Privacy Policy

1. Introduction

aprilHR (“we”, “us”, or “our”) is a salary benchmarking platform for the Singapore market. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website and services at aprilhr.com(the “Service”).

We are committed to complying with the Singapore Personal Data Protection Act 2012 (“PDPA”) and take your data privacy seriously. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Personal Data We Collect

2.1 Account Information

When you create an account, we collect:

• Full name
• Email address
• Password (encrypted; we never store or access your plaintext password)

2.2 Professional Profile

During onboarding or profile editing, you may provide:

• Professional role (e.g., HR Professional, Recruiter, Hiring Manager, Executive)
• Company name
• Industry
• Company size

2.3 Search and Usage Data

When you use the benchmarking service, we collect:

• Job titles you search for
• Years of experience inputs
• Job descriptions or key requirements you provide (optional)
• Industry and filter selections
• Timestamps and result counts

Note: Job descriptions you provide may contain sensitive information about your hiring needs. This field is entirely optional — you are not required to submit a job description to use the Service.

2.4 Referral and Rewards Data

If you participate in our referral or rewards programme, we collect:

• Referral code usage and attribution
• Credit balance and transaction history
• Reward redemption records

2.5 Automatically Collected Data

When you access the Service, we may automatically collect:

• IP address
• Browser type and version
• Device type
• Pages visited and interaction timestamps

We do not use third-party analytics or tracking tools (such as Google Analytics, Mixpanel, or similar services). Automatically collected data comes from standard web server logs maintained by our hosting providers.

3. How We Use Your Data

We use your personal data for the following purposes:

• Providing the Service: Generating salary benchmark reports, personalising search defaults based on your profile, and managing your account.
• Improving report accuracy: Job descriptions you provide may be processed by our AI systems to improve the relevance of salary benchmarks returned to you.
• Product improvement: Analysing aggregated, anonymised search patterns to improve data coverage and report quality.
• Referral and rewards programme: Tracking referral attribution, managing credit balances, and processing reward redemptions.
• Communication: Sending password reset emails and essential service notifications. We do not send marketing emails without your explicit consent.

4. Third-Party Service Providers

We use the following third-party services to operate the Service. Each provider processes data only as necessary to perform its function:

We do not sell, rent, or trade your personal data to any third party. Data is shared with third-party providers only as described above and only to the extent necessary to operate the Service.

5. Government and Public Data Sources

Our salary benchmarking reports draw from publicly available data sources including:

• MyCareersFuture (MCF):Job posting data retrieved from the Singapore Government’s public API. We send job title search queries to this API; no user identifiers are transmitted.
• Ministry of Manpower (MOM): Official occupational wage statistics. This data is stored locally and no network requests are made on your behalf.
• Public salary data platforms: We may retrieve salary information from publicly accessible salary data websites. Only job title strings are used as search queries; no user identifiers are transmitted.

Additionally, our reports incorporate proprietary industry salary research compiled from multiple independent sources. This data is aggregated and anonymised — it does not contain any individual’s personal data.

6. Cookies and Session Storage

We use minimal browser storage to operate the Service:

• Authentication cookies: Managed by Supabase to maintain your login session. These are essential for the Service to function and cannot be disabled while using an account.
• Session storage: We use temporary browser session storage for transient UI state (e.g., referral code attribution, pending search data). This data is automatically cleared when you close your browser tab.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

7. Data Storage and Security

We implement appropriate technical and organisational measures to protect your personal data:

• All data in transit is encrypted using TLS/HTTPS.
• Passwords are hashed and encrypted by Supabase; they are never stored in plaintext.
• Database access is protected by Row Level Security policies, ensuring users can only access their own data.
• Backend API endpoints require authenticated JWT tokens for access to personal data.
• Our backend infrastructure is hosted in Singapore (Google Cloud, Asia Southeast region).

While we take reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach, in accordance with the PDPA.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service:

• Account data: Retained until you request account deletion.
• Search history: Retained to support product improvement and trend analysis. You may request deletion of your search history at any time.
• Credit and transaction records: Retained for the duration of your account for programme integrity.

Upon account deletion, we will delete or anonymise your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., preventing fraud).

9. Your Rights Under the PDPA

Under the Personal Data Protection Act 2012 (Singapore), you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of any inaccurate or incomplete personal data. You can update most profile information directly through the Service.
• Withdrawal of consent: Withdraw your consent for the collection, use, or disclosure of your personal data at any time. Note that withdrawal may affect your ability to use certain features of the Service.
• Deletion: Request deletion of your personal data, subject to any legal obligations we may have to retain certain records.
• Data portability: Request a copy of your data in a structured, machine-readable format.

To exercise any of these rights, please contact us using the details in Section 12 below. We will respond to your request within 30 days.

10. International Data Transfers

While our backend is hosted in Singapore, some of our third-party service providers may process data in other jurisdictions:

• OpenAI processes data in the United States.
• Supabase and Vercel infrastructure may involve data processing in the United States.

Where your personal data is transferred outside of Singapore, we ensure that appropriate safeguards are in place and that the transfer complies with the PDPA’s requirements for overseas transfers (Section 26).

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page.

We encourage you to review this page periodically. Continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights under the PDPA, or have a data protection concern, please contact us at:

If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.