Privacy Policy
Last updated: 2026-06-02
Tagstocks is committed to protecting your privacy and personal data in compliance with the Malaysian Personal Data Protection Act (PDPA) 2010.
1. Introduction
At Tagstocks, we are committed to protecting your privacy and ensuring the security of your personal and business data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based retail management system, website, and related services (collectively, the "Service").
This policy is issued in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and applies to all users of the Service. By using the Service, you consent to the data practices described in this policy.
Please read this Privacy Policy carefully. If you do not agree with its terms, you must discontinue use of the Service.
2. Information We Collect
We collect the following categories of information to provide and improve the Service:
2.1 Account Information
When you register for an Account, we collect:
- Business contact details: Company name, business registration number, business address, phone number, and email address.
- Account credentials: Your name, email address, and password (encrypted).
- Billing information: Billing address, payment method details (processed securely by our payment providers; we do not store full credit card numbers).
2.2 Business Data
When you use the Service to manage your retail operations, we store the data you input or upload, including:
- Product inventory records, pricing, and stock levels.
- Sales transactions, invoices, delivery orders, and credit notes.
- Customer contact information and purchase history.
- Employee and user account information within your organization.
- Multi-store data, stock transfers, and reporting data.
2.3 Usage Data
We automatically collect certain information when you access the Service:
- Log data: IP address, browser type, operating system, referring/exit pages, date/time stamps, and clickstream data.
- Device information: Device type, hardware model, unique device identifiers.
- Activity data: Features accessed, pages visited, and actions performed within the Service.
2.4 Communication Data
Information you provide when contacting us, including:
- Customer support inquiries and responses.
- Feedback, surveys, and feature requests.
- WhatsApp and email communications with our team.
3. How We Use Your Information
We use the collected information for the following purposes:
- Service Delivery: To operate, maintain, and provide the Service, including processing transactions, generating reports, and enabling multi-store management.
- Account Management: To manage your Account, process payments, send billing notifications, and provide customer support.
- Service Improvement: To analyze usage patterns, diagnose technical issues, and improve the functionality and user experience of the Service.
- Communication: To send service-related announcements, security alerts, updates, and administrative messages. We may also send marketing communications with your consent (you may opt out at any time).
- Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests, including Malaysian tax and e-invoicing requirements.
- Security: To detect, prevent, and address fraud, unauthorized access, and other illegal or harmful activities.
We will not use your personal data for purposes other than those disclosed in this policy without obtaining your consent, unless required or permitted by law.
4. Data Storage and Security
Data Storage: Your data is stored on secure cloud servers hosted by reputable cloud infrastructure providers. Data may be stored in Malaysia and/or Singapore data centers to ensure optimal performance and compliance with regional data residency requirements.
Security Measures: We implement industry-standard technical and organizational security measures to protect your data, including:
- Encryption of data in transit using TLS/SSL protocols.
- Encryption of sensitive data at rest.
- Role-based access controls and authentication mechanisms.
- Regular security audits and vulnerability assessments.
- Daily automated backups of all Business Data.
- Physical security measures at data center facilities.
Security Breach Notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities within the timeframe mandated by the PDPA and other applicable regulations.
5. Data Sharing and Disclosure
Tagstocks does not sell, rent, or trade your personal data or Business Data to third parties for marketing purposes. We may share your information only in the following circumstances:
- Service Providers: With trusted third-party vendors who perform services on our behalf, such as payment processing, cloud hosting, email delivery, and analytics. These providers are contractually bound to protect your data and use it only for the purposes we specify.
- Legal Requirements: If required by law, regulation, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
- Business Transfers: In connection with a merger, acquisition, restructuring, or sale of all or a portion of our assets, your data may be transferred as part of that transaction. You will be notified via email and/or prominent notice on our website of any change in ownership.
- With Your Consent: We may share your information for other purposes with your explicit consent.
6. Cookies
Tagstocks uses only essential cookies necessary for the operation of the Service. These cookies:
- Maintain your login session while using the Service.
- Remember your preferences and settings within the application.
- Support security features such as CSRF protection.
We do not use advertising cookies, tracking cookies, or third-party analytics cookies on our Service. You can configure your browser to block or alert you about cookies, but this may affect the functionality of the Service.
7. Data Retention
We retain your data only for as long as necessary to fulfill the purposes for which it was collected:
- Active Account: We retain your Account Information and Business Data for as long as your Account remains active.
- After Termination: Upon Account termination or cancellation, we retain your Business Data for 30 days to allow you to export your data. After 30 days, we permanently delete your Business Data from our systems.
- Billing Records: Transaction and billing records are retained for the period required by Malaysian tax and accounting laws (typically 7 years).
- Usage Data: Non-personally-identifying usage data may be retained indefinitely in aggregated form for analytical purposes.
8. Your Rights Under Malaysian PDPA
Under the Malaysian Personal Data Protection Act 2010 (PDPA) and other applicable data protection laws, you have the following rights regarding your personal data:
- Right to Access: You may request a copy of the personal data we hold about you.
- Right to Correction: You may request correction of inaccurate or incomplete personal data.
- Right to Withdraw Consent: You may withdraw your consent for us to process your personal data. However, this may affect our ability to provide the Service to you.
- Right to Data Portability: You may request a copy of your Business Data in a machine-readable format.
- Right to Complain: You have the right to lodge a complaint with the Personal Data Protection Commissioner (PDPC) of Malaysia if you believe your data protection rights have been violated.
To exercise any of these rights, please contact us using the details provided in Section 12. We will respond to your request within 21 days, as required by the PDPA.
9. Third-Party Services
The Service may integrate with or link to third-party services, including:
- Payment Processors: We use reputable third-party payment gateways to process subscription payments. Your payment card information is provided directly to these processors and is not stored on our servers.
- Cloud Infrastructure: Our Service is hosted on cloud infrastructure provided by leading cloud service providers with robust security certifications.
- Communication Services: We may use WhatsApp Business and email service providers for customer communications.
These third-party services have their own privacy policies governing the use of your information. We encourage you to review their policies. Tagstocks is not responsible for the privacy practices of third-party services.
10. Children's Privacy
The Service is intended for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by:
- Posting the updated policy on our website.
- Sending an email to the address associated with your Account.
- Displaying an in-app notification when you log in.
Material changes will take effect 30 days after notification. We encourage you to periodically review this page for the latest information on our privacy practices.
12. Contact Us and Data Protection Officer
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise your rights under the PDPA, please contact us at:
Data Protection Officer (DPO)
Tagstocks
Email: general@tagstocks.com
Phone: +60 10 868 4608
Website: https://tagstocks.com
We will acknowledge receipt of your inquiry within 3 business days and aim to resolve all matters within 21 days, in accordance with PDPA requirements.