Privacy Policy

Websumo Solutions (Co. Reg. No. 201803015504) ("WhatsMenu") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsMenu platform and services. Please read this policy carefully.

1. INFORMATION WE COLLECT

1.1 Information Provided by Merchant
- Account Information: Name, email address, phone number, and business details
- Payment Information: Billing address, subscription plan details, and payment history (WhatsMenu does not store payment card information - this is handled securely by Stripe)
- Business Information: Business name, address, operating hours, menu items, and business documents
- Customer Data: Information about your customers that you input into our platform
- Communications: Messages, feedback, and support requests you send to us

1.2 Information Collected Automatically
- Usage Data: How you interact with our platform, pages visited, features used
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Server logs, access times, pages viewed, and other technical information
- Cookies and Similar Technologies: To enhance your experience and analyze platform usage

1.3 Information from Third Parties
- Payment Processors: Stripe provides us with payment confirmation and transaction details
- Analytics Services: Usage statistics and platform performance data
- Business Partners: Information shared through integrations and partnerships

2. HOW WE USE INFORMATION

2.1 Service Provision
- Process your account registration and manage your subscription
- Provide customer support and technical assistance
- Process payments and manage billing
- Deliver platform features and functionality
- Send important service updates and notifications

2.2 Business Operations
- Improve our platform and develop new features
- Analyze usage patterns to enhance user experience
- Conduct research and analytics for service improvement
- Ensure platform security and prevent fraud
- Comply with legal obligations and regulatory requirements

2.3 Communication
- Respond to your inquiries and support requests
- Send service-related announcements and updates
- Provide marketing communications (with your consent)
- Share important legal and policy updates

3. INFORMATION SHARING

3.1 With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.

3.2 Service Providers
We work with trusted third-party service providers who assist us in:
- Payment processing (Stripe)
- Cloud hosting and infrastructure
- Analytics and performance monitoring
- Customer support services
- Email and communication services

3.3 Legal Requirements
We may disclose your information when required by law, including:
- Compliance with Malaysian laws and regulations
- Response to legal process or government requests
- Protection of our rights, property, or safety
- Investigation of potential violations of our terms

3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

4. DATA RETENTION AND DELETION

4.1 Retention Period
We retain your information for as long as necessary to:
- Provide our services to you
- Comply with legal obligations
- Resolve disputes and enforce agreements
- Maintain business records as required by Malaysian law

4.2 Data Deletion
Upon account termination, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes.

5. PDPA RIGHTS

As a Malaysian company, we comply with the Personal Data Protection Act 2010 (PDPA). You have the following rights:

5.1 Access and Correction
- Request access to your personal data
- Request correction of inaccurate or incomplete data
- Request information about how your data is processed

5.2 Withdrawal of Consent
- Withdraw consent for data processing at any time
- Opt-out of marketing communications
- Request deletion of your account and associated data

5.3 Data Portability
- Request a copy of your data in a portable format
- Transfer your data to another service provider

5.4 Complaints
- Lodge complaints about data processing practices
- Contact the Personal Data Protection Commissioner if necessary

6. SECURITY MEASURES

6.1 Security Measures
We implement appropriate technical and organizational measures to protect your information:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls and authentication systems
- Employee training on data protection

6.2 Incident Response
In the event of a data breach, we will:
- Notify affected users within 72 hours
- Report to relevant Malaysian authorities as required
- Take immediate steps to contain and remediate the breach
- Provide guidance on protective measures

7. INTERNATIONAL TRANSFERS

7.1 Cross-Border Transfers
Your data may be processed in countries outside Malaysia. We ensure adequate protection through:
- Standard contractual clauses
- Adequacy decisions by relevant authorities
- Appropriate safeguards as required by PDPA

7.2 Third-Party Services
When using third-party services (like Stripe), their privacy policies also apply to data processed by them.

8. COOKIES AND TRACKING

8.1 Types of Cookies
We use various types of cookies:
- Essential Cookies: Required for platform functionality
- Analytics Cookies: Help us understand platform usage
- Marketing Cookies: Used for advertising and marketing purposes

8.2 Cookie Management
You can control cookie settings through your browser preferences. However, disabling certain cookies may affect platform functionality.

9. CHILDREN'S PRIVACY

Our platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

10. POLICY CHANGES

10.1 Policy Updates
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the updated policy on our platform
- Sending email notifications to registered users
- Updating the effective date

10.2 Continued Use
Your continued use of our platform after policy changes constitutes acceptance of the updated policy.

11. CONTACT INFORMATION

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Websumo Solutions (Co. Reg. No. 201803015504)
G-09, Jalan Pandan Prima 1, Dataran Pandan Prima, 55100 Kuala Lumpur, Malaysia

Last updated on: 15 July 2025