This Privacy Policy describes how TARSOFT Keep (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use our website and services (the “Service”). We aim to meet reasonable expectations for privacy and, where applicable, Malaysia’s Personal Data Protection Act 2010 (PDPA).
Who we are
The Service is operated in connection with Tarsoft Sdn Bhd and related tooling. For privacy-related requests, contact us at admin@tarsoft.co.
What data we collect
Depending on how you use the Service, we may process:
- Account data: name, email address, password (hashed), and profile details you choose to provide.
- Authentication: if you use Google sign-in, we receive identifiers and profile information from Google as permitted by your Google account settings and Google’s policies.
- Workspace and collaboration data: workspaces you belong to, roles, tasks, categories, comments, notifications, invitations, and company profile information entered by workspace owners or admins.
- Leave and attendance: leave applications, approvals, entitlements, categories, supervisor relationships, attendance sessions, activity categories, office locations, and related timestamps. Where your workspace enables it, this may include location or GPS-related data and images (for example verification selfies) as submitted through the Service.
- Digital business card (vCard): fields you add to your public card and shareable links.
- Technical and usage data: IP address, browser type, device identifiers, log data, cookies or similar technologies, and security-related information needed to operate and protect the Service.
- Communications: messages you send us (for example support or newsletter sign-ups) and related metadata.
Login services and Apple App Store privacy requirements
Where third-party login options are offered, we design sign-in flows to follow data minimization principles. For account creation and authentication, we only require data necessary to identify and secure your account, typically your name and email address.
- Minimum data for login: we do not require unnecessary profile fields to create an account through login providers.
- Email privacy options: when your chosen login provider supports private/relay email features (for example Apple private email relay), we support account creation using that relay email.
- No advertising tracking without consent: we do not use login-derived identity data to track you across third-party apps or websites for advertising purposes without your explicit consent.
Why we use your data
We process personal data to:
- provide, maintain, and improve the Service;
- authenticate users and manage accounts;
- operate workspace features (tasks, leave, attendance, notifications, and related reporting);
- communicate with you about the Service, security, and legal notices;
- detect, prevent, and address fraud, abuse, and security incidents;
- comply with legal obligations and enforce our terms.
Legal bases (where relevant)
Where required by law, we rely on appropriate bases such as performance of a contract, legitimate interests (for example securing and improving the Service, provided those interests are not overridden by your rights), consent where we ask for it, and legal obligation.
Sharing and subprocessors
We do not sell your personal data. We may share data with:
- Service providers who assist us (for example hosting, email delivery, error monitoring, or analytics), subject to confidentiality and security obligations;
- Google when you choose Google sign-in, under Google’s terms and privacy policy;
- Other members of your workspace as needed to provide collaboration features (for example task assignees or leave approvers);
- Authorities when required by law or to protect rights, safety, and security.
We do not sell personal data and do not share personal data with data brokers for cross-app advertising.
International transfers
Your data may be processed in Malaysia and other countries where our providers operate. We take steps designed to ensure appropriate safeguards where required by applicable law.
Retention
We retain personal data for as long as your account is active, as needed to provide the Service, and as required for legal, security, or operational purposes (for example backups and dispute resolution). Retention may differ by data type and workspace settings controlled by administrators.
Security
We implement technical and organizational measures appropriate to the risk, including access controls and encryption in transit where applicable. No method of transmission or storage is completely secure; we work to protect your information but cannot guarantee absolute security.
Your choices and rights
Subject to applicable law, you may have rights to access, correct, delete, or restrict processing of your personal data, object to certain processing, or withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority where applicable.
To exercise these rights, contact admin@tarsoft.co. We may need to verify your request.
Cookies and similar technologies
We use cookies and similar technologies for session management, security, preferences, and to understand how the Service is used. You can control cookies through your browser settings; some features may not work if cookies are disabled.
If analytics or marketing technologies that require consent are used in your jurisdiction, we will request consent before enabling them where required by law.
Children
The Service is not directed at children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have, contact us and we will take appropriate steps.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and adjust the “last updated” date. Where changes are material, we will provide additional notice as appropriate (for example by email or in-app notice).
Contact
Questions about this Privacy Policy: admin@tarsoft.co