Privacy Policy

Effective Date: October 16, 2025
Vulcan Labs Sdn. Bhd.
202501016609 (1618023-A)

1. Introduction

This Privacy Policy explains how Ringit collects, uses, stores, and protects personal and business data in compliance with the Personal Data Protection Act 2010 (PDPA).

2. Data We Collect

  • Business Data: Company name, Business Registration Number (BRN), Tax Identification Number (TIN), address.
  • User Data: Name, email, login credentials.
  • Invoice Data: Buyer/seller details, line items, tax breakdowns, payment terms.
  • Payment Data: Billing information, subscription records, transaction references.
  • Usage Data: Activity logs, device information, error reports.

3. How We Use Data

  • To operate and provide the Ringit Service.
  • To transmit e-Invoices to LHDN on your behalf.
  • To comply with statutory retention and tax obligations.
  • To process subscription payments.
  • To improve product functionality, analytics, and security.

4. Data Sharing & Disclosure

We may share data with:

  • LHDN: For statutory e-Invoice submission.
  • Payment Providers: To process billing and transactions.
  • Vendors/Service Providers: For hosting, analytics, and support (bound by confidentiality).
  • Authorities/Regulators: Where legally required.

We do not sell personal data to third parties.

5. Data Retention

  • Approved invoices: Retained for at least seven (7) years.
  • Billing/payment data: Retained for seven (7) years.
  • User accounts: Retained until deletion, with invoices retained as required.
  • Logs: Retained for 12–24 months before anonymization.
  • Drafts: Retained until submission or deletion.

6. Data Transfers

If data is stored or processed outside Malaysia, Ringit ensures safeguards consistent with PDPA Section 129 and applicable guidelines.

7. Security

We use industry-standard measures including:

  • Encryption (in transit and at rest).
  • Role-based access controls.
  • Backups and audit logs.

8. User Rights

Under PDPA, you may:

  • Access the personal data we hold about you.
  • Request correction or deletion of inaccurate data.
  • Withdraw consent for non-essential processing.

Requests can be made via support@ringit.my.

9. Sector-Specific Privacy Considerations

  • Healthcare: You are responsible for obtaining explicit patient consent before entering sensitive health data into Ringit.
  • Tutors/Education: You are responsible for guardian consent when entering minors' information.
  • Beauty/Wellness/Coaching: You are responsible for any waivers, disclaimers, or special consents needed for your services.

10. Indemnity for Data Provided

You warrant that data you submit complies with PDPA and indemnify Ringit against liability arising from unlawful submissions.

11. Updates

We may update this Privacy Policy from time to time. Updates will be published on our website with an updated effective date.

12. Governing Law

This Policy is governed by Malaysian law.