Last Updated: 11.June.2026
Effective Date: 11.June.2026

1. INTRODUCTION AND SCOPE

Welcome to Thrico. Thrico is a modem community management platform operated by PulsePlay Digital (collectively referred to as “Thrico”, “ we ‘ ”, “us” or our’ ”). We provide a branded, white – labelled platform that enables organisation, creators, association educational institution, and enterprises to build and manage thriving online communities.

This privacy policy applies exclusively to user, members, and visitors based in the Republic of Singapore who access or use:

(a) The Thrico website at www.thrico.com

(b) The Thrico web applicable accessible at onboarding thrico.com

(c) The Thrico mobile application available on Apple App Store and Google Play Store.

(d) Any community platform powered by Thrico on behalf of our client (“Community Owners ”)

(e) Any other products, features, or services offered by Thrico.

This Privacy Policy sets out how we collect, use, disclose, store, transfer, and otherwise process your personal data in compliance with:

(a) The Personal Data Protection Act 2012 ( No. 26 of 2012 ) of Singapore (“ PDPA”) as amended by the Personal Data Protection (Amended) Act 2020.

(b) The PDPA Advisory Guidelines issued by the Personal Data Protection Commission of Singapore (“ PDPC”).

(c) The Spam Control Act (Cap. 311A) of Singapore.

(d) The Computer Misuse Act (Cap. 50A) of Singapore

(e) Any other applicable data protection and privacy laws, regulations, and guidelines in Singapore.

By accessing or using the Thrico platform, you acknowledge that you have read, understood and agree to the collection, use, and disclosure of your personal data in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of the Platform immediately.

2. KEY DEFINITIONS

For the propose of this privacy, the following definition apply.

(a) Personal data : Data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has likely to have access, as defined under Section 2(1) of the PDPA.

(b) Sensitive Personal Data : A subset of personal data that warrants heightened protection, including data relating to an individual’s health or medical history, race, religion, sexual orientation, financial circumstances, or criminal history.

(c) Consent : Deemed consent, consent, express consent, or consent arising from notification, as applicable under the PDPA.

(d) Platform : The Thrico website, application, and all related services, products, and features provided by Thrico.

(e) Community Owner : An Organisation or individual that has contracted with Thrico to deploy and manage a branded community platform for their members or users.

(f) User/Member : An individual who accesses, registers for, or uses the Platform, including visitors, registered users and community members.

(g) Processing : Any operation performed on personal data, including collection, recording, organisation, storage, adaptation, retrieval, use, discloser, erasure, or destruction.

(h) Data Protection Officer (DPO : The designated officer responsible for overseeing Thrico’s compliance with PDPA and this Privacy Policy.

(i) Third-party Service Provider : Any External party engaged by Thrico to provide services in connection with the Platform, including, but not limited to cloud hosting, analytics, payment processing, and customer support.

(j) Do not call (DNC) Registry : The National Registry established under the Personal Data Protection Act allow individuals to opt out of receiving unsolicited telemarking massages.

3. IDENTITY OF THE DATA CONTROLLER

Thrico operates as data controller with respect to personal data of Singapore Users processed directly vie the Platform. Where Thrico processes personal data on behalf of Community Owners. Thrico may act as a data Intermediary as defined under the PDPA.

Legal NamePulsePlay Digital Private Limited (operating as Thrico)
Platform NameThrico-Modern Community Management platform
Websitehttps://www.thrico.com
officeIndia and _____
DPO Contactthrico.dpo@pulseplaydigital.com



For all privacy-related requests, queries, complaints from Singapore Users, please direct your communication to the Data Protection Officer at the email address above

4. PERSONAL DATA WE COLLECT

4.1. Data you provide directly: When you interact with Thrico Platform, we collect the following categories of Personal Data that you voluntarily provide:

(a) Account registration and profit data :

(i) Full name of and display name
(ii) Email address and mobile number
(iii) Profile photograph or avatar
(iv) Data of birth and gender (where provided)
(v) Professional title, employer, and industry
(vi) Educational background and qualifications
(vii) Bio, interests, and personal descriptions
(viii) Location information (city, country)

(b) Community and Engagement data

(i) Posts, comments, forum discussion, and content you publish on the Platform
(ii) Messages, chats and communications with other members
(iii) Event registration and attendance records
(iv) Poll responses and survey answers
(v) Marketplace listings and transactions
(vi) Job application and career centre interactions
(vii) Mentorship and entrepreneurship program data
(viii) Gamification activity, points, badges, and leader board ranking
(ix) Stories, memories, and media uploads

