Legal
Privacy Policy
Last updated: 7 July 2026
This policy explains how Code Bit Sdn Bhd (“Code Bit”, “we”, “us”) handles personal data within Zaps!, our internal accounting system, in line with the Personal Data Protection Act 2010 (Malaysia).
01Scope
Zaps! is an internal system used only by authorized Code Bit personnel. This policy covers personal data processed in the course of running our accounting operations — it is not a consumer-facing service.
02What we collect
- Account data — name, work email, role, and hashed password of authorized users.
- Financial records — payment vouchers, expense claims, vendor and freelancer invoices, director allowances, and bank statement transactions.
- Payee details — names and payment references of staff, vendors, and freelancers, as needed to process payments.
- Activity logs — an audit trail of who created, approved, paid, or voided each record, with timestamps and before/after state.
03How we use it
We process this data to:
- Operate our accounting workflow — submit, approve, pay, and reconcile.
- Authenticate users and enforce role-based access.
- Generate reports, registers, and exports for internal financial management.
- Maintain an audit trail for accountability and compliance.
04Legal basis
We process personal data to perform our internal business and accounting functions and to meet our legal and record-keeping obligations, consistent with the Personal Data Protection Act 2010. We do not use this data for marketing.
05Security
Data is protected with technical and organizational safeguards, including:
- Bcrypt-hashed passwords and httpOnly session cookies.
- Signed, time-limited URLs for file attachments.
- Role-based access enforced server-side on every route and action.
- An immutable audit trail on all financial actions.
06Disclosure
We do not sell personal data. Financial data is accessible only to authorized Code Bit personnel by role. We may disclose data to our banks, auditors, regulators, or professional advisers where necessary, or when required by law.
07Retention
Financial records are retained for the periods required by Malaysian tax and companies legislation, and for as long as needed for our legitimate business and audit purposes. Account records are retained while access is active and for a reasonable period afterward.
08Your rights
Subject to the Personal Data Protection Act 2010, you may request access to, or correction of, personal data we hold about you. Because Zaps! is a system of financial record, some data cannot be deleted where retention is legally required. To make a request, contact us using the details below.
09Changes to this policy
We may update this policy from time to time. The “Last updated” date above reflects the current version; continued use of the system after an update constitutes acknowledgment of the revised policy.
10Contact
For any privacy question or request, contact admin@codebit.my or Code Bit Sdn Bhd (1479653-U), 02-13A, Sunway Citrine Hub, Sunway Iskandar, 79250 Iskandar Puteri, Johor.