Privacy Policy

Last updated: November 10, 2025

1. Introduction

Welcome to MyKhairat ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our MyKhairat SaaS platform.

This Privacy Policy complies with the Personal Data Protection Act 2010 (PDPA) of Malaysia and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

  • Register for an account
  • Use our services
  • Contact us for support
  • Subscribe to our newsletters

The personal information we collect may include:

  • Identity Information: Full name, IC number/passport number, date of birth, gender
  • Contact Information: Email address, phone number, residential address
  • Organization Information: Masjid/mosque name, registration number, location
  • Financial Information: Bank account details, payment information
  • Member Information: Details of members and dependents registered in the system
  • Transaction Data: Payment records, claims, disbursements

2.2 Automatically Collected Information

When you access our platform, we automatically collect certain information, including:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, time spent, features used)
  • Log data (access times, errors, performance data)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Provide and Maintain Services

  • Create and manage your account
  • Process member registrations and manage member data
  • Process payments and financial transactions
  • Handle claims and disbursements
  • Generate reports and analytics

3.2 Communication

  • Send transactional notifications (payment receipts, claim status)
  • Provide customer support
  • Send administrative information and updates
  • Deliver marketing communications (with your consent)

3.3 Improve and Develop Services

  • Analyze usage patterns to improve user experience
  • Develop new features and functionality
  • Monitor and analyze trends and activities
  • Detect and prevent fraud and security issues

3.4 Legal Compliance

  • Comply with legal obligations and regulations
  • Respond to legal requests and prevent harm
  • Enforce our terms and conditions

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Your Consent

We may share your information when you explicitly consent to such sharing.

4.2 Service Providers

We may share information with third-party service providers who perform services on our behalf:

  • Payment gateway providers (for processing payments)
  • SMS gateway providers (for sending notifications)
  • Email service providers
  • Cloud hosting services
  • Analytics providers

4.3 Legal Requirements

We may disclose information if required by law, court order, or government authority.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: Data is encrypted in transit using SSL/TLS and at rest
  • Access Controls: Role-based access control with multi-factor authentication
  • Regular Backups: Automated daily backups with encryption
  • Security Monitoring: Continuous monitoring for security threats
  • Staff Training: Regular security awareness training for our team
  • Data Isolation: Multi-tenant architecture with schema-level data separation

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

  • Active Accounts: Data retained while account is active
  • Inactive Accounts: Data retained for 3 years after account closure
  • Financial Records: Retained for 7 years as required by Malaysian tax laws
  • Transaction Logs: Retained for 2 years for audit purposes

7. Your Rights Under PDPA

Under the Personal Data Protection Act 2010, you have the following rights:

7.1 Right to Access

You have the right to request access to your personal information held by us.

7.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal information.

7.3 Right to Withdraw Consent

You may withdraw your consent for processing of your personal information at any time.

7.4 Right to Data Portability

You have the right to request a copy of your data in a structured, machine-readable format.

7.5 Right to Deletion

You may request deletion of your personal information, subject to legal retention requirements.

To exercise these rights, please contact us at:

  • Email: privacy@mykhairat.my
  • Phone: +60 3-1234 5678

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and preferences
  • Analyze usage patterns and improve our services
  • Provide personalized content
  • Monitor system performance

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our platform.

9. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information.

11. International Data Transfers

Your information is primarily stored and processed in Malaysia. If we transfer data outside Malaysia, we will ensure appropriate safeguards are in place to protect your information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to registered users
  • Displaying a prominent notice on the platform

The "Last Updated" date at the top of this policy indicates when it was last revised.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Data Protection Officer

MyKhairat SaaS Platform

Level 15, Menara ABC, Jalan Ampang

50450 Kuala Lumpur, Malaysia

Email: privacy@mykhairat.my

Phone: +60 3-1234 5678

14. Complaints

If you believe we have not complied with this Privacy Policy or the PDPA, you may file a complaint with:

  • Our Data Protection Officer (contact details above)
  • The Personal Data Protection Commissioner of Malaysia:
    Website: www.pdp.gov.my

Your Privacy Matters

We are committed to protecting your privacy and handling your personal information responsibly. If you have any questions or concerns, please don't hesitate to contact us.

This Privacy Policy is effective as of November 10, 2025 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.