GoTender
Sign in Get started

Privacy Policy

Last updated: 14 May 2026

This Privacy Policy describes how GoTender ("we", "us") collects, uses, discloses, and protects your personal information, in alignment with the Malaysian Personal Data Protection Act 2010 (PDPA).

1. Information We Collect

  • Account information: name, email address, phone number, password (encrypted).
  • Company information: company name, SSM registration number, MOF certificate (PDF), business codes, address, and contact details.
  • Usage activity: sign-ins, pages viewed, tenders bookmarked, MOF code matches.
  • Payment information: processed by Stripe — we only receive customer ID, subscription status, and the last four digits of your card. We DO NOT store full card numbers or CVVs.
  • Technical data: IP address, browser type, device type, visit timestamps.

2. How We Use Information

  • Match tenders, RFQs, and grants with your company's MOF codes;
  • Process subscription payments and send receipts;
  • Send email notifications about new tenders, closing-date reminders, and account updates;
  • Improve Platform performance and user experience;
  • Prevent fraud and enforce our Terms of Service;
  • Comply with applicable legal obligations.

3. Disclosure to Third Parties

We DO NOT sell your personal information. We share information only with:

  • Payment processor: Stripe Inc. for card/FPX/GrabPay payments;
  • Infrastructure providers: hosting, email delivery, logging services;
  • Legal authorities when required by valid law.

4. MOF Certificate Processing

When you upload a MOF certificate, we automatically extract the following for tender-matching purposes: certificate number, validity dates, and the list of business codes. The PDF file is stored securely and is only viewable by your authorised company team and our administrators for support purposes.

5. Data Storage and Retention

Your data is stored on servers in Malaysia or Southeast Asia, with regular backups. Account information is retained while the account is active and for a reasonable period after termination for legal and financial-records purposes (typically 7 years).

6. Your Rights Under PDPA

You have the right to:

  • Access a copy of the personal information we hold;
  • Correct inaccurate information;
  • Delete your account and associated data;
  • Withdraw consent for marketing communications (unsubscribe from digest emails);
  • Lodge a complaint with the Personal Data Protection Department (JPDP).

To exercise these rights, contact us through the support channel inside your account.

7. Cookies and Tracking

We use essential session cookies to keep you signed in and to remember your language preference. We do not use third-party advertising cookies.

8. Email Communications

You will receive essential transactional emails (account confirmation, payments, password resets) which cannot be unsubscribed. For marketing and daily/weekly digest emails, you can unsubscribe at any time via the link at the bottom of the email.

9. Security

We use HTTPS for all communications, passwords are hashed using industry-standard algorithms, and administrator access is restricted to authorised staff. However, no system is 100% secure — you are responsible for choosing a strong password and keeping it confidential.

10. International Transfers

Some third-party providers (e.g. Stripe) process data outside Malaysia. These transfers are protected by appropriate contracts and industry security standards.

11. Children

This Platform is not directed at individuals under 18 years of age. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will be shown on this page with the update date. Continued use of the Platform after changes constitutes acceptance of the updated policy.

13. Contact the Privacy Officer

For privacy enquiries, please reach out via the support channel after signing in.