Skip to content
  • New: asasii S2 handheld barcode scanner. 1D and 2D, IP52 rated.View S2
  • asasii POS is live and deploying to Malaysian retailers.See asasii POS
  • asasii BSC: supply chain software for multi-outlet operators.See asasii BSC
  • Browse the full asasii hardware line: terminals, printers, scanners, payment, drawers.View hardware
idataraya
idataraya
Privacy

Privacy policy

Last updated: 12 April 2026

Who we are

IDATARAYA SDN. BHD. (201801001415 / 1263428-K) ("idataraya", "we", "us", "our") is an engineering company registered in Malaysia. We design, build, ship, and operate production software and connected hardware for clients across data, cloud, AI, commerce, and operations. This policy explains how we handle personal data when you use our website, products, and services.

For the purposes of the Malaysian Personal Data Protection Act 2010 (PDPA), IDATARAYA SDN. BHD. is the data controller responsible for your personal data.

What data we collect

We collect information in three ways:

Information you give us

  • Name, email, phone number, and company name when you submit a contact or demo form
  • Billing details when you purchase hardware or subscribe to a platform
  • Any messages or files you send us through support channels

Information collected automatically

  • Device type, browser, operating system, and screen resolution
  • IP address and approximate location (city-level)
  • Pages visited, time on page, and referral source
  • Crash reports and performance metrics from our software products

Information from third parties

  • Payment confirmation from payment processors (FPX, DuitNow, card networks)
  • Business registration data when onboarding new accounts

How we use your data

We process personal data for the following purposes:

  • Service delivery — to operate your account, process transactions, and provide technical support
  • Communication — to respond to enquiries, send service updates, and share product announcements you have opted into
  • Improvement — to analyse usage patterns, fix bugs, and improve our products
  • Compliance — to meet legal obligations, enforce our terms, and protect against fraud
  • Hardware fulfilment — to ship devices, process warranties, and coordinate repairs

Legal basis under the PDPA

Under Malaysia's Personal Data Protection Act 2010, we process your data based on one or more of the following:

  • Consent — you have given clear consent for a specific purpose (e.g. submitting a contact form)
  • Contractual necessity — processing is required to fulfil a contract with you (e.g. delivering a product you purchased)
  • Legal obligation — processing is required to comply with Malaysian law
  • Legitimate interest — processing is necessary for our legitimate business interests, provided it does not override your rights

Cookies and tracking

Our website uses essential cookies to maintain session state and remember your preferences. We use analytics tools to understand how visitors use the site. These tools may set their own cookies.

You can control cookies through your browser settings. Disabling cookies may affect some site functionality.

Data sharing

We do not sell your personal data. We share data only with:

  • Service providers — hosting, payment processing, email delivery, and analytics providers who process data on our behalf
  • Legal authorities — when required by Malaysian law, court order, or regulatory request
  • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may transfer to the successor entity

All service providers are bound by data processing agreements and are required to protect your data to standards consistent with this policy.

Data storage and security

Your data is stored on servers located in Southeast Asia. We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews.

Where data is transferred outside Malaysia, we ensure adequate safeguards are in place as required by the PDPA.

Data retention

We retain personal data only as long as necessary for the purposes described in this policy, or as required by law. When data is no longer needed, we securely delete or anonymise it.

  • Account data — retained while your account is active, then deleted within 90 days of account closure
  • Transaction records — retained for 7 years as required by Malaysian tax and accounting regulations
  • Support communications — retained for 2 years after the last interaction
  • Analytics data — aggregated and anonymised after 26 months

Your rights

Under the PDPA, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct inaccurate or incomplete data
  • Withdrawal of consent — withdraw consent at any time for processing based on consent
  • Complaint — lodge a complaint with the Department of Personal Data Protection Malaysia

To exercise any of these rights, email us at privacy@idataraya.com. We will respond within 21 days.

Children's data

Our products and services are designed for business use. We do not knowingly collect personal data from individuals under the age of 18. If we learn that we have collected data from a minor, we will delete it promptly.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated through our website or by email. The "Last updated" date at the top reflects the most recent revision.

Contact

For questions about this privacy policy or how we handle your data: