Privacy Policy

1. About This Policy

This Privacy Policy explains how the Voyage group of companies collects, uses, discloses, protects and otherwise handles personal data. It applies to:

• Voyage Global Pte. Ltd., incorporated in Singapore, with its registered office at 60 Paya Lebar Road, #10-36 Paya Lebar Square, Singapore 409051 (“Voyage Singapore”); and
• Voyage Global AU Pty Ltd, incorporated in Australia, with its registered office at Suite 6, Level 1, 29 McDougall Street, Milton, QLD 4064 (“Voyage Australia”).

Voyage Singapore and Voyage Australia are referred to together as “Voyage”, “we”, “us” or “our”. Voyage Singapore is the parent company and acts as the primary controller of personal data across the group. Voyage Australia operates as its subsidiary and handles personal data in connection with Voyage’s activities in the Australian market.

Voyage operates The Social Source, a platform that responsibly listens to and analyses open-source, publicly available conversations about the international education journey, and turns them into aggregated, strategic intelligence for our clients — universities, government bodies, destination agencies and other organisations in the international education sector.

This Policy works alongside The Social Source – Data Ethics Policy, which sets out the ethical principles, transparency, equality, authenticity and prioritising international students, that govern how we conduct social listening. Where this Policy addresses our legal obligations, the Data Ethics Policy addresses the standards we hold ourselves to in practice.

2. Scope and Legal Framework

This Policy covers personal data handled by Voyage in two broad contexts:

• Business and website contacts — individuals at our client, prospective client and partner organisations, visitors to our websites (including myvoyage.io), recipients of our communications, and people who otherwise contact or deal with us; and
• Open-source social listening data — personal data that may be contained in public, open-source conversations about the international education journey that The Social Source collects and analyses. Most individuals in this category are not Voyage customers and have had no direct dealings with us. Section 6 explains this context in detail.

Voyage is committed to handling personal data in accordance with applicable data protection law, including in particular:

• the Personal Data Protection Act 2012 of Singapore (the “PDPA”), which applies to Voyage Singapore and to the group’s handling of personal data; and
• the Privacy Act 1988 (Cth) of Australia and the Australian Privacy Principles (the “Australian Privacy Principles” or “APPs”), which apply to Voyage Australia and to personal information handled in connection with the Australian market.

Where a particular requirement applies under only one of these frameworks, we have indicated this. Where our clients are themselves subject to other privacy or research ethics regimes, we work with them so that the intelligence we provide can be used in a manner consistent with their obligations. This Policy does not limit any additional rights you may have under the law that applies to you.

3. Key Terms

In this Policy:

• “Personal data” means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access. In this Policy it also covers “personal information” as defined under the Australian Privacy Act.
• “Open-source data” means content that is publicly available on social media and other online platforms, including region-specific networks, without circumventing access controls, privacy settings or platform terms.
• “Aggregated insights” means analytical outputs, themes, trends, sentiment, volumes and similar measures, derived from open-source data and presented at a group or cohort level, not as information about identified individuals.
• “Client” means an organisation that engages Voyage for The Social Source intelligence services, such as a university, government body or destination agency.
• “Websites” means the websites operated by Voyage, including myvoyage.io and any related sub-domains and platforms through which we deliver services.

4. Personal Data We Collect

4.1 Information you provide to us

When you interact with us as a client, partner, prospective client, supplier or website visitor, we may collect:

• identity and contact details — such as name, job title, employer, business email address, business phone number and postal address;
• account and authentication data — such as username and credentials, where you are given access to a Voyage platform or dashboard;
• correspondence and enquiry content — information you provide when you contact us, request a demonstration, respond to a survey, or communicate with our team; and
• communication preferences — your subscription and contact preferences, including whether you wish to receive our newsletters and intelligence updates such as “The Signal”.

