Privacy Policy
We respect your privacy and are committed to protecting it. This policy explains what data we collect, how we use it, and the choices available to you.
Last updated: October 2025
1. Information we collect
We only collect information that helps us deliver, secure, and improve the CKKStore platform. This may include:
Account & Identity Data
Name, email, company profile, roles, and authentication credentials when you sign up or are invited to teams.
Transactional Data
Billing contacts, payment method tokens, invoices, and change logs required to process subscriptions securely.
Usage & Diagnostics
Feature adoption, page performance, device metadata, crash reports, and API request metrics so we can improve reliability.
Support Records
Tickets, chat transcripts, and call recordings to document resolutions and improve our help center experience.
2. How we use your information
We never sell your personal information. We process data for the following purposes:
- Deliver core services, including authentication, storefront hosting, and API access
- Send important operational updates, security alerts, and policy changes
- Provide onboarding assistance, technical support, and success consultations
- Monitor platform reliability, detect abuse, and enforce acceptable use
- Generate anonymised analytics that guide product improvements
3. Sharing with third parties
We share information with carefully selected service providers that help us operate the platform (for example, hosting, analytics, and payment processing). These providers only process data according to our instructions and are bound by confidentiality agreements.
We may also disclose information when required by law, to protect our rights, or to investigate abuse on the platform.
4. How we protect your data
Security is integrated into our development lifecycle. Our safeguards include:
- Encryption in transit with TLS 1.2+ and encryption at rest for sensitive records
- Role-based access controls, SSO enforcement, and mandatory MFA for internal tools
- Vendor due diligence, GDPR-compliant data processing agreements, and SOC 2 controls
- Automated backups with geo-redundancy and disaster recovery playbooks
- Regular penetration testing and continuous security monitoring
5. Data retention
We keep personal data for as long as necessary to fulfill the purposes described above, comply with legal obligations, and resolve disputes.
| Data type | Retention period |
|---|---|
| Account information | Kept for the life of the account and 12 months after closure |
| Billing and invoices | Retained for at least 7 years to comply with financial regulations |
| Support conversations | Stored for 24 months to track resolutions and prevent duplicate work |
| Anonymised analytics | Aggregated and retained indefinitely for benchmarking |
6. International data transfers
We are headquartered in Malaysia but may process or store information in other jurisdictions. Whenever data leaves the country of origin, we ensure adequate safeguards are in place, such as the use of Standard Contractual Clauses (SCCs) or equivalent mechanisms.
7. Your rights
Depending on your jurisdiction, you may have the following rights. We respond to all requests within 30 days.
- Request access to a copy of the information we hold about you
- Ask us to correct inaccurate or incomplete personal information
- Request deletion of your personal data when it is no longer needed
- Withdraw consent or object to processing in certain situations
- Request data portability for information you provided directly
8. Changes to this policy
We may update this policy from time to time. When we do, we will notify account owners via email and update the date at the top of this page. Continued use of the platform after changes take effect constitutes acceptance of the revised policy.
Contact us
If you have questions or would like to exercise your privacy rights, please reach out to our privacy team.