Privacy policy
Privacy Policy
Last updated: 15 May 2026
This Privacy Policy describes how Botaniko ("BOTANIKO", the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from botaniko.sg (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.
This Privacy Policy is governed by Singapore's Personal Data Protection Act 2012 (PDPA) and its amendments. We comply with the PDPA's data protection obligations including consent, purpose limitation, notification, access and correction, accuracy, protection, retention limitation, transfer limitation, and accountability.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use or access any of the Services.
---
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date, and notify active customers by email where the change materially affects them.
---
DATA PROTECTION OFFICER (DPO)
In accordance with PDPA requirements, Botaniko has appointed a Data Protection Officer responsible for ensuring compliance with the PDPA and handling all data protection enquiries.
DPO Email: dpo@botaniko.sg
WhatsApp: +65 8789 9343 (mark your message as "DPO enquiry")
Response window: We aim to respond within 30 days, as required by PDPA.
Contact the DPO for any of the following:
- Requests to access your personal data
- Requests to correct or update your personal data
- Requests to withdraw consent for any data processing
- Requests to delete your personal data
- Complaints about how we handle personal data
- Any other PDPA-related enquiries
---
WHAT PERSONAL INFORMATION WE COLLECT
We collect only the personal data necessary to operate our business and serve you well.
Account and identity data
Full name, email address, mobile phone number, and account password (encrypted — never stored in plain text).
Order and transaction data
Delivery address and recipient name, order contents, frequency and value, payment metadata (transaction reference and payment method type — we do not store full credit or debit card numbers), subscription history and preferences including flavor swaps, pauses, and reschedules, and Bottle Return Programme participation and credit balance.
Communication data
Email, WhatsApp, and Instagram message contents when you contact us, customer service correspondence and case history, photos and information you submit for damage or incorrect-item reports, and marketing consent status and email engagement.
Technical and usage data
IP address and approximate location (city or region only), browser type and operating system, pages visited and time spent on the storefront, referrer source, and cookies and similar technologies (see Cookies section below).
What we do NOT collect
We do not collect full credit or debit card numbers (these are handled directly by Shopify Payments and our payment processors), NRIC or other government identification numbers, health or medical data, biometric data, or race, religion, political views, or other sensitive personal data.
---
HOW WE COLLECT YOUR PERSONAL INFORMATION
Directly from you
When you create an account on botaniko.sg, place an order, sign up for a subscription, opt in to email or SMS marketing, contact us via WhatsApp, email, or Instagram, participate in the Bottle Return Programme, or respond to a customer satisfaction survey.
Automatically when you use our website
Via cookies and similar tracking technologies, server logs, and Google Analytics 4 (aggregated and anonymised usage analytics).
From third parties
In limited circumstances, we may receive data from payment processors (transaction confirmation and metadata — never card numbers), courier partners (delivery confirmation and address validation), and social media platforms when you interact with our official accounts.
---
HOW WE USE YOUR PERSONAL INFORMATION
To fulfil your orders and contracts with us
We process and ship orders, manage subscriptions including flavor swaps, pauses, and cancellations, coordinate delivery with courier partners, process payments and refunds, and verify Bottle Return Programme returns and apply credits. Legal basis: contractual necessity.
To provide customer service
We respond to your enquiries via WhatsApp, email, and Instagram, and handle damaged, incorrect, or defective item reports. Legal basis: contractual necessity and legitimate interest in providing quality customer service.
To send marketing communications (with your consent)
We send email newsletters about new flavors, promotions, and brand updates, and SMS notifications about subscription deliveries and exclusive offers where consent is given. Legal basis: explicit opt-in consent. You can withdraw consent at any time — see Your Rights below.
To improve our products and services
We use aggregate, anonymised analytics on storefront usage to understand popular flavors, subscription patterns, and product feedback. Legal basis: legitimate interests.
To comply with legal obligations
We maintain Singapore tax and accounting records, comply with PDPA requirements, and cooperate with law enforcement where legally required. Legal basis: legal obligation.
---
COOKIES
We use cookies to operate and improve our Site and Services.
Strictly necessary cookies are required for the website to function — login session, shopping cart, and checkout. These cannot be switched off.
Performance and analytics cookies help us understand storefront usage in aggregate via Google Analytics 4. Data is anonymised and no individual tracking occurs.
Functional cookies remember your preferences such as recently viewed products. These improve your experience.
Marketing cookies: Botaniko does not currently use Meta Pixel, TikTok Pixel, or other behavioural advertising trackers on its storefront.
Most browsers automatically accept cookies by default. You can choose to remove or reject cookies through your browser controls, though doing so may affect certain features of the Site. You can also opt out of Google Analytics tracking at tools.google.com/dlpage/gaoptout.
---
HOW WE DISCLOSE YOUR PERSONAL INFORMATION
We share your personal data only with trusted service providers who help us operate Botaniko. We do not sell, rent, or trade your personal data to any third party for their marketing purposes.
Service providers we use:
Shopify — e-commerce platform hosting botaniko.sg. Account, order, transaction, and analytics data.
Shopify Payments and partner processors — payment processing. Transaction metadata only. We do not see or store your full card details.
Shopify Email — email marketing and transactional emails. Email address, name, marketing consent status, and engagement metrics.
