Skip to content

Privacy Policy

Last updated: 11 June 2026

Who we are

CAIAN Recovery Hub is operated by CAIAN RECOVERY HUB SDN. BHD. (Registration No. 202601007659 (1669757-K)), located at B-13-03, Pusat Perdagangan Bukit Jalil, Persiaran Jalil 7, Bukit Jalil, 57000 Kuala Lumpur, Malaysia. We are the data controller for personal data collected through this website and at our facility.

What we collect

Booking details: your name, phone number, email address, and any notes you choose to share when reserving a session.

Account sign-in: the email address you use to receive one-time sign-in links. We do not store passwords.

Payment records: payments are processed by Billplz, a Malaysian payment gateway. We keep order references and payment status. We never receive or store your online banking credentials or card details.

Usage analytics: we use Google Analytics 4 to understand how the site is used, as disclosed on our Trust page. Analytics data is aggregated and not used to identify you personally.

Messages: anything you send us by email, phone, or WhatsApp.

Why we collect it

To provide and manage your bookings, session credits, and wallet sharing; to process payments and issue receipts; to contact you about your booking; to respond to enquiries; to keep proper business and accounting records as required by law; and to improve the website.

We ask for your consent to process personal data when you book. We do not send marketing communications without separate consent, and we do not sell personal data to anyone.

Who we share it with

We use a small number of service providers to run CAIAN: Supabase (secure database hosting, Singapore region), Vercel (website hosting), Billplz (payment processing), Resend (transactional email such as receipts), and Google (analytics). Each provider processes data only as needed to provide its service.

We may disclose personal data where required by Malaysian law or a lawful authority.

How long we keep it

Booking and payment records are kept for as long as needed to operate your bookings and to meet legal and accounting retention obligations. You may ask us to delete personal data that we are not legally required to keep.

Your rights under the PDPA

Under Malaysia's Personal Data Protection Act 2010 you may request access to your personal data, request correction, withdraw consent to further processing, and limit how your data is used. To exercise any of these rights, contact us at caianrecoveryhub@gmail.com or +60 10-273 5013. We will respond within a reasonable time.

Security

Data is encrypted in transit, stored with access controls, and accessible only to staff who need it to serve you. No system is perfectly secure; if a breach affecting your personal data ever occurs, we will notify affected guests and the relevant authorities as required.

Updates to this policy

We may update this policy as our services evolve. The date below reflects the latest revision. Material changes will be noted on this page.