FYR InvoiceAsItIs

PDPA Statement

Last Updated: 1 June 2026

InvoiceAsItIs is fully compliant with Singapore's Personal Data Protection Act 2012 (PDPA). This statement explains your rights and how to exercise them.

Your Rights Under Singapore PDPA

Right of Access

You have the right to request access to personal data we hold about you and information about how it has been used in the past 12 months.

How to exercise: Email dpo@fyrsg.com with subject "Data Access Request"

  • Response time: Within 10 business days
  • Fee: No charge for reasonable requests

Right of Correction

You have the right to correct personal data that is inaccurate, incomplete, or misleading.

How to exercise: Correct directly in your Profile settings, or email dpo@fyrsg.com

  • Response time: Within 10 business days

Right to Withdraw Consent

You have the right to withdraw consent for collection, use, or disclosure of your personal data for purposes beyond service delivery.

How to exercise: Settings → PDPA & Privacy or email dpo@fyrsg.com

  • Note: Withdrawing consent for essential processing (authentication, billing) will result in inability to use the Service.

Data Portability

You may request an export of your personal data in JSON format within 10 business days.

How to exercise: Settings → PDPA & Privacy → "Request Data Export"

  • Includes: profile data, client records, quotations, invoices, and account settings.
  • Does not include: system logs, aggregated analytics, or third-party processed data.

Right to Erasure

You may request deletion of your personal data.

How to exercise: Settings → Danger Zone → "Request Account Deletion"

  • Certain data must be retained for legal reasons:
  • Invoice records: 7 years (IRAS s.35 requirement)
  • These records are anonymised, not deleted.
  • All other personal data is purged within 30 days.

Do Not Call Registry

We do not make unsolicited marketing calls. We will not contact you by phone for marketing purposes. Your phone number is used only for account security and service communications.

Data Breach Notification

In the event of a data breach that is likely to result in significant harm, we will notify the Personal Data Protection Commission (PDPC) within 3 calendar days and affected individuals within 3 business days, as required by the PDPA Notification Obligation (2021 amendment).

Data Protection Officer

FYR Pte. Ltd.

dpo@fyrsg.com
2 Venture Drive #11-31 Vision Exchange Singapore 608526

Regulator (for escalations)

Personal Data Protection Commission (PDPC)

pdpc_complaints@pdpc.gov.sgpdpc.gov.sg