Privacy Policy

1. Introduction

Xentra Digital Sdn. Bhd. ("we", "us", or "our") respects your privacy and is committed to protecting personal data and business information processed through XentraCore ERP and Xentra ERP (the "Platform").

This Privacy Policy explains how we collect, use, store, disclose, and safeguard information when you access or use the Platform at xentracore.pro and related application services.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2. Information Collected

We may collect the following categories of information in connection with the Platform:

• Account information: names, email addresses, login credentials, roles, permissions, organisation details, and contact information.
• Business data: customer records, supplier records, quotations, invoices, purchase orders, inventory, delivery orders, projects, HR records, documents, attachments, and other operational data uploaded or generated in the ERP.
• Technical and usage data: IP addresses, device and browser information, access timestamps, session identifiers, audit logs, error logs, and activity records related to Platform use.
• Support information: messages, tickets, feedback, and correspondence submitted to our support team.

3. How Information Is Used

We use collected information for the following purposes:

• Operating and delivering the Platform and its ERP functions.
• Account registration, authentication, access control, and user management.
• Processing ERP transactions, workflows, reporting, and business operations on behalf of authorised users.
• Providing customer support, troubleshooting, and service communications.
• Maintaining security, fraud prevention, incident detection, and system integrity.
• Recording audit logs and supporting compliance, governance, and internal review requirements.
• Generating reports, analytics, and operational insights within the Platform.
• Meeting legal, regulatory, and contractual obligations applicable in Malaysia and other relevant jurisdictions.
• Improving, maintaining, and updating the Platform, including patches, upgrades, and new features.

4. User Responsibility

Users and customer organisations are responsible for ensuring that all data uploaded, entered, or processed through the Platform is lawful, accurate, authorised, and relevant to their business operations.

You must not upload sensitive personal data unless you have obtained all necessary consents, permissions, and legal bases required under applicable law, including the Personal Data Protection Act 2010 (Malaysia) where applicable.

You are responsible for configuring user access, roles, and permissions within your organisation account.

5. Disclosure

We do not sell personal data. Information may be disclosed only in the following circumstances:

• To authorised users within your organisation according to configured roles and permissions.
• To service providers and subcontractors who assist in hosting, infrastructure, backup, email delivery, monitoring, or Platform operations, subject to appropriate safeguards.
• To professional advisers such as lawyers, auditors, or insurers where reasonably necessary.
• To regulatory authorities, courts, or law enforcement when required by applicable law, court order, or lawful request.
• To protect the rights, property, safety, and integrity of Xentra Digital Sdn. Bhd., our users, customers, or the Platform.

6. Data Storage and Hosting

Data processed through the Platform may be stored on servers, virtual machines, databases, backup systems, and cloud storage infrastructure managed by Xentra Digital Sdn. Bhd. or appointed service providers.

Storage locations and infrastructure providers may change over time as part of normal operations, capacity planning, disaster recovery, or service improvement, provided appropriate safeguards are maintained.

7. Security

We implement reasonable technical and organisational measures designed to protect information, including role-based access control, password protection, SSL/TLS encryption, firewall controls, logging, backups, restricted administrative access, and monitoring.

While we take commercially reasonable steps to safeguard data, no internet-connected system can be guaranteed to be completely secure. You should also take appropriate steps to protect your account credentials and organisational data.

8. Backups and Retention

ERP data may be included in routine backups for recovery, continuity, audit, and disaster recovery purposes.

Retention periods depend on business requirements, legal obligations, accounting rules, contractual terms, and backup policies. Data may be retained for longer where required or permitted by law.

When data is deleted from active systems, residual copies may remain in backups until those backups are rotated or destroyed according to our retention schedule.

9. Access and Correction

Users may request access to or correction of personal data subject to identity verification, permission checks, legal requirements, and approval from the relevant customer organisation where applicable.

We may decline requests that are manifestly unfounded, repetitive, or prohibited by law, or where fulfilling the request would adversely affect the rights of others.

10. Cookies and Session Data

The Platform may use cookies, session tokens, and similar technologies to support login, security, session management, and essential system functionality.

Disabling cookies or session mechanisms may affect your ability to use certain features of the Platform.

11. Third-Party Services

The Platform may integrate with or rely on third-party services such as email providers, hosting providers, backup services, analytics tools, messaging platforms, payment gateways, accounting systems, and APIs.

These third parties process information according to their own policies. We encourage you to review the privacy practices of any third-party services you connect to the Platform.

12. Security Incident Handling

If we become aware of a security incident affecting personal data or Platform integrity, we will take reasonable steps to investigate, contain, mitigate, and remediate the incident.

Where required by applicable law or contractual obligations, we will notify affected parties, customer organisations, or relevant authorities in a timely manner.

13. Changes

We may update this Privacy Policy from time to time. Revised versions will be posted on xentracore.pro with an updated effective date.

Continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Policy, unless otherwise required by applicable law.