Orbit Finance
Buy license

This is a starting template, not legal advice. Have a Malaysian lawyer review and adapt it before relying on it.

Legal

Privacy Policy

Orbit Finance is built local-first. The short version: your business and financial data stays on your device, and we never collect or see it.

Last updated: 28/06/2026

1. The local-first truth (read this first)

Orbit Finance stores your business and financial data — your ledger, invoices, customers, statements, and everything you enter — on your own device. The app works fully offline. We, the vendor, do not collect, receive, store, or have any access to that data. There is no account login that uploads your books to us, and there is no server holding your financial records.

This means your most sensitive information never passes through us by default. The only data we handle is the small amount needed to sell you a license and support you — described below.

The data controller for that limited order data is Mushnor Heritage Resources (Registration No. 201803323851 (002884313-T)), No 2-12-13A, Solaria Residences, Medan Rajawali, Sungai Ara, 11900 Bayan Lepas, Pulau Pinang. Reach us at support@builtbypali.com.

2. What the sales & licensing flow collects

When you buy a license, we collect only what we need to process the order and issue your key:

  • Your name — to address you and issue the license.
  • Your email — to send your license key, download link, receipt, and support replies. Your key is tied to this email.
  • Your company name — for the license record and your invoice/reference.
  • Payment proof — the screenshot or file you upload (for example, a DuitNow / bank-transfer receipt) so we can verify payment manually.

This data is processed through Supabase, our hosting and database provider, and stored securely there. We use it only to verify your payment, issue and support your license, and keep basic records of the sale. We do not sell your data or use it for advertising.

3. Retention

We keep your order and license details for as long as your license is active and for as long as we are required to for legitimate business and legal/tax record-keeping. Uploaded payment proofs are kept only as long as needed to verify and evidence the transaction, then deleted on a routine basis. You can ask us to delete your personal data where we are not legally required to keep it (see clause 7).

4. Optional sync subscription (end-to-end encrypted)

If you subscribe to sync, your data is synchronised across your own devices and apps using end-to-end encryption. Your data is encrypted on your device before it is transmitted, and only your devices hold the keys to decrypt it — we cannot read your synced content. We process the minimum metadata required to route the sync and to manage your subscription billing. If you cancel sync, syncing stops and your data remains on your devices.

5. AI assistant (only with your own key)

The AI assistant is off unless you turn it on by adding your own AI provider API key. When you use it, the relevant data is sent directly from your device to the AI provider you chose (for example, your selected model provider) under their privacy terms — not through us. We do not receive or store your prompts or the data you send to the AI provider. If you never add a key, no data is ever sent to any AI provider.

6. Cookies & this website

This marketing and checkout website aims to keep tracking minimal. We do not use third-party advertising cookies. Any cookies used are limited to what is necessary to operate the site and process your order securely.

7. Your rights under the PDPA

We process personal data in line with Malaysia’s Personal Data Protection Act 2010 (PDPA). Under the PDPA you have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Withdraw consent to our processing, where processing is based on consent;
  • Limit how we process your data; and
  • Ask us to delete data we are not legally required to keep.

We process your data to fulfil your order, support your license, and meet our legal obligations. Note that the PDPA applies to commercial transactions in Malaysia and does not apply to the personal/business records you keep locally inside the app — those are on your device and never reach us.

8. Security

We take reasonable technical and organisational measures to protect the limited data we hold, including secure hosting via Supabase and restricted access to order records. No system is perfectly secure, but because we deliberately hold so little of your data, the exposure is minimal by design.

9. Contact & data requests

To exercise any of your rights, or for any privacy question, email support@builtbypali.com. We will respond within a reasonable time and in line with the PDPA.

10. Changes to this policy

We may update this policy from time to time. The “Last updated” date above shows the current version; material changes will be reflected on this page.