Legal
Privacy Policy
Last updated: 22 May 2025 · Governed by the Personal Data Protection Act 2012 (Singapore)
1. Introduction
Nick Tung ("we", "us", or "our") operates the website drnicktung.com (the "Site"). We are committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore.
This Privacy Policy describes how we collect, use, disclose, and protect personal data you provide when you visit the Site, subscribe to our mailing list, purchase a Vibe Code membership, or engage our AI consulting services.
By using the Site, you consent to the collection and use of your personal data as described in this Policy. If you do not agree, please discontinue use of the Site.
2. Personal Data We Collect
We may collect the following categories of personal data:
- Identity data: name, as provided by you voluntarily
- Contact data: email address, WhatsApp number (if you initiate contact)
- Transaction data: Stripe customer ID, subscription status, payment records (processed by Stripe; we do not store card details)
- Usage data: pages visited, browser type, IP address, referral source (collected via standard server logs)
- Communications data: messages or enquiries you send us via WhatsApp or email
We collect personal data only when you voluntarily provide it (e.g. subscribing to our mailing list, signing in, making a purchase, or contacting us). We do not collect sensitive personal data as defined under the PDPA.
3. Purposes of Collection and Use
Under the PDPA, we must notify you of the purposes for which we collect, use, or disclose your personal data. We use your personal data for the following purposes:
- To provide and manage your Vibe Code membership or purchased services
- To send you newsletters, updates, and members-only content you have subscribed to
- To process payments securely via Stripe
- To respond to your enquiries and provide customer support
- To send transactional emails (sign-in links, subscription confirmations, receipts)
- To improve the Site and our services through analytics
- To comply with applicable laws and regulations in Singapore
We will not use your personal data for any purpose other than those stated above without first obtaining your consent, unless required by law.
4. Disclosure of Personal Data
We do not sell, rent, or trade your personal data to third parties. We may disclose your personal data only to the following trusted service providers who assist us in operating the Site:
- Supabase Inc. — database and authentication (servers located in Singapore / AWS ap-southeast-1)
- Stripe Inc. — payment processing (PCI DSS compliant)
- Resend Inc. — transactional email delivery
- Vercel Inc. — website hosting and deployment
These third parties are contractually obligated to process your data only in accordance with our instructions and to maintain appropriate security standards. Where data is transferred outside Singapore, we take reasonable steps to ensure comparable protection applies, consistent with the PDPA.
We may also disclose your personal data if required by Singapore law, court order, or lawful request by a government authority.
5. Consent and Withdrawal
By submitting your email address through our subscribe form or sign-in page, you consent to us collecting and using your personal data for the purposes stated in this Policy.
You may withdraw your consent at any time by:
- Clicking the unsubscribe link in any email we send you
- Contacting us directly at tungkaisheng@gmail.com
- Messaging us on WhatsApp at +65 8668 4687
Please note that withdrawal of consent may affect our ability to provide you with certain services (e.g. Vibe Code membership communications). Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.
6. Access and Correction
Under the PDPA, you have the right to:
- Request access to the personal data we hold about you
- Request correction of any inaccurate or incomplete personal data
To make an access or correction request, please contact us at tungkaisheng@gmail.com. We will respond within 30 days of receiving your request. We may charge a reasonable fee for processing access requests in accordance with the PDPA.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes stated in this Policy, or as required by law. Specifically:
- Subscriber email addresses are retained until you unsubscribe or request deletion
- Account data is retained for the duration of your membership and for a period of up to 7 years thereafter for accounting and legal purposes
- Payment records are retained as required by the Inland Revenue Authority of Singapore (IRAS)
When your personal data is no longer required, we will securely delete or anonymise it.
8. Data Protection and Security
We implement reasonable and appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- HTTPS encryption on all pages of the Site
- Row-level security (RLS) on all database tables
- Authentication via Supabase Auth (passwordless magic link sign-in)
- Access controls restricting administrative functions to authorised users only
While we take reasonable steps to protect your data, no method of transmission over the internet is completely secure. You provide your personal data at your own risk.
9. Cookies and Analytics
The Site may use cookies and similar tracking technologies to improve your experience and analyse usage. These may include:
- Session cookies: required for authentication and keeping you signed in
- Analytics cookies: to understand how visitors use the Site (aggregated, non-personally identifiable)
You may disable cookies in your browser settings; however, this may affect the functionality of the Site, including the ability to sign in.
10. Third-Party Links
The Site may contain links to external websites (e.g. Instagram, WhatsApp). We are not responsible for the privacy practices of those sites and encourage you to read their respective privacy policies.
11. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The revised policy will be posted on this page with an updated "Last updated" date. Continued use of the Site after any changes constitutes your acceptance of the updated Policy.
12. Contact Us / Data Protection Officer
If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data under the PDPA, please contact:
Nick Tung
Data Protection Officer
drnicktung.com
Email: tungkaisheng@gmail.com
WhatsApp: +65 8668 4687
Singapore
You also have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore at www.pdpc.gov.sg.