← Back to home9 Palace Coffee
Privacy Policy
Co. Reg. No. 202303300188 · Last updated: March 2026
This policy explains how we collect, use, and protect your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. We are committed to protecting your privacy and will never sell your data.
1. Data We Collect
| Data | Why we collect it |
|---|
| Name, phone number | Account creation, order processing, contact |
| Email address | Password reset, service notifications |
| Date of birth (month & year) | Birthday voucher eligibility |
| Delivery address | Delivery orders only |
| Order history | Order processing, loyalty stamps |
| Payment reference | Transaction verification only — we do not store card details |
2. How We Use Your Data
- Process and fulfil your orders
- Manage your member account and loyalty rewards
- Send order confirmations and service notifications (stamp updates, voucher issuance)
- Send marketing messages only if you have explicitly opted in
- Improve our products and service
- Comply with legal and accounting obligations
Service communications (order confirmations, voucher notifications, stamp updates) do not require marketing opt-in. You may opt out of marketing at any time by contacting us.
3. Who We Share Data With
| Third Party | Purpose |
|---|
| Fiuu / Razer Merchant Services Sdn Bhd | Payment processing |
| Lalamove Malaysia | Delivery dispatch and rider tracking |
| Supabase (AWS ap-southeast-1) | Secure database and file hosting |
| Resend | Transactional email delivery |
| Telegram | Internal order notifications (staff only) |
We do not sell your personal data to any third party.
4. Data Retention
- Account data is retained while your account is active.
- Order records are retained for 7 years for accounting purposes in accordance with MASB standards and RMCD requirements.
- You may request deletion of your personal data at any time, subject to the above legal retention obligations.
5. Your Rights Under PDPA 2010
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Withdraw consent for marketing communications at any time
- Request deletion of your personal data (subject to legal retention limits)
To exercise any of these rights, contact us via WhatsApp at +601159159779 or email 9palacecoffee@gmail.com. We will respond within 21 days as required under the PDPA.
6. Cookies
We use session cookies for authentication only. We do not use third-party tracking, advertising, or analytics cookies.
7. Security
- Passwords are stored as one-way hashed values (bcrypt) and are never readable by staff.
- All data in transit is encrypted via HTTPS.
- Access controls limit staff access to personal data on a need-to-know basis.
- We do not store credit/debit card numbers or CVV codes. All card data is handled by Fiuu.
8. Changes to This Policy
We may update this policy from time to time. The latest version is always available at 9palacecoffee.com/privacy. Material changes will be communicated via the app or email.
9. Contact & Complaints
For any privacy-related enquiries or complaints:
If you are not satisfied with our response, you may contact the Department of Personal Data Protection (JPDP) Malaysia at pdp.gov.my.