Privacy Policy

We at Panalyt (“Panalyt”, “we”, “us”, “our”) know that our users (“you”, “your”) care about how your Personal Information, and that of your employees, contractors, candidates and other parties on whom you legitimately hold and manage Personal Information (“the Employees”, “your Employees”) is used and shared and we take your and your Employees privacy seriously. We are focused on protecting your and your Employees’ privacy rights and the privacy of you and your Employees is always at the top of our priorities. This Privacy Policy supplements our Terms of Service and spells out how we collect, use and disclose information from or about you and your Employees through our Website and the Panalyt software applications (“Apps”) and services (collectively, “Services”).

Panalyt complies with the European Union General Data Protection Regulation (“GDPR”) (effective 25 May 2018) regarding the collection, use, and retention of personal data from European Union member countries, and the Singapore Personal Data Protection Act 2012 (“PDPA”). 

These regulations guide our core principles in building our Apps and managing the data provided to us by you:

  1. Transparency: All Personal Information held by us relating to you or, where provided to us by you or a third party acting under your direction, your Employees, is available to be accessed and reviewed by you, and, at your direction, we can provide a platform to make your employee’s data accessible by the relevant individuals.
  2. Non-commercialisation: We will never buy or sell any Personal Information relating to you or your Employees. No part of our business does or will involve the sale of Personal Information.
  3. Access Minimisation: Only members of Panalyt who absolutely require access to Personal Information for the execution of their duties have such access. All-access is password protected and logged. No Personal Information ever resides on individual computers and it is never printed.
  4. Data Processor: Panalyt is the data processor, identified under GDPR as a person or organization who deals with Personal Information as instructed by a Data Controller for specific purposes and services offered to the Data Controller that involve Personal Information processing. Our clients are the Data Controllers with the responsibility for collecting the data.

This Privacy Policy covers our treatment of 2 types of personally identifiable information (“Personal Information”) that we gather when you are using our Services:

  1. Personal Information regarding the legal entity engaging, or considering engaging, with us, and the individuals within that entity responsible for executing or managing the engagement (“Client Data”). For example, the Company name and address, the name, title and email address of the key contact within the client Company.
  2. Personal Information regarding the Employees (including employees, contractors, candidates and other parties on whom you legitimately hold and manage Personal Information) provided to us by you or a third party acting under your direction (“Employee Data”). For example, name, title, date of hire, compensation etc.  Panalyt manages Employee Data as received from you with the explicit understanding and assurance that you have both the permission of the relevant individuals and have defined the business reasons to support the collection, retention, and transfer to us of the Employee Data, as defined under GDPR.

This policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

We do not knowingly collect or solicit Personal Information from anyone under the age of 16 or knowingly allow such persons to register for our Services. No one under age 16 may provide any Personal Information to us, and Employee Data may not include data on individuals under age 16.


We gather various types of Personal Information from our users, as explained more fully below. We may use this Personal Information to personalize and improve the Services, to allow our users to set up a user account and profile, to contact users, to fulfill your requests for the Services, to analyze how users utilize the Website, and as otherwise set forth in this Privacy Policy. We may share certain types of Personal Information with third parties (described in this Section and in Section 4 below). We collect the following types of information:

A. Information You Provide to Us:

Your Client Data: We receive and store any information you knowingly provide to us. For example, we collect Personal Information such as your name, email address, and browser information. You can choose not to provide us with certain information, but then you may not be able to register with us. We may anonymize your Client Data so that you cannot be individually identified, and provide that information to our partners for aggregate visitor statistics and analysis.

Your Employee Data: In order to provide you with the Services, we also receive and store any information you choose to provide us with in respect to your employees, contractors, candidates and other parties on whom you legitimately hold and manage Personal Information (“Employee Data”) The Employee Data we receive and store will consist of any information you choose to provide us with, either directly or from third parties that you direct to share such information with us. Such third parties may include, for example, HR software applications used by you that may transmit information directly to us through APIs set up or provided by you. We may anonymize your Employee Data in aggregate with other data sets so that they cannot be individually or collectively identified, and incorporate that information into our services to provide predictive analytics, benchmarks and similar outputs of anonymous, aggregated data.


If you choose to use our referral service to tell a friend about our site, we will ask you for your friend’s name and email address. We will then send your friend a one-­time email inviting him or her to visit the site. Panalyt stores this information for the sole purpose of sending this one-­time email, and tracking the success of our referral program.

Your friend may contact us at to request that we remove this information from our database.

B. Information Collected Automatically:

Whenever you interact with our Website and App we automatically receive and record information on our server logs from your browser including your IP address, “cookie” information, and the page you requested. “Cookies” are identifiers we transfer to your computer or mobile device that allow us to recognize your browser or mobile device and tell us how and when pages in our Services are visited by you. You may be able to change the preferences on your browser or mobile device to prevent or limit your computer or device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features. If you click on a link to a third party website, such third party may also transmit cookies to you. This Privacy Policy does not cover the use of cookies by any third parties.

