Privacy Policy

Matic Services

Last Updated: January 2026

1. Introduction

This Privacy Policy describes how Matic Services ("Matic", "we", "us", "our") collects, uses, stores, and protects information through our suite of business productivity applications ("Services").

Matic is a platform offering multiple micro-SaaS tools to help businesses operate more efficiently. This policy applies to all Matic Services, with service-specific data practices detailed in Section 4.

We comply with the Malaysian Personal Data Protection Act 2010 (PDPA) and applicable data protection laws in jurisdictions where we operate.

2. Information We Collect

2.1 Account Data (All Services)

When you register for a Matic account, we collect:

  • Name, email address, and phone number
  • Business name, registration details, and industry
  • Login credentials (passwords stored encrypted)
  • Billing and payment information
  • Account preferences and settings

2.2 Usage Data (All Services)

We automatically collect:

  • Device and browser information
  • IP addresses and access logs
  • Feature usage and interaction data
  • Error and diagnostic logs
  • Session duration and frequency

2.3 End User Data (Processed on Your Behalf)

When you use our Services to manage information about your customers ("End Users"), we process data on your behalf. The specific data depends on which Services you use (see Section 4).

Important: You are responsible for obtaining appropriate consent from End Users before uploading their personal data to Matic.

3. How We Use Information

3.1 Platform-Wide Uses

We use collected information to:

  • Create and manage your Matic account
  • Authenticate and secure your access
  • Process payments and manage billing
  • Provide customer support
  • Send service updates, maintenance notices, and security alerts
  • Improve and develop our Services
  • Analyze usage patterns (aggregated and anonymized)
  • Prevent fraud and enforce our Terms
  • Comply with legal obligations

3.2 Service-Specific Uses

Additional uses specific to each Service are detailed in Section 4.

4. Service-Specific Data Practices

Each Matic Service may collect and process additional data. By activating a Service, you agree to its specific data practices.

4.1 Matic Booking

Additional data collected:

  • End User contact details (names, phone numbers, WhatsApp identifiers)
  • Appointment information (dates, times, services, locations, notes)
  • Communication logs (reminders sent, responses received, opt-outs)
  • Attendance data (confirmations, cancellations, no-shows)

Additional uses:

  • Send appointment reminders via WhatsApp and SMS
  • Process booking confirmations and cancellations
  • Generate analytics (no-show rates, response patterns, peak times)
  • Optimize reminder timing and messaging

Third-party processors:

Provider Type Purpose Data Shared
Messaging service providers WhatsApp/SMS delivery Phone numbers, message content

4.2 Future Services

Additional services will have their data practices documented here upon launch. You will be notified of updates to this policy when new Services are added.

5. Third-Party Service Providers

We use trusted third-party providers to operate our platform:

Provider Type Purpose Data Shared
Cloud infrastructure providers Hosting and processing All service data (encrypted)
Payment processors Billing Payment details
Analytics providers Service improvement Anonymized usage data
Email service providers Transactional emails Email addresses, message content

A current list of our sub-processors is available at matic.my/subprocessors.

These providers are contractually bound to:

  • Process data only as instructed
  • Maintain appropriate security measures
  • Not use data for their own purposes
  • Delete data upon contract termination

6. Data Retention

Data Type Retention Period
Account data While account is active + 30 days after closure
Financial records 7 years (Malaysian legal requirement)
End User data Per your settings, default 24 months
Communication logs 12 months
Usage analytics Aggregated indefinitely; raw data 12 months

You may request data export or deletion at any time, subject to legal retention requirements.

7. Data Security

We implement industry-standard security measures:

  • Encryption: TLS 1.2+ in transit, AES-256 at rest
  • Access control: Role-based permissions, multi-factor authentication available
  • Infrastructure: Secure cloud hosting with regular security audits
  • Development: Secure coding practices, vulnerability scanning
  • Incident response: Documented procedures, breach notification within 72 hours

8. Data Subject Rights

Under Malaysian PDPA and applicable laws, individuals have the right to:

  • Access — Request a copy of personal data we hold
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion (subject to legal retention requirements)
  • Withdrawal — Withdraw consent for optional processing
  • Objection — Object to direct marketing

How to exercise rights:

  • End Users: Contact the business that collected your information. They are the data controller for your data.
  • Business clients: Contact us at privacy@matic.my or through your account settings.

We respond to requests within 21 days as required by PDPA.

9. International Data Transfers

Our Services may process data on servers located outside Malaysia, including Singapore and the United States. When transferring data internationally, we ensure appropriate safeguards including:

  • Contractual protections with data processors
  • Selection of jurisdictions with adequate data protection standards
  • Compliance with PDPA Section 129 requirements

10. Cookies and Tracking

Essential cookies (always active):

  • Authentication and session management
  • Security and fraud prevention
  • User preferences

Analytics cookies (with consent):

  • Usage patterns and feature adoption
  • Performance monitoring

You can manage cookie preferences through your browser settings or our cookie banner.

11. Children's Privacy

Matic Services are designed for business use by individuals aged 18 and above. We do not knowingly collect personal information from children. If we discover we have collected data from a minor, we will delete it promptly.

12. Your Responsibilities

As a Matic user, you agree to:

  • Obtain appropriate consent from End Users before uploading their data
  • Provide accurate privacy notices to your customers
  • Respond to data subject requests from your customers within required timeframes
  • Use End User data only for purposes they have consented to
  • Not upload special category data (health, religion, political views) unless explicitly permitted by your Service plan and consented to by the End User
  • Comply with applicable data protection laws in your jurisdiction

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements.

  • Minor changes: Posted on our website with updated "Last Updated" date
  • Material changes: Notified via email and/or platform notification at least 30 days before taking effect

Continued use of Services after changes take effect constitutes acceptance. If you disagree with changes, you may close your account.

14. Contact Us

For privacy inquiries, data requests, or complaints:

Matic Services

Email: privacy@matic.my

Response time: We aim to respond within 7 business days and resolve requests within 21 days.

15. Regulatory Information

Data Controller: For platform account data, Matic is the data controller. For End User data you upload, you are the data controller and Matic is a data processor acting on your behalf.

Legal Basis for Processing:

  • Contract performance (providing Services you subscribed to)
  • Legitimate interests (security, fraud prevention, service improvement)
  • Legal compliance (tax records, regulatory requirements)
  • Consent (marketing communications, optional analytics)

Supervisory Authority: For complaints regarding data protection, you may contact the Personal Data Protection Department (JPDP) Malaysia.