This Privacy Policy and Personal Data Protection Notice ("Notice") explains how TalkToPlanB ("we", "us", "our") collects, uses, discloses, stores and protects your personal data when you use our messaging application, website and developer API (together, the "Service"). It is issued in accordance with Malaysia's Personal Data Protection Act 2010 ("PDPA") and its amendments.
TalkToPlanB is operated from Malaysia and its data is hosted on servers located in Malaysia. By registering for or using the Service, you confirm that you have read and understood this Notice and consent to the processing of your personal data as described.
1. Personal data we collect
| Category | Examples | Source |
|---|---|---|
| Account data | Phone number, username, password (stored only as a salted hash, never in plain text), optional email address | You, at registration |
| Communications content | The messages, voice messages, photos and files you send and receive through the Service | You, when you use the Service |
| Technical & usage data | IP address, device/browser information, timestamps, log data used for security, abuse prevention and reliability | Automatically |
| Account recovery data | One-time codes (OTP) sent to your email for password reset | Generated by us |
We do not access or upload your phone's contact list, and we do not request access to it.
2. Why we process your personal data (purposes)
- To create and manage your account and authenticate you.
- To operate the core messaging features (delivering and storing your messages and media).
- To provide account recovery (password reset).
- To maintain security, prevent fraud, spam and abuse, and keep the Service reliable.
- To comply with legal obligations and respond to lawful requests by authorities.
3. Legal basis and consent
We process your personal data on the basis of your consent (given when you register and use the Service) and where processing is necessary to provide the Service you request, to protect the Service and its users, or to comply with the law. You may withdraw your consent at any time (see Section 8); however, withdrawing consent may mean we can no longer provide the Service to you.
4. Disclosure of personal data
We do not sell your personal data. We may disclose personal data only:
- to service providers that help us operate the Service (for example, our cloud hosting provider, Oracle Cloud, and our email-delivery provider) under appropriate confidentiality obligations;
- to other users, to the extent inherent in messaging (e.g. the recipients you choose can see the messages you send them);
- where required by law, court order, or a lawful request by a regulatory or law-enforcement authority; and
- to protect the rights, safety and property of TalkToPlanB, our users, or the public.
5. Where your data is stored (data location)
Your personal data is stored on servers located in Malaysia (Oracle Cloud). Some limited supporting services (for example email delivery) may process data outside Malaysia; where personal data is transferred outside Malaysia, we will do so only in accordance with the PDPA.
6. Security
We take reasonable steps to protect your personal data, including encryption of all traffic in transit over HTTPS and storing passwords only as salted hashes. Please note: the Service is not end-to-end encrypted (end-to-end encryption is on our roadmap). No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
7. Data retention
We retain your personal data for as long as your account is active and as needed to provide the Service. When you close your account or ask us to delete your data, we will delete or anonymise your personal data within a reasonable period, except where we are required to retain it to comply with the law or to resolve disputes.
8. Your rights under the PDPA
Subject to the PDPA, you have the right to:
- Access the personal data we hold about you;
- Correct inaccurate or incomplete personal data;
- Withdraw consent to our processing of your personal data;
- Limit the processing of your personal data; and
- Request deletion of your account and associated personal data.
To exercise any of these rights, contact us at the address in Section 12. We may need to verify your identity before acting on your request.
9. Data breach
If a personal data breach occurs that is likely to cause significant harm, we will take reasonable steps to contain it and will notify the relevant authority and affected users as required by the PDPA.
10. Children
The Service is not directed at children under 13, and persons under 18 should use it only with the involvement of a parent or guardian. If you believe a child has provided us personal data without appropriate consent, please contact us so we can remove it.
11. Changes to this Notice
We may update this Notice from time to time. We will post the updated version here and change the "Last updated" date above. Your continued use of the Service after changes take effect constitutes acceptance of the updated Notice.
12. Contact us
For privacy questions, requests, or to exercise your PDPA rights, contact:
TalkToPlanB — Privacy
Email: leejianming.uob@gmail.com