← Back to Home

Privacy Policy

Effective date: 28 March 2026

1. Introduction

Obastion Pte. Ltd. (“Obastion”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (obastion.com), the LynxLedger platform, and our bookkeeping and finance operations services.

2. Information We Collect

Information you provide

  • Account information: name, email address, phone number, company name.
  • Business information: entity structure, transaction volumes, industry, jurisdiction, GST/VAT registration status.
  • Financial records: bank statements, invoices, receipts, and other documents you upload for bookkeeping services.
  • Payment information: billing details processed securely through Stripe. We do not store credit card numbers on our servers.
  • Communications: emails, messages, and support requests.

Information collected automatically

  • Device and browser information: IP address, browser type, operating system, device identifiers.
  • Usage data: pages visited, time spent, clicks, and navigation patterns.
  • Cookies and similar technologies: see Section 8 (Cookies) below.
  • Location data: approximate location derived from IP address for geo-pricing and service availability.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our bookkeeping and finance operations services.
  • Process transactions and send related notices.
  • Communicate with you about your account, services, and support requests.
  • Determine pricing based on your geographic location and business profile.
  • Comply with legal obligations, including tax and regulatory requirements.
  • Detect, prevent, and address fraud, security issues, and technical problems.
  • Improve our platform and develop new features based on aggregated, anonymised usage data.

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

  • Service providers: Stripe (payments), cloud hosting providers, and accounting software providers (Xero, QuickBooks, etc.) as necessary to deliver our services.
  • Professional advisors: lawyers, auditors, and consultants where necessary for our business operations.
  • Regulatory authorities: where required by law, regulation, or legal process.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Financial records are retained for a minimum of seven (7) years to comply with accounting and tax regulations. Upon account termination, we will retain your data for thirty (30) days to allow export, after which it will be securely deleted unless retention is required by law.

6. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

  • Encryption of data in transit (TLS) and at rest.
  • Access controls and authentication for all systems and personnel.
  • Regular security assessments and monitoring.
  • SOC 2 Type II and ISO 27001 aligned security practices.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal information we hold about you.
  • Correction: request correction of inaccurate or incomplete information.
  • Deletion: request deletion of your personal information, subject to legal retention obligations.
  • Portability: request your data in a structured, machine-readable format.
  • Objection: object to processing of your information for certain purposes.
  • Withdrawal of consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@obastion.com.

8. Cookies

We use cookies and similar technologies to:

  • Essential cookies: maintain your session, remember your language preference, and ensure the site functions correctly.
  • Analytics cookies: understand how visitors use our site so we can improve the experience (only with your consent).

You can manage your cookie preferences through the cookie consent banner displayed on your first visit. You may also configure your browser to block or delete cookies, though some features may not function properly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses and compliance with applicable data protection regulations such as the GDPR, Singapore PDPA, and other local laws.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through our platform. The “Effective date” at the top of this page indicates when this policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

privacy@obastion.com

Obastion Pte. Ltd.
60 Paya Lebar Road, #06-28 Paya Lebar Square
Singapore 409051

Privacy Policy | Obastion