OkElder Privacy Policy

Last updated: 16 June 2026

Note: This policy is written to align with Singapore's Personal Data Protection Act (PDPA). It is a starting framework and has not yet been reviewed by a lawyer. Have it checked before relying on it for non-pilot customers.

OkElder Reassurance Services (“OkElder”, “we”, “us”) provides a daily telephone check-in service for elderly people in Singapore, arranged by their family members. This policy explains what personal data we collect, why, how we use it, and the choices you and your parent have. It is written to comply with the PDPA.

1. Who this policy covers

This policy concerns two groups:

The family contact — the adult who signs up and pays (usually an adult child).
The senior — the parent or relative who receives the daily call.

The senior is a person whose data we process even though they do not sign up themselves. We treat their data with particular care, and we confirm their consent directly by phone before any daily calls begin (see section 4).

2. What we collect

From the family contact:

Name and mobile phone number
Email address (for billing and account notices)
Payment details (processed by Stripe — we do not store card numbers)

About the senior:

Name and phone number
Preferred daily call time and language
A record of each call: whether it was answered, the spoken or keypad response (“OK” / “needs help” / no response), call duration, and timestamp

We do not record or store the audio of calls. We store only the outcome of each call.

3. Why we collect it (purpose)

We use this data only to:

Place the daily check-in call to the senior
Confirm the senior's consent before starting
Show the family contact a private status page
Send the family contact an SMS alert when the senior misses two consecutive calls or asks for help
Process billing and provide customer support

We do not use this data for advertising, and we do not sell it. We will not use it for any new purpose without asking you first.

4. Consent — including the senior's

Under the PDPA, we rely on consent to collect and use personal data.

The family contact consents when they submit the setup form.
The senior's consent is confirmed directly: before any daily calls start, we place a one-time call explaining the service and asking the senior to agree. If the senior declines or cannot confirm, we do not start daily calls, and we delete their data on request.

A family contact confirming “I informed my parent” is not, by itself, the senior's consent. The confirmation call is.

Either party may withdraw consent at any time (see section 8). Withdrawing the senior's consent stops the service.

5. Who we share data with

We share data only with service providers who help us run OkElder, and only as far as needed:

Twilio — to place calls and send SMS (receives the senior's phone number and call outcome)
Stripe — to process payment (receives the family contact's billing details)
Supabase — our database provider, which stores the data described above

These providers process data on our behalf under their own security obligations. We do not permit them to use it for their own purposes.

We may disclose data if required by Singapore law or a valid legal request.

6. Where data is stored

Some of our providers store data on servers outside Singapore. Where data leaves Singapore, we take reasonable steps to ensure a comparable standard of protection, as required by the PDPA's transfer limitation obligation.

7. How long we keep it

Call outcome records: retained while your account is active and for up to 12 months after, for support and dispute resolution, then deleted.
Account and billing records: retained as required for tax and accounting purposes.
On account closure, we delete or anonymise personal data we are not legally required to keep.

8. Your rights

Under the PDPA you may:

Access the personal data we hold about you or your parent
Correct it if it is inaccurate
Withdraw consent and close the account

To exercise any of these, email privacy@okelder.com. We will respond within a reasonable time, and within any timeframe the PDPA requires.

9. Protecting your data

We use access controls, encrypted connections, and reputable infrastructure providers to protect personal data. No system is perfectly secure, but if a data breach occurs that poses a risk of significant harm, we will notify affected individuals and the Personal Data Protection Commission as required by the PDPA.

10. Data Protection Officer

As required by the PDPA, OkElder has designated a Data Protection Officer responsible for ensuring compliance with this policy. You can reach them at dpo@okelder.com.

11. Changes to this policy

We may update this policy. If we make a material change, we will notify the family contact by email or SMS. The “last updated” date above always reflects the current version.

12. Contact

Questions about this policy or your data: privacy@okelder.com

OkElder is a daily wellness check-in service, not a medical emergency response system. It is not monitored 24/7. In a medical emergency, call 995 immediately.