Privacy policy

Sentrylabs Limited, (Company Registration No. 76133417), a company incorporated under the laws of Hong Kong SAR with its registered address at 50 Stanley Street, Central Hong Kong, World Trust Tower, Level, Suite C, its affiliates and subsidiaries (hereinafter referred to as the “Company”, “we”, “us” or “our”) has the highest regard for the privacy and personal data of each user (hereinafter referred to as “user”, “you” or “your”) of the Ordify Applications (defined below) and/or visitors to the Ordify Site (defined below) (the Ordify Applications and the Ordify Site are collectively, the “Ordify Platform”).

We are aware that the success of our services depends on the trust that you have in the way we handle your personal data. By entrusting us with your information, we would like to assure you of our commitment to keep such information private.

We have taken considerable steps to protect the confidentiality, security and integrity of the information shared with us. We encourage you to review the following information carefully before using the Ordify Platform. By using the Ordify Platform, you are deemed to have read, understood and accepted our practices governing the collection, use and disclosure of your personal data in this Privacy Policy.

We are not responsible for the privacy practices of any third-party websites that may be linked to the Ordify Platform. It is your responsibility to check this webpage periodically to see if any terms have been changed or modified. Your continued use of the Ordify Platform constitutes your acceptance of any updates to this Privacy Policy.

This Privacy Policy is drafted in accordance with the Personal Data Protection Act 2012 (“PDPA”) under Singapore law and is intended for use in Singapore and, where applicable, other countries or regions which provide the same level of protection for personal data that is comparable to the standards of the PDPA.

The PDPA recognizes the rights of individuals to protect their personal data (including rights of access and correction) and the requirement for organizations to collect, use or disclose personal data for legitimate and reasonable purposes. Accordingly, this Privacy Policy outlines the personal data that we collect, how it may be used, how it is stored and retained, whom it may be transmitted to as well as our and your responsibilities in relation to such uses and disclosures. We recommend that you read this Privacy Policy and our Terms and Conditions carefully before disclosing any personal data to us or using the Ordify Platform.

Please refer to the Terms and Conditions accessible at ("Terms”) when reading this Privacy Policy.

Where further details are required on the Ordify Platform, you are advised to peruse the whitepaper of the Ordify Platform available at to familiarize yourself with the Ordify Platform and the services.


1.1. “Ordify Application” means any of the product below, and “Ordify Applications” mean all of the products collectively delivered by us below:

1.2. “Ordify Platform” shall mean the collective reference to the entire solution provided by the Ordify Applications and the Ordify Site;

1.3. “Ordify Site” means the website at, associated systems and subdomains thereof, including the mobile-optimised versions of such website;

1.4. “$ORFY token” is a virtual token that governs Ordify's protocols on the Ordify blockchain;

1.5. “Service” or “Services” shall have the meaning ascribed to it under the Terms and Conditions specific to each Ordify Application. For the avoidance of doubt, non capitalized reference to “service” or “services” shall have the ordinary meaning of service in this Privacy Policy;

1.6. “Terms” refers to the terms and conditions of use of the Ordify Applications.

1.7. Where you are an EU Data Subject, as defined under the General Data Protection Regulation (“GDPR”), Section 17 shall also apply to you.

1.8. The headings used in this Privacy Policy are for convenience only and shall not affect the interpretation of these provisions.


2.1. This Privacy Policy applies to users when browsing, visiting, accessing and/or using any part of the Ordify Platform, including sale and purchase of the $ORFY token.

2.2. This Privacy Policy sets out our commitments and explains the rights that you have with respect to your personal data. If you do not agree to the terms of this Privacy Policy, please do not use the Services or any part thereof.

2.3. You shall not be permitted to use the Services where you do not confirm your acceptance of this Privacy Policy.


3.1. By browsing, visiting, accessing and/or using the Ordify Platform (including sale and purchase of the $ORFY token) and/or when you provide personal data to us, you consent to the collection, storage, use, disclosure and other uses and processing of your personal data by us in accordance with this Privacy Policy, and such consent shall remain effective unless you otherwise notify us in writing of the withdrawal of your consent and the reason thereto. You shall not use our Services if you do not consent to this Privacy Policy, and you shall immediately cease using our Services if you withdraw your consent for us to process your personal data.

3.2. “Personal data” and other terms defined under the PDPA where used in this Privacy Policy shall have the same meaning defined under the PDPA.

3.3. Processing of your personal data is necessary for the performance of our contractual obligations towards you under the Terms, permitting access to the Ordify Platform, and providing you with the Services, to protect our legitimate interests, and to ensure compliance with legal and financial regulatory obligations. Failure to provide the relevant data to us or the limitation placed on us in the processing of your personal data may affect our ability to allow your access to the Ordify Platform, provide the Services and/or your ability to enjoy the full benefits of the Ordify Applications.


