LEGAL // DOC-PP-001
Privacy Policy
Who We Are
This website and associated platforms are operated by Joburn Pte. Ltd., a company registered in Singapore, trading as “Funnel Futurist.”
References to “we,” “us,” or “our” in this policy refer to Joburn Pte. Ltd.
Scope
This policy applies to all personal data collected through our websites, applications, quizzes, assessments, roadmap tools, booking forms, chat interfaces, and any other digital surfaces operated by Joburn Pte. Ltd., including but not limited to:
- ›joburn.com
- ›funnelfuturist.com
- ›quiz.funnelfuturist.com
- ›audits.funnelfuturist.com
- ›portal.funnelfuturist.com
- ›cyborgtalent.com (talent platform — see Section 03A)
Personal Data We Collect
When you interact with our platforms, we may collect the following categories of personal data:
| Category | Details | Basis / Action |
|---|---|---|
| Identity data | First name, last name, email address, phone number | To deliver services and communicate with you |
| Assessment responses | Quiz answers, self-assessment scores, diagnostic inputs | To generate personalized results, roadmaps, or recommendations |
| Technical data | IP address, device type, browser, timezone, operating system | Platform functionality, security, and fraud prevention |
| Usage data | Pages viewed, time on page, scroll depth, click patterns | To improve platform experience |
| Communication data | Chat messages, form submissions, email correspondence | To respond to inquiries and deliver requested services |
| Advertising data | Ad click identifiers, UTM parameters, conversion events | To measure advertising effectiveness |
| Payment data | Transaction records, subscription status (card details handled by Stripe) | Payment processing and invoicing |
| Meeting data | Call recordings, transcripts (with notice at time of recording) | Quality assurance and record-keeping |
| Communication preferences | Marketing consent status, opt-in/opt-out choices | To respect your communication choices |
We do not collect NRIC, FIN, passport numbers, or sensitive personal data (health, race, religion) unless directly relevant to a service you have requested.
Talent Platform Data (cyborgtalent.com)
cyborgtalent.com is operated by Joburn Pte. Ltd. as our recruitment, training, and certification platform. Because the platform supports employment decisions, the data categories below carry additional handling commitments described in this section. If you applied through cyborgtalent.com, this section applies to you in addition to Sections 03 and 04.
| Category | Details | Basis / Action |
|---|---|---|
| Application data | TypeForm responses, free-text answers, role preference, location, rate expectation | To assess fit for the cyborgtalent Cert Path and route you to the right track |
| Cyborg-trait scoring | Per-trait scores (Override Instinct, Brief Discipline, End-to-End Ownership, Honest Uncertainty, Pattern Recognition, Composure) and the Authenticity Score composite | To produce the Tier 1 Assessor output that informs advance / hold / re-route decisions |
| Live Skill Sim recordings | Native voice interview audio, transcripts, post-call analysis | To verify skill in real time and produce the audit-packet artifact for placement decisions |
| Cert Path artifacts | Real-deliverable submissions (sandbox campaigns, copywriting, ops, code) graded by AI rubric and human review | To grade progression through Cert Path Stages 0–4 and document the cert record |
| Operational signal | Daily check-ins, weekly updates, attention events, journey-stage progression | To support Stage 3 (Operate) gating and ongoing reliability assessment |
| Outcome correlation | Post-placement client outcomes — deliverables shipped, NPS, ad win-rate, retention — tied back to the original trait composite | To improve the Tier 1 model over time (the ‘Tier 4 Outcome Loop’) — never used to disclose your individual results to third parties without consent |
| Background-check status | Cleared / in-progress / waived flag (the underlying check is run by a regulated provider once integrated) | Required for placement decisions; subject to FCRA-class workflow when shipped |
AEDT posture (FCRA · EEOC · NYC Local Law 144). Where the cyborgtalent platform supports automated employment decisions, we operate under an FCRA-aware screening workflow, hold an EEOC bias-audit posture (protected-class log fields are in the schema; impact-ratio reporting will publish once cohort sizes are statistically meaningful), and the pipeline is designed to produce the artifacts an LL 144 audit asks for. We do not currently make fully-automated employment decisions without a human in the loop. See cyborgtalent.com/compliance for the full posture and the “what we won’t claim yet’ statement.
