This notice explains how Tru 360 Solutions (AS0515710K), Malaysia (“Kadlah”, “we”, “us”) processes personal data in connection with kadlah.com, accounts, digital invitations, RSVP pages, checkout, and support. It is intended to describe our practices under Malaysia’s Personal Data Protection Act 2010 (Act 709), as amended from time to time.
1. Data we collect
Depending on how you use Kadlah, we may collect account email, name, password-related authentication records, OTP and verification details, order and payment references, discount/redemption records, invitation content, uploaded images, event details, RSVP names/pax/notes, device and IP information used for security and rate limiting, and messages submitted through Contact Us.
2. Purposes and notice
We use data to create and secure accounts, provide invitation editing/hosting and RSVP features, verify email, process orders and refunds where applicable, send transactional emails and receipts, prevent fraud and quota abuse, respond to enquiries, maintain audit records, improve reliability, and comply with law. We do not sell personal data.
3. Public invitation and RSVP data
If you publish an invitation, information you choose to include can be viewed by anyone with its link, including guest names or RSVP messages. Do not publish sensitive or unnecessary information. Card owners control their invitation content and should obtain appropriate permissions from people named or photographed.
4. Providers and disclosures
We disclose only what is needed to providers supporting the service: Supabase (database/auth/storage), Vercel (hosting), CHIP Collect (payment processing), Resend (transactional email), Upstash (distributed rate limiting), and monitoring or security providers where configured. Providers may process data in Malaysia or other jurisdictions under their own terms and safeguards. We may disclose data to regulators, advisers, or authorities when legally required or necessary to protect users and Kadlah.
5. Payment data
CHIP handles live payment details. Kadlah stores order totals, currency, provider references, status, and limited receipt information for reconciliation and support; we do not store full card numbers or banking credentials.
6. Retention and deletion
We retain account, invitation, order, audit, and support records for as long as needed to provide the service, prevent abuse, resolve disputes, meet legal/accounting obligations, and maintain secure backups. Account deletion removes personal data and cards where operationally possible, but immutable payment, fraud, audit, or backup records may remain for the applicable retention period.
7. Security
We use authenticated server actions, row-level access controls, service-role-only settlement/allocation operations, rate limiting, verification, and least-privilege access. No online service is risk-free; contact us promptly if you suspect unauthorised access.
8. Your choices and requests
Subject to applicable law and verification, you may request access to, correction of, or deletion of personal data, ask about processing, or withdraw consent where processing depends on consent. Some data is required to provide an account, payment, or invitation. Email [email protected]; we may ask for information to verify your identity.
9. Cookies and similar technology
Kadlah uses essential cookies and browser storage for authentication, security, preferences, and application operation. Optional analytics or third-party technologies, if introduced, will be described and controlled as required.
10. Children and changes
Kadlah is not directed to children. Do not submit a child’s personal data unless you have authority and it is necessary for the invitation. We may update this notice and will post the new version here.
11. Contact and complaints
Data protection enquiries can be sent to [email protected] or through our Contact Us page. You may also contact Malaysia’s Personal Data Protection Commissioner through the official JPDP channels.