diff --git a/portal/src/routes/(app)/privacy/+page.svelte b/portal/src/routes/(app)/privacy/+page.svelte
new file mode 100644
index 0000000..0a4e67c
--- /dev/null
+++ b/portal/src/routes/(app)/privacy/+page.svelte
@@ -0,0 +1,491 @@
+<script lang="ts"></script>
+
+<svelte:head>
+  <title>Privacy Notice - RIVAlumni Portal</title>
+</svelte:head>
+
+<div
+  class="p-6 sm:p-8
+          flex flex-col gap-8 md:gap-10">
+  <div class="space-y-1">
+    <h1 class="text-4xl font-semibold tracking-tight">Privacy Notice</h1>
+    <p class="text-sm text-muted-foreground">
+      Effective Date: <span class="font-bold">12 April 2024</span>
+    </p>
+  </div>
+
+  <div class="space-y-4">
+    <p>
+      This Data Protection Notice (“Notice”) sets out the basis which Rivervale
+      Primary School Alumni Association (“we, “us” or “our”) may collect, use,
+      disclose or otherwise process personal data of our prospective service
+      users, service users, service users' authorised representative, volunteers
+      in accordance with the Personal Data Protection Act (“PDPA”). This Notice
+      applies to personal data in our possession or under our control, including
+      personal data in the possession of organisations which we have engaged to
+      collect, use, disclose or process personal data for our purposes.
+    </p>
+
+    <p>
+      Collection, use, disclosure or otherwise processing of personal data of
+      our service users on behalf of government ministries or statutory boards
+      will be in accordance with guidelines set out in the government's data
+      management policy. Rivervale Primary School Alumni Association will comply
+      with the relevant requirements under the government's data management
+      policy.
+    </p>
+  </div>
+
+  <div class="space-y-4">
+    <h2 class="text-2xl font-semibold tracking-tight">1. Personal Data</h2>
+
+    <ol
+      start="1"
+      class="space-y-4 list-decimal list-inside">
+      <li class="space-y-4">
+        <span>As used in this Notice:</span>
+        <p class="pl-4">
+          “personal data” means data, whether true or not, about an individual
+          (whether a prospective service users, service users, service users'
+          authorised representative, volunteers or otherwise) who can be
+          identified: (a) from that data; or (b) from that data and other
+          information to which we have or are likely to have access.
+        </p>
+      </li>
+
+      <li>
+        Depending on the nature of your interaction with us, some examples of
+        personal data which we may collect from you include name, identification
+        numbers such as nric, fin, work permit and birth certificate, contact
+        information such as residential address, email address or telephone
+        number, gender, medical history, photographs and other audio-visual
+        information, employment information, graduation class and year and
+        emergency contact.
+      </li>
+
+      <li>
+        Other terms used in this Notice shall have the meanings given to them in
+        the PDPA (where the context so permits).
+      </li>
+    </ol>
+  </div>
+
+  <div class="space-y-4">
+    <h2 class="text-2xl font-semibold tracking-tight">
+      2. Collection, Use and Disclosure of Personal Data
+    </h2>
+
+    <ol
+      start="4"
+      class="space-y-4 list-decimal list-inside">
+      <li>
+        We generally do not collect your personal data unless (a) it is provided
+        to us voluntarily by you directly or via a third party who has been duly
+        authorised by you to disclose your personal data to us (your “authorised
+        representative”) after (i) you (or your authorised representative) have
+        been notified of the purposes for which the data is collected, and (ii)
+        you (or your authorised representative) have provided written consent to
+        the collection and usage of your personal data for those purposes, or
+        (b) collection and use of personal data without consent is permitted or
+        required by the PDPA or other laws. We shall seek your consent before
+        collecting any additional personal data and before using your personal
+        data for a purpose which has not been notified to you (except where
+        permitted or authorised by law).
