Cross-border transfers

Version 2026-06-17 · Effective 2026-06-17

1. Overview

The Service is operated from cloud regions you select (commonly Singapore/APAC). Some subprocessors may process data in the United States, European Union, or other regions to provide hosting, payments, email, AI, or monitoring.

2. Singapore

Under the PDPA, transfers outside Singapore require appropriate safeguards (e.g. contractual clauses, consent where applicable, or exemptions). We implement vendor contracts and technical measures aligned with MAS TRM and PDPC guidance. Users are notified via this page and the Privacy Policy.

3. Malaysia

If personal data originating in Malaysia is transferred outside Malaysia, the PDPA 2010 (including 2024 amendments) may require prescribed safeguards and transparency. We document transfer mechanisms, subprocessors, and purposes. Where consent is relied upon, it is captured at account creation for cross-border processing inherent to the Service architecture.

4. European Union / United Kingdom

For GDPR/UK GDPR transfers to countries without adequacy decisions, we rely on Standard Contractual Clauses (SCCs) or other approved mechanisms with vendors, supplemented by transfer impact assessments where required.

5. Your choices

Where a feature depends on a specific vendor region, configuration may be limited. Contact us using the details below to discuss data localisation options for enterprise agreements.