Privacy Policy

This Privacy Policy explains how Kedaiflow (“we”, “us”) collects, uses, discloses, and protects personal information in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA) and its 2025 amendments.

1. Information we collect

• Account — name, email, phone, business name, BRN, TIN, SST registration ID.
• Order & invoice data — customer names, phone numbers, items, amounts, payment status.
• Payment data — processed by Billplz / third-party gateways; we store only reference identifiers.
• Usage data — cookies, device info, page views for analytics and abuse prevention.

2. How we use your data

• To operate the service: storefront, orders, invoicing, payments.
• To meet legal obligations: LHDN MyInvois e-Invoice submission, SST reporting, tax records.
• To communicate service-critical information and optional product updates.
• To improve the service via anonymised analytics.

3. Who we share data with

Your data is shared only with: (a) payment processors to settle transactions, (b) LHDN (MyInvois) for tax compliance on your explicit instruction, (c) cloud infrastructure providers under data-processing agreements, (d) authorities where required by Malaysian law.

4. Data retention

Transaction and invoice records are retained for at least 7 years to satisfy Malaysian tax law. Account profile data is retained while your account is active, plus 90 days after a deletion request.

5. Your rights

Under PDPA you may access, correct, or request deletion of your personal data; withdraw consent for optional processing; and lodge a complaint with the Personal Data Protection Department. Email hello@kedaiflow.com to exercise these rights.

6. Cross-border transfers

Data may be processed on infrastructure located outside Malaysia (Singapore region). Transfers follow the cross-border guidelines under the PDPA 2025 amendments.

7. Contact

Data Protection Officer — email hello@kedaiflow.com.