Privacy Policy

Last updated: January 2025

1. Introduction

PaperKlip ("we", "our", or "us") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business management platform.

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Account Information

  • Company name and business registration number
  • Contact name and email address
  • Phone number
  • Business address
  • Tax identification number (SST/GST)

2.2 Business Data

  • Client and supplier information
  • Invoice, quotation, and purchase order details
  • Payment transaction records
  • Bank account information for reconciliation
  • Product and service catalogs

2.3 Technical Data

  • IP address and browser information
  • Device identifiers
  • Usage logs and activity timestamps

3. Purpose of Data Collection

In compliance with the General Principle of PDPA 2010, we collect and process your personal data for the following purposes:

  • Providing and maintaining our business management services
  • Processing invoices, quotations, and purchase orders
  • Sending payment reminders via email and WhatsApp
  • Generating financial reports and analytics
  • Processing payments through integrated payment gateways (Billplz, Stripe)
  • Communicating service updates and important notices
  • Complying with legal obligations including SST reporting
  • Improving our services based on usage patterns

4. Notice and Choice Principle

By registering for an account, you consent to the collection and processing of your personal data as described in this Privacy Policy. You have the right to:

  • Withdraw your consent at any time by contacting us
  • Opt-out of marketing communications
  • Disable WhatsApp notifications in your account settings
  • Request deletion of your account and associated data

5. Disclosure of Personal Data

In accordance with the Disclosure Principle of PDPA 2010, we may disclose your personal data to:

  • Payment Processors: Billplz and Stripe for processing payments
  • Communication Services: Email providers and WhatsApp Business API for sending notifications
  • Cloud Service Providers: For secure data hosting and storage
  • Regulatory Authorities: When required by Malaysian law (e.g., LHDN, SST compliance)
  • Your Clients: Information included in invoices and business documents you generate

We do not sell your personal data to third parties for marketing purposes.

6. Security Principle

We implement appropriate security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure password hashing using industry-standard algorithms
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Secure cloud infrastructure with redundancy

7. Retention Principle

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Active Accounts: Data retained while your subscription is active
  • Financial Records: 7 years as required by Malaysian tax law
  • Closed Accounts: Data deleted within 90 days of account closure, except where legal retention is required

8. Data Integrity Principle

We take reasonable steps to ensure that your personal data is accurate, complete, and up-to-date. You can update your information at any time through your account settings.

9. Access Principle

Under PDPA 2010, you have the right to:

  • Request access to your personal data held by us
  • Request correction of inaccurate or incomplete data
  • Export your data in a portable format

To exercise these rights, please contact us at privacy@paperklip.my. We will respond to your request within 21 days as required by law.

10. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party tracking cookies for advertising purposes. You can configure your browser to reject cookies, but this may affect the functionality of our service.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our platform. Your continued use of our services after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights under PDPA 2010, please contact us:

Data Protection Officer

PaperKlip

Email: privacy@paperklip.my