Legal
Privacy Policy
Effective Date: 1 March 2026 · Compliant with the Personal Data Protection Act 2010 (Malaysia)
1. Who We Are
Revoluzion Automotive ("We", "Us", "Our") operates an online automotive performance parts store. We are a data user under the Personal Data Protection Act 2010 (PDPA) of Malaysia. We are committed to protecting the personal data you entrust to us and processing it lawfully and transparently.
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
2. Data We Collect
2.1 Data You Provide Directly
| Category | Data | Purpose |
|---|---|---|
| Identity | Full name | Order processing, LHDN e-invoices |
| Contact | Email address | Account registration, order notifications, receipts |
| Contact | Phone number | Delivery coordination, fraud prevention |
| Delivery | Shipping address | Parcel delivery via J&T Express |
| Billing | Billing address | Payment processing, LHDN e-invoice |
| Tax | SST number (B2B, if applicable) | LHDN e-invoice for business buyers |
| Business | Company name, BRN (Dealer applicants) | Dealer programme verification |
| Auth | Password (bcrypt-hashed, never plain text) | Account authentication |
2.2 Data Collected Automatically
| Category | Data | Purpose |
|---|---|---|
| Device | IP address | Fraud prevention, security |
| Browser | Browser type, OS, device type | Analytics, bug detection |
| Cookies | HTTP-only session cookie, CSRF token | Authentication and security |
2.3 Data from Third Parties
| Source | Data Received | Purpose |
|---|---|---|
| Google (OAuth) | Name, email, profile photo | Account creation via Google Sign-In |
| Stripe | Payment status, last 4 digits of card | Fraud monitoring, order confirmation |
3. Legal Basis for Processing
- Contractual necessity – To process and fulfil your orders, issue invoices, and maintain your account.
- Legal obligation – To comply with LHDN e-invoice requirements under the Income Tax Act 1967.
- Legitimate interest – Fraud prevention, website security, and transactional communications.
- Consent – Marketing email opt-in only, where explicitly provided by you.
4. How We Use Your Data
- Processing and fulfilling your orders
- Issuing tax invoices and LHDN-compliant e-invoices
- Sending order status, dispatch, and delivery notifications
- Managing your account and dealer application
- Fraud detection and prevention
- Complying with Malaysian legal obligations
- Sending marketing emails – only where you have explicitly opted in. You may opt out at any time.
5. Data Sharing
| Recipient | Data Shared | Reason |
|---|---|---|
| J&T Express | Name, address, phone, order reference | Parcel delivery |
| Stripe | Name, billing address, email | Payment processing |
| NOWPayments | Order amount, email (optional) | Crypto payment processing |
| Resend | Email address, order details | Transactional emails |
| Vercel | Site traffic data | Hosting platform |
| Neon | All stored database records | Cloud PostgreSQL database |
| LHDN (MyInvois API) | Name, address, tax numbers, invoice amounts | Mandatory e-invoice submission |
We do not share your data with advertising networks, data brokers, or marketing third parties.
6. Data Retention
| Data Category | Retention Period | Reason |
|---|---|---|
| Order records and invoices | 7 years | LHDN audit requirement |
| Account information | Duration of account + 1 year post-deletion | Contractual |
| Communication records | 2 years | Dispute resolution |
| IP / access logs | 90 days | Security monitoring |
7. Your Rights Under PDPA 2010
- Right of Access – Request a copy of the personal data we hold about you (response within 21 days).
- Right of Correction – Request correction of inaccurate data, or update directly in account settings.
- Right to Withdraw Consent – Withdraw marketing consent at any time. Does not affect order processing.
- Right to Restrict Processing – Request restriction in certain circumstances.
To exercise these rights, email zack@revoluzion.io.
8. Cookies
| Cookie | Purpose | Duration |
|---|---|---|
| next-auth.session-token | Authentication session (HTTP-only) | 30 days |
| next-auth.csrf-token | CSRF protection | Session |
We use Vercel Analytics for privacy-respecting usage analytics – no personal data is linked to analytics cookies. You may manage cookies through your browser settings; disabling essential cookies will prevent login.
9. Data Security
- Passwords hashed with bcrypt (12 salt rounds); never stored in plain text
- TLS 1.2+ encryption for all website traffic
- Neon PostgreSQL with encryption at rest
- Payment data not stored on our servers – tokenised by Stripe
- HTTP-only cookies, CSRF protection, rate-limited authentication
- Role-based access control at middleware level
10. Children's Privacy
This website is not directed at persons under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy. Changes take effect upon posting. We will notify active account holders by email of material changes.
12. Contact
Privacy enquiries: zack@revoluzion.io