Contact

// LEGAL — PRIVACY_POLICY

Privacy Policy

Last Updated: June 2026

Welcome to ciptacraft.my (the "Site"), operated by Cipta Craft Solutions ("we," "us," or "our"). We operate as a Data Controllerunder the Malaysian Personal Data Protection Act 2010 ("PDPA"). We are committed to protecting the privacy and security of the personal data of our corporate clients, partners, and website visitors ("you" or "your").

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or use our B2B software services.

1. Personal Data We Collect

We only collect personal data that is reasonably necessary for our commercial transactions and business operations. This includes:

  • Identity Data: Name, job title, company name, and corporate registration details.
  • Contact Data: Corporate email address, phone number, and physical office address.
  • Technical Data: IP address, browser type, operating system, and interaction data with our Site.
  • Service Data: Information provided during project consultations, onboarding, or custom software briefs (e.g., operational workflows, booking preferences).

2. How We Use Your Data (Notice & Choice)

We process your personal data for the following explicit purposes:

  • To communicate with you regarding your inquiries, custom software project quotes, or mockups (e.g., Titan Shield, Lumiere).
  • To fulfill our obligations under service contracts, including software deployment, optimization, maintenance, and server management.
  • To send you relevant industry insights, operational tips, or promotional updates (only with your explicit consent, which you can withdraw at any time).
  • To improve our website user experience and optimize our service design offerings.

3. Disclosure of Personal Data

We do not sell or rent your data. We will only disclose your personal data to third parties under the following strict conditions:

  • Service Providers: Trusted partners who assist in operating our business (e.g., cloud hosting providers like OVHcloud or Vercel, payment processors, or AI integration APIs) who are contractually bound to maintain strict data security.
  • Legal Obligations: When required by Malaysian law, enforcement agencies, or regulatory authorities.

4. Data Security & Storage Location

We implement rigorous technical and organizational security measures to protect your data from unauthorized access, loss, alteration, or misuse.

  • Our standard hosting infrastructure prioritizes regional security compliance, utilizing enterprise-grade secure servers (including secure Singapore/Malaysia data centers where applicable).
  • Data Breach Notification: In compliance with Malaysian regulatory standards, if we become aware of a personal data breach that presents a risk of significant harm, we will notify the Personal Data Protection Commissioner within 72 hours and affected individuals without unnecessary delay.

5. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements under Malaysian corporate law.

6. Your Rights Under the PDPA

As a data subject in Malaysia, you hold the following statutory rights:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right of Correction: You may request that we update or correct inaccurate or incomplete data.
  • Right to Withdraw Consent: You may revoke your consent for direct marketing or processing at any time.

To exercise any of these rights, please contact our Data Protection representative at hello@ciptacraft.my.