Privacy Policy
Last updated: 14 March 2026
1. Our Core Philosophy: Zero-Knowledge
At Skandage Technologies, we build software exclusively for financial professionals. Because of the highly sensitive nature of financial planning, our fundamental rule for data is simple: If we do not need to see it, we mathematically ensure that we cannot.
We will never sell your data. We will never mine your clients' information to analyse behaviours. We will never train AI models on your private notes. Skandage operates two distinct platforms, both engineered with strict "Privacy by Design" principles.
2. The Desktop Insurance Suite
Our original desktop application operates on a strict "Local-First" architecture. It runs entirely on your physical Windows or macOS machine, isolated from the public internet.
- We have no servers that store this application's database.
- All client names, NRICs, and policy details are stored in an encrypted SQLite database (
.skandb) residing strictly on your hard drive. - You maintain 100% physical custody and sovereignty over this data.
3. The Website & Cloud Suite
Our cloud-based CRM and portfolio builder is hosted on enterprise-grade infrastructure in Singapore. It operates on a "Zero-Knowledge" architecture to protect your agency's book of business.
- All client Personally Identifiable Information (PII) is encrypted at rest using military-grade AES-256 encryption.
- Skandage is cryptographically "blind" to your CRM. We cannot read or decrypt your clients' names, emails, phone numbers, or private notes.
- Data is seamlessly decrypted only in your local browser session when you successfully authenticate using Two-Factor Authentication (2FA).
4. Singapore PDPA & MAS TRM Compliance
Under the Personal Data Protection Act (PDPA), the Financial Advisor or Agency acts as the Organisation (Data Controller), and Skandage Technologies acts strictly as your Data Intermediary. We provide the infrastructure to ensure your practice remains compliant with both the PDPA and the Monetary Authority of Singapore (MAS) Technology Risk Management guidelines.
Accountability & Non-Repudiation
Our cloud systems maintain immutable, read-only audit logs. We track exactly when a vault is viewed or exported, ensuring you have a definitive paper trail in the event of an agency audit.
Retention Limitation
To comply with statutory data retention limits, Skandage automatically and permanently purges (anonymises) the PII of soft-deleted client records after the 7-year regulatory cooling-off period.
Consent & Opt-Outs
We embed secure, one-click unsubscribe tokens into all marketing and broadcast emails, instantly honouring a client's withdrawal of consent without manual agent intervention.
5. What We Actually Collect
To keep the systems operational and secure, we only collect the absolute bare minimum categorised below:
- Agent Account Info: Your name, professional email, agency details, and public profile data (biography, credentials, headshots).
- Operational Cookies: We use strict, necessary cookies solely to keep you logged in securely and to enforce Two-Factor Authentication (2FA). We do not use third-party advertising trackers.
- Crash Reports: If the desktop app encounters a fatal error, you may voluntarily choose to authorise sending a log file to support. This file contains technical error codes and explicitly excludes client data.
6. Payments & Third Parties
We partner with Stripe to process software subscriptions and licences securely. Skandage Technologies never touches, sees, or stores your credit card information. Stripe’s use of your financial information is governed by their independent privacy policy.
7. Contact the Data Protection Officer
If you require technical clarification on how your data is encrypted, need to request a copy of an audit log, or have concerns regarding this policy, please reach out to our DPO directly: