1. Introduction & Scope

Taugo Consulting Pte. Ltd., a company duly organized and existing under the laws of the Republic of Singapore with company registration number 202436654K, having its registered  address at 216 Joo Chiat Road, #02-16/6, Soho Life, Singapore, 427483 ("Taugo", "we", "our", or "us") is committed to protecting the personal data of our clients, website visitors, business partners, and all other individuals whose data we process (“you” or “users”). This Privacy Policy explains how we collect, use, disclose, and protect personal data in compliance with the Personal Data Protection Act 2012 ("PDPA") of Singapore and its subsidiary legislation, including the Personal Data Protection (Notification of Data Breaches) Regulations 2021.

This Policy applies to:
• All personal data collected through our website at https://taugo.io/ (“Website”);
• Personal data collected via our contact forms;
• Personal data of clients, prospective clients, and business counterparts;
• Personal data processed by us in connection with the provision of our legal advisory services.

By “Personal Data”, we refer data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. The term “Personal Data” may include, for example, your name, your postal address, your telephone number, your e-mail address. Anonymous or de-identified information, which we are not able to identify you, does not qualify as “Personal Data”.

For clarity, “Personal Data” does not include Business Contact Information (as defined under Section 2(1) of the PDPA), such as an individual’s name, position title, business telephone number, business address, or business email address, where such information is provided for business purposes. Pursuant to Section 4(5) of the PDPA, the PDPA does not apply to Business Contact Information.

If you are located outside Singapore, please note that your personal data will be processed in accordance with this Policy and applicable Singapore law. Where mandatory data protection laws in your jurisdiction apply, we will comply with such requirements to the extent applicable.

By using the Website or submitting personal data to us, you acknowledge that you have reviewed this Policy.

2. Who We Are

For the purposes of the PDPA, we acts as an organisation that collects, uses and discloses personal data in accordance with the PDPA.

We have appointed a Data Protection Officer ("DPO") as required under Section 11 of the PDPA. The DPO is responsible for overseeing our data protection practices and ensuring compliance with the PDPA.

3. Personal Data We Collect

3.1 Data You Provide Directly
When you interact with our website or contact us, we may collect the following categories of personal data:
• Contact information: full name, email address, sphere of interest
• Communication data: content of messages submitted via our contact form, emails, or other correspondence
• Business information: details about your business, legal needs, and the jurisdictions in which you operate
• Financial data (for clients): billing address, invoice details (we do not store payment card data)

3.2 Data Collected Automatically
When you visit our website, we may automatically collect:
• Technical data: IP address, browser type and version, operating system, device identifiers
• Cookie data: as described in Section 9 (Cookie Policy) below

3.3 Data Received from Third Parties
We may receive personal data about you from third parties, such as business introduction platforms, professional referral networks, or public corporate registries (e.g., ACRA), where such data is provided or disclosed in compliance with applicable law.

3.4 Sensitive Personal Data

We do not intentionally collect sensitive personal data (e.g., NRIC/FIN numbers, health information, racial or ethnic origin, religious beliefs) through our website. If such data is required for specific legal engagements, we will obtain your explicit consent and handle such data with heightened protections.

4. Purposes of Collection and Legal Bases

We collect and use personal data only for purposes that a reasonable person would consider appropriate in the circumstances. The following table sets out our primary processing purposes and the applicable legal basis under the PDPA:

5. Disclosure of Personal Data

5.1 Third-Party Service Providers
We may disclose personal data to trusted third-party service providers who process data on our behalf for the purposes described in Section 4. Such providers include:

• IT service providers and cloud hosting platforms (e.g., website hosting, email services)
• Customer relationship management (CRM) software providers
• Professional advisors (accountants, auditors, insurers)
• Payment processing services (billing and invoicing only)

All third-party processors are bound by contractual obligations to process personal data only in accordance with our instructions and to implement appropriate security measures.

5.2 Regulatory and Legal Authorities
We may disclose personal data to government agencies, regulators, law enforcement bodies, or courts where required by law, including under the PDPA, the Legal Profession Act, or applicable anti-money laundering legislation. Such disclosures are made only to the extent required and permitted by law (PDPA s.17).

5.3 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our business assets, personal data held by us may be transferred to the successor entity, subject to equivalent data protection obligations.

