Rankup Digital Services (Company No. 003759071-W) ("we", "us", "Rankup Digital Services", "GBPAuditLab") operates the gbpauditlab.com platform (the "Service"). This Privacy Policy describes how we collect, use, store, and protect your personal data, in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA), as amended by the Personal Data Protection (Amendment) Act 2024. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to ensure PDPA compliance:

Any questions about your personal data, or requests for access, correction, or deletion, can be sent to the email above.

2. Personal Data We Collect

2.1 Data you provide directly

2.2 Data collected automatically

2.3 Data generated by the Service

3. Purposes of Data Processing

We process your personal data to:

Legal basis: your consent (at registration) and contractual necessity (to provide the Service you requested).

4. Third-Party Data Sharing

We use the following third-party service providers to operate the Service. Each provider is bound by their own terms of service and privacy policy:

ProviderPurposeProcessing location
SupabaseDatabase & user authenticationSingapore (ap-southeast-1 region)
VercelApplication hostingGlobal network (CDN)
Curlec (Razorpay)Payment processingMalaysia
ResendEmail deliveryUnited States
DataForSEOSEO/GBP data for auditsMultiple locations
Anthropic (Claude API)AI content generationUnited States
OpenAIBlog image generationUnited States
Google (Places, PageSpeed API)Location & website performance dataUnited States
Google Analytics / PostHog / SentryAnalytics & error monitoringUnited States

Cross-border data transfers

Some of your data is processed outside Malaysia (as listed above). In accordance with Section 129 of the PDPA (as amended 2024), we only use providers that maintain adequate security measures or operate in jurisdictions with a comparable standard of data protection. We do not sell your personal data to third parties for marketing purposes.

5. Payment Processing

Payments are processed entirely by Curlec (Razorpay Malaysia). We do not store your credit/debit card details on our servers. Please refer to Curlec's Privacy Policy for more information on how they handle payment data.

6. Data Retention Period

After these periods, data is automatically deleted or anonymised.

7. Cookies

Our website uses cookies for:

You can manage cookie preferences through your browser settings, although this may affect the functionality of some features.

8. Your Rights Under PDPA

As a data subject, you have the right to:

To exercise any of the above rights, contact our DPO at privacy@gbpauditlab.com. We will respond within a reasonable time (typically 21 days).

9. Data Security

We implement the following security measures to protect your personal data:

While we take reasonable measures, no system is 100% secure. In the event of a data breach that risks causing significant harm, we will notify the PDPC within 72 hours and notify affected users without undue delay, in accordance with Section 12B of the PDPA.

10. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any material changes will be communicated via email or a notice on the website. The "Last updated" date above reflects the current version.

12. Contact Us

For any privacy-related questions, data access requests, or to exercise your PDPA rights:

Rankup Digital Services
Company No. 003759071-W
Email: privacy@gbpauditlab.com
Website: gbpauditlab.com