Privacy Policy

This Privacy Policy explains how EasyMart collects, uses, shares, stores, and protects personal data when you use our website, merchant dashboard, public store pages, customer account features, and related services.

EasyMart is software for local businesses and individual tradespeople to create store pages, manage customer activity, and interact with customers through bookings, orders, walk-ins, quote requests, memberships, loyalty rewards, promotions, reviews, feedback, invoices, receipts, and transactional notifications.

This policy applies to visitors, customers, merchants, store owners, and anyone else who uses EasyMart. By using EasyMart, you acknowledge that your personal data will be handled as described here.

EasyMart provides the platform used by merchants and customers. For account, platform, and website data, EasyMart is responsible for deciding how that data is used.

Merchants are responsible for the customer data they receive through their store pages, dashboard, bookings, orders, quote requests, documents, reviews, feedback, loyalty programs, promotions, and offline business communications.

Questions about this Privacy Policy can be sent to hello@easymart.app.

Account data: name, email address, phone number, login method, role, account identifiers, profile settings, WhatsApp number, notification opt-in choices, and related timestamps.

Merchant and store data: business name, store slug, logo, cover photo, descriptions, business category, services, products, prices, hours, location, address, city, state, Google Maps link, contact details, subscription or membership settings, promotions, loyalty settings, and dashboard settings.

Customer activity data: bookings, pickup orders, walk-ins, memberships, signups, quote requests, site survey responses, accepted or rejected quotes, invoices, receipts, loyalty stamps, promotion redemptions, status changes, dates, times, totals, notes, cancellation details, and related activity history.

Quote and document data: problem descriptions, job sites, addresses, uploaded images, quote items, quote terms, invoice details, receipt details, payment reference information entered by merchants, and document status information.

Review and feedback data: ratings, review text, private feedback, merchant replies, names, contact details, verified visit information, and eligibility checks used to confirm whether a customer can leave a review or feedback.

Notification data: recipient phone numbers, message templates, message variables, Twilio message identifiers, delivery statuses, error codes, inbound WhatsApp replies, opt-out keywords, and timestamps.

Technical and usage data: IP address, browser and device information, request logs, authentication events, security events, error logs, rate-limit records, session data, cookies or local storage needed for login, and basic usage information needed to operate and protect the service.

Support and communication data: messages you send to us, support requests, contact details, and any information you choose to include when communicating with EasyMart.

We collect personal data when you create an account, sign in, create or edit a store, browse stores, submit forms, make bookings, place orders, request quotes, upload images, accept or reject documents, check in for walk-ins, join memberships, redeem promotions, collect loyalty stamps, leave reviews, send feedback, update settings, or contact us.

We also collect data automatically through authentication, server logs, security tooling, Supabase database and storage events, Realtime updates, rate limiting, and the normal operation of the website.

We may receive data from third-party providers when they help us operate EasyMart, such as authentication providers, hosting providers, database providers, messaging providers, and WhatsApp or Meta business tools.

We use personal data to create and manage accounts, authenticate users, route customers and merchants to the correct experience, operate store pages, show customer activity, process bookings, orders, walk-ins, quote requests, memberships, promotions, loyalty rewards, reviews, feedback, invoices, receipts, and related workflows.

We use merchant and store data to publish public store pages, display services or products, show opening hours and contact options, manage dashboard features, generate QR codes, and help customers find and interact with stores.

We use customer data to send activity to the relevant merchant, show customer history and rewards, verify review and feedback eligibility, manage status updates, process cancellations, and keep customer-facing pages accurate.

We use notification data to send transactional WhatsApp updates when a customer or merchant has opted in, handle message status callbacks, record delivery results, process inbound replies, and manage opt-outs.

We use technical data to maintain security, prevent misuse, debug errors, monitor service performance, protect accounts, enforce rate limits, investigate abuse, and comply with legal obligations.

We do not sell personal data. We do not use EasyMart V1 customer activity data for advertising networks or third-party ad targeting.

Merchants can see customer data submitted to their own store, such as customer names, contact details, bookings, orders, walk-ins, memberships, quote requests, uploaded quote images, site survey responses, document responses, reviews, feedback, loyalty activity, and promotion redemptions.

Customers can see public merchant information, store details, services, products, prices, hours, promotions, loyalty rewards, reviews where shown, and their own activity history and rewards.

Some content may be public by design, including store pages, store names, logos, cover images, service or product listings, prices, opening hours, contact details, promotions, and published reviews. Do not submit public content that you do not want others to see.

We use third-party service providers to operate EasyMart. These providers may process personal data only as needed to provide their services to us, maintain security, comply with law, or perform related business operations.

Vercel helps host, deploy, and run the EasyMart website. Vercel may process request logs, deployment data, technical data, and operational information needed to serve the website.

GitHub is used for source code management and development workflows. We do not intentionally store customer activity data in GitHub, but support tickets, issue reports, screenshots, logs, or repository content may contain personal data if a user or developer includes it.

Supabase provides authentication, database, storage, and realtime infrastructure. Supabase stores account data, store data, activity records, uploaded store assets, quote request images, notification logs, and related application data.

Twilio is used for WhatsApp transactional notifications. Twilio may process phone numbers, template identifiers, message variables, delivery statuses, error information, inbound message content, and related metadata.

