The Risk Agent

Privacy Policy

Last updated 7 May 2026

The Risk Agent ("we", "us") is operated by Feltan Associates Pte Ltd, a private research and intelligence company registered in Singapore (UEN 202225620G). This policy explains what personal data we process when you visit the site, buy a report, or contact us.

What we collect

  • Account and purchase data. Email address, purchase history, payment status. Payment details themselves are processed by Stripe - we never see or store card numbers.
  • Report download tokens. Expiring URLs tied to a specific buyer so purchased reports stay private.
  • Technical data. IP address, browser, device type, pages viewed. Used for security and aggregate analytics only.
  • Support correspondence. Emails you send us and our replies.

Why we process it

  • To deliver the product you paid for.
  • To send you the report download link and receipt.
  • To prevent fraud and abuse of the download tokens.
  • To comply with Singapore tax, accounting and consumer-protection law.
  • To improve the site (aggregate analytics only, no individual profiling).

Lawful bases (EU/UK buyers)

For customers in the EU or UK: we rely on contract (to deliver the report), legal obligation (to meet tax and record-keeping duties), and legitimate interest (to run and protect the site). We only rely on consent where the law requires it - for example, non-essential cookies.

Special category data (Travel Risk reports)

The Travel Risk report ordering flow asks for the traveller's ethnicity or visible identity. Under Article 9 of the GDPR this is special category data (revealing racial or ethnic origin). We process it on the basis of your explicit consent under Article 9(2)(a), collected through the ticked option you select on the order form. You may choose “Prefer not to specify” and still receive a complete report; in that case no special category data is stored. We use this field only to inform the report content and we never share it outside the processor chain listed below. You may withdraw your consent at any time by writing to privacy@theriskagent.com; we will delete the field on request, which may shorten the retention period for the relevant order to the minimum we are required to keep for tax purposes.

Who we share data with

  • Stripe - payment processing.
  • Supabase - our database and auth backend (EU-region where chosen for customers).
  • Resend - transactional email delivery.
  • Vercel - web hosting.
  • Anthropic (Claude) - report drafting. No personally-identifying data is sent to the model beyond the report brief you submit.

We do not sell personal data. We do not share it with advertisers. We do not transfer it outside our processor chain except where ordered by law.

Retention

Purchase records: 7 years (Singapore tax and accounting retention). Support emails: 2 years. Analytics logs: 24 months rolling.

Your rights

You can request access, correction, deletion, or export of your personal data. Write to privacy@theriskagent.com. We respond inside 30 days.

Data Protection Officer

We have not appointed a Data Protection Officer. Article 37 of the GDPR does not require us to, given the scale and nature of our processing. Data-protection questions should be sent to the address above.

Cookies

See the cookies policy.

Other policies: Terms & Conditions, Cookies Policy, Disclaimer, Refund Policy, Editorial Policy, Sources & Citations Policy, AI & Agentic Update Policy.