(c) Financial and Payment Data

(i) Payment and details (processed securely via Razorpay or Stripe- Thrico does not store full card numbers)
(ii) Billing Address and transaction history
(iii) Subscription and purchase records

(d) Identity Verification data (where applicable)

(i) Government – issued identification documents (where required for specific features or age verification)
(ii) Corporate registration details (for Community owners)


4.2. Data Collected automatically : We automatically collect certain technical and usage data when you access the platform:

(i) Device information device type, operating system, device identifiers, browsers type and version
(ii) Network information: IP address internet services provider, approximate location derived from IP
(iii) Usage data pages visited, feature used, time and duration of session, click-stream data
(iv) Log data: access logs, error logs, and services side logs
(v) Cookies and similar technologies: session cookies, pixel tags, and web beacons (section 9 for full details)
(vi) App analytics: crash reports, performance data, and in app behaviour


4.3. Data received from third parties: We may receive personal data about you from:

(i) Community owners who onboard you to a Thrico – powered platform
(ii) Social media Platforms if you Choose to connect your account (e.g., LinkedIn, Facebook, Google)
(iii) Payment process (Razorpay, Stripe) for transaction verification
(iv) Background check or identity verification partners (where Applicable)
(v) Publicly Available sources, including public professional profiles


4.4. Sensitive Personal Data: Thrico does not intentionally collect sensitive personal data such as race, religion, health information, or financial details beyond what is necessary for payment processing. Where sensitive personal data is incidentally collected (e.g., through user-generated content), we apply heightened security measures and limit access to such data. You are advised not to post sensitive personal data in public areas of the Platform.


4.5. Data ReLating to minors: The Thrico platform is not directed at individuals under the age of 18 years, We do not knowingly collect personal data from minors. If you are a parent or guardian and believe that your child has provide us with personal data without your consent, please contact
thrico.dpo@pulseplaydigital.com
We will take prompt steps to delete such data from our systems upon verification

5. LEGAL BASIS AND PURPOSES FOR PROCESSING

Under the PDPA, Thrico may collect, use, and disclose personal data with the individual’s consent, or where an exception to consent applies as provide under the first, Second, and third Schedule of the PDPA.

Sl.No.Purpose of processingLegal Basic under PDPA
1Creating and managing your user account and profileConsent (Section 13-17, PDPA); Contractual necessity
2Providing and personalising community management platform featuresConsent; Legitimate interests
3Processing Payment for Subscription, market place transactions, and premium featuresContractual necessity; Consent
4Facilitating communication between members, including chat, events, and formsConsent; Contratual necessity
5Sending marketing communication and newsletters (with opt-in)Express consent; subject to DNC Registry obligations
6Analytics, platform improvement, and product developmentLegitimate interest; legal obligation
7Security, fraud prevention, and abuse detectionLegitimate interest; legal obligation
8Compliance with applicable Singapore laws are regulationsLegal obligation (third schedule, PDPA)
9Enforcing our terms of Use and resolving disputeLegitimate interest; legal obligation
10Conducting research, surveys, and community feedbackConsent
11Gamification, rewards, and recognition programmesConsent; Contract necessity
12Onboarding community owners and managing B2B relationshipContractual necessity; consent


Where we rely on consent as the legal basis for processing, you have the right to withdraw you consent at any time, withdrawal of consent will not affect the lawfulness of processing carried out prior to such withdrawal. Please note that withdrawing consent for certain processing activates may affect your ability to use specific feature of the platform.

6. DISCLOSER OF PERSONAL DATA

(a) Internal Disclosure: Personal data is share within Thrico and PulsePlay Digital on a need-to-know basis, solely for the purpose described in this privacy Policy.

(b) Discloser to community owners: If you are a member of a community powered by Thrico on behalf of a community owner, your personal data (include profile information and engagement activity) may be accessible to the relevant community owner and its authorised administrators. community owners are subject to contractual obligations with Thrico to process your data only for legitimate community management purpose and in compliance with the PDPA.

(c) Discloser to Third party Service providers: We engage trusted third-party service provider who process personal data on our behalf as data intermediaries under the PDPA. These include:

(i) Cloud infrastructure and hosting providers (e.g., Amazon Web Services, Google Cloud)
(ii) Payment processor: Razorpay and Stripe
(iii) Analytics and performance monitoring tools
(iv) Email and push notification service providers
(v) Customer support and helpdesk platforms
(vi) Identity Verification and background check providers (where applicable)
(vii) Cyber security and fraud detection services
All third-party service providers are contractually required to:
(a) Proses personal data only on instructions:
(b)implement appropriate security measures; and
(c) comply with applicable data protection obligations equivalent to those imposed by the PDPA,

(d) Discloser to other uses: Certain profile information and content that you post on the platform may be visible to other members of the community, depending on the privacy settings you choose, you should exercise cation when posting personal data in public or semi-public community spaces.

