Data Protection Notice

Atrium (bni.blaisehuxley.com) is operated by Benjamin Ho as the chairman of BNI Steadfast and the interim platform owner, on behalf of participating BNI chapters. References to we, us, or the platform in this notice refer to that operating entity.

For chapter members:

• Name, business name, business category
• Email address, mobile phone number
• Profile photo (optional)
• Attendance records, leadership roles, duty rotation
• Authentication credentials (passwords are hashed; never stored in plaintext)
• Session presence (last-seen timestamp, refreshed every 60s while the app is open)

For visitors and substitutes (entered into the platform by a chapter member with the data subject’s consent):

• Name, business name, mobile phone number, email (optional)
• The networking goal or business interest they expressed to the inviting member
• Visit history, attendance status, conversion outcome
• Buddy assignment and the inviting member’s name

We only use the data above for:

• Running the BNI chapter’s weekly meeting operations — attendance, visitor hosting, duty roster
• Pre- and post-meeting communication with the visitor (reminder, thank-you, feedback, follow-up)
• Membership Committee review when a visitor expresses interest in joining
• Chapter standing computation and audit history
• Platform security, abuse detection, and incident response

We do not sell personal data, share it with marketers, or use it for purposes other than those listed above without obtaining fresh consent.

Members consent to data processing as part of joining the chapter; the chapter’s membership terms include this notice by reference.

Visitors go through a two-stage consent flow: (1) the inviting member confirms at data entry time that the visitor verbally agreed, (2) on the visitor’s first portal touch they confirm or decline directly. Declining triggers an immediate hard-delete — we do not keep data we did not have genuine consent for. Granted consent is recorded with a timestamp; visitors may withdraw at any time via the controls on their portal (see Section 9) or by contacting the DPO.

Within the platform, data access is scoped per chapter and per role via row-level security at the database layer. Specifically:

• Within a chapter: chapter admins, the Visitor Host team, and the Membership Committee can see visitor data for their own chapter only.
• Across chapters: only the platform super administrator (the chairman) has cross-chapter read access, for support and platform operations.
• No third-party sharing outside the operational vendors listed in Section 7.

• All transport encrypted via TLS (Let’s Encrypt certificates, auto-renewing).
• At-rest encryption (AES-256) provided by the Supabase ap-southeast-1 region database.
• Row-level security policies enforce per-chapter scoping at the database layer, not just the app layer.
• Passwords hashed with bcrypt; minimum strength enforced (length, character class, HaveIBeenPwned check).
• Service-role database access never reaches the browser — used only by trusted server-side code.
• Every state-changing action is recorded in an immutable audit log with actor, timestamp, and before/after state.
• Session tokens expire and are rotated automatically. Sign-in attempts are rate-limited.

• Primary database: Supabase (Singapore region, ap-southeast-1).
• Application hosting: Vercel (Singapore edge region, sin1).
• Outbound email: Resend (United States). Email containing personal data is limited to meeting reminders, login links, and confirmations.

We comply with the PDPA Transfer Limitation obligation by contracting only with vendors whose privacy programmes provide comparable protection (Supabase, Vercel, and Resend are all GDPR-aligned, and Resend supports EU SCC-equivalent terms).

• Active member data: retained for the duration of chapter membership plus 24 months for handover and audit purposes.
• Visitor data: retained for up to 24 months after the visitor’s last interaction with the chapter, so the chapter can re-engage them in a subsequent term. Cancelled visitor records are purged on a rolling basis.
• Audit log: retained for the life of the chapter, then archived.
• Email send logs (Resend): 30 days as standard.

On a verified request to erase, we remove the personal data and retain only the minimum required for compliance, dispute resolution, or enforcement of our terms (see Section 9).

Under the PDPA, you have the right to:

• Access the personal data we hold about you, and information about how it has been used or disclosed within the past year.
• Correct any errors or outdated information in your record.
• Withdraw consent for any specific use of your data; we will tell you what consequences that has (e.g. you will no longer receive meeting reminders).
• Request erasure of your personal data, subject to the retention exceptions in Section 8.

Self-service paths — all available directly on the platform with no DPO email required:

• Members: on /my-profile you can edit your details, download a JSON copy of everything we hold about you, and request erasure (30-day grace, cancellable).
• Visitors: open the personal portal link in the welcome message we sent you (URL begins with bni.blaisehuxley.com/visit/). At first touch you confirm or decline consent directly. The portal also lets you toggle communication preferences per message type, download your data, and request erasure.

For anything self-service can’t cover, contact our Data Protection Officer using the details in Section 11. We respond within 30 calendar days.

If we become aware of a credible breach affecting personal data, we will:

• Assess the scope and likelihood of significant harm within 72 hours.
• Notify the Personal Data Protection Commission (PDPC) and affected individuals within 3 calendar days where the breach is reasonably likely to result in significant harm — in line with the 2021 PDPA amendment.
• Provide a plain-English summary of what happened, what data was involved, and what remediation steps were taken.

We have designated a Data Protection Officer (DPO) as required by the PDPA Accountability obligation.

For any PDPA complaint or unresolved data protection issue, you may also escalate to Singapore’s Personal Data Protection Commission at pdpc.gov.sg.

We will update this notice when our practices change. The Last updated date at the top reflects the most recent material change. Significant changes (new data categories, new third-party processors, expanded purposes) will be announced to chapter members via the platform announcements feed and to visitors who have an active portal link.

We rely on three data processors. Each has a Data Processing Addendum (DPA) or equivalent in their standard terms binding them to PDPA-comparable protection.

We do not engage any other third-party processor of personal data. Adding a new processor is a "material change" under Section 12 and will be announced.

Different categories of records carry different retention windows to satisfy both Section 25 (Retention Limitation — don’t keep longer than needed) and Section 11A (Accountability — be able to demonstrate consent and compliance).

Retention is enforced by automated daily jobs (Supabase pg_cron) and verified by the audit log. A retention-bucket prune runs at 03:30 SGT every day; the erasure-grace purge runs at 03:00 SGT every day.