Kaching Subscriptions — subscription management. Account details, subscription preferences, and billing schedule.
Zoho CRM — customer relationship management and support records. Contact details, support case history, and communication records.
Google Analytics 4 — aggregated, anonymised website analytics. No personally identifying information.
Courier partners (Ninja Van, J&T Express, Lalamove, and others as needed) — order delivery. Recipient name, delivery address, phone number, and order reference.
Cross-border data transfers
Some of our service providers are based outside Singapore. For example, Shopify is headquartered in Canada and Google Analytics processes data globally. Under PDPA, when personal data is transferred outside Singapore, we ensure that the receiving organisation is contractually bound to protect personal data to PDPA-comparable standards. We do not transfer your personal data to any country without ensuring adequate protection is in place.
Legal disclosures
We may disclose personal data without your consent only when required by Singapore law, including in response to a valid order from law enforcement or judicial authority, to prevent or investigate fraud or security incidents, or to comply with tax, accounting, or other regulatory obligations.
---
HOW LONG WE KEEP YOUR INFORMATION
We retain personal data only as long as necessary for the purposes described in this policy or as required by Singapore law.
Active account data: retained for as long as your account is active.
Order and transaction records: 5 years from transaction date, as required by Singapore tax, accounting, and consumer protection statutes.
Marketing consent records: retained until consent is withdrawn, as required to prove valid consent.
Customer service correspondence: 2 years from last interaction.
Bottle Return Programme records: retained for as long as your account is active and a credit balance exists.
Server logs and analytics: 13 months (Google Analytics 4 default), then automatically deleted.
Inactive accounts (no activity for 3 or more years): reviewed and deleted unless a legal retention obligation applies.
After the applicable retention period, your data is securely deleted or fully anonymised.
---
MARKETING COMMUNICATIONS
Botaniko sends marketing communications only with your explicit, opt-in consent. We do not use pre-ticked consent boxes. Your marketing consent is captured affirmatively and recorded with a timestamp for compliance purposes.
You may opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email, or opt out of SMS marketing by replying STOP to any marketing SMS. You may also contact our DPO at dpo@botaniko.sg to withdraw any marketing consent.
Withdrawal of marketing consent does not affect essential transactional communications such as order confirmations and delivery notifications, which we continue to send as they are necessary to fulfil your orders.
Where SMS or voice marketing is used, we check phone numbers against Singapore's Do Not Call (DNC) Registry before sending.
---
YOUR RIGHTS UNDER PDPA
Depending on your circumstances, you may have some or all of the following rights in relation to your personal information.
Right to Access: You may request a copy of the personal data Botaniko holds about you. We will respond within 30 days of receiving your request.
Right to Correction: You may request correction of any inaccurate or incomplete personal data. Many corrections can be made directly through your account settings on botaniko.sg.
Right to Withdraw Consent: You may withdraw consent for any data processing based on consent at any time. Withdrawal does not affect the lawfulness of processing already carried out.
Right to Deletion: You may request deletion of your personal data, subject to legal and operational limitations. Transaction records must be retained for the period required by Singapore statutes. Active subscriptions must be cancelled before account deletion.
Right to Restrict Processing: You may ask us to stop or restrict our processing of personal data in certain circumstances.
To exercise any of these rights, contact our DPO at dpo@botaniko.sg or WhatsApp +65 8789 9343. We will not discriminate against you for exercising any of these rights. We may need to verify your identity before processing your request.
---
COMPLAINTS
If you have complaints about how we process your personal information, please contact our DPO at dpo@botaniko.sg in the first instance. We aim to resolve all complaints promptly and in good faith.
If you are not satisfied with our response, you may lodge a complaint with Singapore's Personal Data Protection Commission (PDPC):
Website: www.pdpc.gov.sg
Telephone: +65 6377 3131
---
SECURITY OF YOUR INFORMATION
Botaniko implements reasonable security arrangements to protect your personal data against unauthorised access, modification, disclosure, or loss. These include SSL/TLS encryption on all data in transit, encrypted password storage, secure infrastructure managed by Shopify's PCI-DSS-compliant hosting, and restricted access to customer data by authorised team members only.
Please be aware that no security measures are perfect or impenetrable. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.
In the event of a data breach that poses significant harm to affected individuals, we will notify affected individuals and the PDPC in accordance with PDPA's data breach notification obligations.
---
CHILDREN
Botaniko's Services and products are intended for adult consumers. We do not knowingly collect personal data from individuals under the age of 16 without verified parental or guardian consent.
If you are the parent or guardian of a child who has provided us with their personal information, please contact us at dpo@botaniko.sg to request that it be deleted.
---
THIRD PARTY WEBSITES AND LINKS
Our Site may provide links to websites or other online platforms operated by third parties. We do not guarantee and are not responsible for the privacy or security of such sites. We encourage you to review the privacy policies of any third-party sites you visit.
---
CONTACT
For any privacy or data-related question, to exercise your rights, or for any other enquiry under this Privacy Policy, please contact us:
DPO Email: dpo@botaniko.sg
WhatsApp: +65 8789 9343 (Monday to Friday, 9am to 6pm SGT)
General Email: shopify@botaniko.sg
Address: 109 Tampines St 86 The Alps Residences
UEN: 53482570B
Web: https://botaniko.sg/pages/contact-us
