Privacy Policy
Last Updated: 16 Jan 2026
This Privacy Policy explains how Elevatespot Pte Ltd (UEN: 202429310D) (“Elevatespot”, “we”, “us”, “our”) collects, uses, discloses, retains and protects personal data when you:
visit https://elevatespot.sg/ (the “Website”);
contact us for consulting or services; and/or
use our software solutions, including Engage (our web application https://app.elevatespot.sg and related services) which may integrate with the WhatsApp Business Platform and other channels.
We comply with the Singapore Personal Data Protection Act 2012 (“PDPA”). If you have questions or requests relating to personal data, contact: dpo@elevatespot.sg.
1) Who we are
Elevatespot is a Singapore-based consulting and technology firm supporting businesses through:
Advisory Services (AI strategy, operational efficiency, transformation)
SaaS Solutions (chatbots and engagement tools across web, WhatsApp, Facebook, Instagram and other channels)
Prototyping & Custom Workflow Apps Development.
2) Our Role (Business Customers and End Users)
Engage is a platform used by business customers to communicate with their users and customers (“End Users”) across channels such as WhatsApp.
Business customers decide what data they collect and what content they send to End Users.
Elevatespot processes personal data to provide, operate, secure and improve the Engage service.
3) Personal Data We Collect
Depending on how you interact with us, we may collect the following:
A. Personal identifiers and business contact details
full name
email address
phone number
company name, job title, organisation details
billing/admin information (where applicable)
B. Website technical and usage data
IP address
browser type/version
device and operating system information
pages visited, time spent, click behaviour
referral URLs and performance data
C. Engage account and platform usage data
account/workspace information
user login/session details
activity logs and audit records
customer support tickets and troubleshooting logs
D. WhatsApp Business Platform / messaging data (where applicable)
If a business customer connects WhatsApp Business Platform via Engage, we may collect and process:
WhatsApp Business Account information and identifiers (e.g., WABA-related IDs)
messaging identifiers (e.g., phone number identifiers)
message metadata (timestamps, delivery/read status events, routing info)
message content, including text and any media/attachments or links sent through connected channels, where required for service delivery and where stored by platform configuration
templates and template status events
webhook events and messaging logs (e.g., message status updates, template events, error events)
Message content storage: Engage may store message content to provide conversation history, customer support features, troubleshooting, audit trails, service reliability, and compliance. Access to message content is restricted to authorised users of the connected business account and authorised support personnel where required to provide support.
4) How We Collect Personal Data
We may collect personal data when you:
submit forms on the Website
contact us via email/phone/social media
sign up for demos, trials or subscriptions
use Engage and related integrations
connect messaging channels and webhook events are generated
browse our Website and accept cookies (where applicable)
5) Purposes of Collection, Use and Disclosure
We collect, use and disclose personal data for purposes that are reasonable and necessary, and which you have been informed of. These purposes include:
A. Service delivery and customer support
responding to enquiries and requests
providing consulting services, demos, onboarding and account support
managing subscriptions and communications
B. WhatsApp onboarding and messaging operations (Engage)
enabling WhatsApp Business Platform onboarding and connectivity
sending and receiving messages on behalf of business customers
processing message status updates and webhook events
providing conversation history and customer support functions
detecting abuse, preventing fraud, and enforcing acceptable use
C. Security, troubleshooting and reliability
monitoring errors and performance
maintaining audit logs and operational records
investigating security events and enforcing access control
D. Analytics and product improvement
usage measurement and reporting
improving features, quality and user experience
E. Marketing and communications (where permitted)
newsletters, service updates, and invitations (opt-in where required)
promotional communications (with an unsubscribe option)
F. Legal compliance
compliance with applicable laws and regulations
responding to lawful requests from authorities
handling disputes and enforcing rights
6) Consent, Notification and Withdrawal
7) Cookies, Analytics and Advertising
We use cookies and similar technologies for essential site functions, analytics and marketing.
This may include:
Google Analytics (website performance and usage analytics)
Meta Pixel (advertising measurement and remarketing, where enabled)
You may control cookies using browser settings or cookie preference tools (where available). Disabling some cookies may affect Website functionality.
8) Sharing and Disclosure of Personal Data
We may share personal data with trusted third parties only as necessary to provide services, including:
Meta Platforms / WhatsApp (for WhatsApp Business Platform connectivity and messaging-related processing)
cloud hosting and infrastructure providers
analytics, monitoring and security providers
database and workflow tools used to provide Engage
professional advisors (legal/accounting)
public authorities where required by law
We do not sell personal data.
9) Overseas Transfers
Personal data may be processed or stored outside Singapore depending on our providers and infrastructure. Where we transfer personal data overseas, we take steps to ensure a comparable standard of protection is maintained.
10) Retention
We retain personal data only as long as necessary for the purposes collected, and for legal or business needs. When no longer needed, data will be deleted, anonymised or securely disposed of where appropriate.
As a general guide:
Message content and conversation records: retained while an account is active and/or as configured, and may be deleted upon request (subject to legal/security needs).
Webhook logs and audit logs: retained for security, troubleshooting and integrity purposes for a limited period.
Contracting, billing and compliance records: retained as required for legal/accounting obligations.
11) Protection and Security
We implement reasonable security arrangements to protect personal data from unauthorised access, collection, use, disclosure, modification, disposal or loss. Measures may include access controls, encryption in transit where applicable, monitoring, and operational safeguards.
12) Data Breach Management
If we suspect a data breach affecting personal data, we will assess it promptly. Where a breach is assessed to be notifiable, we will notify the Personal Data Protection Commission (PDPC) and affected individuals where required under applicable law.
13) Access, Correction and Deletion Requests
- your name and contact details
- the request type (access / correction / deletion)
- enough information for identity verification
14) Third-Party Websites and Embedded Content
Our Website may include links or embedded content from third-party sites. Their privacy practices are governed by their own policies and we are not responsible for their practices.
15) Updates to This Policy
We may update this policy from time to time. The latest version will be published on this page with the updated “Last Updated” date.