4.2 Information we collect automatically from our Websites

When you visit our Websites, our service providers and we may automatically collect:

• technical data — such as IP address, device and browser type, operating system, and session identifiers; and
• usage data — such as pages viewed, links clicked, referring pages, and the dates and times of visits.

We use cookies and similar technologies to collect some of this information. See Section 10 for details. We use IP addresses and session identifiers to administer and secure our Websites, analyse usage trends and understand which content is useful. We do not use Website analytics to build intrusive profiles of individual visitors.

4.3 Open-source social listening data

Through The Social Source, we collect and analyse open-source, publicly available conversations relevant to the international education journey. This material may incidentally contain personal data, for example, the content of a public post, a public username or handle, or views a person has chosen to share publicly.

We collect this data only where it is publicly available and accessible without circumventing access controls, privacy settings or platform terms. We do not attempt to access private accounts, private messages, closed groups or restricted content. The purpose of this collection is to generate aggregated insights, not to compile profiles of identifiable individuals. Section 6 sets out how we handle this category of data.

4.4 Sensitive information

Voyage does not seek to collect sensitive information (such as information about health, race, religion, sexual orientation or political opinions). Open-source conversations may sometimes touch on such topics because individuals have chosen to discuss them publicly. Where this occurs, we handle the material in line with the safeguards in Section 6 and our Data Ethics Policy; we do not single it out for targeting, and our outputs remain aggregated. We will not collect sensitive information from you directly without your consent, except where the law permits or requires otherwise.

4.5 Children

Our services and Websites are directed at organisations and professionals, not at children. We do not knowingly collect personal data directly from children. Where open-source conversations relevant to the international education journey may include younger prospective students, our aggregation and re-identification safeguards in Section 6 apply, and our Data Ethics Policy commitment to student well-being governs how that material is handled.

5. How and Why We Use Personal Data

We use personal data only for purposes that are lawful and that a reasonable person would consider appropriate in the circumstances. Our purposes are:

• Providing The Social Source services — collecting and analysing open-source data to produce aggregated insights, reports, dashboards and briefings for our clients.
• Managing client and partner relationships — responding to enquiries, arranging demonstrations, administering contracts, providing support, and managing accounts and billing.
• Communications — sending service-related messages and, where you have asked to receive them or we are otherwise permitted, sending newsletters and intelligence updates. You can opt out of marketing communications at any time (see Section 9).
• Operating, securing and improving our Websites and platforms — administering our Websites, maintaining security, diagnosing problems and improving functionality and user experience.
• Research and methodology development — reviewing and improving our analytical methods, classification models and quality controls, including bias mitigation, consistent with our Data Ethics Policy.
• Legal, regulatory and risk purposes — complying with applicable law, responding to lawful requests, enforcing our terms, and protecting the rights, property and safety of Voyage, our clients, individuals and others.

Under the PDPA, we rely on your consent (including consent that may reasonably be implied from your dealings with us) or on an applicable exception, such as the legitimate interests or business contact information provisions. Under the Australian Privacy Act, we collect and use personal information where it is reasonably necessary for our functions or activities, or where another APP basis applies. We will not use personal data for a materially different purpose without your consent or another lawful basis.

6. Open-Source Social Listening — How We Handle This Data

Because The Social Source analyses public conversations, most individuals whose data may be processed are not Voyage clients and have not interacted with us. We recognise that this places a particular responsibility on us, and we apply the following safeguards. These commitments sit alongside The Social Source – Data Ethics Policy.

• Public sources only. We collect only open-source, publicly available content, and we do not circumvent privacy settings, access controls or platform terms.
• Aggregation by design. Our outputs are aggregated insights about themes, trends and cohorts. They are not designed to identify, profile, rank or single out individuals, and we do not deliver client outputs that identify individuals.
• Safeguards against re-identification. We apply controls intended to prevent individuals from being re-identified from our aggregated insights, and we minimise the personal data retained beyond what is needed for analysis and quality assurance.
• No harm, no targeting. We do not use open-source data in ways intended to harm, stigmatise, surveil, or disadvantage individuals or groups, and we do not provide preferential filtering that would distort students' authentic voices.
• Authenticity controls. We apply processes to filter out bots, spam and misinformation so that insights reflect genuine experiences.
• Restricted internal access. Access to source-level data within Voyage is limited to trained personnel who need it for analysis, quality assurance or methodology work.
• Responsible client use. We provide clients with guidance on the ethical interpretation and use of our insights and require that they be used responsibly.

