Privacy Policy
This Privacy Policy describes how SnapSync ("we", "us") collects, uses, stores, and protects personal data in connection with our services. We are committed to handling personal data in line with the Personal Data Protection Act 2010 ("PDPA") of Malaysia and applicable supplementary guidance, where relevant to our operations.
Last updated: June 2026
1. Who we are
SnapSync operates the SnapSync platform and related services (including WhatsApp and web-based tools). For the purposes of the PDPA, we act as a data user in respect of personal data we collect and process as described below.
2. Personal data we collect
Depending on how you use SnapSync, we may process categories such as:
- Phone number — collected and used for authentication, account identification, WhatsApp-based service delivery, and security (including linking your workspace to your verified number).
- Account and profile information — for example, company name, email, and business details you choose to provide in the portal.
- Financial documents and images — PDFs, images, or similar files you submit (e.g. invoices, receipts, agreements) solely for the purpose of automated data extraction, classification, and related features you request, including integration with your connected Google Workspace where applicable.
- Technical and usage data — such as logs, device or session identifiers, and diagnostics needed to operate and secure the service.
3. Purposes of processing
We process personal data for purposes including:
- Providing, operating, and improving the SnapSync service;
- Authenticating users and preventing fraud or abuse;
- Performing AI-assisted extraction and structuring of data from documents you submit, as part of the subscribed features;
- Syncing or storing outputs in your designated Google Workspace resources (e.g. Drive, Sheets) where you have connected such integrations;
- Complying with legal obligations and enforcing our terms.
We do not use your phone number or document content for unrelated marketing profiling beyond what you expressly consent to or what the law permits.
4. Cookies, analytics, and advertising
On our marketing website we use a small number of cookies and similar technologies:
- Essential — required for the site to function and to remember your cookie choice.
- Analytics and advertising (optional) — where you consent, we use Google Analytics 4 and the Meta (Facebook) Pixel to understand how visitors use our site and to measure and improve our advertising. These tools may set cookies and share limited usage data (such as pages viewed and device or approximate-location signals) with Google and Meta, who act as independent providers under their own privacy policies.
We do not load analytics or advertising cookies until you accept them through our consent banner. You can change your choice at any time by clearing the "snapsync-consent" preference in your browser (for example, by clearing site data), which will show the banner again. Declining does not affect your access to the service.
5. Google Workspace and your vault
Where you connect Google Workspace, customer business data and extracted outputs are designed to reside securely within your own Google Workspace vault (for example, folders and spreadsheets under your control), subject to Google's terms and your admin settings. SnapSync processes data as needed to perform the automation you enable and does not sell your personal data to third parties (see below).
6. Legal bases and your PDPA rights
We collect and process personal data where we have a lawful basis under the PDPA, including where necessary for the performance of a contract with you, compliance with legal obligations, protection of vital interests, or your consent where required (for example, for certain marketing or optional features, and for analytics and advertising cookies). Subject to the conditions and exceptions in the PDPA, you may request access to or correction of your personal data, withdraw consent for processing that relies on consent, and request that we limit processing. We aim to acknowledge such requests within 21 days and to respond within the timelines set by the PDPA. Contact us using the details below to exercise these rights.
7. Sharing and subprocessors
We do not sell your personal data to third parties. We may share data with vetted subprocessors strictly as needed to run the service, under appropriate contracts and security measures. These categories include cloud hosting and storage providers; messaging providers (including the WhatsApp Business Platform operated by Meta); AI inference providers; analytics and advertising providers (Google and Meta, where you consent); and payment processors. We can provide our current list of subprocessor categories on request, and we may disclose information where required by law or to protect rights and safety.
8. Retention and security
We retain personal data only as long as necessary for the purposes above. Indicative retention periods include:
- Account and profile data — for the life of your account and up to 12 months after closure;
- Uploaded documents and extracted outputs — until you delete them or close your account; where stored in your connected Google Workspace, they remain under your control;
- Transaction and billing records — up to 7 years, to meet Malaysian tax and accounting requirements;
- Technical logs — typically 6 to 12 months.
After the applicable period, data is deleted or anonymised, unless a longer period is required by law or to resolve a dispute. We implement technical and organisational measures appropriate to the risk, including access controls and encryption in transit and at rest where applicable.
9. International transfers
If personal data is processed outside Malaysia, we take steps consistent with applicable law to ensure appropriate safeguards where required.
10. Your choices and complaints
You may update certain profile information in the portal, disconnect integrations where available, adjust your cookie consent as described above, or contact us to discuss access, correction, or account closure, subject to legal and contractual retention requirements. If you are not satisfied with how we handle your personal data, you may lodge a complaint with the Personal Data Protection Commissioner (Jabatan Perlindungan Data Peribadi, JPDP) of Malaysia.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date will change accordingly. Material changes may be communicated through the service or by email where appropriate.
12. Contact
For privacy enquiries or PDPA-related requests, contact support@snapsync.my.