Legal

Privacy Policy

Last updated 17 June 2026

Last updated: 17/06/2026 Effective from: 17/06/2026


1. About This Policy

1.1 FundBright Pte. Ltd. (UEN 202532538M) ("FundBright", "we", "us", "our") operates an online platform at www.fundbright.sg (the "Platform") that helps borrowers in Singapore compare personal loan options from MAS-regulated licensed banks and MinLaw-regulated licensed moneylenders ("Lending Partners"). FundBright is not a lender, does not hold a moneylending licence, and does not make lending decisions.

1.2 This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use the Platform in accordance with the Singapore Personal Data Protection Act, and should be read together with our Terms of Use.

1.3 By visiting our website, using the Platform or any other applications or software we provide, you acknowledge that you have read and understood this Policy, and consent to the practices set out below. Where we rely on your consent (rather than another lawful basis under the PDPA) for specific processing activities, we will make that clear at the point of collection.

1.4 For certain processing activities (including web analytics and other operational data uses) we rely on deemed consent by notification under section 15A of the PDPA. This means that, by continuing to use the Platform after we have notified you of these activities through this Policy, you are deemed to have consented to them. You retain the right to opt out of such activities at any time using the mechanisms described in the relevant section of this Policy (for analytics, see the Cookies and Similar Technologies section).


2. Definitions

  • "Personal data" has the meaning given in the PDPA: data, whether true or not, about an individual who can be identified from that data, or from that data combined with other information we have or are likely to have access to.
  • "Lending Partner" means a licensed bank or licensed moneylender that participates on the Platform and may make loan offers to you.
  • "MLCB" means the Moneylenders Credit Bureau, the credit bureau designated under the Moneylenders Act 2008.
  • "Registrar" means the Registrar of Moneylenders under the Moneylenders Act 2008.
  • "Service" means the Platform and all related services we provide, including loan comparison, lead matching, and customer support.
  • "Singpass / MyInfo" means the Singapore Government's national digital identity service and the MyInfo service (currently MyInfo v5) operated by the Government Technology Agency of Singapore.

3. What Personal Data We Collect

3.1 Data you provide directly to us

When you register, submit a loan enquiry, or contact us, you may provide:

  • Identity information: full name, date of birth, nationality, residential status
  • Contact information: email address, mobile number, residential address
  • Employment and income information: employer name, job title, monthly income, length of employment
  • Financial information: existing loan obligations, outstanding debts
  • Loan enquiry details: loan amount requested, purpose, preferred tenure
  • Correspondence: messages, enquiries, and feedback sent to us (including recordings of voice calls and chat transcripts, where applicable)

3.2 Data we retrieve from Singpass / MyInfo

Where you choose to use Singpass to log in or pre-fill your loan enquiry via MyInfo, we will retrieve data fields from MyInfo with your explicit consent at the point of authorisation. The specific fields requested will be shown to you in the Singpass consent screen before you authorise the retrieval.

3.3 Data collected automatically when you use the Platform

  • Device and technical information: IP address (truncated to remove the final octet for privacy purposes by our analytics provider), browser type and version, operating system, device identifiers, time zone, language settings
  • Usage information: pages viewed, links clicked, time spent, referring URLs, interaction events. We use Google Analytics 4 ("GA4") as our analytics provider for this purpose. GA4 is operated by Google LLC, and data collected is processed in accordance with Google's privacy practices (https://policies.google.com/privacy).
  • Cookie and similar technology data (see Cookies and Similar Technologies section below)

3.4 Data we receive from third parties

  • Lending Partners: information about the status and outcome of loan offers and applications
  • Service providers: analytics, fraud prevention, and identity-verification providers acting on our behalf

4. Why We Collect Your Personal Data

4.1 We collect, use, and disclose your personal data for the following purposes:

  • Providing the Service: to process your loan enquiry, match you with suitable Lending Partners, communicate loan offers to you, and facilitate your acceptance of a loan offer.
  • Verifying your identity: including through Singpass / MyInfo, and through checks with our identity-verification service providers.
  • Operating and improving the Platform: including troubleshooting, security, fraud prevention, and analytics.
  • Customer support: responding to your questions, complaints, and requests.
  • Transactional communications: sending you service notifications, enquiry status updates, offer alerts, account notifications, and other communications that are necessary to deliver the Service.
  • Complying with legal obligations: including responding to lawful requests from courts, regulators, and law enforcement, and supporting our Lending Partners' compliance obligations (see section 6).
  • Protecting our rights: including investigating suspected fraud, misuse of the Platform, or breaches of our Terms of Use, and establishing or defending legal claims.
  • Identifying eligibility for other FundBright services: we may use the information you submit in your loan enquiry to assess whether you may be eligible for other loan comparison services we offer. Where we identify that you may benefit from another of our services, we may inform you of this through your account dashboard. This assessment is conducted within FundBright and does not involve sharing your personal data with any third parties.

