Privacy & Data Handling

Avenari collects and processes contact and project data necessary to perform consulting, design and software delivery services. Data used for project delivery, billing and agreed support is stored with access controls and retained only as required for operational needs. We document processing activities for each engagement and provide clients with the scope of data used for the agreed work.

2026-04-12 Avenari, Business ID S4843743A, 16 Enggor Street, Singapore, 079717 16 Enggor Street, Singapore, 079717 [email protected]

Definitions

This section defines key terms used in the privacy policy to ensure clarity in practical scenarios such as project onboarding, support, billing, and analytics.

Personal data means information that identifies or can be used to identify an individual, either directly (name, email) or indirectly (device identifiers combined with other data). Example: a project manager's business email and role used to grant access to a development environment.
Processing means any operation performed on personal data, including collection, storage, use, disclosure, and deletion. A practical case: transforming client requirements into user stories stored in a project tracking system.
User refers to a natural person interacting with Avenari services: clients, client employees, contractors, job applicants, or website visitors. Example: a client administrator approving user access during a SaaS deployment.
Service describes Avenari's offerings such as custom software development, system integration, maintenance, and consultancy. A scenario: delivering a supply-chain optimization module tailored to a Singapore SME.
Cookies are small files placed on devices to remember preferences, support sessions, and enable analytics. Example: a session cookie preserving an authenticated user's access to a client portal during a workday.
Applicable law includes Singapore statutes, EU regulations where relevant, and other local laws applicable to data processing activities. Practical compliance scenarios are considered in cross-border projects.

Data Collection

Avenari collects data directly from users, automatically from systems, and from third parties. Collection is limited to data necessary to fulfil contractual and legitimate operational purposes.

Data You Provide

We collect data you supply when engaging our services, registering on the site, applying for roles, or communicating with support.

  • Contact details: name, business email, phone number, company name and business address used in project communications and invoicing.
  • Account and authentication data: usernames, passwords (securely hashed), multi-factor authentication details, and role assignments used to manage access in client environments.
  • Project information: technical requirements, architecture diagrams, test data, and sample datasets supplied by clients to build and validate software solutions.
  • Payment and billing data: billing contact, invoicing address, tax ID where required, and payment confirmations used for accounting and tax reporting.
  • Recruitment data: CVs, collection links, interview notes and references submitted by job applicants during hiring processes.
  • Support interactions: messages, screen recordings, logs and diagnostic files provided during troubleshooting and maintenance.
  • Marketing preferences: opt-in choices for newsletters, event invitations, and case study participation, recorded to respect communication preferences.

Automatically Collected Data

Certain data are collected automatically when you visit our website or use our platforms. These data support security, analytics, and service improvement.

  • Device and browser information: IP address, browser type and version, operating system, and device identifiers used for security and compatibility troubleshooting.
  • Usage data: pages visited, clicks, session duration, and feature usage used to improve interface design and service workflows, illustrated by a case where usage patterns informed a UI redesign for project dashboards.
  • Technical logs: server logs, error reports and performance metrics used for debugging and incident contribute.
  • Cookies and similar technologies: session, preference and analytics cookies to enable a functioning site and measure engagement.
  • Geolocation metadata: coarse location based on IP for regional routing and compliance assessment during cross-border projects.
  • Behavioral signals: anonymised patterns used to prioritise feature development based on practical case studies from client projects.
  • Security telemetry: alerts and threat indicators collected to detect abnormal activity and protect client environments.

Data from Third Parties

We may receive data from partners, service providers, and public sources to support onboarding, verification and service delivery.

  • Identity verification data from third-party providers used during account setup or compliance checks.
  • Payment processor records and confirmations needed to reconcile invoices and payments.
  • Hosting and infrastructure providers’ logs used for incident response and capacity planning.
  • Client-supplied third-party data such as sample datasets or integration endpoints needed to implement integrations.
  • Publicly available information such as corporate registries used for due diligence in supplier onboarding.

Purposes of Processing

We process personal data to deliver services, manage relationships, maintain security, comply with legal obligations and improve offerings. Below are practical purposes with examples from real project scenarios.