(e) Discloser required by law: We may disclose personal data where we are legally required to do so under Singapore law include:
(i) To comply with any other order, subpoena, or legal process
(ii) To respond to request from government agencies, regulatory bodies, or law enforcement authorities in Singapore
(iii) To protect the rights, property, or safety of Thrico, our users, or the public
(iv) in connection with any investigation of suspected or actual illegal activity

(f) Business transfers: In the event of a merger, acquisition, restructuring, sale of assets, or insolvency proceeding involving Thrico or PulsePlay Digital, personal data may be transferred to the relevant successor entity, subject to the same protections as described in this Privacy Policy. We will notify Singapore Users of any material change in data controller as required by the PDPA. when posting personal data in public or semi-public community spaces.

(g) Overseas transfer of personal data: In accordance with Section 26 of the PDPA and the PDPC’s Advisory Guidelines on the transfer limitation obligation, Thrico may transfer personal data outside Singapore where required for platform operations (e.g., to cloud severs located in the United States, India, Europe, or the United Arab Emirates). We ensure that any such overseas transfer is subject to:

(i) Binding contractual obligation requiring the receipt to provide a standard of protection comparable to the PDPA.
(ii) Transfer to countries in the PDPC’s approved whitelist of countries with adequate data protection laws
(iii) Your express consent to the transfer, where required

Thrico’s primary data processing infrastructure is operated by cloud service provider with facilities in multiple regions. We implement data processing agreement with all overseas recipients of personal data.

7. DATA RETENTION

Thrico retains personal data only for as long as necessary to fulfil the purpose for which it was collected, unless a longer retention period is required or permitted by applicable Singapore law.

SL. No.Data CategoryRetention Period
1Account and profile dataDuration of account +3 years after account deletion (for legal compliance)
2User- generated content (posts, comments, media)Duration of account, may be retained in anonymised from thereafter
3Transaction and payment records7 years (in compliance with Singapore accounting and tax obligation)
4Communication logs (chat, massaging)Duration of account +1 year, unless earlier deletion requested
5Event and attendance records3 years from event data
6Security and access logs12 months from creation
7Marketing consent recordsDuration of consent +3 years
8Legal dispute – related dataUntil final resolution of dispute +3 years
9DNC Registry opt-out recordsIndefinitely, until consent is reinstated
10Analytics and usage data (anonymised)Up to 5 years in aggregate, anonymised form



Upon the expiry of the applicable retention period, personal data will be securely deleted or anonymised in accordance with our data disposal procedure. You may request earlier deletion of your personal data by exercising your right under Section 11 of this Privacy Policy , Subject to applicable legal exceptions.

8. DATA SECURITY MEASURES

Thrico takes the security of your personal data seriously and implements technical and organisational measure in compliance with PDPA’s protection obligation Section 24 PDPA ) and PDPC advisory Guidelines on data security


8.1. Technical Security measures

(i) Transport Layer Security (TLS 1.2/1.3) encryption for all data in transit
(ii) AES – 256 encryption for sensitive data at rest
(iii) Secure Password hashing using industry – standard algorithms (bcrypt /Argon2)
(iv) Multi- factor authentication (MFA) for administrative access
(v) Role- based access controls (RBAC) limiting data access to authorised personnel
(vi) Regular penetration testing and DDoS mitigation
(vii) Automated treat detection and instruction monitoring system
(viii) Secure development lifecycle (SDLC) practise


8.2. OrganisationAL Security measures

(i) Data protection training for all employees handling personal data.
(ii) Confidentially obligations for staff and contractors
(iii) Third- Party vendors security assessments
(iv) Data minimisation and access limitation policies.
(v) Regular privacy impact assessments for new feature and processing activities.



8.3. Data breach notification

In accordance with Section 26C – 26N of the PDPA ( Mandatory Data Breach Notification obligation in force since 1 February 2021 ), Thrico will:

(i) Assess all suspected data breaches in timely manner
(ii) Notify the Personal Data Protection Commission ( PDPC ) within 3 calendar days of determining that a notifiable data breach has occurred (
i.e., a breach likely to cause significant harm to affected individuals)
(iii) Notify affected Singapore users as soon as reasonably practicable where the breach is likely to result in significant harm.
(iv) Maintain a data breach register recording all breaches investigated.
Not with standing the above security measure, no system id completely secure. you are encourage to protect your account credentials and report any suspected unauthorised access to thrico.dpo@pulseplaydigital.com immediately

9. COOKIES AND TRACKING TECHNOLOGIES

(a) What are cookies?
Cookies are small text files stored in your devise by your web browser when you visit a website. Thrico uses cookies and similar technologies (including web beacons, pixel tags, and local storage) to operate, maintains, secure, and improve the Platform.

