The legal pages · No. 01

Privacy policy.

Last updated: 10 June 2026

Compliant with Malaysia’s PDPA 2010, incl. the 2024 Amendment
Section 01

Introduction

NexStore ("we", "our", "us") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia, including the amendments introduced by the Personal Data Protection (Amendment) Act 2024. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our platform. The data controller is NEX STORE (SSM registration no. 202603090855), a business registered in Malaysia and based in Kuala Lumpur, reachable at nexstorestudio@gmail.com.

For buyer data collected on the storefronts we build and host for merchants, NexStore acts as a data processor on behalf of the merchant (see Section 08). A Bahasa Melayu version of this notice is provided at the end of this page, as required under the PDPA.

Section 02

Personal data we collect

We may collect the following categories of personal data:

  • Account data: Email address and phone number used for login.
  • Brief & intake details: Name, email, phone number, store details, and uploaded materials such as logos and photos, provided when you brief us on your store.
  • Billing records: Billplz bill IDs and payment status. NexStore does not store your card or banking credentials — payment is completed on Billplz's secure pages.
  • Buyer data on merchant storefronts: Name, contact details, delivery address, and order details submitted by buyers on client stores — processed on behalf of the merchant.
  • Technical data: Authentication tokens and the contents of your shopping cart stored in your browser (localStorage).
Section 03

Purpose of processing

Under Section 6 of the PDPA, we process your personal data for the following purposes:

  • To design, build, host, and maintain your online store.
  • To process subscription payments and manage your account and billing status.
  • To provide customer support and respond to inquiries.
  • To process and deliver orders placed by buyers on merchant storefronts.
  • To send service-related communications (e.g., billing reminders, maintenance notices).
  • To comply with legal obligations under Malaysian law.
Section 04

Consent

By using NexStore, you consent to the collection and processing of your personal data as described in this policy. You may withdraw your consent at any time by contacting us, though this may affect our ability to provide the Service to you. For sensitive personal data, we will obtain your explicit consent before processing.

Section 05

Disclosure of personal data

We disclose personal data only to the service providers that run our platform, and where the law requires:

  • Google Firebase: Authentication, database, hosting, and file storage. Data may be stored on Google servers located outside Malaysia.
  • Billplz Sdn Bhd: Payment processing via FPX online banking.
  • Legal requirements: When required by Malaysian law, court order, or government authority.

We do not sell your personal data, and we do not share it with advertisers.

Section 06

Data security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • SSL/TLS encryption for data in transit.
  • Secure cloud infrastructure (Firebase / Google Cloud).
  • Database and storage access rules that restrict each account to its own data.
  • An administrator allowlist limiting back-office access to authorised personnel only.
Section 07

Data breach notification

In line with the Personal Data Protection (Amendment) Act 2024, if a personal data breach occurs that causes or is likely to cause significant harm, we will notify the Personal Data Protection Commissioner and, where required, the affected individuals without unreasonable delay.

Section 08

Buyer data on merchant storefronts

When a buyer places an order on a storefront we host for a merchant, the buyer's personal data (name, contact details, delivery address, order details) is collected for the merchant, who is responsible for the order as the seller. NexStore processes this data on the merchant's behalf as a data processor — to record the order, enable payment, and make the order details available to the merchant for fulfilment. Buyers with questions about how a specific store uses their data should contact that store; buyers may also contact us at the email below.

Section 09

Data retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Account data is retained while your account is active and for up to 30 days after account closure. Records we are required to keep for legal or accounting purposes (such as billing records) are retained for the periods required by Malaysian law. You may request earlier deletion by contacting us.

Section 10

Your rights under PDPA

Under the PDPA, you have the right to:

  • Access: Request access to your personal data held by us.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Withdraw consent: Withdraw your consent to the processing of your personal data.
  • Complain: Lodge a complaint with the Personal Data Protection Commissioner if you believe your data has been mishandled.

To exercise any of these rights, email us at nexstorestudio@gmail.com.

Section 11

Cookies & local storage

We use your browser's localStorage to keep your shopping cart and login session working. We do not use third-party advertising trackers. You can clear stored data at any time through your browser settings, though this will sign you out and empty your cart.

Section 12

Cross-border transfers

Your data may be stored on servers located outside Malaysia (e.g., Google Cloud infrastructure used by Firebase). In such cases, we ensure that adequate safeguards are in place as required under the PDPA to protect your personal data.

Section 13

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through our platform or via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

Section 14

Contact us

If you have any questions about this Privacy Policy or wish to exercise your rights under the PDPA, please reach out:

Bahasa Melayu

Notis Perlindungan Data Peribadi

Notis ini dikeluarkan oleh NEX STORE (no. pendaftaran SSM 202603090855), sebuah perniagaan yang berdaftar di Malaysia dan berpangkalan di Kuala Lumpur, menurut Akta Perlindungan Data Peribadi 2010 ("APDP"), termasuk pindaan di bawah Akta Perlindungan Data Peribadi (Pindaan) 2024. Notis ini disediakan dalam Bahasa Inggeris dan Bahasa Melayu sebagaimana yang dikehendaki oleh APDP.

Data peribadi yang dikumpul. Kami mengumpul data berikut:

  • Maklumat akaun: alamat e-mel dan nombor telefon yang digunakan untuk log masuk.
  • Butiran taklimat kedai: nama, e-mel, nombor telefon, butiran kedai, serta bahan yang dimuat naik seperti logo dan gambar.
  • Rekod pengebilan: ID bil Billplz dan status pembayaran. Kami tidak menyimpan butiran kad atau maklumat perbankan anda — pembayaran dibuat di halaman selamat Billplz.
  • Data pembeli di kedai pedagang: nama, maklumat hubungan, alamat penghantaran dan butiran pesanan yang diberikan oleh pembeli di kedai pelanggan kami — diproses bagi pihak pedagang berkenaan.
  • Data teknikal: token pengesahan dan kandungan troli beli-belah yang disimpan dalam pelayar anda (localStorage).

Tujuan pemprosesan. Data peribadi anda diproses untuk mereka bentuk, membina, mengehos dan menyelenggara kedai dalam talian anda; memproses bayaran langganan dan menguruskan akaun anda; memberikan sokongan pelanggan; memproses pesanan pembeli di kedai pedagang; menghantar komunikasi berkaitan perkhidmatan; dan mematuhi kewajipan undang-undang di Malaysia.

Penzahiran. Data anda dizahirkan hanya kepada pembekal perkhidmatan kami — Google Firebase (pengesahan, pangkalan data, pengehosan dan penyimpanan fail; data mungkin disimpan di pelayan Google di luar Malaysia) dan Billplz Sdn Bhd (pemprosesan pembayaran melalui FPX) — serta apabila dikehendaki oleh undang-undang Malaysia. Kami tidak menjual data peribadi anda dan tidak berkongsi data anda dengan pengiklan.

Penyimpanan. Data akaun disimpan selagi akaun anda aktif dan sehingga 30 hari selepas penutupan akaun. Rekod yang dikehendaki untuk tujuan undang-undang atau perakaunan disimpan mengikut tempoh yang ditetapkan oleh undang-undang Malaysia.

Hak anda. Di bawah APDP, anda berhak untuk mengakses data peribadi anda, meminta pembetulan data yang tidak tepat, menarik balik persetujuan anda, dan membuat aduan kepada Pesuruhjaya Perlindungan Data Peribadi. Untuk melaksanakan hak-hak ini, hubungi kami melalui e-mel.

Hubungi kami. E-mel: nexstorestudio@gmail.com.