4.1. The Ordify Platform and/or the Services require registration and provision of your information, including personal data.

4.2. Upon creating a profile or registering with us - where you create an account with us, register a profile, or are issued an ORFY Wallet for use on the Ordify Platform, you will be asked to provide personal data which will form part of your unique digital identity on the Ordify Platform (your “DataID”).

4.3. For compliance with our Anti-Money Laundering / Counter Financing of Terrorism (“AML/CFT”) measures - the Company complies with its AML/CFT Policy released and updated by the Company on the Ordify Platform from time to time ("AML/CFT”). In accordance with our AML/CFT policy, we may request for your personal data, including information such as identification documents and pictures.

4.4. Whenever you submit information via the Ordify Platform and/or the Services - You may, in the course of interactions with other users on the Ordify Platform and/or the Services (including Third Party Services) accessible via the Ordify Platform, disclose your personal data.

4.5. If you choose to sign up via your social media accounts or other authentication providers - when you sign-up to the Ordify Platform and/or the Services via your social media accounts or other authentication providers (such as Google account or Facebook account), we will have access to basic information made publicly from such account, such as your full name, home address, email address, birthdate, profile picture, friends list, personal description, as well as any other information you made publicly available on such account, or agreed to share with us.

4.6. It is your voluntary decision whether to provide us with any personal data, however if you do not provide the information we require or requested, you may not be able to create a profile or register a digital identity on the Ordify Platform or use the Services. Your use of the Ordify Platform and/or the Services may be severely limited.

4.7. To enable us to provide the Ordify Platform and/or the Services to you effectively, the information you provide to us shall be accurate, complete, not misleading and without material omission, and that such information is kept up to date. If you discover that the information is inaccurate, incomplete, misleading, contains material omission or is outdated, please update us with the true, accurate, complete and updated information.

4.8. If you provide us personal data about another person, you confirm that such other person has appointed you to act for him/her, to consent to the processing of his/her personal data by us in accordance with this Privacy Policy and to receive on his/her behalf any data protection notices.


5.1. We collect the following personal data about you:

5.2. We also collect the following information:


6.1. A cookie is a small piece of text that is sent to the Ordify Platform or your browser when you access the Ordify Platform. We use cookies to help personalize your experience with the Ordify Platform.

6.2. A “persistent” cookie may be used to help save your settings and customizations. Also, if you log in to the Ordify Platform, such a cookie will be used to recognize you as a valid user so you will not need to log in each time you use the Ordify Platform.

6.3. The Ordify Platform automatically accepts cookies; however, you may choose to modify security settings so you can approve or reject cookies on a case-by-case basis or reject all cookies.

6.4. Also, you are free to delete any existing cookies at any time. If you delete or disable cookies from the Ordify Platform, some parts or functions of the Ordify Platform may not work properly for you.

6.5. We also use “Google Analytics” to collect information about the use of the Services. Google Analytics collects information such as how often users visit the Services, what pages they visit, when they do so, and what other sites they used prior to coming to the Services. Google Analytics collects only the IP address assigned to you on the date you use the Services, as well as information regarding your operating system, language, and information regarding your use of the Services, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personal data. We use the information we get from Google Analytics only to improve the Services. Google's ability to use and share information collected by Google Analytics about your use of the Services is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.


7.1. We use your information collected for the following purposes:


8.1. We may share your personal data with the following persons:

  1. Providers of Third-Party Services - your personal data may be shared via the Ordify Platform and/or through the Third Party Services. If you consent to such transfer by us of your personal data to another organization, please note that the information provided will be subject to such organization's privacy practices and shall not be within our control.
  2. Content providers - we may also use your personal data in order to provide you with personalized third-party content or links to third party sites that might interest you. We provide this third-party content and/or links to third party sites for information purposes only and are not liable for such content or sites. For more information see the “Links to other Websites or Apps” section below.
  3. Service providers - we might share your personal data, as is reasonably necessary, with our contractors or consultants, including vendors and suppliers that provide us with development services, technology, services, or content for the operation, development and maintenance of the Ordify Platform and/or our Services or data and analysis on the use of the Ordify Platform and/or our Services. The Company shall impose on such service providers obligations of confidentiality and only share personal data to the extent necessary with such contractors or consultants.
  4. Law authorities - we may share your personal data with law enforcement authorities, courts and tribunals, including with legal advisors and consultants, in case we need to respond to law enforcement requests or other legal requests or pursuant to a requirement imposed by law, order, judgment or decree, or courts in order to protect and defend our rights and property or those of Services users.
  5. Merger, acquisition or sale - we may transfer your personal data to another organization in the event of a merger, acquisition or sale of all or a portion of our assets.
  6. Auditor, legal and professional advisor - we may share your personal data with our auditor if requested for the purpose of audit on our business. We may also share your personal data with our legal and other professional advisors for the purpose of enforcing our rights or defending any claims against us, or for any other purpose in connection with the Services.
  7. Data intermediary - we may appoint an organization to process and/or store personal data on our behalf in connection with the Ordify Platform and/or the Services. In this respect, we will share your personal data to the appointed organization, who will be required to process your personal data in accordance with this Privacy Policy.
  8. Group companies - we may share your personal data with our group of companies for internal reporting purposes.