  • Service delivery: manage custom development projects, deploy software, and provide maintenance. Example: using client contact details to coordinate sprint reviews and deployments.
  • Customer support: handle incidents and service requests using support tickets, logs and diagnostic data.
  • Billing and administration: issue invoices, manage collections, and comply with tax reporting requirements.
  • Security and fraud prevention: monitor systems, contribute breaches, and apply access controls to protect client environments.
  • Research and development: analyse anonymised usage data to improve product workflows, illustrated by a case where analytics led to a 30% reduction in onboarding time for a logistics module (measured improvement in process steps, not promised outcome).
  • Recruitment and HR: evaluate applicants and manage employee records for hires related to project delivery.
  • Legal compliance and dispute resolution: retain records necessary to meet legal obligations or defend the company in disputes.
  • Marketing and communications: send industry updates and case studies to subscribed contacts, with clear opt-out mechanisms.

Legal Bases for Processing

We rely on appropriate legal bases depending on the activity, particularly for data subjects in the EU. Practical examples are provided for each basis.

  • Contract performance: processing necessary to deliver agreed services, e.g., using client contact details to execute a development contract.
  • Legal obligation: processing required to comply with laws and regulatory obligations such as tax reporting.
  • Legitimate interests: processing for security, fraud prevention, and business operations, balanced against individual rights (e.g., retaining logs to contribute incidents).
  • Consent: where applicable we process certain marketing communications or analytics based on explicit consent, with the option to withdraw consent at any time.

GDPR Compliance

For EU data subjects, Avenari observes GDPR principles. The following practices reflect how we apply those principles in practical client engagements and software projects.

  • Data minimisation: we request only the data necessary for a specific project phase, for example limiting access to production credentials to designated administrators during rollout.
  • Transparency: we document processing activities in records and provide clear notices to clients about data flows in integrations and third-party services.
  • Data subject rights: mechanisms are in place to respond to access, correction, deletion, portability and objection requests within applicable timeframes.
  • Data Protection by Design: during solution design we assess privacy risks and implement controls such as role-based access and encryption for sensitive data fields.
  • Processors and contracts: we use written contracts with subprocessors requiring appropriate safeguards and the right to audit where necessary.
  • Breach response: documented incident response plans and notification procedures are used in the event of a personal data breach affecting EU subjects.

Cookies and Tracking

Avenari uses cookies and similar technologies on eqnari.biz to enable site functionality, measure usage, and personalise content. Below we describe types and management options.

Types include essential session cookies, preference cookies, analytics cookies (e.g., aggregated usage statistics), and third-party cookies used by embedded services such as analytics platforms and content delivery networks.

Categories: essential (required for operation), performance/analytics (measure site usage), functional (remember preferences), and marketing (third-party content recommendations). Example: an analytics cookie that aggregates page visit counts to inform product documentation improvements.

You can manage cookie preferences via your browser settings and any consent controls presented on the site. For client portals, cookie use is restricted by contract to what is necessary for service delivery.

Full cookie policy and consent options are available at https://eqnari.biz/cookie-policy.

Data Sharing

Avenari shares personal data with selected third parties to deliver services, comply with law, and facilitate business operations. Sharing is limited and governed by agreements and necessity.

  • Service providers: cloud hosting, payment processors, analytics vendors and communication platforms used to deliver the service and support operations.
  • Subcontractors: technical subcontractors engaged to perform specific project tasks under written agreements restricting use of data.
  • Affiliates and corporate advisors: where necessary for business continuity, legal advice or corporate transactions.
  • Legal and regulatory authorities: when required to comply with lawful requests or to establish, exercise or defend legal claims.
  • Client-authorised integrations: third-party applications connected by a client to their environment, for which the client controls the data sharing and consent.
  • Anonymised and aggregated data: shared with partners for benchmarking and product improvement, where individuals are not identifiable.

International Transfers

Avenari may transfer personal data across borders to support service delivery, including transfers between Singapore, European Economic Area locations and cloud service regions. Transfers are evaluated to ensure lawful mechanisms and appropriate safeguards.

When transfers occur, safeguards include standard contractual clauses, data processing agreements, reliance on adequate protection decisions, or other lawful measures. Practical examples include transferring encrypted backups to a regional cloud region for disaster recovery.

Data Retention

We retain personal data only as long as necessary for the purposes described, subject to contractual, accounting, and legal obligations.

Account and contract data are retained for the duration of the business relationship and for seven years thereafter where required for tax and audit purposes under Singapore law and common industry practice.

Support tickets and communications are retained for a period sufficient to resolve issues and for retrospective analysis; typical retention is up to three years unless longer retention is required for legal reasons.

Technical logs and telemetry are retained according to operational needs and security policies; retention ranges from 90 days for high-volume logs to up to five years for archived incident records where legally necessary.

On termination of services or at a client’s verified request where contractual obligations allow, we will securely delete or return personal data in accordance with contractual terms and applicable laws, and document the deletion process.

Security Measures

Avenari applies industry-standard technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or loss. Measures are selected based on risk assessments and project-specific threats.

  • Access controls: role-based access, multi-factor authentication and the principle of least privilege for client and internal systems.
  • Encryption: data encryption in transit (TLS) and at rest for sensitive datasets, with key management practices appropriate to the deployment scenario.
  • Operational controls: vulnerability scanning, patch management, logging and regular security reviews supported by incident response procedures and staff training.

Your Rights

Individuals have rights regarding their personal data. Below are common rights and practical instructions on how to exercise them.

  • Access: request a copy of personal data we hold about you and information about how it is processed. Example: requesting project contact records associated with your email.
  • Rectification: request correction of inaccurate or incomplete data, such as an updated billing address.
  • Erasure: request deletion of personal data where retention is no longer necessary and no overriding legal basis exists (subject to contractual and legal constraints).
  • Restriction: request that processing be limited while a dispute about accuracy or lawful processing is resolved.
  • Portability: request a machine-readable copy of data you provided to Avenari for transmission to another provider, applicable to certain data types.
  • Objection: object to processing based on legitimate interests, for example profiling for marketing purposes; we will assess and respond based on competing rights and legal bases.
  • Withdraw consent: where processing relies on consent, you can withdraw consent at any time for future processing without affecting prior lawful processing.
  • Complaints and enforcement: if you are not satisfied with our response, you may file a complaint with a relevant supervisory authority (for EU data subjects) or contact Avenari to escalate the matter via [email protected].

Your Privacy Rights and Requests

Avenari recognises individual rights under applicable data protection laws. If you wish to access, correct, delete, or export personal data we hold about you, submit a request detailing the information sought and a form of identity verification. Requests are processed in line with legal requirements and our operational procedures, with consideration for security and third-party rights.

[email protected]

We aim to acknowledge privacy requests within 5 business days and to complete routine requests within 30 calendar days. Complex or multi-jurisdictional requests may require additional time; in such cases we will inform you of any extension and explain the reasons.

Marketing Communications

Avenari may send product updates, event invitations, and service announcements relevant to custom software development for business operations. Communications are tailored based on roles, project interests, and prior interactions. Marketing messages include clear information about why you received the communication and how to manage preferences.

To stop marketing emails, use the unsubscribe link in any email or update your preferences in your account settings. You may also email [email protected] with 'Unsubscribe' in the subject line. Note that transactional messages about active projects and important account notices will still be sent unless you request otherwise.

Children's Privacy

Our services are intended for businesses, professionals, and adults. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a minor without appropriate consent, we will take steps to delete that information promptly.

Links to Third-Party Sites

Avenari websites and communications may include links to third-party services or content. Those sites have their own privacy practices and policies; we are not responsible for their content or how they process data. Review third-party privacy notices before sharing personal information.

Changes to This Privacy Policy

We periodically review and update our privacy practices to reflect evolving legal requirements and operational changes. Material updates will be posted on eqnari.biz and include an updated effective date. For significant changes affecting existing data processing, we will provide notice where reasonably practicable.

Contacting Avenari About Privacy

For privacy inquiries, data requests or questions about this policy, contact: Avenari, 16 Enggor Street, Singapore, 079717; Business ID S4843743A; email [email protected]. For urgent matters include detailed information so we can respond efficiently. We record and track requests to ensure consistent handling.