Privacy Policy
Effective Date: Pending — update before launch
1. Data Controller
BeliBuddy is operated by [COMPANY_LEGAL_NAME] ([COMPANY_REG_NO]), registered at [REGISTERED_ADDRESS]. We are the data controller responsible for personal data collected through the BeliBuddy app and website (belibuddy.my). Data Protection Officer: privacy@belibuddy.my
2. What Data We Collect
We collect registration data (display name, email, password), demographic profile (age band, gender, state, household size, income band, ethnicity), community activity data (reviews, likes, product scans), purchase verification data (receipt images, structured purchase data, barcodes), survey responses, and technical data (device type, app version, session logs).
3. How We Use Your Data
We use your data for platform operation, purchase verification via OCR, survey eligibility and deployment, research and analytics (aggregated and anonymised), fraud prevention, and transactional communications.
4. Data Retention
Account data is retained while active and anonymised within 30 days of deletion. Receipt images are deleted after 24 months. Anonymised research data is retained indefinitely.
5. Who We Share Data With
We do not sell your data. We share only aggregated anonymised data with corporate clients. Service providers include Google Cloud Vision API, Anthropic Claude API, Supabase (Singapore), and Vercel/Netlify for hosting.
6. Data Security
All data in transit is encrypted via TLS/HTTPS. Data at rest is encrypted via AES-256. Row-Level Security is enforced at database level. API keys are stored as server-side secrets.
7. Your Rights Under the PDPA
You have the right of access, correction, withdrawal of consent, limiting processing, and data portability. Contact privacy@belibuddy.my. Response within 21 days.
8. Contact
[COMPANY_LEGAL_NAME] | [REGISTERED_ADDRESS] | privacy@belibuddy.my | belibuddy.my