Audit packet. Every placement ships with an audit packet — Cyborg-Trait composite, Live Skill Sim recording, Cert Path artifacts, Authenticity Score, Tier 4 outcome correlation (when populated), and bias-audit ratios at the cohort level. Buyers receive the packet under contract; you may request a copy of your own packet at any time via john@joburn.com.
Dispute & re-review. If you disagree with a Tier 1 score or a Cert Path grading decision, you have a 60-day window to submit a dispute. Tier 1 + sim artifacts are re-reviewed by a human and the placement decision is paused until the dispute resolves. Today this flow is human-handled; the fully-automated FCRA-class flow is queued behind the background-check integration.
How We Use Your Data
We use your personal data only for the purposes consented to at the point of collection:
| Category | Details | Basis / Action |
|---|---|---|
| Service delivery | Deliver quiz results, personalized roadmaps, audits, and consulting services | Consent (provided at submission) |
| Communications | Respond to inquiries, send requested information, appointment confirmations | Consent (explicit opt-in) |
| Marketing | Newsletters, product updates, promotional offers | Consent (separate explicit opt-in — never pre-ticked) |
| Analytics | Platform performance, user experience optimization | Legitimate business purpose (anonymized/aggregated) |
| Advertising measurement | Conversion tracking, audience insights, campaign optimization | Consent (cookie/pixel consent) |
| Legal compliance | Tax records, regulatory obligations, dispute resolution | Legal requirement |
| Security | Fraud detection, abuse prevention, access control | Legitimate business purpose |
We will never use your data for a purpose you did not consent to without first obtaining your additional consent.
How We Share Your Data
We share personal data only with trusted service providers who assist in delivering our services:
| Category | Details | Basis / Action |
|---|---|---|
| Supabase (AWS US) | Database hosting | DPA in place; encryption at rest (AES-256) and in transit (TLS 1.3) |
| Vercel (US/EU edge) | Platform hosting and delivery | DPA in place; SOC 2 Type II certified |
| Stripe (US) | Payment processing | PCI DSS Level 1 certified; we do not store card numbers |
| GoHighLevel (US) | CRM and communication delivery | Data processed per our service agreements |
| Meta Platforms (US) | Conversion event data (hashed identifiers via CAPI) | Data Processing Terms accepted; PII hashed with SHA-256 before transmission |
| Google Workspace (US) | Email, calendar, document collaboration | DPA in place; SOC 2 Type II certified |
| Fireflies.ai (US) | Meeting transcription (with prior notice and consent) | Data processed per service terms |
| Google Cloud / Vertex AI (US/EU) | Tier 1 Assessor scoring + Live Skill Sim native voice (cyborgtalent.com) | Google Cloud DPA in place; data not used to train Google's foundation models per Vertex enterprise terms |
| ElevenLabs (US) | Voice synthesis for legacy interview fallback (cyborgtalent.com) | DPA in place; audio retained per their service terms |
| Apify (CZ/EU) | Web scraping for competitive intelligence | Operates on publicly accessible data only; no candidate or client PII transmitted |
| Background-check provider (TBD) | Regulated background-check vendor for cyborgtalent placements (Phase 3 build) | When integrated, will operate under FCRA-class workflow with pre-adverse-action notice + dispute window |
| Analytics providers | Aggregated, anonymized usage data only | No personal data shared with analytics providers |
We do not sell personal data. We do not share personal data with third-party advertisers beyond the hashed conversion events described above.
When data is shared with a client of ours through our CRM platform (e.g., when you submit a form on a client’s behalf), that client becomes a joint controller of the data within their isolated account. Client accounts are segregated at the database level using row-level security.
