Guests: Email address, phone number (optional), check-in history, transaction records, wallet pass identifiers, consent preferences.
Venue operators: Business name, contact email, bank account details (via Stripe), staff credentials, venue configuration.
We process data based on: contract performance (providing the service), legitimate interests (analytics, fraud prevention), and consent (marketing, location alerts, CRM sharing).
We share data with:
We do not sell personal data to third parties.
Guest data is retained for the duration of the account plus 30 days. Transaction records are retained for 7 years (tax obligations). Event logs are retained for 1 year.
Under GDPR, you have the right to:
We use essential cookies only (session management, CSRF protection). No tracking cookies, no advertising cookies, no analytics cookies that identify individuals.
We use industry-standard security measures: TLS encryption, PBKDF2 password hashing, CSRF protection, rate limiting, and regular security audits.
All data is processed within the EU. Our infrastructure providers (Neon, Cloudflare) process data in EU regions.
For privacy inquiries or to exercise your rights, contact privacy@zipcheck.my.
Data Protection Officer: dpo@zipcheck.my