Rafe Teo +65 8223 1171
Go Reach
Legal

Privacy Policy

Last updated: 9 March 2026

GO REACH PTE. LTD. (UEN 202423611Z)

1. About This Policy

This Privacy Policy describes how GO REACH PTE. LTD. (“GO REACH,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data through the GoReach mobile application (the “App”) and related services (collectively, the “Platform”). GO REACH is a company incorporated in Singapore under UEN 202423611Z.

This Policy applies to all individuals who access or use the Platform, including users who register an account, submit content, place booking requests, or browse the Platform (each, a “User” or “you”).

We are committed to complying with the Personal Data Protection Act 2012 of Singapore (the “PDPA”) and its subsidiary legislation. This Policy should be read together with our Terms of Service .

By using the Platform, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent as the legal basis for processing your personal data, your consent is obtained at or before the point of collection as described in this Policy.

2. Personal Data We Collect

2.1 Data You Provide Directly

When you register for an account and use the Platform, we may collect the following personal data that you voluntarily provide:

(a) Account Registration Data

  • Email address (required)
  • First name (required)
  • Last name (required)
  • Phone number (optional)
  • User intent — your stated purpose for using the Platform, such as exploring options, seeking immediate assistance, or listing a niche lot for resale (required)

(b) Memorial Service Booking Data

If you place a memorial service booking request through the Platform, we collect:

  • Memorial reference (linking your booking to a memorial record)
  • Order details, including item descriptions, quantities, and pricing
  • Offerings handling preference
  • Scheduled service date and time
  • Scheduled prayer date (for monk chanting bookings)
  • Special instructions (free-text, up to 300 characters)
  • Payment method selected (currently PayNow)
  • Payment reference (provided by you)

(c) Resale Listing Data

If you submit a resale listing, we collect:

  • Lot number and suite reference
  • Asking price
  • Contact name
  • Contact type and contact details (which may include your email address, phone number, WhatsApp number, or Telegram handle)
  • Photographs of the niche

Please note that the contact details you provide in a resale listing will be visible to all users of the Platform and will be indexed by a third-party search service to enable search functionality. See Section 5 for further details.

(d) Advertisement Data

If you submit a business advertisement, we collect:

  • Company name and logo
  • Website URL
  • Description of your business or services
  • Contact name and contact details (up to three contact methods)
  • Promotional photographs (premium tier only)
  • Services list (premium tier only)

(e) User-Generated Content

Any photographs, logos, text descriptions, and other content you upload or submit through the Platform.

2.2 Data Collected Automatically

When you use the Platform, certain data is collected automatically:

(a) Device Tokens and Notification Data

When you grant notification permissions or launch the App, we collect your device push notification token, your device platform (iOS or Android), and a timestamp of when the token was last active. This data is used solely to deliver push notifications to your device.

(b) Crash and Diagnostic Data

If the App crashes, anonymous diagnostic information is automatically transmitted to Google via Firebase Crashlytics. This includes device model, operating system version, app version, and a technical log of the crash. This data is not linked to your account or personal identity.

2.3 Data Received from Third-Party Sign-In Providers

If you choose to sign in using Google Sign-In or Apple Sign-In, we receive your email address and display name from the relevant provider. Apple may provide a relayed or masked email address if you choose to use Apple’s email relay service. These providers operate as independent controllers of your data in relation to the authentication process, and their own privacy policies govern their handling of your information.

2.4 Data We Do Not Collect

We do not collect payment card numbers, bank account numbers, CVV codes, or any financial credentials. All in-app purchases and subscriptions are processed by the Apple App Store or Google Play Store; we do not receive or store your payment instrument details. We do not collect national identification numbers (such as NRIC or FIN), precise geolocation data, biometric data, or health data.

3. Purposes of Collection, Use, and Disclosure

We collect, use, and disclose your personal data for the following purposes:

  • (a) Account Creation and Management — To create, maintain, authenticate, and administer your account on the Platform, including verifying your identity through email magic link, Google Sign-In, or Apple Sign-In.
  • (b) Service Delivery — To process and manage memorial service booking requests, resale listing submissions, and advertisement submissions, including communicating with you about the status of your bookings, listings, or advertisements.
  • (c) Platform Operations — To operate, maintain, and improve the Platform, including moderating user-generated content, managing product catalogues, and administering announcements.
  • (d) Search Functionality — To index resale listing data (including seller contact details) in a third-party search service so that other users can search for and discover available listings.
  • (e) Communications — To send you transactional emails and push notifications relating to your account activity, including booking confirmations, listing status updates, advertisement status updates, and platform announcements. All communications are transactional in nature; we do not send marketing emails.
  • (f) Subscription and Purchase Management — To manage in-app purchases and subscriptions, verify entitlements, and synchronise subscription status with the Platform.
  • (g) Diagnostics and Stability — To collect anonymous crash reports for the purpose of identifying and resolving technical issues in the App.
  • (h) Legal and Regulatory Compliance — To comply with applicable laws, regulations, or legal processes, to enforce our Terms of Service, and to protect our rights, property, or safety or those of other users.
  • (i) Any Other Purpose — For any other purpose that is reasonably related to the above, or for which we notify you and, where required, obtain your consent at or before the time of collection.

