Nashi Labs Pte Ltd – Privacy Policy

Effective Date: 4 September 2025

nashi ("Nashi Labs Pte. Ltd.", “we”, “us”, or “our”) is a company incorporated in Singapore. We respect your privacy and are committed to protecting your personal data.

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you access or use the nashi mobile application (the "App") and related services (collectively, the "Services").

By using the App, you acknowledge that you have read and understood this Privacy Policy.

1. Personal Data That We Collect

We may collect personal data about you directly from you, automatically through your use of the App, or from third parties.

1.1 Data You Provide to Us

Depending on how you use nashi, this may include:

• Full name

• Email address and phone number

• Business name and business details

• Payment and transaction-related information

• Customer support communications

• Any other information you choose to provide

1.2 Data Collected Automatically

When you use the App, we may automatically collect:

• Device information (device model, operating system, app version)

• Log and usage data (IP address, access times, app interactions)

• Diagnostic and crash data

1.3 Payment Data

nashi does not store full card numbers on its own servers. Payment data is processed securely by PCI-compliant third-party payment service providers.

Your device model, operating system, and location may be collected by our payment service providers solely for processing and securing transactions.

2. Purpose of Collection and Use

We collect and use personal data for the following purposes:

• To create and manage your account

• To provide and operate our Tap to Phone and payment services

• To process transactions and settlements

• To comply with legal, regulatory, and licensing obligations

• To communicate with you about service-related matters

• To improve app functionality, performance, and user experience

• To prevent fraud, misuse, and security incidents

• To send marketing communications where permitted by law and with your consent

3. Legal Basis for Processing (PDPA)

Under Singapore’s PDPA, we process personal data based on one or more of the following grounds:

• Your consent

• Where necessary to provide the Services you requested

• Compliance with legal or regulatory obligations

• Legitimate interests, where such interests are not overridden by your rights

4. Disclosure of Personal Data

We may disclose your personal data to:

• Service providers (e.g., cloud hosting, analytics, customer support)

• Payment processors and financial institutions

• Regulators, law enforcement, or government authorities where required by law

• Professional advisors (legal, audit, compliance)

All third parties are required to protect your data and use it only for specified purposes.

5. International Data Transfers

Your personal data may be transferred outside Singapore. Where this occurs, we take reasonable steps to ensure that the receiving party provides a standard of protection comparable to that under the PDPA.

6. Consent, Withdrawal, and Marketing Preferences

By using the App, you consent to the collection, use, and disclosure of your personal data as described in this Policy.

You may withdraw your consent or opt out of marketing communications at any time by contacting us at:

hello@trynashi.com

7. Access, Correction, Account Closure, and Data Subject Rights

You have the right to:

• Request access to your personal data

• Request correction of inaccurate or incomplete data

• Request to close your nashi account at any time by contacting us at hello@trynashi.com

Upon closure, we will delete or anonymise your personal data, except where retention is required by law or for legitimate business purposes such as fraud prevention or dispute resolution.

• Request restrictions on processing or object to certain uses of your personal data

Requests can be made by emailing hello@trynashi.com. We may require verification of your identity before processing requests.

8. Permissions

The nashi App may request the following permissions:

• Internet access (required to process payments and communicate with our servers)

• NFC (used solely for processing transactions via the payment SDK; we do not access NFC for other purposes)

9. Protection of Personal Data

We implement reasonable administrative, technical, and physical safeguards to protect your personal data, including:

• Encryption of sensitive data

• Restricted access controls

• Secure infrastructure and monitoring

However, no system is completely secure, and we cannot guarantee absolute security.

10. Data Retention and Storage

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy, or as required by applicable laws and regulations.

When no longer required, data will be securely deleted or anonymised. Data is stored in secure, access-controlled environments on cloud infrastructure.

11. Cookies and Tracking Technologies

The nashi App does not use advertising identifiers for behavioural advertising.

Our website, www.trynashi.com, is an informational landing page only and does not collect personal data.

12. Children’s Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

13. Third Party Links

Our App may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted within the App. Continued use of the Services after changes take effect constitutes acceptance of the updated Policy.

15. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our handling of personal data, please contact:

Email: hello@trynashi.com
Website: www.trynashi.com (for information about the nashi App and Services only)