Our Role: Controller vs. Processor
Depending on the context, Joburn Pte. Ltd. operates in different data protection roles:
| Category | Details | Basis / Action |
|---|---|---|
| Data Controller | When you interact directly with joburn.com, our quizzes, roadmaps, terminal chat, or booking forms | We determine the purposes and means of processing your data |
| Data Processor | When we access Meta Marketing API data, CRM data, or advertising platform data on behalf of our clients | Our client is the controller; we process data per their instructions and our service agreement |
| Joint Controller | When a prospect submits data via a client-branded form that feeds into our shared infrastructure | Both Joburn and the client determine purposes; governed by our Master Services Agreement (Section 8) |
When acting as a data processor on behalf of clients, our processing activities are governed by Data Processing Agreements and our Master Services Agreement. We do not use client data for our own purposes beyond the services contracted.
Meta Platform Data
We use Meta (Facebook/Instagram) APIs to provide advertising performance reporting, audience insights, and campaign management services to our clients. This includes access to:
- ›Ad performance metrics (impressions, clicks, conversions, spend)
- ›Campaign and ad set configuration data
- ›Audience insights (aggregated, non-personally-identifiable)
- ›Conversion event data via the Conversions API (CAPI)
Our use of Meta Platform data is subject to Meta Platform Terms and Meta Developer Policies. All personally identifiable information transmitted to Meta via CAPI is hashed using SHA-256 before transmission. We do not store raw Facebook user IDs or access tokens beyond what is necessary for authorized API operations.
To request deletion of data associated with your Facebook or Instagram interactions with our services, see Section 11: Data Deletion Requests.
How We Obtain Your Consent
We obtain consent through clear, affirmative actions appropriate to each data collection surface:
| Category | Details | Basis / Action |
|---|---|---|
| Contact / booking forms | Checkbox: "I agree to the Privacy Policy" (never pre-ticked) + separate optional marketing opt-in | Explicit consent before submission |
| Quizzes and assessments | Consent statement above submit button: "By submitting, you agree to our Privacy Policy. Your responses will be used to generate personalized results." | Explicit consent; covers downstream roadmap delivery |
| Roadmap / results pages | Covered by quiz submission consent (same session, same stated purpose) | No additional consent required for same-session delivery |
| Terminal chat | Anonymous until PII is provided. If you enter your name or email, consent is requested before data is stored. | Consent triggered at point of PII collection, not before |
| Meeting recordings | Verbal notice at meeting start + written notice in calendar invitation. Recording bot announces itself upon joining. | Informed consent; participants may request recording be stopped |
| Cookies and tracking | Cookie consent banner on first visit with accept/decline options for non-essential tracking | Opt-in for analytics and advertising cookies |
You may withdraw consent at any time by emailing john@joburn.com or clicking “Unsubscribe” in any marketing email. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal, nor does it affect services already delivered.
International Data Transfers
Your data is stored on servers in the United States (AWS US-East-1 via Supabase) and may be processed in the United States and European Union (Vercel edge network).