+      </li>
+
+      <li>
+        We may collect and use your personal data for any or all of the
+        following purposes:
+
+        <ul class="pl-5 list-disc list-inside">
+          <li class="mb-4">
+            establishing or managing your relationship with us. This includes:
+
+            <ul class="pl-5 space-y-2 list-disc list-inside">
+              <li>
+                Where you are a prospective service user,
+
+                <ul class="pl-5 list-disc list-inside">
+                  <li>
+                    processing and evaluating your application for our services
+                  </li>
+                </ul>
+              </li>
+
+              <li>
+                Where you are a service user,
+
+                <ul class="pl-5 list-disc list-inside">
+                  <li>providing the services requested by you; and</li>
+                  <li>
+                    monitoring, evaluating and/or auditing of services provided.
+                    This may include an assessment of the quality of the
+                    services provided and the effects of the services provided
+                    (both in the short and long term, and after you have stopped
+                    using the services).
+                  </li>
+                </ul>
+              </li>
+
+              <li>
+                Where you are a service user's authorised representative
+
+                <ul class="pl-5 list-disc list-inside">
+                  <li>
+                    processing and evaluating the service user's application for
+                    our services
+                  </li>
+                </ul>
+              </li>
+
+              <li>
+                Where you are a volunteer,
+
+                <ul class="pl-5 list-disc list-inside">
+                  <li>
+                    processing and evaluating your suitability to volunteer; and
+                  </li>
+                  <li>
+                    monitoring, evaluating and/or auditing of services you
+                    participated in.
+                  </li>
+                </ul>
+              </li>
+            </ul>
+          </li>
+
+          <li>
+            providing you with information on our upcoming events or activities,
+            where you have specifically requested to receive such information;
+          </li>
+          <li>verifying your identity;</li>
+          <li>
+            responding to, handling, and processing queries, requests,
+            applications, complaints and feedback from you;
+          </li>
+          <li>
+            complying with any applicable laws, regulations, codes of practice,
+            guidelines, or rules, or to assist in law enforcement and
+            investigations conducted by any governmental and/or regulatory
+            authority;
+          </li>
+          <li>
+            any other purposes for which you have provided the information; and
+          </li>
+          <li>
+            transmitting to any unaffiliated third parties including our third
+            party service providers and agents, and relevant governmental and/or
+            regulatory authorities, whether in Singapore or abroad, for the
+            aforementioned purposes.
+          </li>
+        </ul>
+      </li>
+
+      <li>
+        We may disclose your personal data:
+
+        <ul class="pl-5 list-disc list-inside">
+          <li>
+            where such disclosure is required for, or in connection with, the
+            provision of the services requested by you;
+          </li>
+
+          <li>
+            to comply with any applicable laws, regulations, codes of practice,
+            guidelines, rules or requests by public agencies, or to assist in
+            law enforcement and investigations; and
+          </li>
+
+          <li>
+            any other party to whom you authorised us to disclose your personal
+            data to, or where necessary to undertake any action requested by
+            you.
+          </li>
+        </ul>
+      </li>
+
+      <li>
+        The purposes listed in the above clauses may continue to apply even in
+        situations where your relationship with us has been terminated or
+        altered in any way, for a reasonable period thereafter (including, where
+        applicable, a period to enable us to enforce our rights under a contract
+        with you).
+      </li>
+
+      <li>
+        After the lapse of the opt-out period, you may notify us that you no
+        longer wish to consent to the purposes for which your consent was deemed
+        by notification by withdrawing your consent for the collection, use or
+        disclosure of your personal data in relation to those purposes.
+      </li>
+    </ol>
+  </div>
+
+  <div class="space-y-4">
+    <h2 class="text-2xl font-semibold tracking-tight">
+      3. Reliance on the Legitimate Interests Exception
+    </h2>
+
+    <ol
+      start="9"
+      class="space-y-4 list-decimal list-inside">
+      <li>
+        In compliance with the PDPA, we may collect, use or disclose your
+        personal data without your consent for the legitimate interests of
+        Rivervale Primary School Alumni Association or another person. In
+        relying on the legitimate interests exception of the PDPA, Rivervale
+        Primary School Alumni Association will assess the likely adverse effects
+        on the individual and determine that the legitimate interests outweigh
+        any adverse effect.
+      </li>
+
+      <li>
+        In line with the legitimate interests’ exception, we will collect, use
+        or disclose your personal data for the following purposes:
+
+        <ol class="pl-5 list-decimal list-inside">
+          <li>Fraud detection and prevention; and</li>
+          <li>Detection and prevention of misuse of services.</li>
+        </ol>
+      </li>
+    </ol>
+
+    <p>
+      The purposes listed in the above clause may continue to apply even in
+      situations where your relationship with us (for example, pursuant to a
+      contract) has been terminated or altered in any way, for a reasonable
+      period thereafter.
+    </p>
+  </div>
+
+  <div class="space-y-4">
+    <h2 class="text-2xl font-semibold tracking-tight">
+      4. Withdrawing your consent
+    </h2>
+
+    <ol
+      start="11"
+      class="space-y-4 list-decimal list-inside">
+      <li>
+        The consent that you provide for the collection, use and disclosure of
+        your personal data will remain valid until such time it is being
+        withdrawn by you or your authorised representative in writing. You or
+        your authorised representative may withdraw consent and request us to
+        stop collecting, using and/or disclosing your personal data for any or
+        all of the purposes listed above by submitting your request via email or
+        otherwise in writing to our Data Protection Officer at the contact
+        details provided below. If you are unable to submit your request in
+        writing or if you require any assistance with the submission of your
+        request, you can ask to speak to or meet with our Data Protection
+        Officer.
+      </li>
+
+      <li>
+        Upon receipt of your written request to withdraw your consent, we may
+        require reasonable time (depending on the complexity of the request and
+        its impact on our relationship with you) for your request to be
+        processed and for us to notify you of the consequences of us acceding to
+        the same, including any legal consequences which may affect your rights
+        and liabilities to us. In general, we shall seek to process your request
+        within ten (10) business days of receiving it.
+      </li>
+
+      <li>
+        Whilst we respect your decision to withdraw your consent, please note
+        that depending on the nature and scope of your request, we may not be in
+        a position to continue providing our goods or services to you and we
+        shall, in such circumstances, notify you before completing the
+        processing of your request. Should you decide to cancel your withdrawal
+        of consent, please inform us in the manner described in clause 8 above.
+      </li>
+
+      <li>
+        Please note that withdrawing consent does not affect our right to
+        continue to collect, use and disclose personal data where such
+        collection, use and disclose without consent is permitted or required
+        under applicable laws.
+      </li>
+    </ol>
+  </div>
+
+  <div class="space-y-4">
+    <h2 class="text-2xl font-semibold tracking-tight">
+      5. Access to and Correction of Personal Data
+    </h2>
+
+    <ol
+      start="15"
+      class="space-y-4 list-decimal list-inside">
+      <li>
+        If you wish to make (a) an access request for access to a copy of the
+        personal data which we hold about you or information about the ways in
+        which we use or disclose your personal data, or (b) a correction request
+        to correct or update any of your personal data which we hold about you,
+        you may submit your request via email or otherwise in writing, to our
+        Data Protection Officer at the contact details provided below. If you
+        require assistance with the submission of your request, you can ask to
+        speak to or meet with our Data Protection Officer.
+      </li>
+
+      <li>
+        Please note that a reasonable fee may be charged for an access request.
+        If so, we will inform you of the fee before processing your request.
+      </li>
+
+      <li>
+        We will respond to your request as soon as reasonably possible. In
+        general, our response will be within fifteen (15) business days. Should
+        we not be able to respond to your request within thirty (30) days after
+        receiving your request, we will inform you in writing within thirty (30)
+        days of the time by which we will be able to respond to your request. If
+        we are unable to provide you with any personal data or to make a
+        correction requested by you, we shall generally inform you of the
+        reasons why we are unable to do so (except where we are not required to
+        do so under the PDPA).
+      </li>
+    </ol>
+  </div>
+
+  <div class="space-y-4">
+    <h2 class="text-2xl font-semibold tracking-tight">
+      6. Protection of Personal Data
+    </h2>
+
+    <ol
+      start="18"
+      class="space-y-4 list-decimal list-inside">
+      <li>
+        To safeguard your personal data from unauthorised access, collection,
+        use, disclosure, copying, modification, disposal or similar risks, we
+        have introduced appropriate administrative, physical and technical
+        measures such as minimised collection of personal data, authentication
+        and access controls (such as good password practices, need-to-basis for
+        data disclosure, etc.), encryption of data, data anonymisation, web
+        security measures against risks, and security review and testing
+        performed regularly.
