Privacy Policy

DRAFT — pending Malaysian counsel review. This document is a Phase 2 launch placeholder modelled after the Personal Data Protection Act 2010 (PDPA) and Consumer Protection Act 1999. Final language will be reviewed by qualified Malaysian counsel before public sign-off. Send legal queries to service@movo.com.my.

1. Who we are

Movo is operated by MOVA Technologies Inc. (“Movo”, “we”, “us”). Our marketplace runs on https://movo.com.my. For privacy enquiries please write to service@movo.com.my.

2. Personal data we collect

  • Account data: email address, display name, password hash (we never store plain-text passwords).
  • Order data: billing & shipping address, phone number, order line items, order total.
  • Cashback & referral data: cashback wallet balance, referral relationship (referrer_id binding, immutable per Movo terms), affiliate earnings ledger.
  • KYC data (Referral Partner applicants only): MyKad (IC) number, scanned IC images (front + back), bank account details. These are required to activate the cash-payout Referral Partner programme and are stored encrypted at rest. We hash the IC number with SHA-256 + a per-site salt before indexing — the plain IC number is never queryable.
  • Technical data: IP address, browser user-agent, session cookies, AffiliateWP referral cookies (used to attribute referrals on signup).

3. How we use your data

  • To fulfil your orders and provide vendor delivery (we share name + address + phone with the merchant who is fulfilling your order, per CONTEXT.md vendor self-fulfilment policy).
  • To calculate and pay out cashback and affiliate commissions.
  • To enforce the same-MyKad-one-account rule (fraud prevention on the Referral Partner programme).
  • To send transactional email about your orders, account, payouts, and KYC status.
  • To improve the marketplace (anonymised analytics).

4. Sharing

We do not sell your data. We share data with: (a) the merchant fulfilling your order; (b) WordPress, WooCommerce, Dokan, AffiliateWP, and supporting plugins running on our infrastructure (xCloud Hetzner VPS); (c) Malaysian regulators where required by law (PDPA 2010 / Consumer Protection Act 1999 enforcement requests).

5. Retention

Account data: retained until account deletion. Order data: retained for at least 7 years per Malaysian tax requirements. KYC images: retained until 5 years after Referral Partner status lapses, then permanently deleted. Cashback & referral ledger: retained indefinitely while account is active.

6. Your rights (PDPA)

  • Right of access — request a copy of your personal data via service@movo.com.my.
  • Right of correction — update your account at /my-account/ or email us.
  • Right to limit processing — pause marketing email subscriptions (transactional email cannot be paused while account is active).
  • Right to deletion — request account deletion (commitment per PDPA does not override Section 5 retention obligations).

7. Cookies

We use session, cart, and AffiliateWP referral cookies. We do NOT run third-party advertising cookies in Phase 2. You can disable cookies in your browser but the marketplace will not function correctly.

8. Updates

This policy may be updated. Material changes are notified by email at least 30 days in advance. Last updated: 2026-05-20.

We use cookies to enhance your experience on Movo. By continuing to browse, you agree to our use of cookies. Privacy Policy