Privacy Policy

This Privacy Policy applies to the website, mobile application and system services operated by IA SoftTech Sdn. Bhd. for the Human Resource Information & Automation System (HRIAS), Inventory & Assets Management System (IAMS), and corporate website services.

For HRIAS (Human Resource Information & Automation System):

• Full name
• Email address
• Phone number
• Employee ID / staff number
• Department, position and organisation
• Attendance records
• Clock-in / clock-out time
• Location data for geofence attendance
• Leave application details
• Claim submission details
• Uploaded documents or receipts
• Approval records
• Login activity and device information
• Profile photo, if used

For IAMS (Inventory & Assets Management System):

• User name
• Email address
• Department / organisation
• Role and access level
• Asset request records
• Transaction records
• Activity logs
• Uploaded documents or supporting files
• Login and usage activity

For Corporate Website:

• Name and contact information (from inquiry forms)
• Email address
• Company name and industry
• Message or inquiry content
• IP address and browser information
• Cookies and session data

We collect and process user data to manage employee records, attendance, leave applications, claims, approval workflows, asset transactions, system access, audit trails, reporting and administrative monitoring.

For HRIAS, we use your data for:

• User authentication and account access
• Employee profile management
• Attendance tracking and reporting
• Geofence validation for location-based attendance
• Leave and claim processing and approval
• Approval workflow management
• System notifications and reminders
• Audit and compliance records
• System security and fraud prevention

For IAMS, we use your data for:

• Asset management and tracking
• Inventory management and reporting
• User authorisation and access control
• Transaction monitoring and reconciliation
• Warranty and license expiry alerts
• Reporting and audit trail maintenance
• System performance and analytics

For Corporate Website, we use your data for:

• Responding to inquiries and support requests
• Marketing communication and newsletters (with consent)
• Website analytics and performance improvement
• Fraud detection and security

HRIAS may collect location data when users perform attendance clock-in or clock-out. Location data is used only to verify whether the user is within an approved work location or geofence area. The system does not continuously track the user's location in the background unless explicitly stated. Location data is processed securely and retained only as long as needed for attendance verification.

Users may upload files such as claim receipts, supporting documents, profile images or asset-related documents. These files are used only for verification, approval, reporting and record-keeping purposes. Uploaded files are stored securely and access is restricted to authorised users only. Files are retained in accordance with organisational and legal record-keeping requirements.

If biometric authentication is enabled (such as fingerprint or Face ID through mobile devices), biometric data is handled exclusively by the user's device operating system. IA SoftTech does not collect, store or access biometric data on our servers. All biometric authentication occurs locally on your device.

Data is stored securely using cloud-based database and storage services, including PostgreSQL-based infrastructure. We implement the following security measures:

• Database-level encryption and access controls
• Secure file storage with restricted permissions
• Role-based access control (RBAC) for data access
• Administrative access restrictions and monitoring
• Comprehensive audit logs for all data access and modifications
• Regular security updates and patches
• Secure backup and disaster recovery procedures

We apply reasonable security measures to protect your data from unauthorised access, misuse or disclosure. However, no system is 100% secure, and we cannot guarantee absolute security.

Personal data may be accessed by authorised users only, based on their assigned role and organisational workflow configuration.

For HRIAS, access is restricted to:

• Superadmin - full system access
• Organisation Admin - organisation-level data management
• HOD / Department Approver - departmental approval workflows
• HR Personnel - employee record and leave management
• Finance Personnel - claim and reimbursement processing
• Staff User - personal records and leave/claim submission

For IAMS, access is restricted to:

• Superadmin - full system access and configuration
• Admin - asset and inventory management
• User - asset requests and transaction viewing (limited scope)

Access is enforced through role-based permissions, and all data access is logged for audit purposes.

We do not sell user personal data. However, data may be processed by trusted service providers used to operate the systems, including:

• Supabase / PostgreSQL: Cloud database hosting
• Email Service Providers: For notifications and system communications
• Hosting Providers: For website and application hosting
• Authentication Services: For secure user authentication
• Storage Providers: For secure file storage
• Google Play / Apple App Store: If mobile application is distributed
• Analytics Services: For website performance and usage analytics (if implemented)

All third-party service providers are contractually bound to maintain confidentiality and use data only for the purposes specified.

We retain user data for as long as required to:

• Provide continuous system services
• Comply with organisational record-keeping requirements
• Support audit and compliance purposes
• Resolve disputes and handle inquiries
• Meet legal or regulatory obligations

For HRIAS: Attendance, leave and claim records are typically retained for a minimum of 7 years in accordance with Malaysian employment regulations. Employee records are retained as long as the employee remains active, plus additional years for legal compliance.

For IAMS: Asset records are retained for the asset lifecycle plus an additional period for audit purposes. Transaction records are retained for financial and audit compliance.

Users may request data deletion subject to legal, regulatory and organisational retention requirements. Deletion requests will be assessed individually.

In accordance with Malaysian data protection regulations (Personal Data Protection Act 2010), you have the following rights:

• Right to Access: Request access to your personal data held by IA SoftTech
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your data, subject to legal and organisational requirements
• Right to Withdraw Consent: Withdraw consent for data processing where applicable
• Right to Lodge Complaints: Contact the company regarding privacy concerns or lodge a complaint with the Personal Data Protection Commissioner

To Exercise Your Rights: Users may request access to, correction of, or deletion of their personal data by contacting their organisation administrator (for HRIAS/IAMS users) or by emailing info@iasofttech.com.my.

All data subject requests will be handled within 30 days of receipt, in accordance with applicable regulations.

We apply reasonable security measures to protect user data from unauthorised access, misuse or disclosure, including:

• User authentication and strong password policies
• Role-based access control (RBAC)
• Data encryption in transit and at rest
• Regular security audits and penetration testing
• Access restrictions and administrator monitoring
• Comprehensive audit logs and activity tracking
• Secure development practices and code reviews
• Employee security awareness and training
• Incident response procedures

Important Note: While we strive to protect your data with industry best practices, no system is completely secure. We encourage users to maintain strong passwords and report any security concerns immediately.

Our website may use basic cookies or local storage to support:

• Login sessions and user authentication
• Security and fraud prevention
• User experience personalisation
• Website analytics and performance monitoring

We do not use cookies to collect sensitive personal data unless explicitly stated. You can control cookie settings through your browser preferences. Disabling cookies may affect your ability to use certain website features.

Third-Party Analytics: We may use analytics services to understand website usage patterns and improve our services. These services may place their own tracking cookies on your device.

Some of our cloud services and servers may be located outside Malaysia. By using our systems, you consent to the transfer and processing of your data to jurisdictions outside Malaysia. We ensure that data transfers are conducted in compliance with applicable data protection laws and with appropriate safeguards in place.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any material changes will be published on this page with an updated effective date. Your continued use of our systems and website following the posting of changes constitutes your acceptance of the updated Privacy Policy.

Current Version: Last Updated on 12 May 2026