Privacy Policy

1. Introduction

Inklusif ("we", "us", "our") is committed to protecting your personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). This policy explains what data we collect, how we use it, and your rights as a data subject.

By creating an account or using the Inklusif platform, you consent to the collection and use of your personal data as described in this policy.

2. Data We Collect

2.1 Account Data

Email address and password (hashed — never stored in plain text)
User role: job seeker, employer, or support organisation
Account creation timestamp and login history

2.2 Profile Data (Job Seekers)

Full name, OKU card number, disability type
Biography, years of experience, skills
Location (state and city)
Profile photo (avatar) and CV/resume file

2.3 Profile Data (Employers)

Company name, industry, company size
Company description, website, and logo

2.4 Profile Data (Support Organisations)

Organisation name, contact email, description
Referral code (system-generated)

2.5 Usage Data

Job applications submitted and their status
AI matching results (stored to improve recommendations)
Messages and conversations
Notification history
Login timestamps

3. How We Use Your Data

To provide the Inklusif platform services
To match job seekers with suitable employment opportunities using AI (Google Gemini)
To enable communication between job seekers, employers, and support organisations
To send notifications about application status changes and platform activity
To generate anonymised diversity and inclusion reports for employers

Our data pledges:

We do NOT sell your personal data to third parties
We do NOT use your data for advertising purposes

5. Data Retention

Active accounts: retained for the duration of your account
Deleted accounts: all personal data is permanently deleted within 30 days of account deletion. Anonymised aggregate statistics may be retained.
Job applications: retained for 24 months after submission
Messages: retained for 12 months after account deletion

6. Your Rights Under PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the following rights:

Right to Access — request a copy of all personal data we hold about you
Right to Correction — request correction of inaccurate data
Right to Erasure — request deletion of your account and all associated data. This is available instantly in Settings → Account → Delete Account
Right to Withdraw Consent — withdraw consent for support organisation data access at any time from Settings → My Organisations
Right to Object — object to processing of your data for certain purposes

To exercise any of these rights, use the self-service options in your account Settings, or contact us with the subject "PDPA Data Request". We will respond within 21 days as required by PDPA.

7. Data Security

All data is stored in Supabase (Singapore region)
All connections are encrypted via HTTPS/TLS
Passwords are hashed using bcrypt — never stored in plain text
Row-level security (RLS) ensures users can only access their own data
CV files are stored in a private bucket — only you and employers who received your application can access your CV
The platform enforces role-based access control — employers cannot access support org data, and vice versa

8. Cookies

We use essential session cookies only. These are required for authentication and language preference. We do not use tracking, advertising, or third-party analytics cookies.

9. Changes to This Policy

We will notify registered users of material changes to this policy via in-app notification at least 14 days before changes take effect. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related enquiries, to exercise your PDPA rights, or to submit a data request:

privacy@inklusif.org

Address

Inklusif Sdn Bhd
Kuala Lumpur, Malaysia

Response time

Within 21 days, as required by PDPA

You may also use the Contact page and select "PDPA Data Request" as the subject.

1. Introduction

By creating an account or using the Inklusif platform, you consent to the collection and use of your personal data as described in this policy.

2. Data We Collect

2.1 Account Data

Email address and password (hashed — never stored in plain text)
User role: job seeker, employer, or support organisation
Account creation timestamp and login history

2.2 Profile Data (Job Seekers)

Full name, OKU card number, disability type
Biography, years of experience, skills
Location (state and city)
Profile photo (avatar) and CV/resume file

2.3 Profile Data (Employers)

Company name, industry, company size
Company description, website, and logo

2.4 Profile Data (Support Organisations)

Organisation name, contact email, description
Referral code (system-generated)

2.5 Usage Data

Job applications submitted and their status
AI matching results (stored to improve recommendations)
Messages and conversations
Notification history
Login timestamps

3. How We Use Your Data

To provide the Inklusif platform services
To match job seekers with suitable employment opportunities using AI (Google Gemini)
To enable communication between job seekers, employers, and support organisations
To send notifications about application status changes and platform activity
To generate anonymised diversity and inclusion reports for employers

Our data pledges:

We do NOT sell your personal data to third parties
We do NOT use your data for advertising purposes

5. Data Retention

Active accounts: retained for the duration of your account
Deleted accounts: all personal data is permanently deleted within 30 days of account deletion. Anonymised aggregate statistics may be retained.
Job applications: retained for 24 months after submission
Messages: retained for 12 months after account deletion

6. Your Rights Under PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the following rights:

Right to Access — request a copy of all personal data we hold about you
Right to Correction — request correction of inaccurate data
Right to Erasure — request deletion of your account and all associated data. This is available instantly in Settings → Account → Delete Account
Right to Withdraw Consent — withdraw consent for support organisation data access at any time from Settings → My Organisations
Right to Object — object to processing of your data for certain purposes

To exercise any of these rights, use the self-service options in your account Settings, or contact us with the subject "PDPA Data Request". We will respond within 21 days as required by PDPA.

7. Data Security

All data is stored in Supabase (Singapore region)
All connections are encrypted via HTTPS/TLS
Passwords are hashed using bcrypt — never stored in plain text
Row-level security (RLS) ensures users can only access their own data
CV files are stored in a private bucket — only you and employers who received your application can access your CV
The platform enforces role-based access control — employers cannot access support org data, and vice versa

8. Cookies

We use essential session cookies only. These are required for authentication and language preference. We do not use tracking, advertising, or third-party analytics cookies.

9. Changes to This Policy

10. Contact Us

For privacy-related enquiries, to exercise your PDPA rights, or to submit a data request:

privacy@inklusif.org

Address

Inklusif Sdn Bhd
Kuala Lumpur, Malaysia

Response time

Within 21 days, as required by PDPA

You may also use the Contact page and select "PDPA Data Request" as the subject.

1. Introduction

2. Data We Collect

2.1 Account Data

2.2 Profile Data (Job Seekers)

2.3 Profile Data (Employers)

2.4 Profile Data (Support Organisations)

2.5 Usage Data

3. How We Use Your Data

4. Data Sharing

4.1 With Employers

4.2 With Support Organisations

4.3 With AI Services

5. Data Retention

6. Your Rights Under PDPA

7. Data Security

8. Cookies

9. Changes to This Policy

10. Contact Us

Privacy Policy

1. Introduction

2. Data We Collect

2.1 Account Data

2.2 Profile Data (Job Seekers)

2.3 Profile Data (Employers)

2.4 Profile Data (Support Organisations)

2.5 Usage Data

3. How We Use Your Data

4. Data Sharing

4.1 With Employers

4.2 With Support Organisations

4.3 With AI Services

5. Data Retention

6. Your Rights Under PDPA

7. Data Security

8. Cookies

9. Changes to This Policy

10. Contact Us