If you believe your public content has been included in our analysis and you have concerns, you can contact us using the details in Section 14. We will consider your request in line with Section 9 and applicable law. Because this data is drawn from public platforms we do not control, in some cases, the most effective route may also involve the relevant platform; we will help point you in the right direction where we can.

7. When We Disclose Personal Data

We do not sell, rent or trade personal data. We do not disclose personal data to third parties for their own marketing purposes. We may disclose personal data in the following limited circumstances:

• Within the Voyage group — between Voyage Singapore and Voyage Australia, for the purposes described in this Policy.
• Service providers — trusted suppliers who process personal data on our behalf, such as cloud hosting, IT, data-platform, analytics, communications and professional service providers. They may use personal data only to provide services to us, under contractual confidentiality and security obligations, and not for their own purposes.
• Clients — we provide aggregated insights. We do not provide clients with outputs that identify individuals from open-source data. Business contact details of client personnel are handled to administer the relationship.
• Legal and regulatory — where we believe in good faith that disclosure is required or permitted by law, or is necessary to respond to lawful requests, enforce our terms, or protect the rights, property or safety of Voyage, our clients, individuals or others.
• Business transactions — in connection with a merger, acquisition, financing, reorganisation or sale of assets, in which case personal data may be disclosed to the parties involved, subject to appropriate confidentiality protections, and any transferee will be required to handle it consistently with this Policy.

8. Storage, Security and Cross-Border Transfers

8.1 Where personal data is held

Voyage is headquartered in Singapore and operates in Australia and other markets. Personal data is primarily stored and processed on servers located in Singapore. It may also be processed in other countries where our service providers operate, in which case those providers act on our behalf under contractual confidentiality and security obligations. Where we transfer personal data outside Singapore, we take the steps required by the PDPA to ensure a comparable standard of protection. Where Voyage Australia discloses personal information overseas, we take reasonable steps required by Australian Privacy Principle 8 in connection with that disclosure.

8.2 How we protect personal data

We implement technical and organisational security measures designed to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, loss or destruction. These include access controls, encryption in transit, logging, supplier due diligence and staff training in data ethics, privacy and security.

However, no method of internet transmission and no method of electronic storage are completely secure. While we work to protect personal data, we cannot guarantee absolute security. If we become aware of a data breach that is likely to result in serious harm or that otherwise meets the notification thresholds under the PDPA or the Notifiable Data Breaches scheme under the Australian Privacy Act, we will notify the relevant regulator and affected individuals as required by law.

8.3 How long we keep personal data

We retain personal data only for as long as necessary for the purposes set out in this Policy, including providing our services, maintaining our business records, and meeting legal, regulatory, accounting, or reporting requirements. Retention periods vary depending on the type of data and the purpose. For open-source social listening, we minimise the source-level personal data we retain and keep it only as long as needed for analysis and quality assurance; aggregated insights, which are not personal data, may be retained for longer. When personal data is no longer required, we take reasonable steps to securely delete or de-identify it.

9. Your Privacy Rights and Choices

Subject to the law that applies to you, you have rights in relation to your personal data. These may include the right to:

• access — ask whether we hold personal data about you and request a copy of it;
• correction — ask us to correct personal data that is inaccurate, incomplete or out of date;
• withdraw consent — withdraw any consent you have given for us to collect, use or disclose your personal data, on reasonable notice;
• opt out of marketing — unsubscribe from our newsletters and intelligence updates at any time using the link in those emails or by contacting us at support@myvoyage.io;
• deletion — ask us to delete personal data we hold about you; and
• object to or restrict certain processing, in the circumstances allowed by applicable law.

We will respond to requests within the timeframes required by applicable law. To protect your privacy, we will verify your identity before acting on a request and may ask for additional information as needed.

There are some limits to these rights. We may decline a request, in whole or in part, where the law allows or requires, for example, where we are legally obliged to retain the data, where the request is manifestly unfounded or excessive, where granting it would unreasonably affect the rights of others, or where the burden or expense would be disproportionate to the privacy risk involved. If we decline a request, we will explain why, except where we are not permitted to do so.

If you withdraw your consent or ask us to delete your data, we may not be able to continue providing some or all of our services or communications to you. Voyage will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us using the details in Section 14.

10. Cookies and Similar Technologies

Our Websites use cookies and similar technologies. A cookie is a small file placed on your device that allows a website to recognise your browser and remember certain information. We use these technologies to operate and secure our Websites, to remember your preferences, and, where you have consented, to understand how visitors use our Websites and to support our communications and marketing activities.

We group the cookies and similar technologies we use into the following categories:

• Strictly necessary cookies — required for our Websites to function and to be kept secure, for example, to manage your session or to balance load. These are always active and do not require your consent.
• Analytics and performance cookies — help us understand how visitors interact with our Websites so that we can improve them. These are set only with your consent.
• Functional cookies — enable enhanced features, such as live chat and remembering your preferences. These are set only with your consent.
• Marketing cookies — used to measure the effectiveness of our communications and to support our marketing activities. These are set only with your consent.

Some of these cookies are set by trusted third-party providers (for example, analytics, customer-messaging and marketing platforms) that act on our behalf. Those providers may process technical data only to provide their services to us and are not permitted to use it for their own purposes.

10.1 Your cookie choices

When you first visit our Websites, you will be shown a cookie banner. Non-essential cookies, analytics, functional and marketing cookies are not set until you have given your consent through that banner. You can accept all cookies, reject all non-essential cookies, or choose which categories to allow. Rejecting non-essential cookies is as straightforward as accepting them.

You can change or withdraw your consent at any time by reopening the cookie settings on our Websites. We will periodically ask you to confirm your choices again. You can also refuse or delete cookies through your browser settings, although disabling strictly necessary cookies may prevent some features of our Websites from functioning properly.

Our Websites may also link to third-party sites; this Policy does not apply to those sites, and we are not responsible for their privacy practices.

11. Third-Party Platforms and Links

The Social Source analyses content hosted on third-party social media and online platforms. Those platforms are operated independently of Voyage and are governed by their own terms and privacy policies. Voyage does not control those platforms and is not responsible for their practices. Likewise, our Websites and communications may contain links to third-party websites and services; this Policy applies only to Voyage, and we encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Policy from time to time to reflect changes in our business, technology, or legal obligations. The current version is identified by the “Last updated” date at the top of this Policy. If we make material changes, we will take reasonable steps to notify you, such as by posting a prominent notice on our Websites or, where appropriate, contacting you directly. Changes apply to personal data handled after the updated Policy takes effect. We encourage you to review this Policy periodically. This Policy supersedes and replaces all previous Voyage privacy policies.

13. Questions and Complaints

If you have a question or concern about how Voyage handles personal data, please contact us first using the details in Section 14, and we will work with you to resolve it. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant regulator:

• In Singapore, the Personal Data Protection Commission (PDPC).
• In Australia, the Office of the Australian Information Commissioner (OAIC).

14. How to Contact Us

For any privacy question, request or complaint, or to exercise your rights under this Policy, please contact us:

The contact details above serve as the privacy contact point for both Voyage Global Pte. Ltd. and Voyage Global AU Pty Ltd. The support@myvoyage.io inbox is actively monitored, and privacy enquiries are handled within the timeframes required by applicable law.