Privacy Policy

Effective Date: 18 May 2025

Welcome to CiptaBase PLT! This Privacy Policy explains how CiptaBase PLT (“CiptaBase,” “we,” “us,” or “our”) collects, uses, discloses, and protects your Personal Data when you use our products and services, including our websites, applications, and related services (collectively, the “Services”).

CiptaBase PLT is dedicated to empowering businesses through innovative digital solutions. Our flagship product, HaveTap, is revolutionizing how Malaysian businesses sell online – serving as the perfect bridge between chaotic social media DMs and instant messaging order management, and the overwhelming complexity of full e-commerce websites. HaveTap helps businesses create stunning, functional storefronts that turn social media followers into paying customers, all through one powerful link.

Our Services help businesses (“Users,” “you,” “your”) transform from social media chaos to organized sales success, streamlining their customer order communications and payment processes. As we continue to grow, we may introduce additional products and services, all of which will be governed by this Privacy Policy unless specifically stated otherwise.

We are committed to protecting your privacy and handling your Personal Data in an open and transparent manner, in compliance with applicable data protection laws, including Malaysia’s Personal Data Protection Act 2010 (PDPA) and other applicable regulations.

Please read this Privacy Policy carefully. By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your Personal Data as described in this Privacy Policy and our Terms of Use.

1. What This Policy Covers

This Privacy Policy applies to Personal Data we collect from:

a. Our Users (Business Owners/Sellers)

When you register for an account, use our Services, or communicate with us.

b. Visitors to our Websites

When you browse our websites or interact with their features.

c. End-Customers of our Users (indirectly)

Our Users utilize CiptaBase Services (such as HaveTap) to collect and manage order information from their customers (“End-Customers”). CiptaBase processes this End-Customer Personal Data on behalf of and under the instruction of our Users. In this context, our User is the “Data Controller” (or equivalent term under applicable law), and CiptaBase is the “Data Processor” (or equivalent term). This policy primarily addresses data where CiptaBase is the Data Controller, but also outlines our responsibilities as a Data Processor.

“Personal Data” means any information relating to an identified or identifiable natural person as defined under the Malaysian Personal Data Protection Act 2010 (PDPA) and other applicable data protection laws.

2. Personal Data We Collect

a. Information You Provide Directly to Us (as a User):

  • Account Information: Your name, business name, email address, phone number, physical address (if provided), username, password, and any other information you provide when you register or update your account across any of our Services.
  • Payment Information: If you subscribe to paid services, we (or our third-party payment processors including Xendit) collect payment and billing information (e.g., credit card details, billing address). We do not store full credit card numbers ourselves.
  • Communications: Information you provide when you contact us (e.g., via [email protected]) for support, provide feedback, or otherwise communicate with us.
  • Service Configuration Data: Information you input when setting up your features across our Services (e.g., product descriptions, pricing, custom fields, business information).

b. Information We Collect Automatically When You Use the Services:

  • Usage Information: Details of your interactions with our Services, such as features used, pages visited on our websites, links clicked, time spent on pages, and the dates and times of access.
  • Device Information: Information about the device you use to access our Services, including IP address, hardware model, operating system, browser type, and unique device identifiers.
  • Location Information: We may infer your general geographic location based on your IP address.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. Please see our “Cookies and Tracking Technologies” section below for more details.

c. Information We Process on Behalf of Our Users (End-Customer Data):

When our Users utilize our Services to manage their orders, they collect Personal Data from their End-Customers. This may include:

  • End-Customer’s name, contact details (phone number, email, delivery address).
  • Order details (products purchased, quantity, price).
  • Any other information the User configures their forms or services to collect.

CiptaBase processes this End-Customer Data solely as a Data Processor, on behalf of and under the direction of our Users (the Data Controllers). Our Users are responsible for ensuring they have a lawful basis for collecting and processing this End-Customer Data and for complying with all applicable data protection laws including the Malaysian PDPA regarding their End-Customers.

3. How We Use Your Personal Data

a. As a Data Controller (for our Users’ and Website Visitors’ Data):

  • To Provide and Maintain the Services: To create and manage your account, enable you to access and use our Services, process transactions, and send you service-related communications (e.g., account verification, technical notices, updates).
  • To Improve and Personalize the Services: To understand how our Users use our Services, develop new features, improve existing ones, and personalize your experience across our platforms.
  • For Customer Support: To respond to your inquiries, troubleshoot problems, and provide assistance.
  • For Communication: To send you information about our Services, features, promotions, and events, where permitted by law and with your consent if required. You can opt-out of marketing communications.
  • For Security and Fraud Prevention: To protect the security and integrity of our Services, prevent fraud, and enforce our Terms of Use.
  • For Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, including compliance with the Malaysian PDPA.
  • For Analytics and Business Intelligence: To analyze trends, track usage data, and generate aggregated, anonymized insights for business purposes.

b. As a Data Processor (for End-Customer Data):

  • We use End-Customer Data solely to provide our Services to our Users as directed by them. This includes processing order information, storing it as configured by the User, and facilitating communication between our Users and their End-Customers through our Services.
  • We do not use End-Customer Data for our own purposes, such as marketing or analytics, beyond what is necessary to provide and improve our Services for our Users.

4. Legal Basis for Processing Personal Data

Under the Malaysian Personal Data Protection Act 2010 (PDPA) and other applicable data protection laws, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

We will normally collect Personal Data from you only:

  • a. Where we need the Personal Data to perform a contract with you (e.g., to provide our Services).
  • b. Where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (e.g., for security, service improvement, analytics).
  • c. Where we have your consent to do so (e.g., for marketing communications).
  • d. Where we have a legal obligation to collect Personal Data from you.

