Privacy Policy

Last updated: June 21, 2026

1. Who we are

Hey Mums ("Hey Mums", "we", "us", "our") is a community for mums based in Singapore. We run in-person events, publish the Mum's Having a Moment newsletter, and operate the website www.hey-mums.com (the "Site"), our WhatsApp community, and our social media channels.

Hey Moms, UEN 53524978X, operates Hey Mums.

This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the Singapore Personal Data Protection Act 2012 ("PDPA"). By using the Site, signing up for our newsletter, purchasing event tickets, joining our community, or otherwise providing us with your personal data, you consent to our collection, use, and disclosure of your personal data as described in this Policy.

2. Personal data we collect

Depending on how you interact with us, we may collect:

  • Contact details — your name, email address, and (if you provide it) your phone number.

  • Event booking information — the events you book, the number of attendees, ticket and order details, and any information you share with us about your booking (for example, if you email us about bringing more than one child).

  • Information about your child(ren) — limited information you choose to share so we can plan our events, such as your child's age or age range (for example, whether your little one is under or over 12 months). We collect this only from you as the parent or guardian.

  • Payment information — payments are processed securely by our e-commerce platform (Squarespace) and its payment processors (e.g., Stripe). We do not see or store your full card details; we receive only confirmation of payment and basic transaction details.

  • Communications — emails, messages, and enquiries you send us, including partnership enquiries from businesses.

  • Photographs and videos — images taken at our events, where you have been notified and given the opportunity to opt out (see Section 10).

  • Website usage data — information collected automatically through cookies and similar technologies, such as your IP address, browser type, device information, and how you use the Site (see Section 7).

We do not ask for, and you should not send us, your NRIC number or other national identification numbers.

3. How we collect your personal data

We collect personal data when you:

  • sign up for our newsletter through the Site;

  • purchase tickets to our events;

  • fill in any other form on the Site;

  • email, message, or otherwise contact us;

  • attend our events;

  • interact with us on social media or join our WhatsApp community; and

  • browse the Site (via cookies and analytics).

4. How we use your personal data

We collect, use, and disclose your personal data for the following purposes:

  • to process your event bookings, payments, and any refunds or transfers;

  • to communicate with you about events you have booked, including confirmations, reminders, changes, and cancellations;

  • to plan and run our events safely and appropriately (for example, grouping playdates by children's age ranges);

  • to send you our newsletter and other marketing communications, where you have signed up or otherwise consented;

  • to respond to your enquiries, requests, and feedback;

  • to manage our community, including our WhatsApp group and social media channels;

  • to evaluate and respond to business partnership enquiries;

  • to operate, maintain, and improve the Site and our services;

  • to keep proper business and accounting records;

  • to comply with applicable laws, regulations, and requests from authorities; and

  • any other purpose we notify you of at the time of collection, or to which you otherwise consent.

5. Consent and withdrawing consent

By providing your personal data to us for the purposes above, you consent to its collection, use, and disclosure for those purposes. Where you provide us with personal data about another person (for example, your child or a friend attending an event with you), you confirm that you are authorised to do so and that you consent on their behalf.

You may withdraw your consent at any time by contacting us at elena@hey-mums.com or using the unsubscribe link in our emails. We will process your request within a reasonable time. Please note that withdrawing consent may affect our ability to provide certain services to you — for example, if you withdraw consent for us to process your booking details, we may not be able to admit you to an event.

6. Marketing communications

We will only send you our newsletter and other marketing emails if you have signed up or otherwise consented. Every marketing email we send includes our identity, a way to contact us, and an unsubscribe link, in line with the PDPA and the Spam Control Act 2007. You can unsubscribe at any time and we will stop sending you marketing emails, although we may still send you essential service messages (such as booking confirmations or event cancellation notices).

If we ever send marketing messages to Singapore telephone numbers, we will comply with the Do Not Call provisions of the PDPA.

7. Cookies and analytics

The Site is hosted on Squarespace, which uses cookies and similar technologies to make the Site work (for example, to operate the shopping cart and checkout), to remember your preferences, and to provide us with aggregated analytics about how visitors use the Site.

Cookies are small text files stored on your device. You can manage or disable cookies through your browser settings, but some parts of the Site (such as the cart and checkout) may not function properly without them. For more information about the cookies Squarespace uses, see Squarespace's cookie documentation at https://support.squarespace.com/hc/en-us/articles/360001264507.

8. Who we share your personal data with

We do not sell your personal data. We may disclose your personal data to:

  • Service providers that help us run Hey Mums, including Squarespace (website hosting, forms, and e-commerce), our payment processors (e.g., Stripe), and our email/newsletter provider (e.g., Squarespace Email Campaigns). These providers process your data on our behalf and are required to protect it.

  • Event venues and partners, only where reasonably necessary to run an event you have booked (for example, confirming expected attendance numbers with a venue). We share the minimum necessary and avoid sharing your contact details with venues unless needed.

  • Professional advisers such as accountants or lawyers, where necessary.

  • Authorities and regulators, where required or permitted by law.

If you join our WhatsApp community or interact with us on Instagram, your use of those platforms is also governed by the privacy policies of WhatsApp and Instagram (Meta). We encourage you to review them.

9. Overseas transfers of personal data

Some of our service providers (including Squarespace and our email and payment providers) store and process data on servers located outside Singapore, including in the United States. Where your personal data is transferred outside Singapore, we take reasonable steps to ensure it receives a standard of protection comparable to that under the PDPA, including through our providers' contractual commitments and data protection practices.

10. Photography and videography at events

We sometimes take photos and short videos at our events to share on our website, newsletter, and social media. Where we plan to do so, we will let attendees know at or before the event, and you can opt out by telling us — just speak to the host or email elena@hey-mums.com. We will never knowingly publish identifiable images of you or your child if you have asked us not to, and we will avoid sharing images of children’s faces generally. If we have published an image of you or your child and you would like it taken down, contact us and we will remove it as soon as reasonably practicable.

11. Children's personal data

Our services are designed for and directed at adults. We collect limited information about children (such as age range) only from a parent or guardian, and only to plan and run age-appropriate events. We do not knowingly collect personal data directly from children. If you believe a child has provided us with personal data directly, please contact us and we will delete it.

12. How we protect your personal data

We take reasonable security arrangements to protect personal data in our possession or control against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. These include using reputable platforms with industry-standard security (such as encrypted connections and secure payment processing), limiting access to personal data to those who need it, and using access controls on our accounts and devices. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. How long we keep your personal data

We retain personal data only for as long as it is needed for the purposes for which it was collected, or as required for legal or business purposes (for example, keeping transaction records for accounting and tax purposes). When personal data is no longer needed, we will delete it or anonymise it.

14. Accuracy, access, and correction

We take reasonable steps to ensure that the personal data we hold is accurate and complete. You may at any time:

  • request access to the personal data we hold about you and information about how we have used or disclosed it in the past year; and

  • request that we correct any error or omission in your personal data.

To make a request, contact our Data Protection Officer using the details in Section 16. We will respond as soon as reasonably possible, and in any case within the timeframes required under the PDPA. We may need to verify your identity before processing your request, and we may charge a reasonable fee for access requests where permitted by the PDPA (we will let you know in advance if so).

15. Data breach notification

If a data breach occurs that is likely to result in significant harm to affected individuals, or that affects a significant number of individuals, we will notify the Personal Data Protection Commission ("PDPC") and affected individuals in accordance with the PDPA.

16. Data Protection Officer

We have appointed a Data Protection Officer ("DPO") to oversee our compliance with the PDPA. If you have any questions, requests, or concerns about this Policy or your personal data, please contact:

Data Protection Officer: Elena Rueckert, Email: elena@hey-mums.com

If you are not satisfied with our response, you may contact the PDPC at www.pdpc.gov.sg.

17. Third-party websites

The Site contains links to third-party websites (for example, event venues such as GoBuB, Google Maps, WhatsApp, and Instagram). We are not responsible for the privacy practices of those websites, and this Policy does not apply to them. We encourage you to read the privacy policies of any third-party websites you visit.

18. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices or the law. The updated version will be posted on this page with a revised "Last updated" date. Your continued use of the Site or our services after changes are posted constitutes your acceptance of the updated Policy.

19. Contact us

If you have any questions about this Privacy Policy, please contact us at elena@hey-mums.com.