Privacy Policy | FCPI - Freya Cost Pressure Index

1. Who We Are

TetriXX Pte. Ltd. (UEN 202135956H) is the data controller for the Freya Cost Pressure Index ("FCPI") service available at fcpi.tetrixx.ai.

Registered office: The Working Capitol, 1 Keong Saik Road, 089109 Singapore
Privacy contact: privacy@tetrixx.sg

This Privacy Policy explains how we collect, use, store, and protect your personal data when you access or use the FCPI. It applies to all visitors, free users, and paid subscribers.

2. Compliance Framework

TetriXX operates the FCPI in accordance with the following standards and regulations:

ISO 27001:2022 Information Security Management System

SOC 2 Type II Security, Availability, Confidentiality

GDPR (EU & UK) General Data Protection Regulation

PDPA Singapore Personal Data Protection Act 2012

3. Data We Collect

Category	Data	When
Account Data	Full name, email address, company name, job title, country	When you register for an account or subscribe
Payment Data	Billing address, payment method details, transaction history	When you purchase a subscription (processed and stored by Paddle, not by TetriXX)
Technical Data	IP address, browser type and version, operating system, device type, time zone, language preference	Automatically when you access the FCPI website
Usage Data	Pages viewed, features used, report downloads, session duration, clickstream data	Automatically during your use of the Service
Communication Data	Email correspondence, support requests, feedback	When you contact us
Marketing Data	Email subscription preferences, newsletter opt-in status	When you subscribe to FCPI updates or newsletters

We do not collect sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or sexual orientation).

4. How We Use Your Data

Purpose	Legal Basis (GDPR)
Provide and operate the FCPI service	Performance of contract
Process subscription payments (via Paddle)	Performance of contract
Send transactional emails (account confirmation, payment receipts, subscription changes)	Performance of contract
Send FCPI reports and market intelligence updates to subscribers	Performance of contract
Respond to support requests and enquiries	Legitimate interest
Analyse usage patterns to improve the Service	Legitimate interest
Detect and prevent fraud, abuse, and security incidents	Legitimate interest
Send marketing communications (newsletters, product updates)	Consent (opt-in)
Comply with legal and regulatory obligations	Legal obligation

5. Data We Do Not Sell

      We do not sell, rent, or trade your personal data to any third party. We do not share your data with advertisers. We do not monetise your data in any way beyond providing you the FCPI service you subscribed to.
    

6. Third-Party Processors

We share your data only with the following categories of service providers, each bound by data processing agreements:

Provider	Purpose	Data Shared	Location
Paddle.com Market Limited	Payment processing (Merchant of Record)	Name, email, billing address, payment details	UK / EU
Amazon Web Services (AWS)	Cloud infrastructure and hosting	All Service data (encrypted at rest and in transit)	Singapore (ap-southeast-1)
Google Cloud Platform (GCP)	Database and metadata storage	Account data, usage metadata (encrypted)	Singapore (asia-southeast1)
Resend	Transactional and marketing email delivery	Name, email address	US (EU-adequate SCCs)

We do not share data with any other third parties unless required by law or with your explicit consent.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place:

EU/UK to Singapore: Singapore is recognised by the European Commission as providing an adequate level of data protection (Adequacy Decision, 2024).
EU/UK to US (Resend): Transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission.
All transfers: Protected by our ISO 27001:2022 certified information security management system and encryption in transit (TLS 1.2+) and at rest (AES-256).

8. Cookies and Tracking

8.1 Cookies We Use

Cookie Type	Purpose	Duration
Strictly Necessary	Authentication, session management, security	Session / up to 30 days
Functional	Language preference, display settings	Up to 12 months
Analytics	Understand usage patterns, improve the Service	Up to 12 months

We do not use advertising or third-party tracking cookies. We do not serve ads on the FCPI.

8.2 Managing Cookies

You can control and delete cookies through your browser settings. Disabling strictly necessary cookies may affect the functionality of the Service. For more information, visit aboutcookies.org.

9. Data Retention

Active accounts: Your data is retained for as long as your account is active and you maintain a subscription.
After cancellation or termination: Account data and any subscriber-specific content stored on the FCPI platform are deleted within 30 calendar days, unless we are required by law to retain certain data for a longer period.
Financial records: Transaction records may be retained for up to 7 years to comply with Singapore tax and accounting regulations (Income Tax Act, GST Act).
Communication records: Support correspondence is retained for up to 24 months after the last interaction, then deleted.
Technical and usage data: Anonymised and aggregated data (which cannot identify you) may be retained indefinitely for statistical and product improvement purposes.

You may request earlier deletion of your data by contacting privacy@tetrixx.sg.

10. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

10.1 Under GDPR (EU and UK Residents)

Right of access - Request a copy of the personal data we hold about you.
Right to rectification - Request correction of inaccurate or incomplete data.
Right to erasure - Request deletion of your personal data ("right to be forgotten").
Right to restrict processing - Request that we limit how we use your data.
Right to data portability - Receive your data in a structured, machine-readable format.
Right to object - Object to processing based on legitimate interest or direct marketing.
Right to withdraw consent - Withdraw consent at any time where processing is based on consent.
Right to lodge a complaint - File a complaint with your local data protection authority.

10.2 Under PDPA (Singapore Residents)

Right of access - Request access to your personal data held by us.
Right to correction - Request correction of any errors or omissions.
Right to withdraw consent - Withdraw consent for the collection, use, or disclosure of your data (subject to legal or contractual restrictions).
Right to data portability - Request transfer of your data to another organisation (where applicable under the PDPA Data Portability Obligation).

To exercise any of these rights, contact us at privacy@tetrixx.sg. We will respond within 30 days (GDPR) or 30 business days (PDPA).

11. EU/UK Representative

As required under Article 27 of the GDPR, TetriXX has appointed the following representative in the European Union and United Kingdom:

Prighter Group
GDPR/UK GDPR Representative
Contact: prighter.com/q/15633988910

You may contact our EU/UK representative for any data protection enquiry as an alternative to contacting us directly in Singapore.

12. Data Security

We implement technical and organisational measures to protect your personal data, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256).
Access controls and role-based permissions.
Regular security assessments and penetration testing.
Incident response procedures with notification within 72 hours (GDPR) / 3 calendar days (PDPA) of becoming aware of a qualifying breach.
Employee security awareness training.
ISO 27001:2022 certified information security management system.
SOC 2 Type II audited controls for security, availability, and confidentiality.

13. Children

The FCPI is not directed to individuals under 18 years of age. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from a minor, we will delete it promptly. If you believe a minor has provided us with personal data, please contact privacy@tetrixx.sg.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will:

Post the updated policy on this page with a new "Last updated" date.
Notify registered users of material changes via email at least 14 days before they take effect.

Your continued use of the FCPI after the updated policy becomes effective constitutes your acceptance of the changes.

15. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights:

TetriXX Pte. Ltd.
UEN 202135956H
The Working Capitol, 1 Keong Saik Road, 089109 Singapore
Privacy: privacy@tetrixx.sg
General: contact@tetrixx.sg

EU/UK Representative:
Prighter Group: prighter.com/q/15633988910