How we handle your data at Bake

Bake is based in Singapore, and complies with Singapore’s data protection law, the Personal Data Protection Act. Bake also complies with the GDPR and processes personal data of EU residents.

We collect your personal information as it is necessary to provide you with our services. It is our legal obligation to do so according to Singapore’s payment services regulations which requires us to verify your identity and comply with anti-money laundering (AML) measures.

We may also collect your information to enable us to provide certain services, improve our products and keep you informed of new developments (depending on your preferences).

We treat customer data as highly confidential. We do not share it with third parties unless we are legally obliged to do so, such as for AML screening purposes. If Bake intends to share user data for business purposes, users will have the right to decide whether to do so.
​
​Cybersecurity

Cybersecurity is a critical and primary concern for Bake platform and all Bake products. We have internal rules on access control and data management. User data is kept in industry standard secured storage. Team members are only allowed to access data that is necessary and commensurate with the tasks they are expected to perform.
​
​Can you delete my personal data?

Bake is required by Singapore law to retain user data for at least 5 years. This is required by record keeping requirements under paragraph 14 of the Notice PSN02 regulation (see https://www.mas.gov.sg/regulation/notices/psn02-aml-cft-notice---digital-payment-token-service)

We are required to retain data even if users require us to close their account. We are also exempted from certain GDPR requirements, such as Article 17’s right to erasure.