D
DriveHub

Legal

Plain-English versions of the agreements that govern DriveHub Malaysia.

Privacy Policy

We comply with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

1. Data we collect

  • Account: name, email, phone number, password hash, profile photo.
  • Listings: vehicle details, photos, location, contact info, supporting documents (e.g. vehicle grant).
  • Usage: pages visited, search queries, device type, approximate location (only when you grant browser permission).
  • Communications: support emails and WhatsApp conversations routed through our channels.

2. How we use your data

  • To operate the marketplace and approve listings.
  • To verify identity and prevent fraud.
  • To improve search, recommendations, and product features.
  • To send transactional emails (sign-in, listing approvals, support replies).
  • To comply with legal obligations and respond to lawful requests from authorities.

3. Legal basis

We process personal data on the basis of (a) your consent at sign-up, (b) the necessity of performing the marketplace contract you entered into with us, and (c) our legitimate interest in operating a safe marketplace.

4. Sharing

We do not sell personal data. We share limited data with:

  • Service providers under written contract (cloud hosting, email delivery, analytics).
  • Other users — only the listing details and contact info you choose to make public.
  • Authorities, when compelled by Malaysian law or court order.

5. Retention

Account data is retained while your account is active and for up to 24 months after closure for fraud-prevention and legal-compliance purposes. Listing data may be retained in anonymised form for analytics.

6. Your PDPA rights

  • Access — request a copy of the data we hold about you.
  • Correction — request that we correct inaccurate data.
  • Withdrawal of consent — at any time, by closing your account.
  • Limit processing — for direct marketing, opt out from any email we send.

To exercise these rights, email support@drivehub.my. We respond within 21 days.

7. Security

We use TLS in transit, encrypted databases at rest, and strict role-based access. No system is perfectly secure — please use a unique strong password and enable two-factor authentication where available.

8. Cookies

We use essential cookies for sign-in sessions and basic analytics. We do not use third-party advertising cookies during soft launch.

9. Children

DriveHub is not intended for users under 18. We do not knowingly collect data from minors.

10. Cross-border transfers

Some processors operate servers outside Malaysia. We only transfer data to jurisdictions that provide an adequate level of protection or under contractual safeguards equivalent to PDPA standards.

11. Contact

Privacy queries: support@drivehub.my.

This document is provided for transparency and does not constitute legal advice. DriveHub Malaysia recommends consulting a qualified Malaysian lawyer for specific situations.