8.2. While we take great care to keep your personal data confidential and secure, when you share your personal information with others, including by means of social media sites, or when you participate in a forum on the Services, any information disclosed by you in such way is solely your responsibility. You should exercise caution when disclosing any information in such ways, as you do not know who will access or use such information and for what purposes.


9.1. We make every effort to ensure that aggregated data does not include any personally identifiable information. The blockchain technologies powering the Platform and/or enabling the delivery of the Services may analyze and/or combine all information we receive (as set out under this Privacy Policy), with information from other users to create aggregated data that may be disclosed to and utilized by us, our affiliates and by third parties without restriction, on commercial terms that we can determine in our sole discretion, for purposes such as: content marketing, research purposes, in order to understand behavior patterns, marketing strategies and for entering into commercial contracts in order to provide our users with the Services (including the Third Party Services) as well as to periodically enhance the Platform and/or the Services.


10.1. You may request access to and correction of, your personal data and limit the processing of your personal data or make any enquiries or complaints in respect of the processing of your personal data, by contacting us at the contact details set out in “How to Contact Us” section below. You are responsible for informing us when your personal data or preferences have changed and require updating. We shall, within a reasonable time frame, attend to your request for access to and correction of your personal data or updating of your preferences.

10.2. You may at any time, in your sole discretion or at the direction of our data protection team, delete content containing personal data which you have posted on the Ordify Platform.

10.3. Where you have burned any DataNFTs in your possession, you acknowledge that the data embodied in the DataNFT may not be retrieved and the Company has no ability to access (or correct) such data.


11.1. Off Chain Storage: We store information and data on public and/or private cloud, where your data can be stored and/or backed up in any of the jurisdictions where the cloud service providers provide their cloud service. You hereby consent that we may store your personal data on our cloud server, which may be located outside Singapore or the jurisdiction in which the Services was obtained or is used.

11.2. The Company utilizes a network of storage and server resources that is designed to provide the required security and accessibility for the Ordify Platform. The Company shall, in all engagements with data storage solution providers, use service providers who have evidenced the capability to manage the volumes, nature and technology necessary to store the data provided by users of the Ordify Platform and/or the Services.

class="mb-4"> 11.3. The Company will not transfer your personal data to a country or territory outside Singapore that does not provide protection of personal data that is comparable to the protection under the PDPA.


12.1. We will retain your personal data for as long as necessary to provide our services or as required by any legal, regulatory and/or accounting requirements. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Without prejudice to the foregoing, where you do not use our Services for 1 consecutive year, we will delete all your Wellness Information from our records.

12.2. You are informed that where your data is stored on the relevant blockchain used to support the Ordify Platform (“On-Chain Storage”), such data may be accessed, but is not controlled by or held in the possession of the Company. The Company has no ability, nor obligation to, retain or delete data in On-Chain Storage. Blockchain technologies utilize distributed ledger technologies and you, as the owner of Tokens and the Data Wallet is the only party able to control your activity on the blockchain.


13.1. Our Services may link to or refer to websites or mobile device services that we do not control. Any personal data you provide on the linked pages is provided directly to this third party and is subject to this third party's provider's privacy policy. This Privacy Policy does not apply to such other websites or mobile device services, and we are not responsible for the privacy practices or content of any website or mobile device service not controlled by us. If you have any concerns, we urge you to review the terms of those other websites or mobile device services for more information about their applicable policies.


14.1. We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your personal data. Your information is stored on secure servers and isn't publicly available. We limit access of your information only to those employees or partners that need to know the information in order to enable the carrying out of the agreement between us.

14.2. You need to help us prevent unauthorized access to your account by protecting your password appropriately and limiting access to your account (for example, by signing off after you have finished accessing your account). You will be solely responsible for keeping your password confidential and for all use of your password and your account, including any unauthorized use.

14.3. While we seek to protect your information to ensure that it is kept confidential, we cannot absolutely guarantee its security. You should be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect your personal data, we cannot ensure or warrant the security and privacy of your personal data or other content you transmit using the Services, and you do so at your own risk.

14.4. You are further informed that On Chain Storage is utilized by the Company. Data stored on the relevant blockchain supporting the Platform and/or the Services does not belong to the Company and is situated on a decentralized ledger. On Chain Storage is used to store data that can be used to verify users' identities and ensure data integrity.