(b) Categories of cookies we use

SL.No.Cookie TypePurpose
1Strictly necessary CookiesEssential for platform operation, include user authentication, session management, and security features cannot be disabled.
2Functional cookiesEnable personalised features such as language preferences saved setting, and user interface customisation
3Analytics CookiesCollect anonymised data about how users interact with the platform to improve performance and user experience (e.g., Google Analytics, Mixpanel)
4Marketing / targeting CookiesUsed to delivery relevant content and advertisements. Requires your consent before activation.
5Third-party CookiesSet by our integrated third-party services (e.g., social login providers, embedded content) Governed by the requisite third parties privacy policies.


(c) Cookies consent and control
In accordance with the PDPA’s Consent banner upon your first visit to the platform. You may accept, reject, or customise your Cookies preferences at any time via the Cookies Settings menu in the Platform footer.

Please note that disabling certain cookies may affect the functionality of the platform. You may also manage cookies through your browser settings; however; browser – level controls may not cover all tracking technologies.

(d) Do not track
Some browsers transmit “Do not Track” (DNT) signals. The Platform currently does not respond to DNT Signals from browsers, as there is no agreed Singapore standard for DNT compliance. We rely on our cookies consent mechanism as the primary control

10. MARKETING COMMUNICATION AND THE NOT CALL REGISTRY

(a) Market Communications
With your express consent, we may send you promotional communications, newsletters, product updates, and community highlights via email, SMS, or push notification, you may opt out of marketing communication at any time by:

(i) Clicking the “ Unsubscribe ” link in any market email.
(ii) Adjusting your notification preferences in your account settings.
(iii) Sending an opt- out request to thrico.dpo@pulseplaydigital.com

(b) Singapore Do Not Call (DNC) Registry
In compliance with Party IX of PDPA and personal data protection (Do Not Call Registration) regulation, Thrico will:

(i) Check the DNC Registry before sending marketing message to Singapore telephone numbers
(ii) Not send unsolicited marketing messages (voice call, SMS, or fax) to Singapore numbers registered with DNC Registry, unless we have clear and unambiguous consent from you.
(iii) Maintain records of your marketing consent as required by the PDPA
(iv) Include Thrico’s name and contact details in an all marketing massage for identification purpose.


If you wish to register your Singapore telephone number with the DNC registry, you may do so at
www.dnc.pdpc.gov.sg

11. YOUR RIGHT UNDER THE PDPA

As a Singapore user, The PDPA confers upon you the following right with respect to your personal data held by Thrico. We will respond to verifiable requests within the timeframe prescribed by the PDPA (generally 30 calendar days, with possible extension to 60 days for complex requests)

(a) Right of Access (Section 21, PDPA)
You have the right to request access to the personal data we hold about you, and information about how it has been used or disclosed in the 12 months proceedings you, and information about how it has been use or disclosed in the 12 months preceding your request access request. We may charge reasonable fee access requests, which we will communicate to you in advance

(b) Right oF Correction (Section 22, PDPA)
You have the right to request correction of any inaccurate or incomplete personal data we hold about you, we will correct the data as soon as soon as reasonably practicable and, where required transmit the correct data to third parties to whom the data was disclosed.

(c) Right of Withdrawal of Consent (Section 16, PDPA)
You may withdraw your consent to any processing of your personal data at any time by contacting our DPO, we will inform you of the likely consequences of withdrawal prior to processing your request withdrawal of consent will not affect the legality of prior processing.

