Privacy Policy

Last updated: 3 April 2026

🇲🇾 Compliant with Malaysia's Personal Data Protection Act 2010 (PDPA)

1. Introduction

NexStore ("we", "our", "us") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our platform.

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Account Information: Name, email address, phone number, business name.
  • Business Information: SSM registration details, business address, product information.
  • Payment Information: Billing details for plan purchases (processed securely through third-party payment providers).
  • Usage Data: Pages visited, features used, device information, IP address, browser type.
  • Communication Data: Messages sent through our contact form, WhatsApp inquiries, and support tickets.
  • Store Data: Product listings, customer orders, and store analytics managed through your seller dashboard.

3. Purpose of Processing

Under Section 6 of the PDPA, we process your personal data for the following purposes:

  • To set up and maintain your online store.
  • To provide customer support and respond to inquiries.
  • To process payments and manage your account.
  • To improve our platform and services.
  • To send service-related communications (e.g., updates, maintenance notices).
  • To comply with legal obligations under Malaysian law.

4. Consent

By using NexStore, you consent to the collection and processing of your personal data as described in this policy. You may withdraw your consent at any time by contacting us, though this may affect our ability to provide the Service to you. For sensitive personal data, we will obtain your explicit consent before processing.

5. Disclosure of Personal Data

We may disclose your personal data to:

  • Service Providers: Third-party services that help us operate the platform (hosting, payment processing, analytics).
  • Legal Requirements: When required by Malaysian law, court order, or government authority.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets.

We do not sell your personal data to third parties for marketing purposes.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • SSL/TLS encryption for data in transit.
  • Secure cloud infrastructure (Firebase/Google Cloud).
  • Access controls and authentication measures.
  • Regular security reviews.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by Malaysian law. Account data is retained for the duration of your account and up to 30 days after account closure. You may request earlier deletion by contacting us.

8. Your Rights Under PDPA

Under the PDPA, you have the right to:

  • Access: Request access to your personal data held by us.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Withdraw Consent: Withdraw your consent to the processing of your personal data.
  • Inquire: Make inquiries about how your personal data is being processed.

To exercise any of these rights, please contact us using the details below.

9. Cookies & Tracking

We use essential cookies to maintain your session and preferences. We may also use analytics tools to understand how our platform is used. You can manage cookie settings through your browser. We do not use cookies for targeted advertising.

10. Cross-Border Transfers

Your data may be stored on servers located outside Malaysia (e.g., Google Cloud infrastructure). In such cases, we ensure that adequate safeguards are in place as required under Section 129 of the PDPA to protect your personal data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through our platform or via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights under the PDPA, please contact us:

  • Via the contact form on our website
  • Via WhatsApp: +60 12-345 6789