Kedaipal← Back to home

Privacy Policy

Last updated: 2026-05-26

In plain language

  • We collect retailer account details, catalog and order data, shopper contact details (mainly WhatsApp number), and basic technical data.
  • We use it to run the Service, deliver order updates over WhatsApp, and keep accounts secure — we never sell personal data.
  • We share data only with the service providers listed below that help us operate (e.g. Convex, Clerk, Meta, Stripe, HitPay).
  • You have rights under Malaysia's Personal Data Protection Act 2010 (PDPA), including access, correction, and withdrawal of consent.
  • Questions or data requests? Email hello@kedaipal.com.

This Privacy Policy explains how Kedaipal ("Kedaipal", "we", "our", or "us") collects, uses, and shares information when you use our services, including the retailer dashboard, hosted storefronts, and WhatsApp ordering flow (collectively, the "Service"). Kedaipal is currently in beta.

1. Information We Collect

Retailer account information. When a retailer signs up, we collect name, email address, authentication identifiers (via Clerk), store name, store slug, WhatsApp number, and profile preferences. We also record when you accept our Terms, Privacy Policy, and Acceptable Use Policy, including the version accepted and the time of acceptance.

Catalog and order data. We store product information, inventory, and orders that retailers create or that are placed through our storefronts.

Shopper information. When a shopper places an order, we collect the items ordered, the shopper's WhatsApp number (required for order confirmation), a name and delivery address where provided, and any notes they include. We do not require shoppers to create an account.

Messaging data. When messages are exchanged with the Kedaipal WhatsApp number, we process the message contents and associated metadata to deliver the ordering flow.

Technical data. We collect basic technical information such as IP address, browser type, device type, and log data for security and debugging.

2. How We Use Information

  • To operate and maintain the Service.
  • To authenticate retailers and protect accounts.
  • To process orders and send order confirmations and status updates via WhatsApp.
  • To debug issues, monitor performance, and improve the Service.
  • To communicate with retailers about the Service and beta changes.
  • To comply with legal obligations.

3. How We Share Information (Data Processors)

We do not sell personal information. We share information only with service providers that process data on our behalf to help us run the Service:

  • Meta Platforms (WhatsApp Cloud API) — to send and receive WhatsApp messages.
  • Convex — database, backend functions, and scheduled jobs.
  • Clerk — retailer authentication and account management.
  • Cloudflare — hosting, CDN, and DDoS protection.
  • Stripe and HitPay — subscription billing and payment processing for retailer plans.
  • Resend — transactional email (e.g. order and account notifications).
  • PostHog — product analytics to understand and improve usage.
  • Calendly — scheduling onboarding and support calls.

We may also disclose information if required by law, or to protect the rights, safety, or property of Kedaipal, our users, or others.

4. Cookies and Similar Technologies

We use cookies and similar technologies that are strictly necessary to operate the Service, including authenticating retailer sessions and remembering cart contents on the storefront. We do not use advertising or cross-site tracking cookies.

5. Data Retention

We retain retailer account data for as long as the account is active. Order and messaging data is retained as long as reasonably necessary to provide the Service and meet legal obligations. You may request deletion of your account at any time.

6. Your Rights Under the PDPA (Malaysia)

Kedaipal handles personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete personal data.
  • Withdraw consent to our processing of your personal data, and limit how it is processed.
  • Request deletion of your data where we are not required to retain it.

Retailers act as the data user for their own shoppers' personal data and are responsible for responding to their customers' PDPA requests. Kedaipal processes that data on the retailer's behalf. To exercise any of these rights with Kedaipal, contact us at hello@kedaipal.com.

7. Security

We use reasonable administrative, technical, and physical safeguards to protect information. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

The Service is not directed to or intended for use by anyone under 18, and we do not knowingly collect personal information from children.

9. International Transfers

Kedaipal operates from Malaysia and our service providers may process data in other countries. By using the Service, you consent to such transfers where permitted by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page when we do. Continued use of the Service after changes take effect means you accept the updated policy.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at hello@kedaipal.com.