OperateX Login

Privacy Policy

Last updated: April 2026

OperateX ("we", "us", or "our") is committed to protecting the privacy and personal data of our users. This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with our platform at operatex.io (the "Platform") and the services we provide. This Privacy Policy applies to all users of the Platform, including visitors to the website, registered users, and anyone who interacts with us in connection with our services.

By registering on the Platform or using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your personal data as described herein.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable individual, including but not limited to name, identification number, contact details, financial data, and online identifiers.
  • "Processing" means any operation performed on personal data, including collection, recording, storage, use, disclosure, or deletion.
  • "Controller" means Renam Pte. Ltd., which determines the purposes and means of processing personal data.
  • "Processor" means a third party that processes personal data on behalf of OperateX.
  • "User" means any individual who registers for and uses the OperateX Platform.
  • "PDPA" means the Personal Data Protection Act 2012 of Singapore, as amended from time to time.

2. Data Controller

The data controller responsible for your personal data is:

Renam Pte. Ltd.
304 Orchard Rd, #29-02
Singapore 238863

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us via email at support@operatex.io. We will respond to all privacy-related inquiries within 30 days of receipt.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Personal Details

Full name, date of birth, nationality, residential address, email address, and phone number. Collected during account registration and onboarding.

3.2 Identification Data

Government-issued identity document data including document number, issue date, expiry date, issuing authority, and facial photograph. Collected during KYC verification through our identity verification partner, Didit.

3.3 Verification and Compliance Data

Data collected for anti-money laundering (AML) and counter-terrorist financing (CTF) compliance, including politically exposed person (PEP) screening results, international sanctions screening results, and source of funds declarations.

3.4 Payment and Transaction Data

Bank account details (account name, account number, bank code), transaction amounts, currency, invoice data, transfer references, and payment history. Collected in the course of providing our payment and invoicing services.

3.5 Business Data

Information about the nature of services you provide, your clients' details (as entered on the Platform), invoice descriptions, and business activity information.

3.6 Device and Usage Data

IP address, browser type and version, device identifiers, pages visited on the Platform, time spent, actions taken, and other technical data collected automatically when you use the Platform.

3.7 Customer Support Data

Records of communications between you and OperateX including support tickets, emails, and chat messages.

3.8 Marketing Preferences

Your communication preferences and records of any consent granted for marketing communications.

4. Sources of Personal Data

We collect personal data from the following sources:

  • Directly from you — during account registration, onboarding, KYC verification, invoice creation, transfer requests, and support interactions.
  • Our KYC partner Didit — identity verification results and facial biometric data processed during the KYC process.
  • Our Banking Partner — transaction data and account screening results.
  • Sanctions and PEP databases — publicly available and licensed databases used for AML compliance screening.
  • Automated collection — technical and usage data collected automatically through cookies and similar technologies when you use the Platform.

5. Purposes for Processing Personal Data

We process your personal data for the following purposes:

5.1 Service Provision

To provide the services described in the Terms and Conditions, including KYC verification, invoice creation and review, payment receipt, balance management, and transfer processing. Legal basis: performance of a contract.

5.2 Compliance

To comply with applicable laws and regulations including AML/CTF obligations, KYC requirements, sanctions screening, financial record-keeping, and responses to lawful requests from regulatory authorities. Legal basis: legal obligation.

5.3 Platform Security and Fraud Prevention

To detect, prevent, and investigate fraud, unauthorised access, and other security incidents. Legal basis: legitimate interest.

5.4 Platform Improvement and Analytics

To analyse usage patterns, improve the Platform's functionality and user experience, and develop new features. Legal basis: legitimate interest.

5.5 Communication

To communicate with you about your account, transactions, service updates, and support requests. Legal basis: contract performance and legitimate interest.

5.6 Marketing

To send you promotional information about OperateX services and relevant updates, where you have provided explicit consent. Legal basis: consent. You may withdraw consent at any time.

5.7 Legal Claims

To establish, exercise, or defend legal claims in connection with our services. Legal basis: legitimate interest and legal obligation.

6. Disclosure of Personal Data to Third Parties

We may share your personal data with the following categories of third parties:

  • Banking Partner (Airwallex) — for payment processing, account management, and AML screening. Your transaction and account data is shared as necessary to provide the payment services.
  • KYC Provider (Didit) — for identity verification and facial biometric processing. Didit processes your identity data as a data processor on our behalf, subject to their privacy and security standards.
  • Regulatory and law enforcement authorities — where required by applicable law, court order, or regulatory request.
  • Professional advisors — including lawyers, accountants, and auditors, subject to confidentiality obligations.
  • IT service providers — including hosting providers, platform maintenance providers, and security vendors, subject to data processing agreements.
  • Customer support platforms — including our support portal provider (Featurebase), subject to data processing agreements.
  • Successor entities — in the event of a merger, acquisition, or sale of all or substantially all of OperateX's assets, your personal data may be transferred to the successor entity.

