Home / Privacy Policy

Privacy Policy

Last revised: 14 March 2026

This policy explains how Spektra Digital Sdn. Bhd. (“Spektra”, “we”, “us”) handles personal data collected through this website and in the course of providing our web design and development services. We process personal data in accordance with the Malaysian Personal Data Protection Act 2010 (PDPA) and, where applicable to overseas clients, comparable data protection legislation.

1. Who is responsible for your data

The data user is Spektra Digital Sdn. Bhd., registration number 202101034856 (1429807-K), of Level 16, Menara Hap Seng 2, Plaza Hap Seng, No. 1 Jalan P. Ramlee, 50250 Kuala Lumpur, Malaysia. Questions about this policy or your data can be sent to [email protected] or by post to the address above.

2. What we collect, and when

We collect personal data in three situations:

  • When you contact us. Our enquiry form asks for your name, email address, an optional phone number, an indicative budget and a description of your project. Nothing more is required to receive a reply.
  • When we work together. During a project we may hold business contact details of your team members, billing information, and access credentials you choose to share with us for the purpose of delivering the engagement.
  • When you browse this site. Our hosting infrastructure records standard server logs (IP address, browser type, pages requested, timestamps). Cookies are used only as described in our Cookie Policy.

3. Why we process it

We use personal data to respond to enquiries, scope and deliver projects, issue invoices and maintain accounting records, keep our website secure, and — only where you have consented — send occasional studio updates. We do not sell, rent or trade personal data, and we do not use it for automated decision-making.

4. Legal grounds

Processing is carried out where it is necessary for the performance of a contract with you, where we have a legitimate interest in operating and protecting our business, where the law requires it (for example tax record-keeping), or where you have given consent, which you may withdraw at any time.

5. Who we share it with

Access to personal data inside the studio is limited to team members who need it for their work. We use a small number of service providers — hosting, email, accounting and project management platforms — each bound by contractual confidentiality obligations. Some of these providers store data outside Malaysia; where that is the case we take reasonable steps to ensure an adequate standard of protection. We will disclose data to authorities only where legally compelled to do so.

6. How long we keep it

Enquiry data that does not lead to a project is deleted within 24 months. Client and billing records are retained for seven years to satisfy Malaysian tax and audit requirements. Server logs rotate automatically after 90 days.

7. How we protect it

Data is stored on encrypted infrastructure with access controls, two-factor authentication and audit logging. Client credentials shared with us are kept in a dedicated secrets manager, never in email or documents, and are purged at project close unless a care plan requires ongoing access.

8. Your rights

Under the PDPA you may request access to the personal data we hold about you, ask us to correct it, withdraw consent to processing based on consent, and require us to stop processing that causes or is likely to cause damage or distress. Write to [email protected]; we respond to verified requests within 21 days.

9. Third-party links

Our portfolio links to websites we have built for clients. Those sites have their own privacy practices, which we do not control and for which we are not responsible.

10. Changes to this policy

We review this policy annually and whenever our practices change. The revision date at the top of this page always reflects the current version. Material changes will be highlighted on this page for 30 days.