Privacy Policy
Last updated: 24 April 2026 · Effective date: 24 April 2026
1. Data controller
This Privacy Policy is issued by YOUNG BIZ SDN. BHD. (Malaysian registration 202301011255 / 1505177-X, "we", "us") as the Data Controller. We process your personal data in accordance with the Malaysian Personal Data Protection Act 2010 (PDPA) and with equivalent GDPR / CCPA standards where applicable.
2. Information we collect
2.1 Merchant registration information
- Company name, registration number, registered address, business scope;
- Legal representative / director name, ID document number, date of birth;
- Corporate bank account (account number, bank);
- Contact email and phone.
2.2 End-customer payment information
- Email, name and billing address required at checkout;
- Card data is not stored by us directly — it is processed by PCI DSS Level 1–compliant PSPs (Stripe / iPay88, etc.);
- Transaction amount, currency, timestamp, IP address, browser fingerprint (for fraud prevention).
2.3 Technical information
- Access logs (IP, User-Agent, timestamp, path);
- Cookies (session identifiers, security tokens, login state);
- Error logs and performance data.
3. Purposes of processing
- Providing and maintaining the payment service;
- Fulfilling KYC / KYB, anti-money-laundering and anti-fraud obligations;
- Reconciliation, settlement and tax reporting;
- Customer support, dispute handling, chargeback representment;
- Product improvement (anonymised aggregated statistics);
- Compliance reporting and regulator responses as required by law.
4. Data sharing
We share information with third parties only where strictly necessary:
- Payment Service Providers (Stripe, Inc. / iPay88 (M) Sdn. Bhd. / Coinbase Commerce, etc.) to complete payment processing;
- Banks for settlement, withdrawal and refunds;
- Cloud infrastructure providers (Cloudflare, Inc.) for hosting and acceleration;
- Compliance service providers (KYB / identity verification vendors) for merchant verification;
- Regulators and judicial authorities where disclosure is required by Malaysian law or the law of the merchant's jurisdiction.
We do not sell your personal data to advertisers or unrelated third parties.
5. Data security
- HTTPS everywhere (TLS 1.2+). All API traffic is encrypted;
- Passwords stored with PBKDF2-SHA256 (100,000 iterations) and a per-user salt;
- Session cookies are HttpOnly; failed-login lockout after 15 minutes;
- Webhooks verified via HMAC-SHA256;
- D1 SQLite hosted on Cloudflare's globally distributed infrastructure with physical and network isolation;
- We do not store card numbers or CVV — these are handled by the upstream PSP within PCI DSS SAQ A scope.
6. Data retention
- Transaction records: 7 years (per Malaysian Income Tax Act and AML regulations);
- KYB materials: 7 years after account closure;
- Login logs: 1 year;
- Marketing subscriptions: until you unsubscribe.
7. Your rights
Within the applicable legal framework, you have the right to:
- Access a copy of personal data we hold about you;
- Correct inaccurate information;
- Request deletion ("right to be forgotten") where permitted by law;
- Restrict or object to certain processing;
- Data portability (structured export).
To exercise these rights, contact [email protected]. We reply within 30 days.
8. Cookies
We use the following cookie types:
- Necessary cookies (session_token, csrf_token): required for login — cannot be disabled;
- Analytics cookies (anonymous aggregate traffic): can be declined via your browser settings.
9. Cross-border data transfers
Because we use Cloudflare's global infrastructure, your data may be processed on servers outside Malaysia. We only work with providers that offer a level of protection equivalent to PDPA / GDPR, and use Standard Contractual Clauses (SCCs) to ensure compliance.
10. Children's privacy
The Platform is not offered to individuals under 18 and we do not knowingly collect such information.
11. Updates to this policy
We will update the "Last updated" date at the top of this page and notify registered merchants by email when material changes are made.