5. How We Share and Disclose Your Personal Data

We do not sell your Personal Data. We may share your Personal Data with the following categories of third parties:

  • Service Providers: We engage third-party companies and individuals to perform services on our behalf (e.g., payment processing via Xendit, secure cloud hosting in Malaysia, cloud computing, IT support, analytics, email delivery, customer support tools). These service providers only have access to Personal Data necessary to perform their functions and are contractually obligated to protect it and use it only for the purposes for which it was disclosed.
  • In Connection with Business Transfers: If CiptaBase PLT is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Data may be sold or transferred as part of that transaction. We will notify you of any such deal and outline your choices.
  • To Comply with Laws and Legal Process: We may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to: (i) comply with a legal obligation or government request; (ii) protect and defend the rights or property of CiptaBase PLT; (iii) prevent or investigate possible wrongdoing in connection with our Services; (iv) protect the personal safety of Users of our Services or the public; or (v) protect against legal liability.
  • Aggregated or De-identified Data: We may share aggregated or de-identified information, which cannot reasonably be used to identify you, for various purposes, including for business or research purposes or to improve our services.
  • With Your Consent: We may share your Personal Data with other third parties with your consent.

With respect to End-Customer Data processed on behalf of our Users, we will only disclose it as instructed by the User (the Data Controller) or as required by law.

6. Your Data Protection Rights

Under the Malaysian Personal Data Protection Act 2010 (PDPA) and other applicable data protection laws, you may have the following rights regarding your Personal Data:

  • Right to Access: You may have the right to request access to the Personal Data we hold about you.
  • Right to Correction: You may have the right to request that we correct any inaccurate or incomplete Personal Data we hold about you.
  • Right to Withdraw Consent: Where we are processing your Personal Data based on your consent, you have the right to withdraw your consent at any time.
  • Right to Data Limitation: You may have the right to request that we limit the processing of your Personal Data under certain conditions.
  • Right to Data Portability: You may have the right to request a copy of your Personal Data in a structured, commonly used, and machine-readable format.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Commissioner for Personal Data Protection Malaysia if you believe that our processing of your Personal Data infringes the Malaysian PDPA or other applicable data protection laws.

To exercise any of these rights, please contact us using the details provided in the “Contact Us” section below. We will respond to your request in accordance with applicable law. We may need to verify your identity before processing your request.

For End-Customers: If you are an End-Customer of one of our Users and wish to exercise your data protection rights regarding Personal Data processed through our Services, please contact the User (the business you ordered from) directly, as they are the Data Controller. CiptaBase will assist our Users in responding to such requests as required by law.

7. Data Retention

We will retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements under Malaysian law, and to resolve disputes and enforce our agreements.

When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it, or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

For End-Customer Data, we retain it according to the instructions of our Users (the Data Controllers) and for as long as they maintain an active account with us or as required to provide our Services.

8. Security of Your Personal Data

We are committed to protecting the security of your Personal Data. We implement appropriate technical and organizational measures to protect it from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and user authentication
  • Secure password hashing
  • Regular security assessments and updates
  • Staff training on data protection
  • Secure cloud hosting infrastructure located in Malaysia

However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

9. International Data Transfers

Your Personal Data is primarily stored and processed on secure servers located in Malaysia. For Users and End-Customers outside Malaysia, this may constitute an international transfer of your Personal Data.

For certain service operations, your Personal Data may be transferred to, and processed in, countries other than Malaysia. These countries may have data protection laws that are different from the laws of Malaysia.

When we transfer your Personal Data internationally, we will take appropriate safeguards to ensure that your Personal Data remains protected in accordance with this Privacy Policy and applicable data protection laws. This may include implementing Standard Contractual Clauses (or equivalent mechanisms) with third parties.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like web beacons and pixels) to collect and use Personal Data about you when you visit our websites, including to understand your usage of our Services, personalize your experience, and potentially serve interest-based advertising.

a. What are Cookies?

Cookies are small text files stored on your device when you visit a website.

b. Types of Cookies We Use:

  • Essential/Strictly Necessary Cookies: For site functionality and security
  • Performance/Analytics Cookies: To understand usage patterns and improve our Services
  • Functionality Cookies: To remember your preferences and settings
  • Targeting/Advertising Cookies: To provide relevant content and advertisements

c. Your Choices:

Most web browsers allow you to control cookies through their settings preferences. You can usually set your browser to refuse cookies or to alert you when cookies are being sent. If you disable cookies, some features of our Services may not function properly.

You can manage cookie preferences through your browser settings or contact us for assistance.

11. Children’s Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect Personal Data from children under this age. If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to remove that information from our servers. If you believe that we might have any information from or about a child, please contact us at [email protected].

12. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and, where required, the relevant supervisory authorities in accordance with applicable law, including the requirements under the Malaysian PDPA.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

We will post any Privacy Policy changes on our websites and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes). You can see when this Privacy Policy was last updated by checking the “Effective Date” at the top of this Privacy Policy.

14. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact us at:

CiptaBase PLT
No 15, Jalan 2/6 Taman Mutiara Indah, 47100, Puchong, Selangor, Malaysia
Email: [email protected]
Website: ciptabase.com

For inquiries specifically related to your Personal Data rights under the Malaysian PDPA, you may also contact our Data Protection Officer at the same email address.