NeighborHelp

Privacy Policy

Effective date: 1 January 2025  ·  Last reviewed: 1 March 2026

We take your privacy seriously. This policy explains exactly what data we collect, why we collect it, and how you can control it.

Plain-language summary: We collect only the data needed to run the platform. We never sell your data. Your address is only shared with a handyman after you accept their bid. You can request a copy, correction, or deletion of your data at any time by emailing dpo@neighborhelp.my.

1. Overview

NeighborHelp Sdn. Bhd. (Company No. 202101234567) ('we', 'us', 'our') is committed to protecting the personal data of every individual who uses our platform. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and what rights you have.

This Policy applies to all users of the NeighborHelp website (neighborhelp.my) and mobile applications. It is to be read together with our Terms of Service.

NeighborHelp is a registered data controller under Malaysia's Personal Data Protection Act 2010 (PDPA). Our Data Protection Officer can be contacted at dpo@neighborhelp.my.

2. Data We Collect

2.1 Data You Provide

  • Account registration: full name, email address, phone number, password (hashed), and profile photo.
  • Homeowner job postings: service address, job description, photos, and budget.
  • Handyman profiles: trade qualifications, work history, identity document (MyKad/passport number and scan), selfie photo, and bank account number for payouts.
  • Payment information: credit/debit card details and e-wallet identifiers (processed and stored by our PCI-DSS-compliant payment processor — we never store raw card numbers).
  • Communications: messages sent through the in-app chat, support tickets, and email correspondence with our team.

2.2 Data Collected Automatically

  • Device information: device type, operating system, browser version, and unique device identifiers.
  • Usage data: pages visited, features used, timestamps, and click-stream data.
  • Location data: approximate city-level location derived from IP address. If you grant permission, precise GPS location is used to match you with nearby handymen. You may revoke this permission at any time via your device settings.
  • Log data: server logs including your IP address, request timestamps, and error reports.
  • Cookies and tracking technologies: see Section 8 (Cookies) for full details.

2.3 Data from Third Parties

  • Identity verification: we use a third-party identity verification provider to check MyKad numbers against national database records.
  • Background checks: criminal record checks conducted by a licensed screening partner via written consent obtained during Handyman registration.
  • Payment processors: transaction confirmation data (amount, status, timestamp) from our payment gateway.

3. How We Use Your Data

To provide the Platform: creating and managing your account, matching Homeowners with Handymen, processing payments, and handling disputes.

To verify identity and safety: running background checks on Handymen and confirming the legitimacy of user accounts.

To communicate with you: sending transactional emails (booking confirmations, receipts, alerts), push notifications (new bids, job updates), and service announcements. You may opt out of marketing communications at any time.

To improve the Platform: analysing usage patterns, conducting A/B tests, and training internal models to improve search and matching quality. Any data used for model training is aggregated and stripped of direct identifiers.

To comply with legal obligations: responding to court orders, regulatory requests, or as otherwise required by Malaysian law.

To prevent fraud and abuse: detecting and investigating suspicious activity, enforcing our Terms of Service, and protecting the safety of our community.

5. Who We Share Your Data With

We do not sell your personal data. We share data only with the following categories of recipients, and only to the extent necessary:

Other users: Homeowners' service addresses and contact numbers are shared with a Handyman only after the Homeowner accepts that Handyman's bid. Handymen's profile information (name, photo, ratings, trade category) is visible to all registered users.

Service providers: identity verification providers, payment processors, cloud hosting providers (Amazon Web Services, Singapore region), email delivery services, and analytics platforms. All providers are bound by data processing agreements requiring them to protect your data.

Legal authorities: where required by a court order, subpoena, or applicable Malaysian law, and where we believe disclosure is necessary to prevent imminent harm.

Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same protections described in this Policy.

6. Data Retention

We retain your personal data for as long as your account is active, or as necessary to provide services, resolve disputes, and comply with legal obligations.

Account data: retained for the duration of your account plus 7 years after closure to satisfy record-keeping obligations under the Malaysian Income Tax Act 1967.

Identity verification documents: retained for 5 years after last verification, then securely deleted.

In-app chat messages: retained for 2 years, then permanently deleted.

Job and payment records: retained for 7 years in compliance with financial record-keeping requirements.

You may request deletion of your account and associated data at any time (see Section 7). Note that some data may be retained for the minimum periods required by law even after account deletion.

7. Your Rights (PDPA)

Under the Personal Data Protection Act 2010, you have the following rights:

Right of Access: you may request a copy of the personal data we hold about you. We will respond within 21 days.

Right of Correction: you may request that inaccurate or incomplete data be corrected. Most profile data can be updated directly within the app.

Right to Withdraw Consent: where processing is based on consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

Right to Limit Processing: in certain circumstances you may request that we restrict the processing of your data.

Right to Data Portability: you may request an export of your data in a machine-readable format (JSON or CSV).

To exercise any right, email dpo@neighborhelp.my with the subject line 'Data Rights Request'. We may need to verify your identity before processing the request.

8. Cookies and Tracking

We use the following types of cookies and similar tracking technologies:

Essential cookies: strictly necessary for the Platform to function (session management, authentication tokens). These cannot be disabled.

Analytics cookies: used to understand how users interact with the Platform (e.g., Google Analytics 4 with IP anonymisation enabled). You may opt out via our Cookie Preferences banner.

Preference cookies: used to remember your settings, such as language preference and notification settings.

Marketing cookies: used to measure the effectiveness of our advertising campaigns. We do not display ads within the Platform; these cookies are used for external campaign attribution only. You may opt out at any time.

You can manage your cookie preferences at any time through the Cookie Settings link in the footer, or via your browser's privacy settings.

9. Security

We implement industry-standard technical and organisational measures to protect your personal data, including: TLS 1.3 encryption for all data in transit; AES-256 encryption for data at rest; strict access controls limiting who within our organisation can access personal data; regular penetration testing and security audits; and multi-factor authentication for all internal admin systems.

Despite these measures, no system is completely secure. If you suspect your account has been compromised, contact us immediately at security@neighborhelp.my.

In the event of a data breach that is likely to harm you, we will notify you and the relevant authorities within the timeframes required by the PDPA and any applicable regulations.

10. Children's Privacy

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a person under 18, we will delete it promptly.

If you are a parent or guardian and believe your child has registered on our Platform, please contact us at dpo@neighborhelp.my.

11. International Data Transfers

Your data is primarily stored on servers located in Singapore (AWS ap-southeast-1), which provides an adequate level of data protection comparable to Malaysian standards.

Where we transfer data to service providers outside Malaysia, we ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements. A list of countries to which data may be transferred is available on request.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and via an in-app notice at least 14 days before the change takes effect.

The 'Last reviewed' date at the top of this page reflects the most recent update. Continued use of the Platform after changes are effective constitutes your acceptance of the revised Policy.

13. Contact the DPO

For any privacy-related queries, concerns, or data rights requests, please contact our Data Protection Officer:

Email: dpo@neighborhelp.my

Post: Data Protection Officer, NeighborHelp Sdn. Bhd., Level 23, Menara Integra, 348 Jalan Tun Razak, 50400 Kuala Lumpur, Malaysia.

If you are not satisfied with our response, you have the right to lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at pdp.gov.my.

Questions? Visit our Support Centre or email dpo@neighborhelp.my.