Privacy Policy
1. Introduction
CariRumah ("we", "our", or "us") is a homestay booking and management platform operated by CustomerMaestro. We are committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights as a data subject. It applies to all users of carirumah.customermaestro.com, including guests (renters) and property owners (hosts).
2. Data We Collect
2.1 Account Information
- Full name
- Email address
- Phone number
- Profile photo (optional)
2.2 Owner / Host Information
- Bank account details (for payout disbursement)
- Identity card (MyKad) or business registration number
- Property address and listing details
2.3 Booking & Payment Information
- Booking dates, guest count, and special requests
- Payment transaction references (processed via CHIP)
- Deposit and rental amounts
2.4 Usage Data
- Pages visited, session duration, and device type (via Google Analytics)
- Error and performance logs (via Sentry)
- IP address and browser information
3. How We Use Your Data
- To create and manage your account on the platform
- To process bookings and facilitate payments between guests and hosts
- To disburse rental payouts to property owners
- To send booking confirmations, receipts, and transactional emails
- To provide customer support and respond to enquiries
- To detect and prevent fraud or abuse on the platform
- To monitor application health and fix errors
- To analyse aggregated usage trends and improve the platform
- To comply with applicable legal and regulatory obligations
4. Third-Party Services
We use trusted third-party providers to operate our platform. Each provider processes data only as necessary for the service they provide.
| Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | User authentication & identity | Name, email, phone |
| CHIP (Payments) | Payment collection & payout disbursement | Name, bank account, transaction details |
| Google Analytics | Aggregated usage analytics | Anonymised session & page data |
| Sentry | Error monitoring & performance | Error context, anonymised user ID |
| Brevo | Transactional email delivery | Email address, booking details |
| DigitalOcean / MinIO | Cloud hosting & file storage | Uploaded property images |
5. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Field-level encryption: Sensitive personal data (name, email, phone, bank details) stored in our database is encrypted at rest using AES-256-GCM.
- HTTPS / TLS: All data in transit is encrypted using TLS.
- Authentication: Account access is secured via Clerk, which supports multi-factor authentication.
- Access controls: Only authorised personnel can access production data.
- Error monitoring: Sentry detects and alerts on security-relevant errors in real time.
No method of transmission or storage is 100% secure. If you suspect any unauthorised use of your account, please contact us immediately at admin@customermaestro.com.
6. Cookies & Tracking
We use cookies and similar technologies to operate and improve the platform.
Essential Cookies
Required for authentication and session management. Set by Clerk. Cannot be disabled without affecting platform functionality.
Analytics Cookies
Set by Google Analytics to measure page visits and user retention. Data is anonymised and aggregated. Can be disabled in your browser settings.
7. Data Retention
We retain your personal data only for as long as necessary for the purposes outlined in this policy or as required by law.
- Account data is retained while your account is active.
- Booking and payment records are retained for 7 years for financial compliance.
- Analytics data is retained in aggregated, anonymised form.
- Upon account deletion, personal data is purged in accordance with our Data Retention Policy.
8. Your Rights Under PDPA 2010
As a data subject under Malaysian law, you have the right to:
✓ Right to Access
Request a copy of all personal data held by CariRumah. Response within 21 days.
✓ Right to Rectification
Correct inaccurate or incomplete personal data through account settings or by contacting us.
✓ Right to Deletion
Request deletion of your personal data (subject to legal retention requirements).
✓ Right to Object
Object to processing for direct marketing purposes or withdraw consent where consent is the legal basis.
To exercise any of these rights, email us at admin@customermaestro.com with the subject line Privacy Request — CariRumah.
9. Children's Privacy
CariRumah is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the platform. Continued use of CariRumah after the effective date constitutes acceptance of the updated policy.
11. Contact Us
For any privacy-related queries or requests:
Company: CustomerMaestro Sdn. Bhd.
Email: admin@customermaestro.com
Platform: carirumah.customermaestro.com
Acknowledgment
By using CariRumah, you acknowledge and agree to this Privacy Policy. Continued use of the platform constitutes acceptance of any updates to this policy. This policy is governed by the laws of Malaysia.