Privacy Policy Overview

Ilvaya operates custom software development and business operations services from Singapore. This Privacy Policy explains the types of personal data we collect, how we use and protect that data, and how you can contact us. Our primary aim is to process personal data only as necessary to provide agreed services, support ongoing operations, and comply with legal obligations. For questions, contact [email protected] or write to Ilvaya at 22 Opal Crescent, Singapore, 328418. Business ID: S3896590A. Effective date is listed below.

12-02-2026 Ilvaya [email protected]

Key Definitions

This section explains the terms used in this policy so you can better understand how your data is handled.

Personal data means any information that can identify an individual directly or indirectly, such as names, contact details, job title, company affiliation, and technical identifiers.
Processing refers to any operation performed on personal data, including collection, storage, retrieval, use, disclosure, and deletion.
User refers to any individual who interacts with Ilvaya services, including clients, client employees, prospective clients, and website visitors.
Service means the custom software development, integration, hosting, support, and related professional services provided by Ilvaya.
Cookies are small text files stored on a device that help recognize returning visitors, remember preferences, and measure site usage to improve user experience.

Data We Collect

We collect data to provide and improve our services, communicate with clients, and meet legal and contractual obligations. Collections fall into three main groups: data provided by users, data collected automatically, and data obtained from third parties.

Data You Provide

When you engage with Ilvaya or contact us, you may provide the following types of information:

  • Contact information: name, company name, business email, and phone number
  • Business and project details: project requirements, role descriptions, system architecture preferences
  • Transaction information: billing address, invoicing details, and payment records
  • Support communications: messages, support tickets, and correspondence
  • Authentication data: usernames, hashed passwords, and access preferences
  • Consent and preferences: marketing preferences and communication consents

Data Collected Automatically

When you use our website or services, we may collect technical and usage information to operate and secure our platforms and to improve functionality.

  • Device and browser information, including IP address and browser type
  • Usage data such as pages visited, actions taken, and session duration
  • Analytics data collected by tools used to measure site and service performance
  • Cookies and similar tracking technologies
  • Error and diagnostic logs that help troubleshoot and improve services
  • Location data inferred from IP addresses for security and compliance checks

Data From Third Parties

We may receive data from our partners and service providers to facilitate onboarding, billing, and integrations.

  • Payment processors providing transaction confirmations and billing metadata
  • Cloud and hosting providers supplying infrastructure logs and performance metrics
  • Analytics and monitoring providers offering aggregated usage statistics

How We Use Your Data

We process personal data for specific operational and business purposes. Each processing activity has a limited scope and retention period.

  • To provide and maintain the services you contract for, including hosting, support, and feature delivery
  • To communicate with you about projects, invoices, support requests, and operational notices
  • To process payments, manage billing, and prevent fraud
  • To analyze usage and performance in order to improve product stability and user experience
  • To meet legal, regulatory, and contractual obligations
  • To secure our systems and contribute potential security incidents
  • To send service-related announcements and updates when necessary for service operation
  • To manage recruitment and business development communications where you have opted in

Legal Bases for Processing

Where applicable, our processing is supported by one or more lawful bases depending on the context of the data use.

  • Contractual necessity: processing required to perform a contract with you or your organization
  • Consent: where you have given clear consent for specific processing activities, such as marketing communications
  • Legal obligation: processing required to comply with laws or regulatory obligations
  • Legitimate interests: for security, fraud prevention, and internal operations where such interests are not overridden by your rights

Your Rights

If you are located in a jurisdiction with data protection laws similar to the GDPR, you may have specific rights over your personal data. Below is a summary of common rights and how to exercise them.

  • Right of access: you can request a copy of personal data we hold about you
  • Right to rectification: you can ask us to correct inaccurate or incomplete data
  • Right to erasure: you may request deletion where processing is not required by law or contract
  • Right to restriction: you may ask to limit processing while a dispute is resolved
  • Right to data portability: where applicable, you can request a machine-readable copy of data you provided
  • Right to object: you can object to processing based on legitimate interests or direct marketing in some cases

Cookies and Tracking

We use cookies and similar technologies to operate the site, remember your preferences, and deliver analytics that inform improvements.

Common cookie types include: essential cookies (required for site functionality), performance cookies (for analytics), functional cookies (to remember preferences), and advertising cookies (used to deliver targeted content).

Essential: required for site operation. Analytics: aggregate usage data. Functional: remember settings. Advertising: used by third parties for personalized ads.

You can control cookies via your browser settings and opt out of analytics tracking through available opt-out mechanisms. Disabling essential cookies may affect site functionality.

Read our Cookie Policy

How We Share Data

Ilvaya shares personal data only as necessary to deliver services, comply with legal obligations, or facilitate business operations with trusted partners.

  • Service providers and subcontractors who perform services on our behalf, such as hosting, payments, and analytics
  • Affiliates and business partners involved in joint service delivery or integrations
  • Professional advisors such as lawyers and auditors when required for legal or compliance matters
  • Law enforcement or regulators when required by law or to respond to lawful requests
  • Third parties in the event of a business transaction, such as a sale or merger, subject to confidentiality protections
  • With your consent when we have obtained explicit permission to share data for a specific purpose

International Data Transfers

Because we operate with global service providers, personal data may be transferred to and processed in jurisdictions outside your country, including providers hosted in regions with different data protection laws.

When transfers occur, Ilvaya implements safeguards such as contractual protections, encryption, access controls, and where appropriate standard contractual clauses to protect personal data.

Data Retention

We retain personal data only as long as necessary for the purposes described and to comply with legal or contractual obligations. Retention periods vary by data type and purpose.

Account information and contract records are kept for the duration of the client relationship and for a period of up to seven years afterward to meet accounting and regulatory requirements.

Support and project communication records are retained for a period necessary to provide support and for dispute resolution, typically up to three years unless a longer period is required.

Operational logs, diagnostics, and audit trails are retained for security and performance monitoring purposes, typically for up to one year unless retention is needed for incident contribute.

Ilvaya retains personal data only as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer required for these purposes, we securely delete or anonymize it. You may request deletion of your personal data; we will assess requests against legal retention needs and the necessity to complete contractual obligations before permanent removal.

Data Security and Safeguards

We treat client data as a critical business asset. Ilvaya applies industry-standard technical and organizational measures to protect personal and business information from unauthorized access, accidental loss, or misuse. Security is integrated into our development lifecycle and operational procedures to reduce risk while enabling productive collaboration.

  • Encryption in transit and at rest for sensitive data storage and communications.
  • Role-based access controls, multi-factor authentication, and regular access reviews.
  • Regular vulnerability assessments, patch management, and secure development practices.

User Rights and Requests

Users and clients have a range of rights regarding their personal data held by Ilvaya. To exercise any right, you may contact us using the details below. We will respond in accordance with applicable law and within a reasonable timeframe.

  • Right to access: Request a copy of personal data we hold about you.
  • Right to rectification: Ask us to correct inaccurate or incomplete personal data.
  • Right to deletion: Request deletion of personal data where retention is no longer necessary.
  • Right to restrict processing: Request temporary suspension of processing under specific circumstances.
  • Right to data portability: Request a machine-readable copy of personal data you provided.
  • Right to object: Object to certain types of processing, including direct marketing.
  • Right to withdraw consent: Withdraw consent for processing where consent is the legal basis.
  • Right to lodge a complaint: File a complaint with a supervisory authority if you believe your rights are infringed.

How to Submit Rights Requests

To submit a request regarding your personal data, email [email protected] or send a written request to our office at the address below. Include sufficient details to identify yourself and the nature of the request. We may request additional information to verify your identity before processing sensitive requests.

[email protected]

We aim to respond to verified requests within 30 calendar days. Complex requests may require additional time, in which case we will inform you of any extension and the reasons for it.

Marketing Communications

Ilvaya may send marketing messages about services, events, and offers. We will only send promotional communications where we have a lawful basis to do so. You can opt in when engaging with our services or update your preferences anytime.

To stop receiving marketing emails, click the unsubscribe link in any marketing message or contact [email protected] to update your preferences.

Children's Privacy

Our services are intended for businesses and professionals. We do not knowingly collect personal data from children under the age of 16. If you believe we have collected personal data from a child, contact us and we will take steps to remove the information as appropriate.

Third-Party Links

Our website and communications may contain links to third-party sites and services. Ilvaya is not responsible for the privacy practices or content of external sites. Review the privacy notices of third parties before providing personal information.

Changes to This Policy

We may update our privacy practices to reflect changes in law, technology, or business operations. Significant changes will be posted on our website with the effective date. Continued use of our services after changes are published constitutes acceptance of the updated policy.