Skip to content
Legal

Privacy Policy

Last updated: March 2026

1. Introduction

KINPASS Sdn Bhd (“KINPASS”, “we”, “us”) is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

2. Information We Collect

Account Information

Name, email address, phone number, and profile information provided during registration.

Children's Information

Child's name, date of birth, medical notes, allergies, and emergency contact details. This information is collected with parental consent and shared with activity providers for safety purposes.

Payment Information

Payment details are processed and stored securely by Stripe. KINPASS does not store credit card numbers or bank account details on our servers.

Usage Data

Booking history, app usage patterns, device information, and location data (with your permission) to improve our services.

3. How We Use Your Information

  • To provide and operate the KINPASS platform
  • To process bookings and payments
  • To share necessary child safety information with activity providers
  • To send booking confirmations, reminders, and service updates
  • To improve our platform and develop new features
  • To comply with legal obligations

4. Children's Data Protection

We take special care with children's data. IC numbers and emergency contact information are encrypted using AES-256-GCM. Access to children's data is restricted to the parent/guardian and the booked activity provider. We obtain explicit parental consent before collecting or processing any child's personal data.

5. Data Sharing

We share your information only with:

  • Activity Partners: Child's name, age, medical notes, and emergency contact for booked classes
  • Payment Processors: Stripe, for processing payments securely
  • Service Providers: Hosting, email, and analytics providers who process data on our behalf
  • Legal Requirements: When required by Malaysian law or regulation

6. Data Security

We implement industry-standard security measures including encryption at rest and in transit, access controls, and regular security audits. Sensitive data such as children's IC numbers are encrypted with AES-256-GCM.

7. Your Rights

Under the PDPA, you have the right to:

  • Access your personal data held by us
  • Correct inaccurate or incomplete personal data
  • Withdraw consent for data processing
  • Request deletion of your account and associated data

To exercise these rights, contact us at general@kinpass.com.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification.

Contact

For privacy-related enquiries, contact our Data Protection Officer at general@kinpass.com.