1. Who We Are
Artemis Labs Pte. Ltd. is a private limited company incorporated in Singapore (UEN to be published upon incorporation). Our registered address is 9 Raffles Place, #29-05, Republic Plaza, Singapore 048619. We operate the TrustCaptain review platform, which allows businesses to claim a verified profile and collect email-confirmed reviews from their customers.
For the purposes of applicable data protection laws, Artemis Labs Pte. Ltd. is the data controller in respect of personal data processed through the Platform.
2. Scope
This policy applies to all visitors to our website, registered reviewers, business account holders, and any other individuals whose personal data we process in connection with the Platform. It does not apply to third-party websites or services that may be linked to from our Platform.
Because we operate globally, different data protection laws may apply depending on where you are located, including Singapore’s Personal Data Protection Act 2012 (“PDPA”), the European Union General Data Protection Regulation (“GDPR”), and the California Consumer Privacy Act (“CCPA”). Where relevant, we address your rights under each regime in Section 10 below.
3. Personal Data We Collect
3.1 Data you provide to us
- Account registration. When you create a business account we collect your email address, name, and the domain name you wish to claim.
- Review submission. When you submit a review we collect your email address (for verification), your display name (which may be your real name or a chosen pseudonym), star rating, and written review content.
- Business responses. Public responses posted by business account holders to reviews are stored and displayed on the relevant profile.
- Communications. If you contact us by email we collect the contents of your message and any information you choose to include.
3.2 Data we collect automatically
- Log and usage data. Our servers and hosting infrastructure record standard log data, including your IP address, browser type and version, pages visited, referring URL, and timestamps.
- Authentication tokens. We use session tokens stored in secure HTTP-only cookies to keep you logged in.
- Domain verification data. When you verify ownership of a domain we record the verification method used and the timestamp of successful verification.
3.3 Data we do not collect
We do not collect payment card details or financial information. We do not knowingly collect sensitive personal data (such as health, biometric, or government-issued identification information) unless you voluntarily include it in a review or communication.
4. How We Use Your Personal Data
We process personal data for the following purposes and legal bases:
| Purpose | Legal basis |
|---|---|
| Providing the Platform and core features (account management, review collection, public profiles) | Performance of a contract / our legitimate interests |
| Verifying reviewer email addresses to ensure review authenticity | Legitimate interests (integrity of the review system) |
| Verifying business domain ownership | Performance of a contract |
| Sending transactional emails (review notifications, verification links) | Performance of a contract |
| Responding to customer support enquiries | Legitimate interests / legal obligation |
| Detecting and preventing fraud, spam, and abuse | Legitimate interests / legal obligation |
| Complying with applicable laws and regulations | Legal obligation |
| Improving and securing the Platform | Legitimate interests |
Where we rely on legitimate interests as our legal basis, we have conducted a balancing test and are satisfied that our interests do not override your rights and freedoms. You may request details of that assessment by contacting us.
5. Public Nature of Review Content
Reviews, ratings, reviewer display names, and business responses published on the Platform are publicly accessible by anyone, including via search engines. Before submitting a review, please consider what information you wish to make public. Your email address is never displayed publicly; it is used solely for verification and internal records.
If you wish to have a review you submitted removed from public view, please see Section 10 (Your Rights) or contact us at contact@trustcaptain.io. We will assess removal requests on a case-by-case basis in accordance with our platform integrity policies and applicable law.
6. Sharing Your Personal Data
6.1 Service providers
We share personal data with trusted third-party processors who provide infrastructure and services necessary to operate the Platform:
- Supabase, Inc. — Database hosting, authentication, and storage. Data may be stored in data centres within the United States and European Union.
- Vercel Inc. — Web hosting and content delivery. Infrastructure is distributed globally.
- Resend, Inc. — Transactional email delivery (verification emails, notifications).
Each service provider is bound by contractual obligations to process personal data only on our instructions and to implement appropriate security measures.
6.2 Embeddable widget
Businesses that install our embeddable trust widget on their own websites serve it from our CDN. The widget does not set cookies on end-user browsers or transmit personal data about visitors to us.
6.3 Legal disclosures
We may disclose personal data to courts, regulators, law enforcement authorities, or other governmental bodies where we are required or permitted to do so by applicable law, or where disclosure is necessary to protect our legal rights or the safety of individuals.
6.4 Business transfers
If we are involved in a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected users before personal data becomes subject to a different privacy policy.
6.5 No sale of personal data
We do not sell, rent, or trade personal data to third parties for their own marketing purposes.
7. International Data Transfers
We are based in Singapore, and our service providers may process data in the United States, the European Union, and other countries. When transferring personal data outside Singapore, we ensure appropriate safeguards are in place as required by the PDPA’s data transfer obligations, including transfer impact assessments and contractual protections where required.
For transfers from the European Economic Area (“EEA”) or United Kingdom (“UK”), we rely on the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Addendum, as applicable, where our service providers do not benefit from an adequacy decision.
8. Data Retention
We retain personal data for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations, resolve disputes, and enforce our agreements. Our general retention periods are:
- Business account data:Retained for the duration of the account and for up to 3 years after account closure.
- Reviewer email addresses:Retained for the duration of the review and for up to 3 years thereafter to handle disputes or legal claims.
- Public review content:Retained until deleted by us at the reviewer’s request (subject to our platform integrity policies) or upon account closure.
- Server log data:Retained for up to 90 days unless required longer for security or legal purposes.
9. Security
We implement industry-standard technical and organisational measures to protect personal data against unauthorised access, loss, disclosure, or destruction. These measures include TLS encryption in transit, encrypted storage at rest, role-based access controls, and regular security reviews.
No method of electronic transmission or storage is 100% secure. In the event of a personal data breach that poses a risk of significant harm, we will notify affected individuals and relevant authorities as required by applicable law.
10. Your Rights
Depending on your location, you may have the following rights in respect of your personal data. To exercise any of these rights, please contact us at contact@trustcaptain.io. We will respond within the timeframe required by applicable law (generally 30 days, subject to extension).
10.1 All users (Singapore PDPA)
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete personal data.
- Withdrawal of consent: Where processing is based on consent, withdraw that consent at any time (without affecting the lawfulness of prior processing).
- Data portability: Request that we provide your data in a structured, machine-readable format.
10.2 EEA and UK users (GDPR / UK GDPR)
In addition to the above, if you are in the EEA or UK you also have the right to:
- Erasure (“right to be forgotten”): Request deletion of your personal data in certain circumstances.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Object: Object to processing based on legitimate interests or for direct marketing purposes.
- Lodge a complaint: Complain to your local supervisory authority (e.g. the Information Commissioner’s Office in the UK).
10.3 California users (CCPA/CPRA)
California residents have the right to:
- Know what personal information we collect, use, disclose, or sell.
- Delete personal information we have collected (subject to exceptions).
- Opt out of the sale or sharing of personal information (we do not sell or share personal information as defined under CCPA).
- Non-discrimination for exercising your rights.
- Correct inaccurate personal information.
To submit a verifiable consumer request, contact us at contact@trustcaptain.io.
11. Cookies and Similar Technologies
We use a minimal set of cookies and similar technologies:
- Strictly necessary cookies: Session authentication tokens required for you to log in and use the Platform. These cannot be disabled without affecting Platform functionality.
- Preference cookies: Used to remember settings such as language preferences where applicable.
We do not use advertising, tracking, or third-party analytics cookies. You can control cookies through your browser settings, though disabling necessary cookies may prevent you from accessing certain parts of the Platform.
12. Children's Privacy
The Platform is not directed at children under the age of 13 (or 16 in the EEA where a higher age applies). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental or guardian consent, we will take steps to delete that information promptly.
13. Third-Party Links
Public review profiles may display the reviewed business’s website domain. We are not responsible for the privacy practices or content of any third-party websites. We encourage you to review the privacy policies of any websites you visit.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. Where changes are material, we will provide notice via email (to registered account holders) or a prominent notice on the Platform at least 14 days before the changes take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.
15. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data, please contact our data protection contact at:
Artemis Labs Pte. Ltd.
Trading as TrustCaptain
9 Raffles Place, #29-05, Republic Plaza, Singapore 048619
Email: contact@trustcaptain.io
We are committed to resolving complaints about our collection or use of your personal data. If you are not satisfied with our response, you may have the right to refer the matter to the relevant data protection authority in your jurisdiction. In Singapore, this is the Personal Data Protection Commission (PDPC).
See also our Terms of Service.