1. Introduction

ONE MASS ENTERPRISE (Registration No: 003736126-H) ("Company", "we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Revender WhatsApp Business SaaS platform and related services (the "Service").

This policy complies with the Personal Data Protection Act 2010 (PDPA) of Malaysia and other applicable privacy laws. By using our Service, you consent to the data practices described in this policy.

If you do not agree with this Privacy Policy, please do not access or use our Service.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you directly provide to us, including:

• Account Information: Name, email address, phone number, business name
• Profile Information: Business details, industry, company size
• Payment Information: Billing address, payment method details (processed by Stripe)
• Contact Information: Support requests, feedback, survey responses
• WhatsApp Business Data: Business phone numbers, verification documents

2.2 Customer Data You Upload

Through your use of our platform, you may upload customer data including:

• Customer contact information (names, phone numbers)
• Message content and templates
• Customer interaction history
• Campaign and marketing data
• Business transaction information

Important: You are the data controller for customer data you upload. We process this data on your behalf as a data processor. You are responsible for obtaining proper consent from your customers for data processing activities.

2.3 Automatically Collected Information

We automatically collect certain information when you use our Service:

• Usage Data: Pages visited, features used, time spent, click patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Performance Data: System performance, error logs, debugging information
• Location Data: General location (country/city) based on IP address
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies

2.4 Third-Party Information

We may receive information from third-party services you connect to our platform:

• WhatsApp Business API: Account status, messaging quotas, delivery reports
• Payment Processors: Transaction status, billing information from Stripe
• Authentication Services: Profile information from Google OAuth
• Analytics Services: Website usage statistics and user behavior data

3. How We Use Your Information

3.1 Service Provision

We use your information to:

• Provide and maintain our WhatsApp Business SaaS platform
• Process and manage your account and subscriptions
• Enable WhatsApp Business API integration and messaging
• Process payments and manage billing
• Provide customer support and technical assistance
• Send service-related notifications and updates

3.2 Platform Improvement

We use aggregated and anonymized data to:

• Analyze platform usage and performance
• Develop new features and improvements
• Conduct security monitoring and fraud prevention
• Optimize user experience and platform efficiency
• Generate business insights and analytics

3.3 Communication

With your consent, we may use your information to:

• Send promotional emails about new features and services
• Provide educational content and best practices
• Conduct surveys and request feedback
• Send relevant business insights and industry updates

3.4 Legal Compliance

We may process your information to comply with legal obligations, including:

• Responding to legal requests and court orders
• Complying with regulatory requirements
• Preventing fraud and ensuring platform security
• Protecting our legal rights and those of our users

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who help us operate our platform:

• Cloud Hosting: AWS, Google Cloud for infrastructure and data storage
• Payment Processing: Stripe for subscription billing and payment processing
• Email Services: SendGrid, Mailgun for transactional and marketing emails
• Analytics: Google Analytics for website usage analysis
• Support Tools: Customer service platforms for support ticket management
• Security Services: Fraud detection and cybersecurity providers

4.2 WhatsApp Business API

To provide our core service, we share necessary data with Meta's WhatsApp Business API:

• Business verification information
• Message content and recipient information
• Template submissions for approval
• Usage and delivery analytics

4.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal process, court orders, or government requests
• Protect our rights, property, or safety
• Prevent fraud or security breaches
• Comply with regulatory investigations

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your information:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Infrastructure Security: Secure cloud hosting with regular security updates
• Monitoring: 24/7 security monitoring and intrusion detection
• Regular Audits: Annual security assessments and penetration testing
• Data Backup: Regular encrypted backups with disaster recovery procedures

5.2 Employee Access

Employee access to personal data is strictly limited on a need-to-know basis. All employees undergo security training and sign confidentiality agreements.

5.3 Incident Response

In the event of a data breach, we have procedures to quickly contain the incident, assess the impact, and notify affected users and authorities as required by law.

6. Data Retention

6.1 Account Data

We retain your account information for as long as your account is active or as needed to provide services. After account closure, we retain certain information for legitimate business purposes:

• Billing Records: 7 years for tax and accounting purposes
• Legal Compliance: As required by applicable laws
• Fraud Prevention: 2 years for security and fraud prevention
• Analytics Data: 3 years in anonymized form for business insights

6.2 Customer Data

Customer data you upload is retained based on your instructions:

• Active accounts: Data retained while account is active
• Account closure: Data deleted within 30 days unless legally required
• Data deletion requests: Processed within 30 days
• Backup copies: Securely deleted from backups within 90 days

7. Your Rights Under PDPA

Under Malaysia's Personal Data Protection Act 2010 (PDPA), you have the following rights:

7.1 Right to Access

You have the right to request access to your personal data and information about how we process it.

7.2 Right to Correction

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

7.4 Right to Data Portability

You can request your data in a structured, machine-readable format for transfer to another service.

7.5 Right to Limit Processing

You can request limitation of processing in certain circumstances.

7.6 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@revender.com. We will respond within 21 days as required by PDPA. Some rights may be subject to exceptions under applicable law.

8. Cookies and Tracking Technologies

8.1 Types of Cookies

We use different types of cookies:

• Essential Cookies: Required for basic platform functionality
• Performance Cookies: Help us understand how users interact with our platform
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Provide insights into platform usage and performance

8.2 Cookie Management

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality. We provide a cookie preference center to manage your choices.

9. International Data Transfers

Your data may be processed in countries outside Malaysia where our service providers operate. We ensure adequate protection through:

• Standard contractual clauses with service providers
• Adequacy decisions by regulatory authorities
• Certification schemes and codes of conduct
• Strong technical and organizational security measures

10. Children's Privacy

Our Service is designed for business use and is not intended for children under 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated policy on our website
• Update the "Last Updated" date
• Notify you of material changes via email or platform notification
• Provide reasonable notice before changes take effect

Your continued use of our Service after the effective date constitutes acceptance of the updated policy.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

13. Regulatory Information

Company Registration: Revender Sdn Bhd is registered in Malaysia under company number [Registration Number].

PDPA Compliance: We are committed to compliance with Malaysia's Personal Data Protection Act 2010 and have implemented appropriate policies and procedures to ensure compliance.

Regulatory Authority: For complaints about our data practices, you may contact the Personal Data Protection Department of Malaysia.