Privacy Policy

When Portal Users are registered on the Platform (by their organisation's administrator or by WMG), we collect:

• Full name
• Work email address
• Job title and department (optional)
• Organisation name and role on the Platform (administrator or member)
• Authentication credentials (passwords stored as cryptographic hashes; we do not store plaintext passwords)
• Multi-factor authentication settings and recovery information

When you use the Platform, we automatically collect:

• Login timestamps, session duration, and session identifiers
• Pages visited, features accessed, and actions performed within the Platform
• IP address and approximate geographic region at login
• Browser type, operating system, and device type
• API request logs, including endpoint called, timestamp, HTTP method, and response code (but not request or response payload content unless required for debugging with your consent)

In the course of providing logistics coordination services, we process data relating to shipments managed through the Platform. This data is provided by Customers and may include personal data of individuals involved in shipment transactions, including:

• Shipper and consignee names and contact details
• Names and contact details of notify parties
• Customs declarant names and identifiers where required by applicable trade regulations

Where this data relates to identified or identifiable individuals (as opposed to corporate entities), it is treated as personal data under this Privacy Policy.

If you contact us directly (by email, through a contact form, or otherwise), we collect:

• Your name and contact details
• The content of your communication
• Any attachments or supporting documents you send to us

Authorised analysts from Government Agencies accessing the government data portal are identified by their organisational login credentials (processed via SAML SSO through their agency's own identity provider, or via OAuth credentials issued by WMG). We log every query made through the government portal, including the query parameters and result metadata, for audit and transparency purposes. Query results are aggregated and do not contain individual-level personal data.

We do not collect, and you must not provide to us through the Platform:

• Payment card numbers or banking credentials (payment processing, where applicable, is handled by regulated third-party processors outside the Platform)
• Sensitive personal data such as national identification numbers, passport numbers, or biometric data, except where required by applicable customs or trade regulations and handled in accordance with those regulations
• Personal data of individuals under 18 years of age

Legal basis: Performance of a contract / Legitimate interests

• Creating and managing user accounts
• Authenticating users and maintaining session security
• Processing and tracking shipments
• Generating and delivering reports and notifications
• Providing customer support

Legal basis: Legitimate interests / Legal obligation

• Detecting, investigating, and preventing unauthorised access, fraud, and abuse
• Maintaining audit logs of user actions for security and compliance purposes
• Monitoring system performance, uptime, and reliability
• Enforcing our Terms of Use and acceptable use policies

Legal basis: Legitimate interests

• Analysing usage patterns to improve Platform features and user experience
• Identifying and resolving technical issues
• Developing new features and services

Where we use personal data for service improvement purposes, we use aggregated or anonymised data wherever possible. We do not sell usage data to third parties or use it for behavioural advertising.

Legal basis: Legal obligation

• Complying with applicable laws and regulations in Singapore and jurisdictions in which we operate
• Responding to lawful requests from courts, regulators, and law enforcement authorities
• Maintaining records required by applicable financial, trade, and corporate law

Legal basis: Legitimate interests / Consent (where required)

• Responding to your enquiries and providing support
• Sending service-related notices, including security alerts, policy updates, and maintenance notifications
• Sending marketing and promotional communications, where you have opted in to receive them

You may opt out of marketing communications at any time by using the unsubscribe link in any such communication or by contacting us at the address in Section 12.

Personal data relating to shipments may be shared with other parties involved in the shipment transaction, including freight vendors, carriers, and customs agents, to the extent necessary to coordinate the shipment. This sharing is disclosed to and authorised by the Customer at the point of order.

We engage third-party service providers to assist in operating the Platform. These providers act as data processors under our instruction and are bound by confidentiality obligations and data processing agreements. They include:

• Cloud infrastructure providers (server hosting, storage, and networking)
• Email delivery providers
• Authentication services
• Monitoring and alerting services
• Professional services providers (legal, audit, and compliance advisers)

We do not permit service providers to use personal data for their own purposes.

We may disclose personal data to government bodies, regulators, courts, and law enforcement authorities where required to do so by applicable law, or where we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation or court order
• Protect the rights, property, or safety of WMG, our customers, or the public
• Detect, prevent, or address fraud, security breaches, or technical issues

In the event of a merger, acquisition, reorganisation, or sale of all or substantially all of WMG's assets, personal data held by WMG may be transferred to the acquiring entity as part of that transaction. We will notify affected individuals in accordance with applicable law if such a transfer involves a material change in how their personal data is used.

We may share aggregated, anonymised, or de-identified data that cannot reasonably be used to identify individuals, including with government partners for trade analytics purposes. Such data is not personal data and is not subject to the restrictions in this Privacy Policy.

These cookies are necessary for the Platform to function. They include session authentication cookies and CSRF protection tokens. You cannot opt out of essential cookies without ceasing to use the Platform.

These cookies remember your preferences (such as theme settings) and improve your experience. They can be disabled without affecting core Platform functionality.

We use limited analytics to understand how the Platform is used and to improve it. Where we use third-party analytics tools, these are configured to anonymise IP addresses and not to share data with third parties for advertising purposes. You may opt out of analytics cookies via your browser settings.

You have the right to request a copy of the personal data we hold about you and information about how we use it.

You have the right to request that we correct inaccurate or incomplete personal data about you.

Where we process your personal data on the basis of consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Where technically feasible and required by applicable law, you may request that we provide your personal data in a structured, commonly used, machine-readable format.

You may request that we delete your personal data in certain circumstances, subject to our legal obligations to retain data for regulatory, audit, and dispute-resolution purposes.

You may object to our processing of your personal data for direct marketing purposes at any time. You may also object to other processing based on legitimate interests, subject to our demonstrating compelling legitimate grounds for the processing.