Privacy Policy
Last updated: May 2026
SYLVA Labs Pte. Ltd. ("SYLVA", "we", "us", "our") is committed to protecting the privacy of our clients and their customers. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to that data.
By using our services, you agree to the collection and use of information in accordance with this Policy.
1. Information We Collect
We collect the following categories of data:
- Account information: Your name, email address, business name and contact details provided at signup.
- Social media tokens: OAuth access tokens and refresh tokens for platforms you connect (TikTok, Instagram, Facebook, Google Business Profile). These are encrypted at rest.
- Social profile data: Basic profile information fetched from connected platforms (display name, account ID, profile photo URL) for identification purposes.
- Usage data: Logs of content generated, approved, published and any errors encountered, to operate and improve the service.
- WhatsApp contact: Your WhatsApp number, used to send content approval requests. Messages are delivered via Meta's WhatsApp Cloud API.
- Technical data: IP address, browser type and device info collected automatically when you use our web portal.
2. How We Use Your Data
We use the data we collect solely to:
- Provide, maintain and improve the SYLVA platform
- Generate AI-powered social media content tailored to your business
- Publish approved content to your connected social media accounts
- Send you content approval requests via WhatsApp
- Authenticate your identity and secure your account
- Respond to your support enquiries
- Comply with legal obligations
We do not sell, rent or share your personal data with third parties for marketing purposes.
3. Third-Party Platforms
SYLVA integrates with the following third-party platforms to deliver our services:
- TikTok — Content publishing via TikTok Content Posting API. Data shared: access tokens, video content. Governed by TikTok's Privacy Policy.
- Meta (Instagram / Facebook) — Content publishing via Meta Graph API. Governed by Meta's Privacy Policy.
- Google — Google Business Profile management via Google APIs. Governed by Google's Privacy Policy.
- OpenAI / Anthropic / Google Gemini — Used to generate content. Anonymised content briefs may be sent to these services. No personally identifiable information is included.
- Meta WhatsApp Cloud API — Used to deliver approval notifications to your WhatsApp number.
4. Data Storage & Security
Your data is stored on servers located in Singapore and the European Union. We implement industry-standard security measures including:
- Encryption of OAuth tokens and sensitive credentials at rest (AES-256)
- TLS/HTTPS encryption for all data in transit
- Access controls limiting data access to authorised personnel only
- Regular security reviews and dependency updates
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we take all reasonable precautions to protect your data.
5. Data Retention
We retain your data for as long as your account is active. Upon account termination:
- OAuth tokens are revoked and deleted within 7 days
- Social account IDs and profile data are deleted within 30 days
- Content history and conversation logs are deleted within 30 days
- Anonymised analytics data may be retained indefinitely
- Financial records required by Singapore law are retained for 5 years
6. Your Rights
Under the Singapore Personal Data Protection Act (PDPA) and applicable law, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Withdraw consent and request deletion of your data
- Data portability — receive a copy of your data in a machine-readable format
To exercise any of these rights, contact us at privacy@sylva.sg. We will respond within 30 days.
7. Cookies
Our web portal uses a single session cookie to keep you logged in. We do not use tracking cookies or third-party advertising cookies. You can disable cookies in your browser settings, but this will prevent you from logging into the portal.
8. Children's Privacy
SYLVA is a business-to-business service and is not directed at individuals under 18 years of age. We do not knowingly collect data from minors.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you by email at least 14 days before material changes take effect. The updated policy will be posted at this URL with a revised "last updated" date.
10. Contact & Data Deletion
For privacy enquiries, data access requests, or to request deletion of your data:
Email: privacy@sylva.sg
Subject: Privacy Request
SYLVA Labs Pte. Ltd., Singapore
For step-by-step data deletion instructions, visit our Data Deletion page.