Privacy policy

Here at TinyTato, your privacy and trust are extremely important to us, especially given the nature of our products. This Privacy Policy explains how TinyTato ("we," "us," "our") collects, uses, discloses, and protects your personal information when you visit our website (www.tinytato.com) or interact with us.

By using our website and services, you agree to the terms outlined in this policy. If you do not agree, please do not use our website.

1. Information We Collect

We collect information to provide better services to all our customers.

A. Information You Provide Directly:

Contact & Account Details: Your name, email address, phone number, shipping and billing addresses when you create an account, make a purchase, or contact us.
Transaction Information: Details of the products you purchase, payment information (note: we do not store full credit card details; these are processed securely by our third-party payment gateways), and order history.
Communications: Records of your communications with our customer service team, including any feedback, queries, or complaints.
Preferences: Information you provide when participating in promotions, surveys, or signing up for our newsletter.

B. Information Collected Automatically:
When you browse our website, we may automatically collect:

Technical Data: Your IP address, browser type, device information, and operating system.
Usage Data: Pages you visit, links you click, time spent on pages, and the referring website address.
Cookies & Similar Technologies: We use cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand customer preferences. For detailed information on the cookies we use and how to manage your preferences, please see our Cookie Policy.
You can manage your cookie preferences through your browser settings.

C. Information from Third Parties:
We may receive limited information from trusted partners, such as:

Social Media Platforms: If you interact with us on social media or use social media features on our site.
Service Providers: Analytics providers (like Google Analytics) that help us understand how our website is used.
Payment Processors: Confirmation of your payment status.

2. How We Use Your Information

We use your personal data responsibly and primarily to serve you, in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA). Our purposes include:

To Fulfill Your Orders: To process payments, arrange shipping, manage returns, and provide customer support.
To Communicate With You: To send order confirmations, delivery updates, and respond to your inquiries.
To Improve Our Services: To analyze website usage, troubleshoot issues, and improve our website, products, and customer service.
For Marketing (With Your Consent): To send you promotional emails about new products, special offers, and parenting tips from TinyTato. You can opt-out of these communications at any time.
For Security & Legal Compliance: To protect our website and business from fraud, and to comply with applicable Malaysian laws and regulations.

3. How We Share Your Information

We value your privacy and do not sell your personal data to third parties. We only share your information in the following limited circumstances:

With Essential Service Providers: We share data with trusted partners who perform services on our behalf, such as:
- Payment processing companies (e.g., Stripe, FPX)
- Shipping and delivery couriers (e.g., Pos Malaysia, Lalamove)
- Email marketing platforms (e.g., Mailchimp)
- IT and website hosting services
  These partners are contractually obligated to protect your data and use it only for the services we request.
For Legal Reasons: We may disclose information if required by law, a court order, or to protect the rights, property, or safety of TinyTato, our customers, or others.
With Your Consent: We will share your data with other third parties only when you have given us explicit permission to do so.

4. International Data Transfers

Some of our trusted service providers may be located outside Malaysia. When we transfer your data, we ensure it is protected by contractual clauses or other safeguards as required by the PDPA to maintain a level of security comparable to Malaysian data protection laws.

5. Data Security

We take the security of your personal data seriously, especially as a brand serving families. We implement appropriate technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These include SSL encryption for data transmission, secure servers, and access controls.

However, no method of transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

6. Your Rights (Under the PDPA)

As a user in Malaysia, you have rights regarding your personal data:

Right of Access: You can request a copy of the personal data we hold about you.
Right to Correction: You can update or correct inaccurate or incomplete data.
Right to Withdraw Consent: You can opt-out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us directly.
Right to Limit Processing: You may request we limit the use of your data in certain circumstances.
To exercise any of these rights, please contact us using the details in Section 11.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. For example, we keep order records for tax purposes for a minimum of 7 years. We will securely delete or anonymize data that is no longer needed.

8. Children's Privacy

Our website and products are directed at parents and guardians. We do not knowingly collect personal data from children under the age of 13. If you are a parent and believe your child has provided us with information, please contact us, and we will take steps to delete such information.

9. Third-Party Links

Our website may contain links to other sites (e.g., parenting blogs, social media). This Privacy Policy applies only to TinyTato. We are not responsible for the privacy practices of other sites, and we encourage you to read their privacy policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or the law. We will notify you of any material changes by posting the new policy on our website with an updated "Last Updated" date. We encourage you to review this page periodically.