1. Scope

This DPA governs the processing of personal data by Options Jade and outlines our obligations under applicable data protection laws, including the Singapore Personal Data Protection Act 2012 (PDPA), the EU General Data Protection Regulation (GDPR), the UK GDPR, and other international frameworks where relevant.

1.1 PDPA Compliance

Where personal data is processed in Singapore, Options Jade and its subprocessors shall comply with the Personal Data Protection Act 2012 (PDPA). In particular:

• Protection → Options Jade shall make reasonable security arrangements as required under Section 24 PDPA, consistent with the measures described in Section 4 (Security Measures).
• Retention → Personal data will be retained only as long as necessary for business or legal purposes, after which it will be deleted or anonymized (Section 25 PDPA).
• Breach Notification → Options Jade will notify affected parties without undue delay if it has reason to believe a notifiable data breach has occurred (Part VIA PDPA).

2. International Data Transfers

Options Jade operates infrastructure in Singapore and the United States. Personal data originating from the EU/UK may be transferred internationally and processed in these jurisdictions. Such transfers are safeguarded through Standard Contractual Clauses (SCCs).

3. Subprocessors

We engage third-party service providers who may process personal data:

• Stripe (Payments) – Stripe DPA
• PostHog (Analytics) – PostHog Terms

Each subprocessor provides SCCs and has implemented safeguards in line with GDPR requirements.

4. Security Measures

Options Jade employs encryption, access controls, and secure hosting to protect personal data.

5. Data Subject Requests

Users may submit privacy-related inquiries via our contact form at jadeoptions.com/contact.