We do not sell your personal data to third parties for marketing purposes. All third-party processors engaged by OperateX are required to process personal data only in accordance with our instructions and in compliance with applicable data protection laws.

7. International Transfers of Personal Data

As OperateX operates globally and engages third-party service providers in multiple countries, your personal data may be transferred to and processed in countries outside Singapore. This includes transfers to our Banking Partner and KYC provider, which may store and process data in the European Union, United States, or other jurisdictions. Where we transfer personal data outside Singapore, we ensure appropriate safeguards are in place in accordance with the PDPA, including contractual protections requiring recipients to maintain standards of data protection equivalent to those required under Singapore law.

8. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal and regulatory obligations. Our general retention periods are as follows:

  • Account and identity data: 5 years after account closure or termination of the business relationship.
  • Transaction and financial data: 7 years from the date of the transaction, in accordance with accounting and financial record-keeping requirements.
  • AML and compliance data: 5 years after the end of the business relationship, as required by AML regulations.
  • Device and usage data: 1 year after account closure.
  • Marketing preference data: Until consent is withdrawn or the account is closed.

After the applicable retention period, personal data is securely deleted or anonymised.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

  • Encryption of data in transit using industry-standard protocols (TLS);
  • Access controls limiting data access to authorised personnel only;
  • Regular security assessments and monitoring;
  • Data processing agreements with all third-party processors requiring equivalent security standards.

Our KYC partner Didit maintains ISO 27001 certification and GDPR compliance for the processing of identity and biometric data. Our Banking Partner Airwallex maintains PCI DSS, SOC1, and SOC2 compliance for payment data.

Despite our best efforts, no security measure is completely infallible. In the event of a data breach that is likely to result in a risk to your rights and interests, we will notify you and the relevant authorities as required by applicable law.

10. Your Rights

In accordance with the PDPA and other applicable data protection laws, you have the following rights in relation to your personal data:

10.1 Right to Access

You have the right to request a copy of the personal data we hold about you.

10.2 Right to Correction

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

10.3 Right to Withdrawal of Consent

Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

10.4 Right to Data Portability

You have the right to receive personal data you have provided to us in a structured, commonly used, machine-readable format, where technically feasible.

10.5 Right to Erasure

You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal and regulatory obligations to retain certain data.

10.6 Right to Object

You have the right to object to the processing of your personal data where processing is based on legitimate interest, including processing for direct marketing purposes.

To exercise any of these rights, please contact us at support@operatex.io. We will respond to all requests within 30 days. In some cases we may need to verify your identity before processing your request. Please note that certain rights may be limited where we are required to retain data to comply with legal obligations or where data is necessary for the establishment, exercise, or defence of legal claims.

11. Cookies and Tracking Technologies

The Platform uses cookies and similar tracking technologies to enhance user experience, analyse usage, and support security measures. We use the following types of cookies:

  • Essential cookies — necessary for the Platform to function correctly, including authentication and session management. These cannot be disabled.
  • Analytics cookies — used to understand how users interact with the Platform, such as pages visited and time spent. We use these to improve the Platform.
  • Preference cookies — used to remember your settings and preferences on the Platform.

You can manage cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform.

12. Automated Decision Making

OperateX uses automated processes in certain parts of the onboarding and compliance workflow, including automated screening of your business activity type to determine eligibility for the Platform, and automated AML and sanctions screening of transactions by our Banking Partner. Where automated decisions have a significant effect on your access to the Platform or services, you have the right to request human review of the decision. Please contact us at support@operatex.io to request a review.

13. Marketing Communications

With your consent, we may send you promotional communications about OperateX products, features, and updates. You can opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email;
  • Updating your communication preferences in your account settings;
  • Contacting us at support@operatex.io.

Please allow up to 5 business days for opt-out requests to be processed. You will continue to receive transactional and account-related communications regardless of your marketing preferences.

14. Children's Privacy

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18, we will take immediate steps to delete that data.

15. Amendments to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where changes are material, we will notify you by email or through a notification on the Platform at least 15 days before the changes take effect. Your continued use of the Platform after the effective date of the updated Policy constitutes acceptance of the revised terms. If you do not agree with the updated Policy, you must stop using the Platform.

16. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Singapore, including the Personal Data Protection Act 2012 (PDPA). Any disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Singapore.