(d) Right to data portability (PDPA Amendment 2020)
Following the 2020 amendments to PDPA, you may request that we transmit your personal data in a machine-readable format to another organisation’s platform, platform, where technically feasible. We will comply with such requested within 30 days

(e) Right to Lodge a Complaint with the PDPA
If you believe Thrico has violated the PDPA, you have the right to lodge a complaint with the personal data protection commission of Singapore at:

(i) PDPC Website: https//www.pdpc.gov.sg
(ii) Complaint portal: https://www.pdpc.gov.sg/ complaints
(iii) Email: pdpc_complaints@pdpc.gov.sg
(iv) Phone: +6563773131

(f) How to Exercise Your Rights
To exercises any of the above rights, please submit a written request to our Data Protection Officer at:

(i) Email: thrico.dpo@pulseplaydigital.com (Subject: “PDPA data Subject request – [your name]”)
(ii) We may require you to verify your identity before processing your request to protect the security of your personal data.
(iii) We will acknowledge your request within 5 business days and responded fully within 30 calendar days (extendable to 60 days for complex requests with prior notice)

12. AUTOMATED DECISION

The Thrico Platform uses automated systems to personalise your experience, including content recommendation, community suggestions, job matches, and gamification rankings. These automated processes are based on your profile data, engagement history, and platform preferences.

Automated processing on our Platform does not produce legal or similarity significant decisions about you without human oversight. Where any automated process may materially affect your access to Platform features, we will provide a mechanism for you to request human review of such decisions.

13. THIRD-PARTY LINKS AND INTEGRATIONS

The Thrico Platform may contain links to third-party websites, services, and integrations (including but not limited to Razorpay, Stripe, LinkedIn, Facebook, Google, Apple). This Privacy Policy does not apply to the data practice of any third-party service you access through the Platform.

Thrico is not responsible for the privacy practice or content of third-party Platform. The inclusion of links or integration does not constitute an endorsement of those platforms’ data practices.

14. CHILDREN’S PRIVACY

The Thrico Platform is not intended for use by individuals under the age of 18 years. We do not knowingly collect personal data from children under 18. If you are under 18, you must not register for or use the Platform without verified parental or guardian consent.

Where a Community Owner deploys a Thrico-Powered platform for an educational institution or youth organisation, appropriate parental consent mechanism must be implemented by the Community Owner in accordance with PDPA and any applicable sector-specific regulations (e.g., the Ministry of Education’s data governance frameworks)

If we become aware that a personal data of a child under 8 has been collected without appropriate consent, we will take immediate steps to delete such data and notify the relevant Community Owner.

15. COMMUNITY OWNERS-DATA RESPONSIBILITY

When Thrico provides the Platform on a white-label or branded basis to Community Owners, the respective Community Owner acts as a data controller for the personal data of their community members. In such cases, Thrico acts as a data intermediary processing personal data on the Community Owner’s behalf.
Community Owners are independently responsible for:

(a) Obtaining valid consent from community members as required by the PDPA.

(b) Providing their own privacy notices to members in accordance with the PDPA’s Notification Obligation.

(c) Ensuring lawful collection, use and disclosure of member personal data.

(d) Compliance with applicable DNC Registry obligations

(e) Data breach notifications to their own members and the PDPC, as applicable.


Thrico provides Community Owners with data processing agreements that set out the obligations of each party in accordance with the
PDPA . Community Owners may not instruct Thrico to process personal data in a manner inconsistent with the PDPA or this Privacy Policy.

16. AMENDMENTS TO THIS PRIVACY POLICY

Thrico reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, technological developments, or amendments to applicable Singapore Law.We will notify Singapore Users of material changes to this Privacy Policy by:

(a) Posting a prominent notice on the Platform with the updated effective date.

(b) Sending a notification via email or in-app message (for registered users)

(c) Requiring re-consent where required by the PDPA for new or materially different processing activities.

Your continued use of the Platform following the effective date of any amended Privacy Policy constitutes your acceptance of the revised terms. If you do not agree with the amendments, you should discontinue use of the Platform and request deletion of your account. We maintain to our Data Protection Officer.

17. GOVERNING LAW AND JURISDICTION

This Privacy Policy and any disputes arising therefrom shall be governed by and construed in accordance with the laws of the Republic of Singapore, including the Personal Data Protection Act, 2012 (as amended).

Any dispute relating to this Privacy Policy or the processing of your personal data shall be subject to the non-exclusive jurisdiction of the courts of Singapore. Singapore Users may also refer complaints to the Personal Data Protection Commission as described in Section 11 (E) above.

18. CONTACT US AND DATA PROTECTION OFFICER


If you have any questions, concerns or requests relating to this Privacy Policy or the processing of your personal data, please contact our Data Protection
Officer.

(a) Organisation: PulsePlay Digital (Thrico)

(b) For Attention: Data Protection Officer (DPO)

(c) Email: thrico.dpo@pulseplaydigital.com

(d) Subject Line: PDPA Privacy Request- (Your Full Name)

(e) Websitehttps://www.thrico.com


We are committed to resolving all privacy-related concerns in a timely, fair and transparent manner consistent with the obligations of the PDPA and our commitment to earning and maintaining your trust.