Privacy Policy / Polisi Privasi

1. Who we are / Siapa kami

DuitMap ("duitmap.my", "we", "us", "our") operates online calculators and tools that help Malaysians plan savings and retirement. We are a data user (data controller) under Malaysia's Personal Data Protection Act 2010 ("PDPA").

DuitMap ("duitmap.my", "kami") mengendalikan kalkulator atas talian untuk membantu rakyat Malaysia merancang simpanan dan persaraan. Kami ialah Pengguna Data di bawah Akta Perlindungan Data Peribadi 2010 ("PDPA").

2. What personal data we collect / Data peribadi yang dikumpul

We do not collect sensitive data (religion, health, biometrics).

Kami tidak mengumpul data sensitif (agama, kesihatan, biometrik).

3. How we use your data / Cara penggunaan

1. Provide and personalise calculators & dashboards.
2. Save progress across devices for logged-in users.
3. Analytics to improve features (aggregated & pseudonymised where possible).
4. E-mail updates or promotions — only if you have opted-in and can opt-out anytime.
5. Detect and prevent fraud or misuse.
6. Review reports about inaccuracies in articles and calculator pages.

Penggunaan data selaras dengan Prinsip Am, Notis & Pilihan, dan Integriti Data PDPA.

4. Legal basis & consent / Asas sah & persetujuan

We process data with your consent (Section 6 PDPA) and to perform the service you request. Consent is obtained via tick-box at signup and can be withdrawn through "Delete my data". Notice is provided in BM & EN as required by the Notice & Choice Principle (Section 7).

5. Where data is stored / Lokasi penyimpanan

Primary servers are in a Tier-III data-centre in Cyberjaya, Malaysia. Some non-personal or aggregated metrics may pass through third-party services (e-mail, analytics, support) that are also located in Malaysia.

6. Third-party processors / Pemproses pihak ketiga

We may share limited data with:

No data is transferred outside Malaysia unless later required; if so we will comply with Section 129 PDPA and the 2025 Cross-Border Guidelines (adequacy, contractual clauses or explicit consent).

7. Security / Keselamatan

• HTTPS everywhere & HSTS
• AES-256 encryption at rest
• Role-based access & 2-factor admin logins
• Quarterly vulnerability scans & annual PDPA audit

Security controls follow the Personal Data Protection Standard 2015.

8. Retention & deletion / Tempoh simpanan & pemadaman

Users can click "Delete my data" in settings or e-mail admin@duitmap.my to erase all personal data within 10 working days.

9. Your rights / Hak anda

Under PDPA you may access, correct, delete or withdraw consent to processing of your personal data. Contact us (Section 11). Fees permitted by law may apply for repeated or manifestly unfounded requests.

10. Cookies & local storage

Essential cookies keep you logged-in; analytics cookies are optional and disabled until you opt-in. Financial inputs typed while logged-out stay only in your browser's localStorage unless you choose "Save to Cloud".

11. Children / Kanak-kanak

Our tools are designed for Malaysians aged 18 and above. If you are under 18, please obtain parental consent before creating an account. We will delete any account created by a minor without verifiable consent.

12. Contact us / Hubungi kami

13. Changes to this notice / Perubahan notis

We may update this policy; the latest version is always at https://duitmap.my/privacy. Significant changes will be announced via in-app banner or e-mail.