Legal
Privacy
Last updated: 2026-05-06
What we collect
When you place an order or send a custom-quote request we collect: your name, email, phone (if provided), shipping address, and the items + customizations you ordered. Payments are made directly to our Touch 'n Go eWallet via DuitNow QR or DuitNow Transfer — we don't store or process your card details, and no payment data passes through our servers.
How we use it
Strictly to fulfill your order, contact you about it, and meet our tax + bookkeeping obligations. We don't sell or share your data, and we don't use it for marketing without your explicit consent.
Where it's stored
Order data lives in Supabase (a hosted Postgres database) and email transactions go through Resend. Both are reputable providers with industry-standard security. Payments themselves never touch our servers — they go directly bank-to-bank via DuitNow.
Cookies
We use a session-only cart cookie (cleared when you close the browser tab) and basic analytics via Vercel Analytics, which doesn't use cookies and doesn't track individuals.
Your rights (PDPA Malaysia)
You can request a copy of your data, ask us to correct it, or ask us to delete it (subject to our legal record-keeping obligations). Email hello@thingit.store and we'll handle it within 21 days.