending tips.
Staff with access to personal data receive orientation on PDPA obligations. Vendor contracts include confidentiality and security schedules where data is processed on our behalf.
11. Your rights under the PDPA
Subject to exceptions in the PDPA, you may:
- Request access to personal data we hold about you;
- Request correction of inaccurate data;
- Withdraw consent for future processing;
- Ask how your data has been used or disclosed in the past year.
We may charge a reasonable fee for manifestly unfounded or excessive requests. Contact [email protected]. If unresolved, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore at pdpc.gov.sg.
12. Do Not Call Registry
If you provide a Singapore telephone number, we will not send marketing messages via phone, fax or text unless we have checkable consent or an applicable PDPA exception. Newsroom callbacks related to your enquiry are service communications, not telemarketing.
Members who opt into SMS alerts for breaking stories may withdraw that channel separately from email membership.
13. Cookies and similar technologies
We use strictly necessary storage for consent and core functionality. Analytics and advertising cookies load only after consent. Details, durations, vendors and opt-out steps are in our Cookie Policy. You may revisit choices by clearing site data or using the customise button when the banner reappears after six months.
14. Children
NewsFlux is intended for general audiences. We do not knowingly collect personal data from children under thirteen without parental consent. If you believe a child has submitted data, contact the DPO for deletion.
15. Changes to this policy
We may update this policy to reflect legal, technical or newsroom changes. Material updates will be posted here with a revised "Last updated" date. Continued use after changes constitutes acknowledgement where permitted by law.
Substantive changes affecting how we use personal data for marketing will require fresh consent where the PDPA demands it.
16. Related documents
17. Automated decision-making
NewsFlux does not use personal data to make solely automated decisions with legal or similarly significant effects on individuals. Editorial recommendations may use aggregated, anonymised readership patterns but do not profile named readers for punitive or discriminatory purposes.
18. Breach notification
If a personal data breach likely to result in significant harm occurs, we will notify the PDPC and affected individuals as required under Singapore law, and take steps to contain, investigate and remediate the incident.
19. Records of consent
We maintain internal records of PDPA consent timestamps for form submissions and cookie banner choices for audit purposes, retained in line with Section 9.
20. Questions
If anything in this policy is unclear, contact our DPO at [email protected]. We welcome reasonable questions from readers, sources and members about how their data moves through the newsroom.
We aim to answer privacy correspondence within ten working days, complex requests within thirty days as allowed by the PDPA.