+      </li>
+
+      <li>
+        You should be aware, however, that no method of transmission over the
+        Internet or method of electronic storage is completely secure. While
+        security cannot be guaranteed, we strive to protect the security of your
+        information and are constantly reviewing and enhancing our information
+        security measures.
+      </li>
+    </ol>
+  </div>
+
+  <div class="space-y-4">
+    <h2 class="text-2xl font-semibold tracking-tight">
+      7. Accuracy of Personal Data
+    </h2>
+
+    <ol
+      start="20"
+      class="space-y-4 list-decimal list-inside">
+      <li>
+        We generally rely on personal data provided by you (or your authorised
+        representative). In order to ensure that your personal data is current,
+        complete and accurate, please update us if there are changes to your
+        personal data by informing our Data Protection Officer at the contact
+        details provided below.
+      </li>
+    </ol>
+  </div>
+
+  <div class="space-y-4">
+    <h2 class="text-2xl font-semibold tracking-tight">
+      8. Retention of Personal Data
+    </h2>
+
+    <ol
+      start="21"
+      class="space-y-4 list-decimal list-inside">
+      <li>
+        We may retain your personal data for as long as it is necessary to
+        fulfil the purpose for which it was collected, or as required or
+        permitted by applicable laws.
+      </li>
+
+      <li>
+        We will cease to retain your personal data, or remove the means by which
+        the data can be associated with you, as soon as it is reasonable to
+        assume that such retention no longer serves the purpose for which the
+        personal data was collected, and is no longer necessary for legal or
+        business purposes.
+      </li>
+    </ol>
+  </div>
+
+  <div class="space-y-4">
+    <h2 class="text-2xl font-semibold tracking-tight">
+      9. Data Protection Officer
+    </h2>
+
+    <ol
+      start="24"
+      class="space-y-4 list-decimal list-inside">
+      <li>
+        You may contact our Data Protection Officer if you have any enquiries or
+        feedback on our personal data protection policies and procedures, or if
+        you wish to make any request, in the following manner:
+
+        <table class="ml-8">
+          <tr>
+            <td>Name of DPO</td>
+            <td class="pr-4">:</td>
+            <td>Edward Tan Yu Fan</td>
+          </tr>
+
+          <tr>
+            <td>Contact No.</td>
+            <td class="pr-4">:</td>
+            <td>
+              <a
+                href="tel:+6587524792"
+                class="text-primary hover:underline underline-offset-2">
+                +65 8752 4792
+              </a>
+            </td>
+          </tr>
+
+          <tr>
+            <td>Email Address</td>
+            <td class="pr-4">:</td>
+            <td>
+              <a
+                href="mailto:hello@riv-alumni.com"
+                class="text-primary hover:underline underline-offset-2">
+                hello@riv-alumni.com
+              </a>
+            </td>
+          </tr>
+        </table>
+      </li>
+    </ol>
+  </div>
+
+  <div class="space-y-4">
+    <h2 class="text-2xl font-semibold tracking-tight">
+      10. Effects of Notice and Changes to Notice
+    </h2>
+
+    <ol
+      start="25"
+      class="space-y-4 list-decimal list-inside">
+      <li>
+        This Notice applies in conjunction with any other notices, contractual
+        clauses and consent clauses that apply in relation to the collection,
+        use and disclosure of your personal data by us.
+      </li>
+
+      <li>
+        We may revise this Notice from time to time without any prior notice.
+        You may determine if any such revision has taken place by referring to
+        the date on which this Notice was last updated. Your continued use of
+        our services constitutes your acknowledgement and acceptance of such
+        changes.
+      </li>
+    </ol>
+  </div>
+</div>
diff --git a/portal/src/routes/(app)/privacy/+page.ts b/portal/src/routes/(app)/privacy/+page.ts
new file mode 100644
index 0000000..189f71e
--- /dev/null
+++ b/portal/src/routes/(app)/privacy/+page.ts
@@ -0,0 +1 @@
+export const prerender = true;