Privacy Policy

Effective: 1 June 2026 · Compliant with PDPA 2010 (Malaysia)

1. Introduction

KASSIM (“we”, “our”, “the Platform”) is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA 2010) of Malaysia. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use KASSIM.

2. Data We Collect

Information you provide:

Name, email address, and password when you register
MyKad (IC) photograph for optional identity verification
Listing details: title, description, photos, pricing
Payment information (processed by Stripe; we do not store card details)
Shipping address for order fulfilment
Messages exchanged with other users or support

Automatically collected data:

IP address, browser type, and device information
Pages visited, listing views, and bid activity
Error logs and performance data (via Sentry)
Cookies and local storage preferences

3. How We Use Your Data

To create and manage your account
To facilitate transactions, escrow, and shipping
To send transactional emails (bid confirmations, payment receipts, order updates)
To verify your identity when you submit IC verification
To improve Platform performance and user experience
To detect and prevent fraud, abuse, and prohibited activities
To comply with legal obligations under Malaysian law

4. Third-Party Services

We share your data with trusted third-party service providers as necessary to operate the Platform:

Supabase

Database & authentication (hosted in Singapore)

Privacy

Stripe

Payment processing (PCI-DSS compliant)

Privacy

Resend

Transactional email delivery

Privacy

Google

OAuth sign-in (optional)

Privacy

Sentry

Error monitoring & performance

Privacy

Vercel

Hosting & edge infrastructure

Privacy

We do not sell your personal data to any third party.

5. Data Retention

Account data is retained while your account is active.
IC verification photos are deleted after verification is completed.
Transaction records are retained for 7 years for tax and legal compliance.
Error logs are retained for 90 days.

6. Your Rights Under PDPA 2010

As a data subject under the PDPA 2010, you have the right to:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your account and associated data, subject to legal retention requirements.
Withdrawal of consent: Withdraw consent for data processing where consent was the basis, which may affect your ability to use certain features.
Complaint: Lodge a complaint with the Personal Data Protection Commissioner of Malaysia.

To exercise these rights, contact us at syedshazni@todak.com with your request. We will respond within 21 days as required by PDPA 2010.

7. Cookies & Local Storage

We use cookies and browser local storage to maintain your session, remember preferences (language, theme), track recently viewed items, and provide push notification functionality. You may disable cookies in your browser, but this may affect Platform functionality.

8. Security

We implement industry-standard security measures including SSL/TLS encryption, row-level security (RLS) on our database, and secure escrow for financial transactions. However, no system is 100% secure. In the event of a data breach, we will notify affected users as required by law.

9. Children's Privacy

KASSIM is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has registered, please contact us immediately.

10. Contact Us

For privacy-related inquiries, data access requests, or complaints:

KASSIM Data Protection

Email: syedshazni@todak.com

Kuala Lumpur, Malaysia

2. Data We Collect

Information you provide:

Name, email address, and password when you register
MyKad (IC) photograph for optional identity verification
Listing details: title, description, photos, pricing
Payment information (processed by Stripe; we do not store card details)
Shipping address for order fulfilment
Messages exchanged with other users or support

Automatically collected data:

IP address, browser type, and device information
Pages visited, listing views, and bid activity
Error logs and performance data (via Sentry)
Cookies and local storage preferences

3. How We Use Your Data

To create and manage your account

To facilitate transactions, escrow, and shipping

To send transactional emails (bid confirmations, payment receipts, order updates)

To verify your identity when you submit IC verification

To improve Platform performance and user experience

To detect and prevent fraud, abuse, and prohibited activities

To comply with legal obligations under Malaysian law

4. Third-Party Services

We share your data with trusted third-party service providers as necessary to operate the Platform:

Supabase

Database & authentication (hosted in Singapore)

Privacy

Stripe

Payment processing (PCI-DSS compliant)

Privacy

Resend

Transactional email delivery

Privacy

Google

OAuth sign-in (optional)

Privacy

Sentry

Error monitoring & performance

Privacy

Vercel

Hosting & edge infrastructure

Privacy

We do not sell your personal data to any third party.

6. Your Rights Under PDPA 2010

As a data subject under the PDPA 2010, you have the right to:

Access: Request a copy of the personal data we hold about you.

Correction: Request correction of inaccurate or incomplete data.

Deletion: Request deletion of your account and associated data, subject to legal retention requirements.

Withdrawal of consent: Withdraw consent for data processing where consent was the basis, which may affect your ability to use certain features.

Complaint: Lodge a complaint with the Personal Data Protection Commissioner of Malaysia.

To exercise these rights, contact us at syedshazni@todak.com with your request. We will respond within 21 days as required by PDPA 2010.