HaveTap
Terms Log in

Privacy Policy

Effective Date: [Date]

1. Introduction

Welcome to HaveTap ("HaveTap", "we", "us", "our"). We provide a micro-storefront platform designed for Malaysian Micro, Small, and Medium Enterprises (MSMEs) to create online stores, manage orders, accept bookings, and interact with their customers ("Service").

This Privacy Policy explains how [Your Company Name], the provider of HaveTap, collects, uses, discloses, and protects information obtained from:

  • Business Users: Individuals or businesses who sign up for, manage, and use the HaveTap Service to operate their micro-storefronts.
  • Storefront Visitors: Individuals who visit or interact with the micro-storefronts created by our Business Users.

We are committed to protecting your privacy in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA) and other applicable laws. By using the HaveTap Service or visiting a HaveTap-powered storefront, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect different types of information depending on your interaction with our Service:

Information Provided by Business Users:

  • Account Information: When you sign up for HaveTap, we collect information such as your name, business name, email address, phone number, and password.
  • Storefront Content: Information you upload or create for your micro-storefront, including product/service details (names, descriptions, prices, images), business logo, customization choices, contact information, and potentially business address.
  • Payment Information: For paid plans (Growth, Professional), we collect billing information such as credit card details or bank account information necessary to process payments. This may be handled directly by our secure third-party payment processor.
  • Payment Setup Information: Information required to enable customer payments via DuitNow QR or direct bank transfer, such as your relevant QR code details or bank account numbers, which you configure for display/use on your storefront.
  • Communications: Records of your communications with us, including support requests.
  • Testimonial Information: If you provide a testimonial, we collect your name, business name, quote, and potentially an image, with your explicit consent.

Information Processed on Behalf of Business Users (from Storefront Visitors):

When visitors interact with a Business User's storefront, HaveTap processes information on behalf of the Business User. The Business User is the primary controller of this data. This may include:

  • Order Information: Customer name, contact details (like phone number for WhatsApp), items ordered, delivery address (if applicable), order notes.
  • Booking Information: Customer name, contact details, service booked, date/time of appointment.
  • Payment Confirmation Data: Information related to manual payment verification or transaction identifiers from DuitNow/bank transfers (Note: We typically do not store full sensitive payment details like full bank account numbers of end customers unless necessary for a specific refund process initiated by the Business User and processed manually).
  • Communications Data: Information exchanged via integrated channels like WhatsApp initiated through the storefront.

Information Collected Automatically (Business Users and Storefront Visitors):

  • Usage Data: We may collect information about how you access and use the Service or storefronts, such as your IP address, browser type, device type, operating system, pages visited, time spent on pages, links clicked, and referral sources.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service, maintain user sessions, remember preferences, and gather usage analytics. You can control cookie preferences through your browser settings.

3. How We Use Your Information

We use the collected information for various purposes:

  • To Provide and Maintain the Service: Operate your account, build and host your storefront, process orders and bookings, facilitate payments.
  • To Manage Accounts: Process signups, manage subscriptions, send invoices, and handle payments.
  • To Improve the Service: Analyze usage patterns, gather feedback, develop new features, and enhance user experience (including mobile optimization).
  • To Communicate with You: Send service updates, security alerts, support messages, order/booking notifications (including via WhatsApp as configured), and respond to inquiries.
  • For Marketing and Promotions: With your consent where required, send information about new features, promotions, or other news about HaveTap (primarily to Business Users).
  • For Security and Compliance: Prevent fraud, enforce our Terms of Service, comply with legal obligations, and protect the rights and safety of HaveTap, our users, and the public.
  • To Aggregate Data: Create anonymized, aggregated data for statistical analysis and business intelligence, which does not identify any individual.

4. How We Share Your Information

We do not sell your personal information. We may share information under the following circumstances:

  • With Service Providers: We engage third-party companies and individuals to perform services on our behalf (e.g., hosting providers, payment processors, analytics providers, email service providers, customer support tools). These providers have access to your information only to perform these tasks and are obligated not to disclose or use it for other purposes.
  • Payment Facilitation: Information necessary to process payments (DuitNow QR details, bank info provided by Business Users) is displayed or utilized as configured by the Business User to allow their customers to make payments. Information may be shared with financial institutions as part of the payment process.
  • WhatsApp Integration: When configured by the Business User, order/booking information and relevant contact details (customer phone number) are shared with WhatsApp to facilitate notifications. WhatsApp's use of data is governed by their own privacy policy.
  • Business User's Customers: Information provided by a Storefront Visitor is primarily shared with the relevant Business User whose storefront they interacted with.
  • Legal Requirements: We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: If [Your Company Name] is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
  • With Your Consent: We may share your information for other purposes with your explicit consent.

5. Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect the information we collect from unauthorized access, disclosure, alteration, or destruction. However, no internet transmission or electronic storage method is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. Business Users are responsible for maintaining the security of their own account credentials.

6. Data Retention

We retain Business User account information for as long as the account is active or as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Information processed on behalf of Business Users (Storefront Visitor data) is retained according to the Business User's instructions or settings, subject to our standard backup and deletion cycles or legal requirements. Anonymized and aggregated data may be retained indefinitely.

7. Your Rights (PDPA)

Under the Malaysian PDPA, you have certain rights regarding your personal data, including:

  • The right to request access to your personal data.
  • The right to request correction of inaccurate or incomplete personal data.
  • The right to withdraw consent to the processing of your personal data (where consent is the basis for processing).
  • The right to request prevention of processing likely to cause damage or distress.
  • The right to request prevention of processing for direct marketing purposes.

To exercise these rights, please contact us at [Your Contact Email]. We will respond to your request within the timeframes required by law. Note that for data related to Storefront Visitors, requests should often be directed to the respective Business User who controls that data.

8. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of Malaysia where the data protection laws may differ. We will take steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

9. Children's Privacy

Our Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18 without verification of parental consent, we will take steps to remove that information.

10. Third-Party Links and Services

Our Service and user-created storefronts may contain links to other websites or services not operated by us (e.g., social media links, payment gateway portals, WhatsApp). If you click on a third-party link, you will be directed to their site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. For significant changes, we may also notify Business Users via email or through the Service dashboard. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us: