Privacy Policy

Last updated: 3 April 2026

This Privacy Policy describes how Sitehandy Solutions (Registration No. NS0159990-H) ("Company", "we", "us", "our") collects, uses, stores, and protects your personal data when you use the SMSHandy platform, website, dashboard, API, and related services (collectively, the "Service").

We are committed to protecting your privacy and complying with the Personal Data Protection Act 2010 (PDPA) of Malaysia. By using the Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

  • Full name
  • Email address
  • Phone number / WhatsApp number
  • Company or business name (if applicable)
  • Business registration number (if applicable)

1.2 Payment Information

When you purchase credits, we may collect:

  • Payment transaction details (amount, date, reference number)
  • Bank account information (for FPX or bank transfer payments)

We do not directly store credit card or debit card numbers. Payment processing is handled by our third-party payment providers.

1.3 SMS & Messaging Data

When you use the Service to send messages, we process:

  • Recipient phone numbers
  • Message content (for delivery purposes)
  • Sender ID used
  • Delivery status and timestamps
  • Contact lists uploaded to the Platform

1.4 Usage Data

We automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and actions taken on the Platform
  • API usage logs (endpoints called, timestamps, response codes)
  • Login timestamps and session data

1.5 Support Communications

When you contact us for support, we collect the content of your messages, including emails, WhatsApp messages, and any attachments you provide.

2. How We Use Your Information

We use the information collected for the following purposes:

  • Service Delivery: To process and deliver your SMS messages, manage your account, and provide the features of the Platform.
  • Payment Processing: To process credit purchases, verify payments, and maintain billing records.
  • Account Management: To authenticate your identity, maintain account security, and manage your subscription.
  • Communication: To send you service-related notifications, updates, security alerts, and support responses.
  • Service Improvement: To analyse usage patterns, diagnose technical issues, and improve the Platform's features and performance.
  • Compliance & Security: To comply with legal obligations, prevent fraud, detect abuse, and enforce our Terms of Service.
  • Marketing: To send you information about new features, promotions, or services, subject to your consent and right to opt out.

3. Legal Basis for Processing

Under the PDPA, we process your personal data based on:

  • Consent: You provide consent when you register for an account and agree to these terms.
  • Contractual Necessity: Processing is necessary to fulfil our obligations under the Terms of Service.
  • Legal Obligation: We may process data to comply with applicable laws, regulations, or lawful government requests.
  • Legitimate Interests: We process data for fraud prevention, security, and service improvement, balanced against your privacy rights.

4. Data Sharing & Disclosure

4.1 Third-Party Service Providers

We share data with trusted third parties who assist us in operating the Service:

  • SMS Gateway Providers: Recipient phone numbers and message content are shared with our SMS gateway providers for message delivery. We use multiple providers for reliability.
  • Payment Processors: Payment information is shared with our payment processors (e.g., FPX providers) to process transactions.
  • Cloud Infrastructure: Account and usage data is stored on secure cloud servers.
  • Security Services: We use Cloudflare for website protection and performance.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (court orders, subpoenas, warrants)
  • Requests from government authorities, including MCMC, PDRM (Royal Malaysia Police), or other law enforcement agencies
  • Compliance with applicable laws and regulations

4.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred to the acquiring entity.

4.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest where applicable.
  • Access Control: Strict access controls ensure only authorized personnel can access personal data.
  • Account Isolation: Each user's data is logically isolated from other users' data.
  • Infrastructure Security: Our platform is protected by Cloudflare security services, including DDoS protection and WAF.
  • Credential Security: Passwords are hashed using industry-standard algorithms. API keys are encrypted.
  • Monitoring: We monitor for unauthorized access attempts and security incidents.

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

6. SMS Data Handling

Given the nature of our Service, we want to be transparent about how SMS-related data is handled:

  • Message Content: SMS content is processed for delivery and stored in your account's message history for your reference. Message content is not used for advertising or shared with third parties except as necessary for delivery.
  • Recipient Data: Phone numbers of SMS recipients are stored in your contact lists and message logs. This data belongs to you and is processed solely on your behalf.
  • Delivery Reports: Message delivery status information is collected from our SMS providers and made available to you through the dashboard and API.
  • Data Retention: SMS logs (including content and delivery status) are retained in your account for your records. See Section 9 for details on data retention periods.

You are responsible for ensuring that you have obtained proper consent from recipients to send them messages and to store their phone numbers, in compliance with the PDPA and our Terms of Service.

7. Your Rights Under PDPA

Under the Personal Data Protection Act 2010, you have the following rights:

  • Right of Access: You may request access to the personal data we hold about you. We will respond within 21 days of receiving your request.
  • Right of Correction: You may request correction of any inaccurate or incomplete personal data.
  • Right to Withdraw Consent: You may withdraw your consent for us to process your personal data. Please note that withdrawal of consent may affect our ability to provide the Service to you.
  • Right to Limit Processing: You may request that we limit the processing of your personal data in certain circumstances.

To exercise any of these rights, please contact us at [email protected]. We may require verification of your identity before processing your request.

8. Cookies & Tracking Technologies

Our website and Platform use the following technologies:

  • Essential Cookies: Required for the Platform to function properly, including session management and authentication.
  • Preference Cookies: Used to remember your settings, such as language preference and theme (dark/light mode).
  • Security: Cloudflare Turnstile is used for bot protection on our forms. This service may set cookies for security verification purposes.

We do not currently use third-party analytics or advertising cookies. If this changes, we will update this Privacy Policy accordingly.

9. Data Retention

We retain your data for as long as necessary to provide the Service and fulfil the purposes described in this Privacy Policy:

  • Account Data: Retained for the duration of your account and for a reasonable period after account closure for legal and administrative purposes.
  • SMS Logs: Message history and delivery reports are retained in your account for your reference while your account is active.
  • Payment Records: Transaction records are retained for a minimum of seven (7) years as required by Malaysian tax and financial regulations.
  • Support Communications: Retained for a reasonable period to provide ongoing support and for quality assurance.

When data is no longer needed, it is securely deleted or anonymised.

10. Third-Party Services

The Service integrates with or relies on the following third-party services:

  • SMS Gateway Providers: For message delivery to telecommunications networks.
  • FPX / Payment Gateways: For processing online payments.
  • Cloudflare: For website security, performance, and Turnstile CAPTCHA.
  • Google Fonts: For typography on our website.

Each third-party service has its own privacy policy. We encourage you to review their policies. We are not responsible for the privacy practices of third-party services.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will take steps to delete such information.

12. International Data

SMSHandy is based in Malaysia and our servers are located in regions selected for performance and reliability. If you access the Service from outside Malaysia, your data may be transferred to and processed in Malaysia or other jurisdictions where our service providers operate. By using the Service, you consent to such transfers.

13. Future Messaging Services

As we expand the Platform to include additional messaging channels (such as WhatsApp, Telegram, and others), the data collection and processing practices may be updated. Each new channel may involve sharing data with additional third-party platform providers (e.g., Meta for WhatsApp). We will update this Privacy Policy to reflect any changes and will notify you of material changes.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We will make reasonable efforts to notify you of material changes via email or platform notification.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is handled, please contact us:

  • Company: Sitehandy Solutions (NS0159990-H)
  • Email: [email protected]
  • WhatsApp: +6011-3803 8022
  • Address: K4 Level 1, Terminal Port Dickson, 71000 Port Dickson, Negeri Sembilan, Malaysia