Privacy Policy

Effective Date: 30 Dec 2025
Last Updated: 30 Dec 2025

Table of Contents

1. Who this Policy Applies To
2. Personal Data We Collect
3. How We Use Personal Data
4. How We Justify Processing
5. How We Share Personal Data
6. Cross-Border Transfers
7. Data Retention
8. Security
9. Your Choices & Rights
10. Children’s Privacy
11. Cookies & Tracking (Web)
12. Updates to this Policy
13. Contact Us

1) Who this Policy Applies To

This policy applies to all individuals who interact with web/app, including:

• End Users (people who create accounts, use features, or access content)
• Customers/Clients (where web/app supports paid services or subscriptions)
• Partners/Vendors (where web/app integrates external services)
• Website Visitors (when you browse our web pages)

2) Personal Data We Collect

We collect personal data in three ways: (i) data you provide, (ii) data collected automatically, and (iii) data from third parties (where applicable).

2.1 Data You Provide

• Account & Profile: name, username, email, phone number, profile photo (optional), organization/company details (if applicable).
• Content You Submit: text, images, files, forms, messages, and any other content you upload or generate using the Services.
• Support & Communications: enquiries, feedback, and information shared with our support teams.
• Payments (if applicable): billing name, billing address, payment status, transaction references. We typically do not store full card numbers—payment processing is handled by payment providers.

2.2 Data Collected Automatically

• Device & Technical Data: IP address, device identifiers, browser type, operating system, app version, language, network information.
• Usage Data: pages/screens viewed, clicks, feature usage, time spent, referral URLs, and interaction patterns.
• Log & Diagnostics: crash logs, performance metrics, error reports, and troubleshooting data.
• Approximate Location: derived from IP or device settings (for basic security, regional settings, and service availability).

2.3 Sensitive Data

We do not intentionally collect sensitive personal data (e.g., health information, biometrics, religion, political opinions) unless you voluntarily provide it and it is necessary for a specific feature or legal compliance. If collected, we will apply stronger protection and/or request explicit consent where required.

2.4 Third-Party Data (Where Applicable)

• Login Providers: if you sign in using Google/Apple/SSO, we receive basic profile data permitted by your settings.
• Payment Providers: confirmation of payment, transaction identifiers, and fraud signals.
• Analytics/Crash Tools: aggregated usage and diagnostics information.

3) How We Use Personal Data

We use personal data for the following purposes:

• Service delivery: provide features, run the platform, authenticate users, and enable content creation and sharing.
• Account management: create and maintain accounts, verify identity, prevent unauthorized access.
• Customer support: respond to enquiries, resolve issues, and handle requests.
• Payments & subscriptions (if applicable): process payments, issue invoices/receipts, manage renewals and refunds.
• Security & fraud prevention: detect and prevent misuse, spam, fraud, and security incidents.
• Product improvement: analytics, research, debugging, performance optimization, and feature enhancements.
• Legal compliance: comply with applicable laws, enforce our terms, and respond to lawful requests.

4) How We Justify Processing

Depending on the context, we process personal data based on one or more of the following grounds (where applicable):

• Consent: where you provide permission (e.g., marketing, optional profile fields, certain device permissions).
• Contractual necessity: to provide Services you request or to perform a contract with you.
• Legitimate interests: to operate, secure, and improve our Services (balanced against your rights).
• Legal obligations: where we must comply with laws or regulatory requirements.

5) How We Share Personal Data

We may share personal data in the following situations:

5.1 Service Providers (Processors)

We share data with vendors that help us operate the Services, such as hosting, cloud storage, analytics, payment processing, email/SMS delivery, and customer support. Examples include: [Payment Provider Names] and [Analytics/Crash Tools Names]. These providers are contractually required to protect personal data and use it only to deliver services to us.

5.2 Business Transfers

If WEB/APP is involved in a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction, subject to appropriate safeguards.

5.3 Legal Requirements

We may disclose personal data if required by law, court order, or lawful request by authorities, or when necessary to protect rights, safety, and security.

5.4 With Your Direction

We may share information when you instruct us to do so (for example, publishing content, inviting collaborators, or connecting third-party integrations).

6) Cross-Border Transfers

Our vendors or servers may be located outside Malaysia. If personal data is transferred internationally, we take reasonable steps to ensure appropriate protections are in place (e.g., contractual safeguards, access controls, and security standards).

7) Data Retention

We keep personal data only as long as necessary for the purposes described in this policy, including legal, accounting, or reporting obligations. Retention periods may vary by data type:

• Account data: retained while your account is active; deleted or anonymized after account closure, subject to legal needs.
• Content: retained as long as you keep it on the Services or as required to provide features you use.
• Logs & diagnostics: typically retained for a limited period to maintain security and service quality.
• Billing records (if applicable): retained as required by applicable tax and accounting rules.

8) Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data, including:

• Access control and least-privilege permissions
• Encryption in transit and, where appropriate, at rest
• Monitoring, logging, and incident response procedures
• Secure vendor management where third parties are used

No method of transmission or storage is 100% secure. You are responsible for keeping your credentials confidential and using strong passwords.

9) Your Choices & Rights

You may have the right to request access, correction, or deletion of your personal data, and to withdraw consent where processing is based on consent.

• Access & correction: request a copy of your data or correct inaccurate data.
• Withdraw consent: you may withdraw consent for optional processing (e.g., marketing) at any time.
• Marketing opt-out: you can opt out using in-message links or by contacting us.
• Device permissions: manage permissions (e.g., notifications, location) in your device settings.

To submit a request, contact us at [DPO/Privacy Email]. We may need to verify your identity before fulfilling requests.

10) Children’s Privacy

WEB/APP is not intended for children under the age of [18]. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can take appropriate action.

11) Cookies & Tracking (Web)

If you use our website, we may use cookies and similar technologies for functionality, analytics, and security. You can manage cookies through your browser settings. Disabling cookies may affect certain website features.

12) Updates to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Services or other reasonable means. The updated policy will be effective from the “Last Updated” date shown above.

13) Contact Us

Samurai Broz Worldwide Service
Registration No.: SA0641537-A
Address: Bandar Putri Klang
Support: support@samuraibroz.com
Privacy/DPO: legal@samuraibroz.com
Website: https://samuraibroz.com