Home
Privacy Policy
Ewashi is committed to protecting your personal data and maintaining transparency in how we collect, use, and safeguard your information. As a Singapore-based cybersecurity and DevSecOps Managed Service Provider, we uphold the highest standards of data protection in accordance with Singapore's Personal Data Protection Act (PDPA) and relevant ASEAN privacy frameworks.
Contact Privacy Team
Introduction to Our Privacy Commitment
At Ewashi, we understand that trust is the foundation of every cybersecurity partnership. We process personal data lawfully, fairly, and transparently, ensuring robust safeguards are in place to protect your information. This Privacy Policy applies to all personal data collected through our website, services, and business interactions across the ASEAN region.
Our commitment extends beyond compliance—we embed privacy principles into our managed security services, observability platforms, and DevSecOps solutions. Whether you're a website visitor, customer, partner, or job applicant, your data is handled with the utmost care and respect.

Scope of This Policy
This policy covers personal data collected through www.ewashi.com and related business activities throughout Singapore and ASEAN.
Personal Data We Collect
We collect various categories of personal data depending on your relationship with Ewashi. All collection is purposeful, transparent, and limited to what is necessary for our legitimate business operations and service delivery.
Contact Information
Name, email address, telephone number, company name, job title, and business postal address when you enquire about services or register for events.
Website Usage Data
IP address, browser type and version, device information, pages viewed, time spent on pages, and referral sources through cookies and analytics tools.
Business Communications
Correspondence records, support tickets, meeting notes, and technical requirements shared during service delivery and customer relationships.
Marketing Data
Newsletter subscriptions, event registrations, webinar attendance, content downloads, and communication preferences with explicit consent.
When delivering managed cybersecurity and DevSecOps services, we may process security telemetry and operational data as outlined in customer agreements. Recruitment activities involve collection of CVs, professional qualifications, and employment history. We do not collect sensitive personal data unless specifically required and authorised.
How We Use Personal Data
Service Delivery & Operations
  • Providing managed cybersecurity, MDR, and observability services
  • Responding to enquiries and technical support requests
  • Managing customer accounts and service agreements
  • Improving service quality and platform performance
  • Security monitoring and threat detection
Business Communications
  • Marketing communications with your consent
  • Event invitations and industry updates
  • Partner collaboration and vendor management
  • Recruitment and employment processes
  • Compliance with legal and regulatory obligations
We process data only for specified, explicit, and legitimate purposes. Marketing communications are sent with your consent and include clear opt-out mechanisms. Our fraud prevention and security monitoring activities protect both Ewashi and our customers from cyber threats.
Legal Basis for Processing
01
Consent
Where you have provided explicit consent for marketing communications, event registrations, or optional data collection activities.
02
Contractual Necessity
Processing required to fulfil service agreements, deliver managed security services, and maintain customer relationships.
03
Legitimate Interests
Business operations, service improvement, security monitoring, and fraud prevention where balanced against your privacy rights.
04
Legal Obligations
Compliance with Singapore PDPA, ASEAN regulations, tax laws, and other statutory requirements applicable to our operations.
Disclosure and Data Sharing
Ewashi shares personal data only when necessary for service delivery, legal compliance, or legitimate business purposes. We never sell personal data to third parties. Our data sharing practices are transparent and governed by strict contractual safeguards.
Service Providers
Cloud infrastructure providers, IT vendors, and analytics platforms that support our managed services and website operations under strict data processing agreements.
Security Platforms
Cybersecurity tools, threat intelligence services, and monitoring platforms essential for delivering MDR and observability services to customers.
Professional Advisors
Legal counsel, auditors, and consultants bound by professional confidentiality obligations when required for business operations.
Partners & Affiliates
Trusted business partners and group companies where collaboration is necessary for service delivery across the ASEAN region.
In limited circumstances, we may disclose data to regulatory authorities or law enforcement when legally required. All third-party processors are carefully selected and contractually obligated to maintain equivalent data protection standards.
Cross-Border Data Transfers
As a provider of managed cybersecurity services across ASEAN, personal data may be transferred outside Singapore to support our regional operations, cloud infrastructure, and security platforms. These transfers occur with appropriate safeguards to ensure your data remains protected.
We implement industry-standard contractual clauses, data processing agreements, and technical security measures when transferring data internationally. Our cloud service providers maintain globally recognised security certifications and comply with applicable data protection frameworks.

Transfer Safeguards
  • Standard contractual clauses
  • Data processing agreements
  • Security certifications
  • Encryption in transit
Data Security Measures
As a cybersecurity specialist, Ewashi implements comprehensive technical and organisational safeguards to protect personal data against unauthorised access, loss, misuse, or disclosure. Our security practices reflect the highest industry standards.
Encryption & Access Controls
End-to-end encryption for data in transit and at rest, multi-factor authentication, and role-based access controls limiting data access to authorised personnel only.
Continuous Monitoring
24/7 security monitoring, threat detection systems, vulnerability management, and regular security assessments across our infrastructure and platforms.
Incident Response
Established incident response procedures, breach notification protocols, and business continuity plans to address security events promptly and effectively.
Our security measures are regularly reviewed and updated to address emerging threats. Staff undergo regular training on data protection and security best practices. While we implement robust safeguards, no system is entirely immune to risk—we maintain transparency about our security posture and incident response capabilities.
Data Retention and Your Rights
Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy, or as required by applicable laws and regulations. Retention periods vary based on data type and business requirements.
  • Customer data: Duration of relationship plus 7 years
  • Marketing data: Until consent withdrawn
  • Website analytics: Up to 26 months
  • Recruitment data: Up to 2 years
Upon expiry of retention periods, personal data is securely deleted or anonymised using industry-standard methods.
Your Privacy Rights
Under Singapore PDPA and applicable ASEAN regulations, you have the following rights regarding your personal data:
  • Access: Request copies of your personal data
  • Correction: Update inaccurate or incomplete information
  • Withdrawal: Withdraw consent for marketing communications
  • Portability: Request data in structured format (where applicable)
  • Deletion: Request erasure subject to legal obligations
  • Complaints: Lodge concerns with supervisory authorities
To exercise your rights, contact our Privacy Team at privacy@ewashi.com. We respond to requests within statutory timeframes and verify identity before processing requests.
Cookies, Updates, and Contact Information
Cookies & Tracking
Our website uses cookies and analytics tools to improve user experience, understand visitor behaviour, and optimise content. You can manage cookie preferences through browser settings. Essential cookies required for website functionality cannot be disabled.
Third-Party Links
Our website may contain links to external sites not operated by Ewashi. We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies before providing personal data.
Policy Updates
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised effective date. Continued use of our services constitutes acceptance of changes.
Contact Our Privacy Team
For questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us at privacy@ewashi.com. Our team is committed to addressing your privacy enquiries promptly and professionally.
Ewashi
Singapore-based Cybersecurity & DevSecOps Managed Service Provider
Serving ASEAN with Excellence

Effective Date: 2026
Last Updated: 2026
Policy Version: 1.2