Privacy Policy

Effective 5 April 2026

This policy is short because we designed it that way.

1. Scope

This policy covers the website at zeneigen.com. Applications built by ZenEigen — including ApexPeak — maintain separate privacy policies at their respective domains. Where an application-specific policy exists, it takes precedence for that application.

2. Who we are

ZenEigen Pte. Ltd. (UEN 202430134N), Singapore. We are the data controller for personal data processed through this website.

Data protection contact: contact@zeneigen.com

3. What we don't do

We designed this website to minimise data collection. These are deliberate architectural decisions, not oversights.

  • We chose cookie-free analytics specifically to avoid collecting personal data
  • We chose not to implement contact forms to minimise the data we hold
  • We don't embed third-party social media widgets, tracking pixels, or external scripts beyond our analytics provider
  • We don't run advertising or remarketing
  • We don't sell, rent, or trade personal data
  • We don't profile visitors or build audience segments
  • We don't use automated decision-making
  • We don't collect data beyond what is described in this policy

4. What we collect

Analytics

We use cookie-free, privacy-focused analytics to understand how visitors use this website. This includes page views, referrer, browser type, and country-level location. No cookies are set. No personal identifiers are collected. No cross-site tracking occurs.

We receive aggregated statistics only — not individual visitor records.

Legal basis: legitimate interest in understanding site usage (PDPA: Section 17; GDPR: Article 6(1)(f)).

Email correspondence

When you email contact@zeneigen.com, we receive your name, email address, and message content. We use this to respond to your enquiry and assess engagement fit.

Legal basis: legitimate interest in responding to business enquiries (PDPA: Section 17; GDPR: Article 6(1)(f)); or pre-contractual steps at your request (GDPR: Article 6(1)(b)).

Retention: enquiry correspondence is retained for two years from last contact. Client correspondence is retained for the duration of engagement plus two years. After the retention period, correspondence is permanently deleted.

5. Sharing & international transfers

Cloudflare, Inc. (United States) provides hosting, content delivery, and analytics infrastructure for this website. Processing is governed by Cloudflare's privacy policy and data processing agreements.

We do not share personal data with any other third parties. International transfers are covered by standard contractual clauses. We will update this section if our infrastructure changes.

6. Security

All connections to this website are encrypted. Industry-standard security controls are applied throughout our infrastructure.

Minimal data collection reduces the surface area for risk — less data held means less data to protect. We apply the same security standards to our own website that we advise our clients to adopt.

7. Data breach

In the event of a data breach affecting personal data, we will notify the relevant supervisory authority within the required timeframe: three business days under Singapore's PDPA, or 72 hours under the GDPR.

Where a breach poses a high risk to individuals, we will notify affected persons directly.

8. Your rights

Under Singapore's Personal Data Protection Act, you may request access to your personal data, correction of inaccurate data, or withdrawal of consent.

Where the GDPR applies, you have additional rights including erasure, data portability, restriction of processing, objection to processing, and the right to lodge a complaint with a supervisory authority.

If your local law provides additional data protection rights beyond those listed above, contact us to exercise them.

To exercise any right, email contact@zeneigen.com. We may verify your identity before processing a request. We will respond within 30 days (PDPA) or one calendar month (GDPR).

9. Children

This website is not directed at individuals under 18. We do not knowingly collect personal data from children.

10. Changes to this policy

The effective date at the top of this page reflects when the policy was last updated. We encourage periodic review.