Privacy Policy
Last updated: 2 July 2026
JohnTan.me is run by John Tan. I collect as little personal data as possible, and this page explains — in plain language — what is collected and what happens to it.
What this policy covers
This policy explains what personal data JohnTan.me collects, how it is used, where it is stored, and the choices you have. It is written to comply with Singapore's Personal Data Protection Act 2012 (PDPA). It applies to this website and the tools on it.
Data I collect, and why
Newsletter sign-ups. When you subscribe, I collect your email address to send you the newsletter. Nothing else.
Investor Readiness Quiz. If you complete the quiz and submit your email, I collect your email address, your answers, and your score. These are used to send you your results and relevant follow-up content, and to notify me of your submission.
Calculators. The financial calculators (mortgage, CPF LIFE, Shield plan and others) run entirely in your browser. Figures you enter are never sent to a server and are not collected.
Advisory clients and enquiries. If you engage me for advisory work or express interest, I keep the contact and planning details you provide (such as your name, phone number, email, and relevant financial information) to serve you as a client and follow up on your enquiry.
Site analytics. I use Vercel Analytics, which is cookie-less and collects aggregated, anonymised page-view data. It does not identify or track you individually.
Cookies
This site sets no tracking or advertising cookies. The only cookie in use is a session cookie for the password-protected advisor area, which is set only after a successful login there — regular visitors never receive it.
Where your data is stored
Your data is held with a small number of service providers acting on my behalf:
- Kit.com — newsletter subscribers and quiz submissions (email delivery and list management).
- Supabase — client and enquiry records, in an access-controlled database.
- Resend — transactional email delivery (for example, notifying me of a quiz submission).
- Vercel — website hosting and anonymised analytics.
Some of these providers store data outside Singapore. In line with the PDPA, I only use providers whose safeguards provide a standard of protection comparable to the PDPA. I never sell or rent your personal data, and I do not share it with third parties for their own marketing.
How long I keep it
I keep personal data only for as long as it is needed for the purpose it was collected — for example, while you remain a newsletter subscriber or an active client — or as required for legal and regulatory obligations, after which it is deleted.
Your choices and rights
Under the PDPA you may at any time:
- Unsubscribe — every newsletter email includes a one-click unsubscribe link.
- Access or correct your personal data that I hold.
- Withdraw consent and ask for your data to be deleted.
To exercise any of these, email me at john@johntan.me and I will respond within a reasonable time, as required by the PDPA.
Security
All traffic to this site is encrypted with HTTPS. Personal data is stored with access-controlled providers, and the advisor tools that handle client records sit behind authentication. No method of storage is perfectly secure, but I take reasonable steps required under the PDPA to protect your data from unauthorised access, use, or disclosure.
Changes to this policy
If this policy changes, the updated version will be posted on this page with a revised "last updated" date. Significant changes affecting how your data is used will be highlighted to newsletter subscribers.
Questions about this policy? Email john@johntan.me or head back home.