Skip to content

Privacy Policy

Last updated:

Who we are

This booking service is operated by Iterate Bookings Demo (Demo instance of Iterate Bookings, by ITERATE VENTURES SDN. BHD.). We are the data controller for personal data collected through this website and at our premises.

What we collect

Booking details: your name, phone number, email address, and any notes you choose to share when reserving a session.

Account sign-in: the email address you use to receive one-time sign-in links. We do not store passwords.

Payment records: where online payment is offered, it is processed by a licensed Malaysian payment gateway. We keep order references and payment status. We never receive or store your online banking credentials or card details.

Usage analytics: where analytics are enabled, they are used in aggregate to understand how the site is used, not to identify you personally.

Messages: anything you send us by email, phone, or WhatsApp.

Why we collect it

To provide and manage your bookings, session credits, and wallet sharing; to process payments and issue receipts; to contact you about your booking; to respond to enquiries; to keep proper business and accounting records as required by law; and to improve the website.

We ask for your consent to process personal data when you book. We do not send marketing communications without separate consent, and we do not sell personal data to anyone.

Who we share it with

We use a small number of service providers to run this service: Supabase (secure database hosting), Vercel (website hosting), a licensed payment gateway (payment processing, where online payment is offered), Resend (transactional email such as receipts), and Google (analytics, where enabled). Each provider processes data only as needed to provide its service.

We may disclose personal data where required by Malaysian law or a lawful authority.

How long we keep it

Booking and payment records are kept for as long as needed to operate your bookings and to meet legal and accounting retention obligations. You may ask us to delete personal data that we are not legally required to keep.

Your rights under the PDPA

Under Malaysia's Personal Data Protection Act 2010 you may request access to your personal data, request correction, withdraw consent to further processing, and limit how your data is used. To exercise any of these rights, contact us: iterateventures.my@gmail.com or WhatsApp +60123456789. We will respond within a reasonable time.

Security

Data is encrypted in transit, stored with access controls, and accessible only to staff who need it to serve you. No system is perfectly secure; if a breach affecting your personal data ever occurs, we will notify affected guests and the relevant authorities as required.

Updates to this policy

We may update this policy as our services evolve. The date below reflects the latest revision. Material changes will be noted on this page.