Legal

Privacy Policy

Effective date: 1 April 2026 · Last updated: 1 April 2026

This Privacy Policy describes how CreditDesk ("we", "our", or "us") collects, uses, and protects your personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).

1. Who We Are

CreditDesk is a Malaysian mortgage intelligence platform that provides free home loan eligibility checks for buyers and property valuation tools for owners, alongside a professional management platform for licensed mortgage consultants and agencies.

For data protection enquiries, contact us at privacy@credit-desk.com or via WhatsApp at +60189560388.

2. Personal Data We Collect

We collect different data depending on how you use CreditDesk:

BuyerPass (Home Loan Eligibility Check)

  • Full name and MyKad (IC) number
  • Date of birth and age
  • Monthly income, allowances, and employment type
  • Existing monthly financial commitments (loans, credit cards)
  • Property type, location, and purchase price
  • Contact number and email address

OwnerPass (Property Valuation)

  • Full name, contact number, and email address
  • Property address, type, size, and tenure
  • Property photographs uploaded by you
  • Current loan details (if refinancing)

Consultant & Agency Accounts

  • Full name, email address, and phone number
  • Agency name and registration number
  • Profile photo (optional)
  • Client data entered into the platform

3. How We Use Your Personal Data

We process your personal data for the following purposes:

  • To calculate and display your home loan eligibility across Malaysian banks (BuyerPass)
  • To generate a free estimated market valuation for your property (OwnerPass)
  • To connect you with a licensed mortgage consultant upon your request
  • To enable mortgage consultants to manage their client pipeline
  • To provide AI-powered document extraction (payslips, CTOS reports) via OpenAI
  • To send WhatsApp notifications and document checklists where applicable
  • To comply with our legal obligations under Malaysian law

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

4. Legal Basis for Processing

Under the PDPA 2010, we process your data on the basis of your consent (given when you submit BuyerPass or OwnerPass forms) and legitimate interests (for consultants using the DeskPro platform under their agency agreement).

5. Third-Party Service Providers

We share limited data with trusted service providers solely to operate CreditDesk:

ProviderPurposeLocation
SupabaseDatabase and authentication hostingSingapore (AWS)
OpenAIAI document OCR (payslips, CTOS)United States
VercelWebsite hosting and deliveryGlobal CDN
360dialogWhatsApp messagingGermany

All providers are contractually obligated to protect your data and process it only for the stated purpose.

6. Data Retention

  • BuyerPass submissions: Retained for 12 months from submission date, then anonymised
  • OwnerPass submissions: Retained for 24 months or until the property is listed/closed
  • Consultant account data: Retained for the duration of the account plus 3 years after closure
  • Uploaded documents (payslips, photos): Deleted within 90 days of upload unless saved to a client file

7. Your Rights Under PDPA

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Withdrawal of consent — withdraw consent at any time (this will not affect prior processing)
  • Limit processing — request that we stop using your data for certain purposes

To exercise any of these rights, contact us at privacy@credit-desk.com. We will respond within 21 days as required by the PDPA.

8. Cookies

CreditDesk uses essential cookies only — for authentication sessions and form draft saving (via localStorage). We do not use advertising or tracking cookies. No third-party analytics scripts are loaded on the site.

9. Security

All data is transmitted over HTTPS (TLS 1.2+). Passwords are hashed using bcrypt via Supabase Auth. Access to personal data is restricted to authorised personnel only. AI document processing does not store raw documents beyond the immediate API call.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the effective date at the top of this page. Continued use of CreditDesk after changes constitutes acceptance of the updated policy.

11. Contact Us

CreditDesk — Data Protection Officer

Email: privacy@credit-desk.com

WhatsApp: +60189560388

← Back to HomeTerms of Service →