Privacy Policy

Last updated: June 2025

1. Data Controller

This website is operated by Mugai Pte Ltd, a company registered in Singapore (UEN: 202523267N).

If you have questions about this policy or your personal data, contact our Data Protection Officer at info@mugai.sg.

2. Data We Collect

We collect the following categories of personal data:

  • Account information: Name, email address, phone number
  • Shipping information: Delivery address
  • Payment information: Processed securely by Stripe — we do not store your credit card details
  • Order history: Records of your purchases
  • Browsing data: Pages visited, items viewed (via session cookies)
  • Newsletter consent: Email address and subscription status (double opt-in)

3. How We Use Your Data

We use your personal data for the following purposes:

  • Order fulfilment: Processing, shipping, and delivering your orders
  • Account management: Maintaining your account and purchase history
  • Customer support: Responding to your enquiries and resolving issues
  • Marketing communications: Sending newsletters and promotions (only with your explicit consent)
  • Service improvement: Understanding how our website is used to improve the experience

4. Who We Share Data With

We share your personal data only with trusted service providers who help us operate the platform:

  • Stripe — Payment processing (PCI-DSS compliant)
  • Brevo (Sendinblue) — Transactional and marketing emails
  • Google Cloud Platform — Website hosting and data storage

We do not sell, rent, or trade your personal data to third parties.

5. Data Retention

  • Account data: Retained while your account is active. You may request deletion at any time.
  • Order data: Retained for 7 years to comply with Singapore tax and accounting requirements.
  • Newsletter subscriptions: Retained until you unsubscribe. You can unsubscribe at any time via the link in our emails.
  • Browsing data: Session cookies expire when you close your browser.

6. Your Rights

Under the Personal Data Protection Act 2012 (PDPA), you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Withdrawal of consent: Withdraw consent for marketing communications at any time
  • Deletion: Request deletion of your personal data, subject to legal retention requirements (e.g. order data retained for 7 years)

To exercise your rights, email us at info@mugai.sg. We will respond within 30 business days.

7. Cookies

We use session cookies for authentication and to maintain your shopping cart across pages. These are essential for the website to function and expire when your browser session ends.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption on all pages
  • JWT authentication tokens stored in httpOnly, secure cookies
  • Content Security Policy (CSP) headers
  • Payment data handled entirely by PCI-DSS compliant Stripe

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

10. Contact

For questions, concerns, or data requests, contact our Data Protection Officer:

  • Email: info@mugai.sg
  • Company: Mugai Pte Ltd
  • UEN: 202523267N
  • Location: Singapore