When you visit the Website and App, whether as a Panalyt customer or a non­-registered user just browsing, our servers automatically record information that your browser sends whenever you visit a website (“Log Data”). For example, Log Data may include information such as your computer’s IP address, browser type or the webpage you were visiting before you came to our Website or App, pages of our Website or App that you visit, the time spent on those pages, information you search for, access times and dates, and other statistics. We use this information to monitor and analyze use of the Services and for our technical administration, to increase our functionality and user­-friendliness, and to better tailor our Services to our visitors’ needs.

Our Website includes social media features, such as the Facebook Like button and widgets such as the “Share This” button for Twitter and LinkedIn. These features may collect your IP address and the page you are visiting on our site, and they may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy policy of the company providing the feature.

C. Information We May Receive from Third Parties

Apart from the Employee Data provided through third parties at your direction, detailed in A above, we may receive information about our users from third parties. For example, if you access our Website or Service through a third-party connection or log-in, for example, through Google, by linking your account to the Panalyt Service, etc., that third party may pass certain information about your use of its service to Panalyt. This information could include, but is not limited to, the user ID associated with your account, an access token necessary to access that service, any information that you have permitted the third party to share with us including your name and email address.

D. Email and Other Communications:

We may contact you by email or other means; for example, we may communicate with you about your use of the Services. If you do not want to receive email or other mail from us, please indicate your preference by adjusting the settings on your account screen in the Website. Please note that if you do not want to receive legal notices from us, those legal notices will still govern your use of the Services, and you are responsible for reviewing such legal notices for changes.


Panalyt takes reasonable precautions to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

If you are located outside the United States, the information that we collect from you may be transferred to, and stored and processed at a destination in the United States. Unless otherwise agreed, by submitting information, you agree to this transfer, storing or processing. We take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.

As this policy went into effect, we store all Employee Data and Client Data solely within Google Cloud Platform (“GCP”).  Data is encrypted end-to-end and we strictly comply with GCP’s customer security best practices, ensuring your Employee Data remains safe and secure. For more information on the security practices of GCP, please visit

Any change to our fundamental data storage and processing environment of your Employee Data would require your explicit written authorization. 

Transfers from the EU to GCP’s storage are protected by European Union Model Clauses executed between Google and Panalyt.  The European Commission has approved model contract clauses as a means of complying with the requirements of the GDPR. The effect of this decision is that, by incorporating certain provisions into a contract, personal data can flow in a compliant way from those subject to the GDPR to cloud (and other) providers outside the EU or the European Economic Area (“EEA”). By adopting EU model contract clauses, providers outside the EU or the EEA can offer their customers an option for complying with the GDPR.

GCP gained confirmation of compliance from the European Union’s data protection authorities, acting collectively as the Article 29 Working Party, for their model contract clauses, affirming that the GCP contractual commitments fully meet the requirements to legally frame transfers of data from the EU to the rest of the world, in accordance with the Data Protection Directive, which has now been replaced by the GDPR. For more information see:


We neither rent nor sell Client Data or Employee Data in personally identifiable form to anyone. We share such Personal Information in a personally identifiable form with third parties as described below;

A. Trusted Third Parties:

We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide the Services to you. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary to assist us. This includes third party companies and individuals employed by us to facilitate our Services, including the provision of maintenance services, database management, Web analytics and general improvement of the Services. We note that we may be subject to liability for sharing information to third parties in a manner inconsistent with our policy or the GDPR or PDPA provisions.

In particular, as part of our provision of the Services to you, we store all Employee Data solely within servers and applications managed by Google Cloud Platform (“GCP”).  We strictly comply with GCP’s customer security best practices, ensuring your Employee Data remains safe and secure. For more information on the security practices of GCP, please visit

Any change to our fundamental data storage and processing environment of your Employee Data would require your explicit written authorization. 

We use third-­party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as your email address and sign­up date) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. Intercom analyzes your use of our website and/or product and tracks our relationship so that we can improve our service to you. We may also use Intercom as a medium for communications, either through email or through messages within our product(s). As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience. For more information on the privacy practices of Intercom, please visit Intercom’s services are governed by Intercom’s terms of use which can be found at 

B. Business Transfers:

Although this is not our day-to-day business, we may choose to buy or sell business assets. In these types of transactions, Client Data, but not Employee Data, may be an integral part of the business asset that is transferred. However, if we (or substantially all of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, (often referred to as a “business restructuring”) both Client Data and Employee Data would be integral components of the assets transferred to or acquired by a third party. In such a transfer, the relevant agreements will ensure that all parties with access to your or your Employees’ Personal Information will preserve the same level of protection demonstrated in this Privacy Policy.