14.5. Off Chain Storage is also utilized by the Company to store data you disclose to us. All the data stored in Off Chain Storage is encrypted at rest and in transit. The off-chain data will be stored in secure, scalable, and highly available cloud services.

14.6. We shall, in the event of a compromise of personal data:

14.7. We shall, in managing data breaches, have regard to the Guide on Managing and Notifying Data Breaches under the PDPA (“Guide”). Subject to our compliance with the Guide in the event of a breach of personal data, by continuing to use the Platform following such an event of breach, you confirm that you accept the adequacy of measures taken by us following an event of breach of personal data.

14.8. We shall be entitled to all rights of indemnity against you as a user of the Ordify Platform in the case where you posted content containing personal data and acted in breach of the Terms of the Ordify Platform.

14.9. You acknowledge that notwithstanding the Company's security measures, malicious actors, scripts, viruses, codes, software and other damaging factors including the evolution of hacking technologies, may result in the compromise of the personal data which you have provided to the Company.

14.10. To the fullest extent permitted, you waive any claim against the Company for any loss, liability, damage and/or cost incurred (“Damage”), howsoever such Damages arise and whether such losses are direct or indirect losses, where such data breaches do not arise out of the negligence, fraud or wilful default of the Company.


15.1. Our Services are intended for use by persons 18 years of age and older or where you are under 18 years of age, you have the consent of your legal guardian. Under no circumstances should the Services be used by children under 18 years of age or without consent, and we will not knowingly collect personal data from any person we know to be under 18 years of age, or who does not have consent. If any person discovers that his/her child has been using the Services without his/her consent, or that someone has been using the Services for or on behalf of his/her child without his/her consent, please contact us using the information below under “How to Contact Us” and we will take reasonable steps to delete the child's information from our active databases. We reserve the right to check our user base from time to time and remove users whom we have grounds to believe they are in fact minors, including without limitation, restricting those user accounts, or deleting them, as we may deem appropriate.


16.1. Our Services are intended for use by corporations or legal entities duly organised, validly existing and in good standing in the jurisdiction which they are incorporated, or established in. We have no control over the personal data protection policies adopted within these organizations or entities and by agreeing to the Privacy Policy, you accept that the personal data which you, as an individual using the Ordify Platform, provided to such corporations or legal entities at your own risk and that we have no control over, and accept no liability thereto, for the personal data which you provide at your own discretion.


17.1. We acknowledge that the GDPR will apply if we process or hold any personal data of individuals residing in the EU or if we offer goods or services to individuals in the EU (“EU Individuals”).

17.2. We understand that we may lawfully process personal data if consent is provided by the EU Individual for the processing for specific purposes, if it is necessary for the performance of a contract of if it is necessary for our compliance with a legal obligation.

17.3. We understand that personal data must be processed lawfully, fairly, and transparently, be collected and applied only for specified, explicit and legitimate purposes, must be limited to only what is required, must be accurate, not be kept in personally identifiable form for longer than is necessary and must be secured and protected pursuant to the GDPR.

17.4. Sensitive personal data, or special categories of personal data as defined under the GDPR, which includes data about an individual's race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information as well as genetic and biometric data, are collected by us. The processing of such sensitive personal data is limited to the purposes and uses set out under this Privacy Policy.

17.5. We acknowledge and agree that the GDPR affords EU Individuals with rights such as:

17.6. We agree that we will act on a request from an EU Individual without undue delay (within one month). We will maintain records of how we process personal data, acknowledge the need to conduct data protection impact assessments and the need to apply careful consideration in the adoption and engagement of our data processors.

17.7. Where you are an EU individual, we are required to:

17.8. By proceeding with or continuing with the use of the Platform, you agree that this Privacy Policy and the Terms and Conditions of the Ordify Platform provide sufficient protection to your personal data rights under the GDPR. You also agree that where the company has acted on your request in accordance with clause 17.5, the action by the company is in all respects, compliant with the GDPR.


18.1. We reserve the right to update or modify this Privacy Policy at any time and from time to time. By continuing to use the Services after any such changes, you agree to follow and be bound by this Privacy Policy as changed. For these reasons, we encourage you to periodically review this Privacy Policy for the latest version.

18.2. We may, from time to time, modify or update this Privacy Policy where required under or by any data protection laws applicable to the Ordify Platform and/or the Services.


19.1. If you have any questions, comments, requests, or concerns related to this Privacy Policy or the privacy practices for our service, please contact us at:

50 Stanley Street, Central Hong Kong
World Trust Tower, Level, Suite C
Attention: Chief Data Protection Officer

You may also contact our Data Protection team: [ ]


20.1. If there is a conflict between this English version of the Privacy Policy and the corresponding versions in other languages, the terms in this English version shall prevail.