Where we rely on your consent as the legal basis for processing, you may withdraw your consent at any time by contacting us at the details set out in Section 13. Please note that if you withdraw your consent to the collection, use, or disclosure of your personal data, we may not be able to continue providing the Platform or certain features of the Platform to you, and we will inform you of the consequences of such withdrawal.

4. Disclosure to Third Parties

We may disclose your personal data to the following categories of third-party service providers in connection with the purposes described in Section 3:

  • (a) Cloud Infrastructure and Database Services — We use cloud-based infrastructure services to host and store data. Our primary database and storage infrastructure is located in Singapore. Certain ancillary services (such as authentication, push notification delivery, and crash diagnostics) operate on global infrastructure.
  • (b) Search and Indexing Services — Resale listing data, including seller contact details (name, email address, phone number, WhatsApp number, and Telegram handle), is transmitted to a third-party search indexing service based in the United States to provide search functionality on the Platform. By submitting a resale listing, you acknowledge that your contact details will be processed by this service and will be accessible to other users of the Platform through search results.
  • (c) Email Delivery Services — We use a third-party email delivery service to send transactional emails on our behalf. This service receives your email address, first name, and relevant details of your booking, listing, or advertisement as necessary to deliver the email. Free-text content you enter in certain fields (such as special instructions in a booking request) may be included in these emails and transmitted to this service provider.
  • (d) Subscription and Purchase Management Services — We use a third-party service to manage in-app purchases and subscriptions. This service receives your internal user identifier, device platform, purchase receipts, and transaction identifiers.
  • (e) Push Notification Services — We use push notification infrastructure to deliver notifications to your device. This service processes device tokens and notification content.
  • (f) Crash Diagnostics Services — Anonymous crash and diagnostic data is transmitted to Google for analysis. This data is not linked to your account.
  • (g) App Store and Play Store Operators — Apple and Google process your purchases and subscriptions through their respective stores. We do not receive or control the payment data they hold.

Each third-party service provider is engaged under contractual arrangements that include obligations to protect your personal data to a standard comparable to the protections afforded under the PDPA. We do not sell your personal data to any third party.

5. Cross-Border Data Transfers

Our primary database and file storage infrastructure is located in Singapore. However, in the course of operating the Platform, your personal data may be transferred to, stored in, or processed in jurisdictions outside Singapore, including but not limited to the United States and the European Union, by the categories of service providers described in Section 4.

Such transfers are necessary for the operation of the Platform and are made subject to appropriate contractual safeguards that require the recipient to protect your personal data to a standard comparable to the protection afforded under the PDPA, in accordance with the Transfer Limitation Obligation under the PDPA.

Where personal data is transferred overseas, we take reasonable steps to ensure that the overseas recipient is bound by legally enforceable obligations to provide a standard of protection that is at least comparable to that provided under the PDPA.

In particular, if you submit a resale listing, the contact details you provide (including your name, email address, phone number, WhatsApp number, and Telegram handle) will be transmitted to and indexed by a search service provider whose infrastructure is located in the United States. This transfer is necessary to enable the search functionality of the Platform.

6. Data Retention

We retain your personal data for as long as it is necessary to fulfil the purposes for which it was collected, as described in Section 3, or as required or permitted by applicable law. The criteria we use to determine retention periods include the nature of the personal data, the purposes for which it is processed, whether those purposes can be achieved by other means, and our legal and regulatory obligations.

When personal data is no longer necessary for any purpose for which it was collected, and we are not required or permitted by law to retain it, we will take reasonable steps to delete, destroy, or anonymise the data.

The following specific retention practices apply:

  • (a) Temporary Uploads — Files uploaded during the listing or advertisement submission process are stored in a temporary staging area and are automatically deleted within 24 hours. Processed images associated with active listings or advertisements are retained for as long as the listing or advertisement remains on the Platform.
  • (b) Device Tokens — Push notification device tokens that have been inactive for more than 30 days are automatically deleted.
  • (c) Crash Reports — Anonymous crash and diagnostic data is retained in accordance with the retention policies of the third-party crash diagnostics service provider.
  • (d) Account Data, Bookings, Listings, and Advertisements — Data associated with your account, booking requests, resale listings, and advertisements is retained for as long as necessary to operate the Platform, comply with our legal obligations, resolve disputes, and enforce our agreements. Where a listing or advertisement is withdrawn or deactivated, it may be retained in a deactivated state for record-keeping and compliance purposes.

7. On-Device Storage

The App stores certain data locally on your device to improve performance and enable offline functionality. This may include cached content, user preferences, and transaction identifiers. This locally stored data is not transmitted to us except as described elsewhere in this Policy.

Data stored locally on your device is cleared when you uninstall the App. We recommend that you use the security features available on your device (such as screen lock and device encryption) to protect locally stored data.

8. Device Permissions

The App may request the following permissions on your device:

  • (a) Push Notifications — Used to deliver transactional notifications about your bookings, listings, advertisements, and platform announcements. You will be shown an explanatory screen before the system permission dialog is presented. You may disable notifications at any time through your device’s operating system settings.
  • (b) Camera — Used to capture photographs for resale listing or advertisement submissions. This permission is requested only at the time you choose to take a photo within the App.
  • (c) Photo Library — Used to select existing photographs from your device for resale listing or advertisement submissions. This permission is requested only at the time you choose to select a photo within the App.

Granting these permissions is voluntary. However, certain features of the Platform may not function fully if the relevant permission is not granted.

9. Your Rights Under the PDPA

Under the PDPA, you have the following rights in relation to your personal data held by us:

  • (a) Right of Access — You may request access to your personal data that is in our possession or under our control, and information about the ways in which your personal data has been or may have been used or disclosed by us within the past year. We will respond to your request within 30 days, or such extended period as may be permitted under the PDPA.
  • (b) Right of Correction — You may request the correction of any error or omission in your personal data that is in our possession or under our control. We will correct your personal data within 30 days of receiving a request with sufficient information to identify the error and make the correction, unless the correction is validly refused under the PDPA.
  • (c) Right to Withdraw Consent — You may withdraw your consent to our collection, use, or disclosure of your personal data for any or all purposes at any time by contacting us. Upon receiving your withdrawal request, we will inform you of the likely consequences of withdrawing your consent, which may include our inability to continue providing the Platform or certain features to you. Your withdrawal of consent will not affect the lawfulness of any processing carried out prior to the withdrawal.

We may charge a reasonable fee for processing an access request, as permitted under the PDPA. We may also refuse a request in the circumstances permitted by the PDPA, in which case we will inform you of the reasons for refusal.

To exercise any of the above rights, please contact us using the details set out in Section 13.

10. Account Deletion

You may request the deletion of your account and associated personal data by contacting us at support@nirvana.sg . Upon receiving a verified deletion request, we will take reasonable steps to delete or anonymise your personal data within a reasonable timeframe, except to the extent that we are required or permitted to retain certain data under applicable law or for legitimate business purposes (such as record-keeping, dispute resolution, or compliance with legal obligations). We will inform you of any data that we are unable to delete and the reasons for retention.

Please note that if your account is deleted, you will no longer be able to access the Platform, and any active listings or advertisements associated with your account may be deactivated.

11. Children

The Platform does not impose a minimum age requirement for registration. However, if you are a parent or legal guardian and you believe that a child under your care has provided personal data to us without your consent, you may contact us at support@nirvana.sg and we will take reasonable steps to delete the data.

We encourage parents and guardians to supervise the online activities of minors in their care.

12. Security

We implement reasonable security arrangements to protect your personal data from unauthorised access, collection, use, disclosure, copying, modification, or disposal. These measures include encryption of data in transit, encryption of data at rest on our cloud infrastructure, input validation on server-side processes, application integrity verification, and access controls that restrict data access to authorised personnel and systems.

No method of electronic transmission or storage is completely secure. While we take reasonable steps to protect your personal data, we are unable to guarantee absolute security and shall not be liable for any unauthorised access, loss, or misuse of your personal data arising from circumstances beyond our reasonable control.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise any of your rights under the PDPA, or have a complaint regarding our handling of your personal data, please contact us at:

GO REACH PTE. LTD. (UEN 202423611Z)

140 Paya Lebar Road, #06-06

AZ @ Paya Lebar, Singapore 409015

Email: support@nirvana.sg

We aim to respond to all enquiries within a reasonable timeframe and in any event within the timeframes required under the PDPA.

If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission of Singapore at www.pdpc.gov.sg .

14. Changes to This Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or Platform functionality. When we make changes, we will update the “Effective Date” at the top of this Policy and notify you through the App or by other reasonable means.

Where the changes materially affect the way we collect, use, or disclose your personal data, or where required by law, we will obtain your consent to the updated Policy before continuing to process your personal data under the revised terms. If you do not consent to the updated Policy, you may discontinue your use of the Platform and request deletion of your account as described in Section 10.

The current version of this Privacy Policy is always available at https://app.nirvana.sg/privacy .

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Singapore.

© GO REACH PTE. LTD. All rights reserved.