5.4 No Sale of Personal Data
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.


6. Transfer of Personal Data Outside Singapore

As an international legal advisory firm, we may transfer personal data to recipients located outside Singapore. Where personal data is transferred outside Singapore, we will ensure that the receiving organisation provides a comparable standard of protection as required under the Transfer Limitation Obligation (Section 26 PDPA). Specifically, before transferring personal data overseas, we ensure that:
• The recipient country provides a standard of protection comparable to Singapore's PDPA; or
• We have obtained your consent to the transfer; or
• We have entered into binding contractual arrangements (model clauses or equivalent) with the overseas recipient; or

• The transfer falls within an applicable exception under the PDPA Transfer Limitation Regulations.

7. Retention of Personal Data

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our standard retention periods are as follows:

Upon expiry of the applicable retention period, personal data will be securely destroyed or anonymised in accordance with our Data Disposal Procedure.

8. Your Rights Under the PDPA

As a data subject, you have the following rights under the PDPA. We will respond to all verified requests within 10 business days (or 30 days for complex requests, with notice).


To exercise any of the above rights, please submit a written request to our DPO at contact@taugo.io. We may require you to verify your identity before processing your request. We reserve the right to charge a reasonable fee for access requests in accordance with the PDPA.

If you believe your rights have been violated, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.

9. Cookie Policy

We use cookies and similar technologies on the Website to ensure its proper operation, enhance functionality, remember user preferences, and maintain the security and performance of the Website.

Cookies are small text files stored on your device when you visit a website. For the purposes of this Policy, “cookies” shall mean text files stored in the web browser of a user's device (e.g., computer, mobile phone, etc.) when visiting websites in order to record and/or remember the user's actions.

9.1 Types of Cookies We Use

9.2 Legal grounds for cookie processing
Strictly Necessary cookies are essential to ensure the proper and full functionality of the Website and are processed regardless of whether you provide consent. Without these cookies, the Website cannot function correctly.

Functionality cookies are processed based on your consent. We obtain your consent through a cookie banner you see when you open the Website. Please note that you can manage cookie processing as defined below.

9.3 Managing Cookies
You can manage cookie processing in the following ways:
• Cookie Customization
You may customize your cookie preferences either through the cookie banner displayed upon your first visit to the Website or at any time by accessing the cookie settings at the bottom of the Website by clicking the “Cookies Settings” button.

• Cookie Deletion
If you want to delete cookies stored on your device, you should adjust your browser advanced settings to delete your browsing history (ensuring you include advanced settings). Please note that this may remove saved preferences, login credentials, and other personalized settings across different websites (not only the Website of Taugo).

• Cookie Blocking
Most browsers allow users to block cookies processing entirely (i.e. through all websites, not only the Website of Taugo). Please note that disabling all cookies, including Strictly Necessary, may impair the functionality of the Website. Refer to your browser’s help section for instructions on how to block cookies.
• Google Chrome
• Internet Explorer
• Mozilla Firefox
• Safari (Desktop)
• Safari (Mobile)
• Opera
• Opera Mobile


10. Security of Personal Data

Taugo implements appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access (PDPA s.24). Our security measures include:

• Access controls and role-based permissions limiting access to personal data to authorised personnel only;
• Regular security assessments and vulnerability scanning of our website and systems;
• Staff training on data protection and security awareness;
• Contractual security obligations imposed on all third-party data processors;
• Incident response procedures, including our Data Breach Response Plan.

In the event of a data breach that is notifiable under the PDPA (i.e., affects 500 or more individuals or is likely to result in significant harm), we will notify the PDPC within 3 (three) calendar days and affected individuals without undue delay.


11. Children’s Privacy

Our Website is not intended for individuals under the age of 16, and we do not knowingly collect, use, or disclose personal data from minors.

We request that individuals under the age of 16 do not submit any personal data through the Website or contact forms. If we become aware that personal data has been provided by a minor without verifiable parental or guardian consent, we will take reasonable steps to delete such data as soon as practicable, in accordance with the Protection Obligation and Retention Limitation Obligation under the PDPA.

If you believe that a minor has provided personal data to us, please contact so that appropriate action may be taken.

12. Changes to This Policy

We reserve the right to update or amend this Privacy Policy at any time. Material changes will be notified to you via our website or, where we hold your email address, by email. The "Effective Date" at the top of this Policy indicates when the current version was last updated. We encourage you to review this Policy periodically.

13. Contact Us & Complaints

For any questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please contact our Data Protection Officer:

If you are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore:
• Website: www.pdpc.gov.sg
• Helpline: +65 6377 3131
• Email: pdpc_complaints@pdpc.gov.sg

• Address: 10 Pasir Panjang Road, #03-01, Mapletree Business City, Singapore 117438