• Personal Data: Any information that can identify an individual, directly or indirectly.

• Sensitive Personal Data: Includes data relating to health, religion, biometric information, etc.

• Data Subject: Any individual whose personal data is collected and processed.

• Processing: Includes collection, use, storage, modification, disclosure, and deletion of personal data.

• Third Party: Any external party with whom we share data for operational, support, or regulatory reasons.

We comply with the PDPA’s 7 Data Protection Principles:

Depending on the nature of the project and relationship, we may collect:

• Client information: Company name, contact details, billing info
• End user information (if applicable to your app/system): Name, email, contact number, device data, IP address, location data, usage behavior
• Employee and contractor data: Personal identification, contact info, bank details, resume and work history
• Cookies and tracking data (for web/mobile app usage analytics)

We may collect this data via project documentation, user registrations, APIs, or analytics tools integrated into apps.

We collect and process personal data for the following purposes:

• To design, build, test, and maintain software applications
• To enable user registration and authentication
• To perform customer and technical support
• To analyze app usage and improve performance
• To meet legal and regulatory obligations
• To manage client and vendor relationships
• For internal operational and administrative purposes

We may share data with:

• Cloud service providers (e.g. AWS, Azure, Firebase)
• Analytics and monitoring tools (e.g. Google Analytics, Sentry)
• Payment gateway providers (if integrated in your apps)
• Legal and compliance advisors
• Government or regulatory authorities (as required by law)

All third parties are required to comply with our data protection standards and applicable laws.

We use industry-standard security practices, including:

• Data encryption at rest and in transit
• Authentication and access control mechanisms
• Secure development lifecycle (SDLC) practices
• Role-based access for developers and admins
• Regular vulnerability assessments and patching
• Backup and disaster recovery procedures

Individuals whose data we collect (directly or on behalf of clients) have the right to:

• Access their personal data
• Request corrections or updates
• Withdraw consent for processing (where applicable)
• Lodge a complaint with the Personal Data Protection Department (JPDP)

Requests can be directed to our Data Protection Officer using the contact information below.

We retain personal data only for as long as necessary for the purposes described in this policy or as required by law. Upon expiration of the retention period, data will be securely deleted or anonymized.

If our company develops software that collects personal data on behalf of our clients, we act as a data processor, and our clients are the data controllers. We ensure that our software solutions include features that support PDPA compliance (e.g. consent mechanisms, audit logs, data export/delete functions).
Clients are responsible for configuring these features and ensuring their own privacy policies are aligned with PDPA.

When using cloud services or international platforms, we may transfer data outside Malaysia. In such cases, we ensure the recipient country provides adequate data protection or contractual safeguards are in place.

This policy may be reviewed and updated periodically to reflect changes in legal requirements, business processes, or technology used. The latest version will be available on our website or internal portal.