4.2 We do not use your personal data for direct marketing of any specific Lending Partner's loan products or for promotional communications from Lending Partners. Other than the eligibility-identification activities described above, we only send you communications that are necessary to deliver the Service you have requested.


5. How We Share Data with Lending Partners (During the Matching Process)

5.1 Stage 1: Initial offer underwriting

When you submit a loan enquiry, we share with selected Lending Partners only the information necessary for them to assess whether they can offer you a loan and on what terms. At this stage, we do not share your:

  • Name
  • Mobile number
  • Email address
  • Residential address

We share underwriting-relevant information such as your age, residential status, nationality, employment status, income and housing ownership information, existing debt obligations, loan amount requested, and loan purpose. Lending Partners use this information to decide whether to extend you a loan offer and on what indicative terms.

5.2 Stage 2: Disclosure of identifying information upon acceptance

If you choose to accept a loan offer from a Lending Partner, we will then disclose your name and personal contact information so they can onboard you, conduct their own in-person verifications, and complete the loan.

5.3 What happens after disclosure

Once your personal data has been disclosed to a Lending Partner under Section 5.2, that Lending Partner becomes an independent data controller of your personal data for its own loan-approval, loan-servicing, and regulatory-compliance purposes. Each Lending Partner operates under its own privacy policy, which you should review before accepting a loan offer.

We remain responsible for our own handling of your personal data in accordance with this Policy.


6. Disclosures Required by Law (Moneylenders Act and Related Requirements)

6.1 Where you accept a loan offer from a licensed moneylender Lending Partner, you should be aware that the Moneylenders Act 2008, the Moneylenders Rules 2009, and the Registrar's Directions impose legal obligations on that licensed moneylender that will affect how your personal data is handled. These include (without limitation):

  • MLCB submission: the licensed moneylender is required to submit information about your loan (including your NRIC / FIN, loan amount, repayments, and balance) to the MLCB.
  • Balance quantum check: the licensed moneylender must carry out a balance quantum check with the MLCB before granting a loan.
  • Submission to the Registrar and public agencies: the licensed moneylender may be required to submit information about borrowers and transactions to the Registrar of Moneylenders, and to other public agencies where required by law.
  • Record-keeping: the licensed moneylender is required to keep records of loan applications and loan contracts for minimum periods specified in section 38 of the Moneylenders Act 2008.

6.2 To the extent that FundBright handles or processes any such data on behalf of a Lending Partner (for example, by passing loan-application data through the Platform), we act as a data intermediary for that Lending Partner. Information we hold on that basis is subject to the Lending Partner's retention requirements under the Moneylenders Act 2008 and other applicable laws.

6.3 FundBright itself is not a licensed moneylender and does not submit data to the MLCB on its own behalf.


7. Other Third Parties We Share Your Data With

7.1 We may also share your personal data with:

  • Our service providers: including cloud hosting providers, data storage providers, communication platforms, customer support tools, fraud-prevention services, analytics providers, and professional advisers (legal, accounting, and audit). We require these providers to protect your data to a standard at least equivalent to this Policy and to process data only on our instructions.
  • Group companies and affiliates: where this is necessary to operate the Service.
  • Government and regulatory authorities: where required by law, a court order, a lawful request from a regulator or law enforcement agency, or where necessary to protect our rights or the safety of our users or the public.
  • A successor in a business transaction: such as a merger, acquisition, restructuring, or sale of all or part of our business. In such a case, personal data will be transferred subject to this Policy or a privacy policy with equivalent protections.

7.2 We do not sell your personal data to any third party. We do not share your personal data with any third party for that third party's own direct marketing purposes.


8. Special Handling of NRIC / FIN Numbers

8.1 The Personal Data Protection Commission's advisory guidelines on NRIC / FIN handling restrict when organisations may collect full NRIC / FIN numbers. We collect your full NRIC / FIN because it is necessary for identity verification.

8.2 We do not retain raw NRIC / FIN numbers. We may pass the NRIC / FIN to an identity-verification service provider at the point of collection for live verification, but we do not store the raw value after verification completes.

8.3 FundBright will not share your NRIC / FIN with our Lending Partners. Our Lending Partners will get your consent to collect that information directly from you during their in-person verification process at their place of business to ensure:

  • compliance with the Moneylenders Act 2008 requirement that licensed moneylenders obtain the NRIC / FIN of every loan applicant before granting a loan, and
  • the MLCB balance quantum check carried out by licensed moneylender Lending Partners.

9. MLCB Data Ring-Fencing

9.1 Under section 69(2) of the Moneylenders Act 2008, personal data that is obtained from the MLCB by a licensed moneylender must only be used for the purposes specified in the Act and related regulations. It cannot be used for other purposes, including general marketing or cross-selling.

9.2 To the extent FundBright receives or handles MLCB-sourced data on behalf of a Lending Partner, we ring-fence that data: it is accessible only to personnel with a specific need to handle it for the relevant loan-matching or loan-processing purpose, and it is not used for any other purpose, including service improvement, analytics, or research.


