Information We Collect

Running financial analysis software means we work with data. Here's what we collect and why we need it:

Account and Profile Data

When you create an account, we ask for basic details: your name, email address, company name, and contact number. This helps us set up your workspace and keep you updated about your account activity. You control most of this information through your account settings.

Financial Data You Upload

Our tools analyze financial information you choose to upload. This might include spreadsheets, transaction records, or budget documents. We process this data to generate your reports and insights, but we don't share it with third parties for marketing purposes. Your financial data stays yours.

Usage Information

Like most online services, we track how you interact with our platform. This includes which features you use most, how long your sessions last, and which reports you generate. We use this to improve our software and fix issues before they affect more users.

Technical Details

• IP address and approximate location (city level, not exact coordinates)
• Browser type and operating system
• Device identifiers and screen resolution
• Referring websites and pages you visit on our platform
• Time stamps for your activities

How We Use Your Information

We're not in the business of selling data. We use what you share to make our service work properly and improve it over time.

We occasionally send emails about new features or tips for getting more from our tools. You can opt out of these anytime without affecting your account status.

Data Sharing and Disclosure

We keep your information within our organization except in specific situations:

Service Providers

We work with companies that help us run our infrastructure. Cloud hosting providers store your data, payment processors handle transactions, and email services deliver notifications. All these partners sign agreements to protect your information the same way we do.

Legal Requirements

If Malaysian authorities request information through proper legal channels, we're required to comply. This might happen in fraud investigations or court proceedings. We review each request carefully and only share what's legally required.

Business Transfers

If CoreEnergyX merges with another company or gets acquired, your data would transfer to the new entity. We'd notify you beforehand and explain any changes to how your information gets handled.

What We Don't Do

We don't sell your financial data to marketers. We don't share your analysis results with competitors. We don't use your uploaded documents to train AI models that serve other customers.

Data Storage and Security

Your information lives on servers located in Malaysia and Singapore. This keeps it close to you geographically and under PDPA jurisdiction.

Protection Measures

• All data transmissions use TLS 1.3 encryption
• Financial documents are encrypted at rest using AES-256
• Access to production systems requires multi-factor authentication
• We run security audits quarterly and patch vulnerabilities within 48 hours
• Employee access follows least-privilege principles

No system is completely hack-proof. If we detect a breach that affects your data, we'll notify you within 72 hours along with steps you should take to protect yourself.

Your Rights Under PDPA

Malaysia's data protection law gives you control over your information. Here's what you can do:

How to Exercise These Rights

Email us at contact@coreenergyx.com with your request. Include your account email and specify which right you want to exercise. We'll respond within 21 days as required by PDPA. Some requests may take longer if they're complex, but we'll keep you updated.

For access requests, we'll verify your identity before sending data. This protects you from someone impersonating you to access your information.

Cookies and Tracking

We use cookies to keep you logged in and remember your preferences. Without them, you'd need to log in every time you navigate to a new page.

Types of Cookies We Use

• Essential cookies for authentication and security
• Preference cookies to remember your dashboard layout and settings
• Analytics cookies to understand which features get used most

You can block cookies in your browser settings, but parts of our service might not work correctly. We don't use third-party advertising cookies since we don't show ads.

Data Retention

We keep your account data as long as you're an active customer. If you cancel your subscription, here's what happens:

• Your financial documents get deleted immediately from production systems
• Account information stays in our database for 90 days in case you reactivate
• After 90 days, we permanently delete all personal data except transaction records
• Financial records for billing purposes are retained for 7 years as required by Malaysian tax law
• Anonymized usage statistics might be kept indefinitely for research purposes

You can request immediate deletion by contacting support. We'll process this within 14 days, though some backup systems may take up to 30 days to fully purge data.

International Data Transfers

Most of your data stays in Southeast Asia. Occasionally, we might transfer information outside Malaysia:

Customer support tickets sometimes route through servers in Singapore or Australia. These countries have data protection standards comparable to PDPA. When transfers occur, we use standard contractual clauses approved by Malaysia's Personal Data Protection Commissioner.

We don't transfer financial analysis data outside the region. Only account metadata crosses borders, and only when necessary for technical operations.

Children's Privacy

Our service isn't designed for anyone under 18. We don't knowingly collect information from minors. If we discover someone underage has created an account, we'll delete it and notify the email address on file.

Educational institutions sometimes set up accounts for student projects. In these cases, the institution is responsible for obtaining proper consent from parents or guardians.

Changes to This Policy

We update this policy occasionally as our service evolves or regulations change. When we make significant changes, we'll email you at least 30 days before they take effect. Minor clarifications might happen without notice.

The date at the top shows when we last revised this document. You can check back anytime to review current practices.

Third-Party Services

Our platform integrates with accounting software and data providers you might choose to connect. When you authorize these integrations, you're sharing data directly with those services. Their privacy policies govern how they handle your information.

We vet integration partners for security practices, but we can't control their data handling once information leaves our systems. Review their policies before connecting third-party services to your CoreEnergyX account.