Privacy Notice

June 30, 2025

Momentum Spark Pte. Ltd. and its affiliated entities (“KitaHQ”, “we”, “us”, or “our”) collect and handle personal data in line with the Singapore Personal Data Protection Act 2012 (PDPA SG), the Malaysia Personal Data Protection Act 2010 (PDPA MY), the Indonesia Personal Data Protection Law 2022(PDPL ID), and any other privacy laws that apply to our activities. This Notice explains how we collect, use, share, and protect personal data whenever you visit or interact with our website or any online product or service that links to this Notice (the “Services”). If a separate written contract (for example, a Master Services Agreement with a data-processing addendum) governs your use of the paid platform, that contract prevails if there is any conflict.

 

1. Scope

This Notice applies to:

  • visitors to https://kitahq.com and its sub-domains;
  • prospective customers, partners, and job applicants who engage with us; and
  • anyone who accesses demos, free trials, or other pre-contract features of the Services.

    • It does not cover end-user data that we process solely on behalf of enterprise customers under a separate contract.

     

    2. Key definitions

  • Personal data – information that identifies, or can reasonably identify, a living person.
  • Processing – any operation performed on personal data (collection, storage, use, disclosure, deletion, etc.).
  • Controller – the entity that decides why and how personal data is processed.
  • Processor – an entity that processes personal data on a controller’s behalf.
  • Cookies – small text files placed on your device that store information or enable functionality

    •  

    3. What we collect

    Data you provide directly.
    Depending on how you interact with us, you may give us:
    • contact details (name, email, phone, postal address);
    • employment information (current title, employer, professional licences, references, links to professional profiles);
    • résumé or CV content (education, work history, skills, languages, awards);
    • application-specific answers, including expected or desired salary and preferred or earliest start date;
    • diversity information you choose to share where permitted by law;
    • written responses, coding challenges, portfolios, or video/audio interviews that capture your image, video and/or voice;
    • billing data (invoice address, tax numbers, payment method) when you buy paid Services; and
    • the content of enquiries, surveys, feedback, or support tickets.

    Data we collect automatically.
    We log IP address, device and browser type, operating-system details, referring pages, pages viewed, time spent, clicks, and similar usage metrics from your browser or device.

    Derived or analytic data.
    Our systems generate usage logs, performance scores, and feature-usage patterns to improve the Services.

    We do not knowingly collect data from individuals under 18.

    4. Why we process your data

  • Provide and operate the Services – create and manage accounts and deliver requested functionality (contractual necessity).
  • Support and communication – respond to enquiries, send service notices, and troubleshoot issues (legitimate interests).
  • Payments, fraud prevention, security – detect abuse and comply with audit or law-enforcement duties (legitimate interests / legal obligations).
  • Product improvement and analytics – refine existing features and develop new ones (legitimate interests).
  • Marketing – with your consent where required, send newsletters or event invitations; you may opt out at any time.
  • Regulatory compliance – keep records to meet tax, accounting, or reporting requirements (legal obligations).

    •  5. Sharing and transfers

  • Service providers (sub-processors). Cloud hosting, analytics, payment, and email vendors under written data-protection commitments.
  • Affiliates. We may share data within the KitaHQ group for internal administration, shared service delivery, and (when you accept an invitation) visibility to potential employers. Where an affiliate and KitaHQ jointly decide the purposes and means of processing, we act as joint controllers and honour your rights accordingly.
  • Legal or regulatory requirements. We disclose data when courts, regulators, or law-enforcement validly require it.
  • Business transfers. If we merge, sell, or reorganise our business, your data may transfer as part of that transaction; you will be notified of any material change.

    • International transfers

    Our headquarters are in Singapore and we rely on global cloud infrastructure. When personal data moves to a country whose laws are not deemed “adequate” under PDPA MY or PDPL ID, we protect it using Standard Contractual Clauses or comparable safeguards, or obtain your explicit consent.

     

    6. Retention

  • Account data – kept for the life of the account plus up to 24 months.
  • Marketing contact data – retained until you opt out or we learn it is no longer valid.
  • Interview recordings – stored as directed by an enterprise customer or, for direct candidates, up to 12 months unless a longer period is required by law or agreed with you.

    • After the retention period, we securely delete or anonymise the data.

     

    7. Your rights

    Subject to local law, you may: access your data; rectify inaccuracies; request deletion; restrict or object to certain processing; obtain a portable copy; or withdraw consent. To exercise any right, email legal@kitahq.com. We may verify your identity before acting on a request.

     

    8. Security

    We operate a layered security program that includes encryption in transit (TLS 1.2+) and at rest; role-based access controls with multi-factor authentication; continuous monitoring and vulnerability scanning; and documented incident-response procedures aligned with SOC 2 principles.

     

    9. Cookies

    We use cookies and similar technologies to enable core site features, analyze usage, personalize content, and where permitted deliver targeted advertising. Essential cookies do not require consent; non-essential cookies require opt-in. Manage preferences via our Cookie Settings banner or your browser. See our separate Cookie Policy for details.

     

    10. Data-breach notification

    If a breach likely to compromise personal data occurs, we will notify affected individuals and the relevant authorities without undue delay, following PDPA SG guidance.

     

    11.Children’s data

    The Services are not intended for individuals under 18, and we do not knowingly process their data without verifiable consent.

     

    12. Updates

    We may update this Notice from time to time. A revised “Effective from” date will appear at the top; if changes are significant, we will give additional notice or seek consent where required. Continued use of the Services after an update constitutes acceptance of the revised Notice.

     

    13. Contact

    Data Protection Officer
    Email: legal@kitahq.com
    Postal: Momentum Spark Pte. Ltd., 531A Upper Cross Street, #04-95 Hong Lim Complex, Singapore 051531

    You may also lodge a complaint with your local data-protection regulator.

    Copyright ©2025 KitaHQ