Under Section 26 of the PDPA, we ensure comparable protection through:
- ›Contractual safeguards — Data Processing Agreements with all cloud providers imposing PDPA-comparable obligations
- ›Encryption — All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- ›Access controls — Role-based, least-privilege access across all systems
Data Retention
We retain personal data only as long as necessary for the stated purpose:
| Category | Details | Basis / Action |
|---|---|---|
| Client engagement data | Duration of engagement + 7 years | Contractual and tax/legal obligations (IRAS) |
| Lead/prospect data | 24 months from last interaction | Permanently deleted or anonymized after period |
| Quiz/assessment responses | 24 months from last interaction | Permanently deleted or anonymized after period |
| Payment records | 7 years | IRAS compliance requirements |
| Meeting recordings | 12 months | Deleted after quality assurance review |
| Technical/usage data | 12 months | Anonymized and aggregated after period |
| Consent records | 7 years | Archived securely, then deleted |
| Cold outreach data | 6 months from last contact | Permanently deleted after period |
| Talent application + Tier 1 (cyborgtalent.com) | 24 months from last interaction | Default; held longer if you actively progress on a Cert Path |
| Live Skill Sim audio + transcripts | 7 days signed-URL access by default | Recording itself retained for the duration of pool membership + 12 months for audit-packet purposes; signed-URL access window is configurable per contract |
| Cert Path artifacts | Held while pool membership is active + 12 months | Trainees may export their own artifacts at any time; retention overridable per contract |
| Tier 4 outcome data | Aggregated retention; individual records deletable on request | Used to retrain the Tier 1 model in aggregate; individual outcome records can be removed without compromising aggregate signal |
“Last interaction” means any of: submitting a form, viewing a roadmap, clicking a link in our emails, booking a call, or contacting us. For cyborgtalent.com applicants, “active progression” means submitting a Cert Path artifact, taking a sim, or completing a check-in within the prior 90 days.
Your Rights
Under the Personal Data Protection Act (PDPA), you have the right to:
| Category | Details | Basis / Action |
|---|---|---|
| Access | Request a copy of your personal data | Email john@joburn.com |
| Correction | Request correction of inaccurate data | Email john@joburn.com |
| Withdrawal of consent | Withdraw consent for marketing or data processing | Click "Unsubscribe" in any email, or email john@joburn.com |
| Disclosure | Know how your data has been used or disclosed in the past year | Email john@joburn.com |
| Data deletion | Request deletion of your personal data | Email john@joburn.com |
We will respond to access and correction requests within 30 calendar days. If we cannot comply (e.g., legal obligation to retain), we will explain why.
Withdrawing consent for marketing will not affect the delivery of services you have already requested.
Additional Rights for EU/EEA Residents
If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) provides you with additional rights:
- ›Right to erasure ("right to be forgotten") — Request complete deletion of your data
- ›Right to data portability — Receive your data in a machine-readable format
- ›Right to restrict processing — Request limitation of data processing in certain circumstances
- ›Right to object — Object to processing based on legitimate interests, including profiling
- ›Right to lodge a complaint — Contact your local EU supervisory authority
For GDPR-specific requests, contact john@joburn.com. We will respond within 30 days.
Data Deletion Requests
You may request the deletion of your personal data at any time by emailing john@joburn.com with the subject line “Data Deletion Request.”
We will confirm receipt within 5 business days, complete the deletion within 30 calendar days, and provide written confirmation once complete. Where data must be retained for legal obligations (e.g., tax records), we will explain which data is retained and why.
If you have interacted with our services through Facebook or Instagram, you may also submit a deletion request through your Facebook Settings under “Apps and Websites.”
Data Security
We implement reasonable technical and organizational measures to protect your personal data:
- ›Encryption in transit (TLS 1.3) and at rest (AES-256)
- ›Row-level security on databases (client data isolation)
- ›Role-based access controls (least-privilege principle)
- ›Regular security reviews and vulnerability assessments
- ›Incident response plan with breach notification procedures
No system is 100% secure. If we discover a data breach that may affect you, we will notify you and the Personal Data Protection Commission (PDPC) within 3 calendar days of assessment, in accordance with the PDPA’s mandatory breach notification requirements.
Do Not Call Registry
We comply with Singapore’s Do Not Call (DNC) Registry provisions. We will check the DNC Registry before sending telemarketing messages via voice calls, SMS, or fax to Singapore telephone numbers. You may register your number on the DNC Registry at www.dnc.gov.sg.
Children
Our platforms are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has submitted data through our platforms, contact us immediately and we will delete the data.
Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email (if we have your contact information) or a prominent notice on our platforms.
The effective date at the top of this page indicates when this policy was last revised.
Contact Us
For any questions about this privacy policy or your personal data:
You may also contact the Personal Data Protection Commission (PDPC) if you believe we have not adequately addressed your concern: