Privacy Policy
Last updated: January 20, 2026
1. Data Controller
This Privacy Policy explains how your personal data is collected and processed by:
We are the "data controller" as defined under the Personal Data Protection Act 2010 (PDPA) of Malaysia.
2. Personal Data We Collect
2.1 Data You Provide Directly
| Data Type | When Collected | Purpose |
|---|---|---|
| Phone Number | Account registration (providers) | Authentication, account recovery |
| Email Address | Account registration (consumers) | Authentication, notifications |
| Display Name | Profile setup (optional) | Shown with your reviews |
| Reviews & Ratings | When you submit a review | Help other users find providers |
| Payment Information | Subscription purchase (providers) | Process payments via Curlec |
2.2 Data Collected Automatically
| Data Type | Purpose | Can You Opt Out? |
|---|---|---|
| Device Information (type, OS version) | App compatibility, bug fixes | No (required for app function) |
| Usage Data (screens viewed, features used) | Improve user experience | Yes (in Settings) |
| Location Data | Show nearby providers | Yes (requires explicit permission) |
| Contact History | Your record of contacted providers | Yes (delete via app) |
| Error Logs | Fix crashes and bugs | No (required for app stability) |
2.3 Sensitive Personal Data
We do not collect sensitive personal data as defined under the PDPA, including:
- Physical or mental health information
- Political opinions or religious beliefs
- Criminal records
- Biometric data
3. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Legal Basis (PDPA) |
|---|---|
| Provide the service (search, contact, reviews) | Necessary for contract |
| Process subscription payments | Necessary for contract |
| Send important notifications (account, payments) | Necessary for contract |
| Improve app features and fix bugs | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Marketing communications | Your consent (opt-in) |
4. Third Parties We Share Data With
We share your data with the following third-party service providers who help us operate Khidmat:
| Service Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database & authentication | Account data, app data | Singapore |
| Firebase | Web hosting, push notifications | Device tokens | Singapore |
| Curlec (Razorpay) | Payment processing | Payment details (providers only) | Malaysia |
| Sentry | Error monitoring | Error logs, device info | USA |
| Twilio | SMS OTP delivery | Phone number | USA |
| Resend | Email delivery | Email address | USA |
We do not sell your personal data to any third party.
5. Cross-Border Data Transfers
Some of our service providers are located outside Malaysia. When we transfer your data outside Malaysia, we ensure that:
- The recipient country has adequate data protection laws, OR
- We have appropriate contractual safeguards in place
By using Khidmat, you consent to such transfers as necessary to provide the service.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Reviews | Indefinitely (may remain after account deletion) |
| Contact history | Until you delete your account |
| Payment records | 7 years (legal requirement) |
| Analytics data | 24 months |
| Error logs | 90 days |
7. Your Rights Under PDPA
Under the Personal Data Protection Act 2010, you have the following rights:
7.1 Right of Access
You may request access to your personal data that we hold. We will respond within 21 days.
7.2 Right of Correction
You may request correction of inaccurate or incomplete personal data. You can update most data directly in the app.
7.3 Right to Withdraw Consent
You may withdraw consent for data processing at any time. Note that withdrawing consent may affect our ability to provide the service.
7.4 Right to Delete
You may delete your account at any time via: App Settings > Account > Delete Account. This will delete your personal data, except where we are legally required to retain it.
7.5 Right to Complain
If you believe we have mishandled your personal data, you may lodge a complaint with the Personal Data Protection Commissioner:
Level 6, Menara KKMM, Lot 4G9
Persiaran Perdana, Presint 4
62100 Putrajaya, Malaysia
Email: aduan@pdp.gov.my
Website: www.pdp.gov.my
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS/SSL)
- Encryption of data at rest
- Access controls and authentication
- Regular security assessments
- Employee training on data protection
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
9. Cookies and Tracking
Our mobile app does not use cookies. Our website (khidmat.asia) uses essential cookies for:
- Session management
- Security (CSRF protection)
We may use analytics tools in the future to improve our service. Any analytics will be opt-out in app settings.
10. Children's Privacy
Khidmat is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting a notice in the app
- Updating the "Last updated" date above
- Sending an email notification for material changes
Your continued use of Khidmat after changes constitutes acceptance of the updated policy.
12. Contact Us
For questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact us:
General Support Email: support@khidmat.asia
We aim to respond to all inquiries within 14 days.
© 2026 Khidmat. All rights reserved.