Odabear← Back to home

Privacy Policy

Last updated: May 2026

1. Overview

Odabear ("we", "us", "our") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

This policy applies to vendors who register on Odabear and to customers who interact with vendor pages hosted on our platform.

2. Data We Collect

From Vendors

  • Account data: email address, password (stored as a secure hash).
  • Business profile: business name, URL slug, phone number, logo, photos, description, payment method details.
  • Location data: address text, latitude and longitude (if provided voluntarily for the map feature).
  • Usage data: login times, dashboard activity, subscription status.

From Customers

  • Order data: name, phone number, delivery address (if applicable), items ordered, and notes — collected when a customer places an order or booking request.
  • We do not collect payment card details. All payments are handled directly between the customer and the vendor.

Automatically Collected

  • Log data: IP address, browser type, pages visited, and timestamps — collected by our hosting provider (Vercel) for security and performance monitoring.

3. How We Use Your Data

  • To provide and operate the Odabear platform and your vendor dashboard.
  • To display your public business page to customers.
  • To transmit order and booking details to you via your dashboard and WhatsApp.
  • To send transactional emails (account verification, password reset, subscription notices) via Resend.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with applicable Malaysian laws and regulations.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-Party Services

We use the following trusted third-party services to operate the platform:

ServicePurposeData shared
SupabaseDatabase & authenticationAll account and order data
VercelHosting & CDNAccess logs, IP addresses
ResendTransactional emailEmail address only
Google MapsMap embed on booking pagesAddress or coordinates (if set by vendor)

Each of these providers has their own privacy policy governing how they handle data.

5. Data Storage & Security

Your data is stored on Supabase's infrastructure, which is hosted in secure data centres. We implement the following security measures:

  • All data transmitted over HTTPS (TLS encryption in transit).
  • Database access controlled by Row Level Security (RLS) — vendors can only access their own data.
  • Sensitive API keys stored as encrypted environment variables.
  • Admin actions logged with email and timestamp for audit purposes.

While we take reasonable steps to protect your data, no system is completely secure. Please use a strong, unique password for your Odabear account.

6. Data Retention

  • Vendor accounts: retained for as long as your account is active, plus a reasonable period after closure for legal and audit purposes.
  • Order and booking records: retained for a minimum of 7 years in compliance with Malaysian commercial record-keeping requirements.
  • Uploaded files (photos, QR codes): retained until you delete them from your dashboard or your account is closed.

7. Your Rights (PDPA)

Under the Personal Data Protection Act 2010, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Withdraw consent for processing where consent is the basis (note: this may affect your ability to use the platform).
  • Request deletion of your account and associated data, subject to our legal retention obligations.

To exercise any of these rights, email us at holaodabear@gmail.com. We will respond within 21 days.

8. Cookies

Odabear uses session cookies to keep you logged in to your dashboard. We do not use tracking cookies or advertising cookies. No third-party analytics scripts are loaded on the platform.

9. Children's Privacy

Odabear is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with their data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on your dashboard. The date at the top of this page reflects the most recent update.

11. Contact Us

For any privacy-related questions, requests, or concerns, please contact our data protection contact at: holaodabear@gmail.com