Privacy Policy

Last updated: 29 March 2026

1. Introduction

D Gift Sdn Bhd ("we", "us") operates the CePAT e-Invoice platform. This Privacy Policy explains how we collect, use, store, and protect your personal and business information when you use our Service.

2. Information We Collect

We collect the following information when you use CePAT:

Account information: Name, email address, phone number, company name, business registration number (BRN/SSM).
Business data: Client details, supplier details, invoice data, quotation data, payment records, tax identification numbers (TIN), MSIC codes, and other financial information you enter into the system.
LHDN API credentials: Client ID and Client Secret that you provide to connect to LHDN MyInvois. These are stored securely in your account settings.
Usage data: Login times, IP addresses, browser type, and general usage patterns for system administration and security purposes.

3. How We Use Your Information

We use your information solely to:

Provide and operate the CePAT platform.
Submit e-Invoices to LHDN on your behalf using your API credentials.
Send service-related communications (account setup, password resets, service notices).
Improve and maintain the platform.
Comply with legal obligations.

4. Information Sharing

We do not sell, rent, or trade your personal or business information to third parties.

We may share your information only in these limited circumstances:

LHDN submission: Your invoice data is transmitted to LHDN MyInvois via their API, as this is the core function of the Service.
Payment processing: Basic transaction information is shared with Billplz to process your subscription payments. We do not store credit/debit card details.
Legal compliance: If required by law, court order, or government authority.
Hosting providers: Your data is stored on servers operated by our hosting provider. We select providers with appropriate security measures.

5. Data Storage & Security

Your data is stored on secured servers with SSL encryption.
We implement reasonable security measures to protect your data, including encrypted connections, access controls, and regular backups.
However, no system is 100% secure. We cannot guarantee absolute security of your data and shall not be liable for any unauthorized access resulting from cyberattacks, hacking, or other security breaches beyond our reasonable control.
LHDN API credentials are stored in your account and transmitted securely. We recommend regularly rotating your credentials.

6. Data Retention

Your data is retained for as long as your account is active.
Upon account termination, we may retain your data for up to 90 days for backup and recovery purposes, after which it may be permanently deleted.
We may retain certain records as required by Malaysian law.

7. Your Rights

Under the Personal Data Protection Act 2010 (PDPA) of Malaysia, you have the right to:

Access your personal data stored in our system.
Request correction of inaccurate data.
Request deletion of your data (subject to legal retention requirements).
Withdraw consent for data processing (which may result in inability to use the Service).

8. Cookies

CePAT uses essential cookies for login sessions and system functionality. We do not use tracking cookies or third-party advertising cookies.

9. Children's Privacy

CePAT is a business tool and is not intended for use by individuals under the age of 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date.

11. Contact

For privacy-related inquiries, please email us at support@cepatinvoice.com.