Privacy Policy

1. Introduction

Sybil Pte Ltd ("we," "our," or "us"), operating under the brand name QuantQuest, is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our QuantQuest financial planning platform.

This policy applies to all users of QuantQuest, including financial advisers, their clients, and members of the public who access adviser profile pages or complete assessments. By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

3. How We Use Your Information

We use the collected information for the following purposes:

• Providing and maintaining our financial planning services
• Processing transactions and managing subscriptions
• Personalizing user experience and improving our platform
• Communicating updates, features, and support
• Complying with legal obligations and regulatory requirements
• Detecting and preventing fraud or security issues
• Analyzing usage patterns to enhance service quality
• Facilitating connections between public users and financial advisers through our Lead Gen Tools

3A. Aggregated and Anonymised Data

We may create and use fully anonymised and aggregated data derived from use of our Service — with all identifiers removed in accordance with the PDPC Guide to Basic Anonymisation — for purposes including product improvement, research, model training and evaluation, benchmarking, and business operations. Once data is properly anonymised, it is no longer personal data under the PDPA and is not subject to the consent, access, or correction obligations applicable to personal data.

If we materially change how we use anonymised or aggregated data in a way that would affect you, we will update this Privacy Policy and notify you in accordance with Section 14.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With your consent: When you explicitly agree to share information
• Service providers: With trusted third parties who assist in operating our platform (under strict confidentiality agreements)
• Legal requirements: When required by law, court order, or governmental request
• Business transfers: In connection with a merger, acquisition, or sale of assets
• Protection of rights: To protect our rights, privacy, safety, or property
• Lead Generation: When you submit your contact information through a quiz or assessment, your information will be shared with the specific financial adviser as described in Section 5 below

5. Lead Generation and Adviser Referrals

When you complete a quiz or assessment on a financial adviser's page and choose to submit your contact information, the following applies:

Information Shared with Advisers

When you request a report or checkup, we share the following with the relevant financial adviser:

• Your name
• Your phone number (WhatsApp)
• Your email address (if provided)
• Your quiz responses and results
• Your personality type and associated insights
• The date and time of your submission

How Advisers May Contact You

By submitting your contact details through our Lead Gen Tools and completing OTP verification, you provide clear and unambiguous consent for the financial adviser to contact you via:

• WhatsApp messages
• Phone calls
• SMS messages
• Email (if provided)

Do Not Call Registry: This consent applies even if your phone number is registered on Singapore's Do Not Call (DNC) Registry. By voluntarily providing your phone number and completing verification, you are giving explicit consent to receive calls and messages from the adviser for financial advisory purposes.

Adviser Responsibilities

Financial advisers receiving your information through QuantQuest have agreed to:

• Handle your data in accordance with Singapore's PDPA
• Contact you only for legitimate financial advisory purposes
• Respect your right to withdraw consent at any time
• Cease contact within 10 business days of receiving a withdrawal request
• Not share, sell, or transfer your information to any third party
• Maintain appropriate records of consent and communications

Withdrawing Consent

You may withdraw your consent to be contacted at any time by:

• Informing the financial adviser directly (via WhatsApp, phone, or email)
• Emailing us at dpo@quantquest.sg with the subject line "Withdraw Lead Gen Consent"

Upon receiving your withdrawal request:

• We will notify the adviser within 2 business days
• The adviser must cease all contact within 10 business days
• Your lead record will be marked as "consent withdrawn" in our system

Please note that withdrawing consent does not affect the lawfulness of any contact that occurred before the withdrawal.

Data Retention for Leads

• Active leads: Retained for 24 months from submission, or until consent is withdrawn
• Leads who become clients: Retained according to the adviser's client data retention policy
• Withdrawn consent: Lead record retained for 7 years for compliance purposes, but marked as "do not contact"

5A. Testimonial Collection

When you submit a testimonial through our authenticated testimonial link, the following applies:

• Your name and testimonial content will be displayed publicly on the requesting adviser's Public Hub profile page
• The “Client-submitted” label on your testimonial indicates only that it was submitted through our platform — it does not verify or endorse the content
• You may withdraw your consent and request removal of your testimonial at any time by contacting the adviser directly or emailing dpo@quantquest.sg
• Upon receiving your withdrawal request, we will remove the testimonial within 5 business days
• Testimonial data will be deleted when the adviser's profile is deactivated or upon your withdrawal of consent, subject to any legal retention requirements

5B. Google Calendar Integration

When you choose to connect your Google Calendar to QuantQuest, we access your calendar events using the Google Calendar API. Specifically:

• We access the scope “calendar.events” which allows us to view and manage events on your Google Calendar, including creating events from within the QuantQuest platform.
• Your calendar events are cached securely on our servers to display them alongside your client schedules within the QuantQuest platform.
• We do not share, sell, or transfer your Google Calendar data to any third parties.
• We do not use your Google Calendar data for advertising or any purpose other than displaying it within your QuantQuest calendar view.
• You can disconnect your Google Calendar at any time from Settings → Calendar → Disconnect. Upon disconnection, all cached calendar data is immediately and permanently deleted from our servers.
• Google Calendar data is encrypted at rest on our servers.
• Google Calendar data is stored in a separate database table from all other application data and is never transmitted to, processed by, or used as input for any AI or machine learning service, including our AI Copilot feature.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data Security

We implement robust security measures to protect your information:

• TLS 1.2 or 1.3 (with AES-256 cipher suites) for all data in transit
• AES-256 encryption at rest for sensitive financial information
• Regular security audits and vulnerability assessments
• Access controls and authentication protocols
• Employee training on data protection practices
• OTP verification for lead capture to prevent fraudulent submissions

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to using industry best practices.

Data Breach Notification: In the event of a data breach that meets the notifiability threshold under PDPA Part 6A, we will notify the Personal Data Protection Commission (PDPC) as soon as practicable, and in any case no later than 3 calendar days after completing our assessment that the breach is notifiable. Where the breach is likely to result in significant harm to affected individuals, we will notify those individuals as soon as practicable.

7. Your Rights Under PDPA

Under Singapore's Personal Data Protection Act (PDPA), you have the following rights:

• Access: Request access to personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Withdrawal: Withdraw consent for data collection and use
• Data portability: Request your data in a structured format
• Deletion: Request deletion of your personal data (subject to legal obligations)

To exercise these rights, please contact our Data Protection Officer at dpo@quantquest.sg.

For Lead Gen participants: You may also exercise these rights by contacting the financial adviser directly. The adviser is obligated to respond to your request or forward it to us for processing.

8. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

• Active account data: Retained while your account is active
• Financial records: Retained for 7 years per MAS requirements
• Communication records: Retained for 5 years
• Lead Gen data: Retained for 24 months or until consent is withdrawn (whichever is earlier), with compliance records retained for 7 years
• Testimonial data: Retained while the adviser's profile is active, deleted within 90 days of profile deactivation or upon withdrawal of consent by the testimonial submitter
• AI Copilot conversation data: Retained while the adviser's account is active. Individual sessions may be deleted by the adviser at any time through the AI Copilot interface. Upon account closure, AI conversation data is deleted within 90 days unless retention is required by law.
• Anonymized analytics data: May be retained indefinitely

Upon account closure, we will delete or anonymize your data within 90 days, except where retention is required by law.

9. International Data Transfers

Your data is primarily stored in Singapore. If we transfer data outside Singapore, we ensure:

• The receiving country has adequate data protection laws
• Appropriate contractual clauses are in place
• Your rights remain protected regardless of location

OTP Verification Services: We use Twilio for WhatsApp OTP verification. Twilio may process your phone number on servers located outside Singapore. Twilio is bound by contractual obligations to protect your data in accordance with standards comparable to Singapore's PDPA.

AI Processing Services: The AI Copilot uses third-party large language model (LLM) services to generate analysis and responses. Before transmission, Client Data passes through automated identifier-masking that removes NRIC numbers, FIN numbers, phone numbers, email addresses, and bank account numbers. This masking is a privacy-protective measure but does not constitute anonymisation under the PDPC Guide to Basic Anonymisation; residual personal data may be transmitted in masked form. The provider is contractually prohibited from using transmitted data for model training and operates under documented data-handling commitments. Details of current AI service providers and jurisdictions of inference processing are available to financial-adviser firms on request. For full details on AI data processing, refer to the AI Copilot Terms of Use.

Frontend Hosting: Our frontend hosting provider (Vercel) may process requests through servers located outside Singapore for performance purposes. No personal data is stored at these locations beyond transient request processing.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will promptly delete it.

11. Cookies and Tracking

We use cookies and similar technologies to:

• Keep you logged in securely
• Remember your preferences and settings
• Analyze platform usage and performance
• Provide personalized features
• Track quiz completion for analytics purposes

You can manage cookie preferences through your browser settings. Disabling cookies may limit some features of our Service.

12. Third-Party Links

Our Service may contain links to third-party websites, including financial adviser websites and social media profiles. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

13. Adviser Profile Pages

Financial advisers may create public profile pages on QuantQuest that are accessible without login. These pages may display:

• Adviser's name and professional title
• Profile photo
• Professional biography and specializations
• Years of experience and credentials
• Testimonials (if enabled — see Section 5A for testimonial collection terms)
• Links to quizzes and assessments

Information displayed on adviser profile pages is provided by the adviser and is their responsibility to keep accurate and compliant with applicable regulations.

14. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by:

• Posting the new policy on this page
• Updating the "Last updated" date
• Sending an email notification for significant changes

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

For Lead Gen specific inquiries:

• The financial adviser directly (their contact details are on their profile page)
• Our DPO at dpo@quantquest.sg