← Back to home

Privacy Policy

This Privacy Policy describes how SnapSync ("we", "us") collects, uses, stores, and protects personal data in connection with our services. We are committed to handling personal data in line with the Personal Data Protection Act 2010 ("PDPA") of Malaysia and applicable supplementary guidance, where relevant to our operations.

Last updated: April 2026

1. Who we are

SnapSync operates the SnapSync platform and related services (including WhatsApp and web-based tools). For the purposes of the PDPA, we act as a data user in respect of personal data we collect and process as described below.

2. Personal data we collect

Depending on how you use SnapSync, we may process categories such as:

• Phone number — collected and used for authentication, account identification, WhatsApp-based service delivery, and security (including linking your workspace to your verified number).
• Account and profile information — for example, company name, email, and business details you choose to provide in the portal.
• Financial documents and images — PDFs, images, or similar files you submit (e.g. invoices, receipts, agreements) solely for the purpose of automated data extraction, classification, and related features you request, including integration with your connected Google Workspace where applicable.
• Technical and usage data — such as logs, device or session identifiers, and diagnostics needed to operate and secure the service.

3. Purposes of processing

We process personal data for purposes including:

• Providing, operating, and improving the SnapSync service;
• Authenticating users and preventing fraud or abuse;
• Performing AI-assisted extraction and structuring of data from documents you submit, as part of the subscribed features;
• Syncing or storing outputs in your designated Google Workspace resources (e.g. Drive, Sheets) where you have connected such integrations;
• Complying with legal obligations and enforcing our terms.

We do not use your phone number or document content for unrelated marketing profiling beyond what you expressly consent to or what the law permits.

4. Google Workspace and your vault

Where you connect Google Workspace, customer business data and extracted outputs are designed to reside securely within your own Google Workspace vault (for example, folders and spreadsheets under your control), subject to Google's terms and your admin settings. SnapSync processes data as needed to perform the automation you enable and does not sell your personal data to third parties (see below).

5. Legal bases and PDPA alignment

We collect and process personal data where we have a lawful basis under the PDPA and related practice, including where necessary for the performance of a contract with you, compliance with legal obligations, protection of vital interests, or your consent where required (for example, for certain marketing or optional features). You may have rights under the PDPA to request access or correction of your personal data and, in prescribed circumstances, to limit processing—subject to exceptions under law. Contact us using the details below to exercise applicable rights.

6. Sharing and sale of data

We do not sell your personal data to third parties. We may share data with subprocessors strictly as needed to run the service (for example, cloud hosting, messaging providers, or AI inference providers), under appropriate contracts and security measures. We may disclose information if required by law or to protect rights and safety.

7. Retention and security

We retain personal data only as long as necessary for the purposes above, including legal, accounting, and dispute resolution needs. We implement technical and organisational measures appropriate to the risk, including access controls and encryption in transit where applicable.

8. International transfers

If personal data is processed outside Malaysia, we take steps consistent with applicable law to ensure appropriate safeguards where required.

9. Your choices

You may update certain profile information in the portal, disconnect integrations where available, or contact us to discuss access, correction, or account closure, subject to legal and contractual retention requirements.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date will change accordingly. Material changes may be communicated through the service or by email where appropriate.

11. Contact

For privacy enquiries or PDPA-related requests, contact support@snapsync.my.