Privacy Policy

Last updated: December 29, 2024

1. Introduction

Paylancer ("we", "our", or "us") is committed to protecting your privacy and complying with the Personal Data Protection Act 2010 (PDPA) of Malaysia and the General Data Protection Regulation (GDPR) where applicable.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoicing automation service.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Name and business name
  • Email address
  • Phone number
  • Business address
  • SSM registration number
  • Bank account details
  • Tax identification number

2.2 Client Information

Information you provide about your clients:

  • Client names and business names
  • Contact details (email, phone, address)
  • Payment information
  • Invoice and retainer details

2.3 Automatically Collected Information

  • IP address and location data
  • Browser type and version
  • Device information
  • Usage data and analytics
  • Cookies and similar technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Generate and send invoices on your behalf
  • Process payments and send payment reminders
  • Communicate with you about your account
  • Provide customer support
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Send marketing communications (with your consent)
  • Analyze usage patterns to improve our service

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

  • Contract: Processing necessary to provide our services
  • Consent: Where you have given explicit consent
  • Legitimate Interests: For fraud prevention and service improvement
  • Legal Obligation: To comply with tax and financial regulations

5. Information Sharing and Disclosure

We may share your information with:

5.1 Service Providers

  • Supabase: Database and authentication services
  • BayarCash: Payment processing for Malaysian payment methods
  • Resend: Email delivery services
  • Vercel: Hosting and infrastructure

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights and safety.

5.3 Your Clients

Information necessary to complete transactions, such as invoices and payment receipts, will be shared with your clients as part of our service.

6. Data Security

We implement industry-standard security measures to protect your data:

  • TLS/SSL encryption for data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Secure data centers (ISO 27001 certified)
  • Regular backups and disaster recovery plans

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account data: Until account deletion plus 30 days
  • Financial records: 7 years (Malaysian tax requirements)
  • Usage logs: 90 days
  • Marketing data: Until consent is withdrawn

8. Your Rights (PDPA & GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Withdraw Consent: Withdraw consent for processing
  • Object: Object to processing for marketing purposes
  • Restrict: Request restriction of processing
  • Complaint: Lodge a complaint with supervisory authorities

To exercise these rights, contact us at privacy@paylancer.com

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and preferences
  • Analyze site usage and performance
  • Provide personalized experience
  • Prevent fraud and abuse

You can control cookies through your browser settings. However, disabling cookies may affect service functionality.

10. International Data Transfers

Your data may be transferred to and processed in countries outside Malaysia. We ensure adequate protection through:

  • Standard contractual clauses approved by regulatory authorities
  • Providers certified under privacy frameworks
  • Adequate safeguards as required by PDPA and GDPR

11. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification
  • Notice on our website
  • In-app notification

Continued use of our service after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights, contact us:

Email: privacy@paylancer.com

Data Protection Officer: dpo@paylancer.com

Response Time: Within 14 days

14. Regulatory Information

PDPA Compliance: Personal Data Protection Act 2010, Malaysia

GDPR Compliance: Where applicable for EU residents

Supervisory Authority (Malaysia): Personal Data Protection Department