Meta Business Suite and the WhatsApp Business Platform help manage WhatsApp sender setup, templates, business account features, and WhatsApp message delivery. Meta and WhatsApp may process phone numbers, business identifiers, message metadata, and other information required by WhatsApp business messaging.

These providers may process data in countries outside Malaysia. Their own privacy notices and service terms may also apply to their handling of data.

EasyMart may send transactional WhatsApp messages for activity such as received requests, confirmations, cancellations, ready updates, issued documents, completed activities, rejected documents, invoices, receipts, and loyalty-related updates.

Customers and merchants must opt in before receiving optional WhatsApp transactional updates through EasyMart. You can opt out or change your WhatsApp number from the available account or dashboard settings.

WhatsApp delivery is not guaranteed. Messages may be delayed, rejected, filtered, or fail because of phone number accuracy, device settings, network conditions, Twilio, Meta, WhatsApp, or other provider rules.

If you reply to an EasyMart WhatsApp message, your reply and related metadata may be received by Twilio, Meta, WhatsApp, and EasyMart so that we can process the message, record status, and handle opt-out requests.

EasyMart uses cookies, local storage, and similar technologies where needed for authentication, session management, security, routing, preferences, and core website functionality.

Supabase authentication may store session information in the browser so you can remain signed in. Removing cookies or local storage may sign you out or prevent some features from working correctly.

EasyMart V1 does not intentionally use third-party advertising cookies or advertising analytics. If that changes, we will update this Privacy Policy and provide any required controls.

We process personal data to provide the EasyMart service, perform our agreements with users, support merchant and customer workflows, protect the platform, comply with legal obligations, and pursue legitimate business interests such as security, maintenance, debugging, fraud prevention, and service improvement.

Where consent is required, such as optional WhatsApp transactional notifications, we rely on your consent and provide ways to withdraw it where the product supports those notifications.

Merchants are responsible for having a lawful basis to use customer data they access through EasyMart for their own business operations.

We keep personal data for as long as needed to provide EasyMart, maintain accounts and store pages, support customer and merchant workflows, comply with legal obligations, resolve disputes, prevent abuse, maintain security, and keep business records.

If a customer deletes their account, EasyMart may delete or anonymise account and profile data where appropriate, but store-owned activity records such as bookings, orders, quote requests, invoices, receipts, reviews, feedback, and loyalty records may remain where the merchant needs them for business, legal, fraud prevention, accounting, or dispute-resolution purposes.

If a merchant deletes their account or store, we may delete or restrict related store data where the product supports it, subject to retention needed for legal, security, backup, accounting, fraud prevention, or dispute purposes.

Backups, logs, and security records may remain for a limited period after deletion from the live product.

We use reasonable technical and organisational measures to protect personal data, including Supabase authentication, database access controls, row-level security where applicable, server-side validation, restricted service-role usage, HTTPS hosting, and operational logging.

No online service can guarantee perfect security. You are responsible for keeping your account login details secure, using a strong password, protecting your devices, and telling us promptly if you believe your account has been compromised.

Merchants must protect customer data they export, copy, download, or use outside EasyMart.

EasyMart and its providers may process, store, or access personal data in Malaysia and other countries where our service providers operate.

Where personal data is transferred internationally, we rely on appropriate safeguards required by applicable law and on our providers' security, privacy, and data processing commitments.

You can update many account, contact, WhatsApp, and notification settings inside EasyMart. Merchants can update store details and dashboard settings. Customers can update customer account settings where available.

You may request access to, correction of, or deletion of your personal data by contacting us. Where Malaysia's Personal Data Protection Act 2010 or other applicable law gives you additional rights, we will respond as required by that law.

You can withdraw optional WhatsApp notification consent through the available settings or by using recognised opt-out words in WhatsApp where supported. Some non-promotional service, security, or account messages may still be sent where allowed by law.

We may need to verify your identity before responding to a privacy request. We may also keep certain information when required or permitted for legal, security, fraud prevention, accounting, backup, or dispute reasons.

EasyMart is intended for merchants and customers who can lawfully use business and customer-service software. It is not designed for children.

If you believe a child has provided personal data to EasyMart without appropriate permission, contact us so we can review the issue.

Merchants must use customer data from EasyMart only for legitimate store operations, customer service, order fulfilment, bookings, quote follow-up, loyalty rewards, promotions, reviews, feedback, invoices, receipts, and related lawful business purposes.

Merchants must not misuse customer data, sell customer data obtained through EasyMart, send unlawful marketing, disclose customer data unnecessarily, or contact customers in ways that violate applicable law or platform rules.

Merchants are responsible for their own privacy notices, customer communications, offline records, staff access controls, and compliance obligations outside the EasyMart platform.

We may update this Privacy Policy from time to time to reflect product changes, legal requirements, provider changes, or improvements to our privacy practices.

If changes are material, we will take reasonable steps to notify users, such as posting the updated policy, showing an in-product notice, or sending a message where appropriate.

The updated Privacy Policy takes effect when posted or on the effective date stated in the notice.

Questions, requests, or concerns about this Privacy Policy can be sent to vellannadarajan@yahoo.com.

Please include enough information for us to understand your request, identify the relevant account or store, and respond appropriately.