MyTamu ("the Platform", "we", "us") provides visitor-management software to residential communities in Malaysia. This policy explains how personal data is collected, used, disclosed and protected in accordance with the Malaysian Personal Data Protection Act 2010 (PDPA). Your community's management office is the data user responsible for your personal data; MyTamu processes it on their behalf.
1. Personal data we collect
- Account & profile: name, phone number, email address, unit/address, and your role in the community.
- Visitor passes you create: visitor name, phone, vehicle plate, and visit date/time.
- Optional scan data: if a guard scans a visitor's licence, the visitor's IC number and address may be saved to the pass. Licence images are processed on the device and are not uploaded.
- Vehicle details: plate numbers you register.
- Technical data: a sign-in session and your in-app preferences are stored in your browser's local storage.
2. Why we collect it (purposes)
- To verify and manage visitor entry at your community's gate.
- To create, send and validate visitor passes (including via WhatsApp links you choose to send).
- To let community admins approve residents and maintain an accurate resident registry.
- To keep security records of visitor entries and exits.
3. Consent & your choice
By creating an account and ticking the consent box at sign-up, you consent to the collection and processing of your personal data for the purposes above. Providing this data is necessary to use the service; without it we cannot register you or process visitor passes. You may withdraw consent at any time (see "Your rights"), though this may mean you can no longer use the service.
4. Disclosure — who can see your data
- Your community's admins and guards can see resident and visitor information for their own community only.
- Other communities cannot see your data — each community is strictly isolated.
- We do not sell your personal data. We may disclose data where required by law or to protect safety.
5. Data retention
Personal data is retained for as long as you hold an account and your community uses the service, plus any period required for security records or by law. When a community admin deletes your account, your associated data is removed from that community. Your community may define its own retention period for visitor logs.
6. Security
Data is stored on managed cloud infrastructure with access controls so that each community can access only its own records. Access is restricted by role (resident, guard, admin). No system is perfectly secure, but we take reasonable steps to protect personal data against loss, misuse and unauthorised access.
7. Your rights under the PDPA
- Access — request a copy of the personal data we hold about you.
- Correction — update your profile in-app, or ask an admin to correct inaccurate data.
- Withdraw consent — ask to stop processing or to delete your account.
To exercise these rights, contact your community's management office (the data user).
8. Browser storage
We use your browser's local storage to keep you signed in and to remember preferences (such as theme and your selected community). We do not use third-party advertising cookies.
9. Changes to this policy
We may update this policy from time to time. The "last updated" date above reflects the latest version.
10. Contact
For any privacy questions or to exercise your rights, please contact your community management office. (Community operators: replace this section with your organisation's name, address and data-protection contact email.)