10. Data Retention

10.1 We retain personal data only for as long as it is necessary to fulfil the purposes set out in this Policy, unless a longer period is required or permitted by law.

10.2 Our baseline retention periods are:

  • Loan-enquiry data where no loan was disbursed: up to 2 years from the date of the enquiry, to support follow-up enquiries, fraud investigation, and dispute handling.
  • Loan-enquiry and supporting data where a loan was disbursed through a Lending Partner: for the period required to support the Lending Partner's record-keeping obligations. Under section 38 of the Moneylenders Act 2008, licensed moneylenders must keep loan application records and note-of-contract records for a minimum of 5 years after the loan is fully repaid or the contract is otherwise terminated. We retain relevant data for this period to the extent we are acting as a data intermediary for the Lending Partner.
  • Account and transactional records: as required under the Companies Act 1967, the Income Tax Act 1947, and other applicable laws (generally 5 years).
  • Anti-money-laundering and counter-terrorism-financing records: where applicable, for a minimum of 5 years from the end of the business relationship or the date of the relevant transaction, consistent with the Moneylenders (Prevention of Money Laundering and Financing of Terrorism) Rules 2009.
  • Marketing and preference data: we do not conduct direct marketing, so we do not retain data for marketing purposes.
  • Website analytics and cookie data: as set out in the Cookies and Similar Technologies section.

10.3 When personal data is no longer needed for the purposes above, we securely delete or anonymise it.


11. Cookies and Similar Technologies

11.1 We use cookies and similar technologies on the Platform. A cookie is a small text file stored on your device when you visit a website.

11.2 We use the following categories:

  • Strictly necessary cookies: required for the Platform to function (e.g., session management, security).
  • Analytics and performance cookies: these include cookies set by Google Analytics 4, which we use to understand how visitors interact with the Platform so we can improve it. The data we receive is aggregated and pseudonymised; IP addresses are truncated before storage.
  • Functionality cookies: remember your preferences and settings.

11.3 We do not use advertising or tracking cookies that build profiles of you across unrelated third-party websites.

11.4 How to control or opt out:

  • Browser settings: Most browsers allow you to view, manage, delete, and block cookies through their settings. Note that blocking strictly necessary cookies may prevent parts of the Platform from working.
  • Google Analytics opt-out: You may opt out of Google Analytics tracking on all websites by installing the Google Analytics Opt-Out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout.

12. How We Protect Your Data

12.1 We apply administrative, technical, and physical safeguards designed to protect your personal data against unauthorised access, collection, use, disclosure, copying, modification, or disposal. These include:

  • encryption of data in transit (TLS) and encryption of sensitive data at rest (including NRIC / FIN),
  • access controls on a need-to-know basis, with role-based permissions,
  • logging and monitoring of access to personal data,
  • regular security reviews, patching, and vulnerability management,
  • staff training on data protection and security.

12.2 No method of transmission over the internet or storage is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.


13. Data Breach Notification

13.1 In the event of a data breach that is likely to result in significant harm to affected individuals, or that affects 500 or more individuals, we will notify the Personal Data Protection Commission as soon as practicable, and in any event no later than 3 calendar days, as required under the PDPA.

13.2 We will also notify affected individuals as soon as practicable where the breach is likely to result in significant harm, unless an exception under the PDPA applies.

13.3 If you become aware of any security incident involving the Platform, please contact our Data Protection Officer immediately (see section 15).


14. Your Rights

14.1 Subject to the PDPA and other applicable laws, you have the right to:

  • Access: request access to the personal data we hold about you, and information about how we have used or disclosed it in the past year.
  • Correction: request correction of any personal data that is inaccurate or incomplete.
  • Withdraw consent: withdraw any consent you have given us for the collection, use, or disclosure of your personal data. Withdrawing consent may mean we are no longer able to provide the Service to you.
  • Report: lodge a report with our Data Protection Officer. You also have the right to lodge a report directly with the Personal Data Protection Commission of Singapore.

14.2 To exercise any of these rights, please contact our Data Protection Officer at the details below.

14.3 We may charge a reasonable administrative fee for access requests, as permitted under the PDPA. We will inform you of the fee before processing the request.


15. Data Protection Officer

15.1 For questions, comments, or requests, please contact our Data Protection Officer at hello@fundbright.sg.

15.2 When writing to the Data Protection Officer, please include "Attention: Data Protection Officer" in the subject line and provide enough information for us to identify you and respond to your request.


16. Third-Party Sites

16.1 The Platform may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read the privacy policies of any third-party website you visit.


17. Changes to This Policy

17.1 We may update this Policy from time to time. When we do, we will post the updated version on the Platform and update the "Last updated" date at the top.

17.2 If the changes are material, we will take reasonable steps to bring them to your attention, for example by email or through a notice on the Platform, before they take effect.


18. Governing Law

18.1 This Policy is governed by the laws of Singapore. Any disputes arising out of or in connection with this Policy are subject to the exclusive jurisdiction of the Singapore courts.