C. Protection of Panalyt and Others:

We may be compelled to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or a court order; enforce or apply our conditions of use and other agreements with you; or protect the rights, property, or safety of Panalyt, our Employees, our users, or others. We may send information to fraud protection and credit risk reduction agencies, but only in a manner limited to and consistent with that specific purpose.


D. With your Consent:

Except as set forth above, you will be notified when your Client Data may be shared with third parties, and will be able to prevent the sharing of this information. Also, except as set forth above, any change to the management of your Employee Data, including sharing with third parties, will require your prior written authorization. 


We transmit and store all Employee Data solely within the industry standard for SAAS/cloud service security servers and applications managed by Google Cloud Platform (“GCP”).  Data is encrypted end-to-end and we strictly comply with GCP’s customer security best practices, ensuring your Employee Data remains safe and secure. For more information on the security practices of GCP, please visit

GCP’s physical infrastructure is hosted and managed within Google’s secure data centers and utilises GCP managed services technology. Panalyt’s infrastructure is compliant with ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II),  PCI Level 1, FISMA Moderate and Sarbanes-Oxley(SOX). Any change to our fundamental data storage and processing environment of your Employee Data would require your explicit written authorization. 

Client Data is also stored within the same GCP environment, and for any information you enter on our site, rather than uploaded, we encrypt the transmission of that information using secure socket layer technology (SSL).

Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

Your company’s administrator of the Panalyt services for your company (your “Admin”) is empowered to provide access to Employee Data to users, and determine which Employee Data each user can access. Your Admin must prevent unauthorised access to data, by granting access only to authorised individuals and ensuring they are given correct access levels.  

We endeavor to protect the privacy of your account and the Personal Information we hold in our records, but we cannot guarantee complete security. No data storage and transmission mechanism, including the transmission of information via the Internet, is completely secure. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of Personal Information at any time.

Our Website and Services may contain links to other sites. We are not responsible for the privacy policies and/or practices on other sites. When following a link to another site you should read that site’s privacy policy.


Our Services are not directed to persons under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If a parent or guardian becomes aware that their child, or any third party, has provided us with Personal Information without the parent’s consent, they should contact us at If we become aware that a child under 16 has provided us with Personal Information, we will take steps to delete such information from our files.


Regarding Client Data:

If you are your company Admin, through your account settings, you may:

a)  access, edit or delete the following information: Prefered/Display name and password, company name, company logo, job title, email, address, billing information

b) access the following information, where you, as Admin, have made it available: location, organisation and other job-related information.

If you are not your company Admin, through your account settings, you may;

a)  access, edit or delete the following information: Prefered/Display name and password

b) access the following information, where your admin has made it available: name, job title, email, location, organisation, and other job-related information.

Regarding Employee Data:

If you are your company Admin (or the most senior Admin where the company has multiple Admins with differing access permissions (“SuperAdmin”)) you may access or delete any and all Employee Information held by us.

If you are not your company Admin (or SuperAdmin) you may;

a)  access Employee Information as granted by your Company Admin. 

The information you can view, update, and delete may change as the Services and data provided by your company Admin changes. If you have any questions about viewing or updating information we have on file about you, please contact us at


We post customer testimonials/comments/reviews on our website which may contain personally identifiable information. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. To request removal of your Personal Information from Testimonials or comments please contact us at


All Client Data indicated as “required” within our website and/or services is required in order to utilize the services. All other data, including any Employee Data, is optional. You may request the deletion of your account by contacting your company Admin, or, if you are the Company Admin, contacting us at

Please note that some information may remain in our private records after your deletion of such information from your account. We will retain and use your Client Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may use any aggregated data derived from or incorporating your Employee Data after you update or delete it, but not in a manner that would identify any individual.

Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.

To request removal of your Personal Information from our blog or community forum, contact us at


We may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make material changes or changes in the way we use Personal Information, we will notify you by posting an announcement on our Website or sending you an email prior to the change becoming effective. You are bound by any changes to the Privacy Policy when you use the Website or Services after such changes have been first posted.


Our compliance with this Privacy Policy is verified at least annually by a designated internal privacy officer sufficient authority to resolve any issues.


Panalyt is committed to transparently resolve complaints about your privacy and our collection or use of your Personal Information. 

Anyone with inquiries or complaints regarding this privacy policy should first contact Panalyt at or send a letter to Panalyt Pte. Ltd. 138 Cecil Street, #12-01A Cecil Court, Singapore, 069538. We will make every effort to resolve your concerns.

European Union individuals​ may refer unresolved privacy complaints under the GDPR to the relevant body in their country. In the UK this is the Independent Commissioners Office.

Singapore based individuals, and any party outside the EU, may refer unresolved privacy complaints under the Singapore PDPA to the Singapore Personal Data Protection Commission.

The US regulatory agency with the authority to investigate and resolve claims, should you consider our practices to be unfair or deceptive, is the United States Federal Trade Commission.


Effective; 1 December 2019