Showing privacy policy fallback. Latest content loads automatically when available.
OPT Rewards Privacy Policy
Last updated: 5 May 2026
This Privacy Policy explains how OPT Rewards collects, uses, discloses, stores, transfers, protects, and retains personal data when you use the OPT Rewards app, website, wallet credits, QR payment, laundry machine payment, voucher, reward, transfer, support, and related services ("App").
This policy is prepared with Malaysia's Personal Data Protection Act 2010, as amended from time to time ("PDPA"), in mind.
By using the App, you acknowledge this Privacy Policy. Where consent is required under the PDPA, you consent to our collection, use, disclosure, transfer, and processing of your personal data as described below.
1. Who We Are
ONE PAY TECHNOLOGY
(202203172397 & IP0573825-U)
1922-1, Jalan Rozhan
Taman Impian, 14000 Bukit Mertajam
Pulau Pinang, Malaysia
Phone: +60 17-5050 429
Email: sales@onepaytechnology.com
2. Personal Data We Collect
We may collect:
- account details, such as name, email, phone number, user ID, language, role, and account status;
- verification details, such as phone verification and OTP records;
- optional profile details, such as birthday information for birthday rewards;
- transaction details, such as outlet, brand, machine, cycle, amount, voucher, payment method, payment status, refund status, order ID, and timestamps;
- wallet and reward details, such as wallet balance, tokens, stamps, vouchers, referrals, rewards, transfers, and related history;
- support and feedback details, such as messages, ratings, screenshots, issue details, and our replies;
- technical details, such as device, browser, IP address, logs, crash data, security events, and usage activity;
- QR scan and machine details, such as scanned QR content, machine lookup, activation status, and hardware response;
- location-related details, such as outlet address, map link, selected outlet, and location inferred from a scanned or selected outlet.
The App may request camera permission for QR scanning. Camera access is used to scan QR codes and is controlled by your browser or device settings.
3. How We Collect Data
We collect personal data:
- directly from you;
- automatically when you use the App;
- from payment providers, banks, or e-wallet providers;
- from participating brands, outlets, machine operators, and hardware systems;
- from Firebase/Google, SMS providers, hosting providers, analytics providers, support tools, and other service providers.
4. Why We Use Your Data
We use personal data to:
- create, verify, secure, and manage accounts;
- process payments, top-ups, refunds, transfers, vouchers, rewards, stamps, and referrals;
- identify outlets, brands, and machines from QR codes;
- activate machines and record activation results;
- show wallet balance, rewards, vouchers, transaction history, and refund history;
- provide support and investigate failed payments or machine issues;
- send OTPs, service messages, payment notices, support replies, security notices, and account updates;
- prevent fraud, duplicate claims, reward abuse, chargeback abuse, unauthorised access, and security incidents;
- improve the App, fix issues, test features, and monitor performance;
- comply with legal, tax, accounting, audit, regulatory, dispute, and recordkeeping duties;
- protect OPT Rewards, users, outlets, machine operators, payment providers, and the App.
Some data is required to provide the App. If you do not provide required data, we may not be able to create your account, process payments, activate machines, verify rewards, investigate disputes, or provide support.
5. Payments
Payments may be handled by Revenue Monster, banks, e-wallet providers, card networks, or other payment processors. These providers may process payment details under their own terms and privacy policies.
OPT Rewards stores payment records needed to operate the App, such as order ID, transaction reference, amount, method, status, refund status, and timestamps. OPT Rewards does not intend to collect or store full card numbers, CVV codes, online banking credentials, or e-wallet passwords.
6. Cookies and Local Storage
The App may use cookies, local storage, session storage, and similar technologies for login, security, preferences, payment continuity, fraud prevention, analytics, and app performance.
You can manage cookies and permissions through your browser or device settings. Disabling essential cookies or permissions may affect App functions.
7. Sharing Your Data
We may disclose personal data to:
- participating brands, outlet owners, and machine operators;
- payment gateways, banks, e-wallet providers, card networks, and payment processors;
- Firebase/Google, hosting providers, SMS providers, email providers, notification providers, analytics providers, and support tools;
- professional advisers, auditors, insurers, banks, regulators, law enforcement, courts, and government authorities;
- buyers, investors, successors, or assignees if our business is restructured, sold, transferred, merged, financed, or reorganised;
- other service providers that help us operate the App.
We do not sell your personal data. We do not allow third parties to use your personal data for their own marketing unless you consent or the law permits it.
8. Cross-Border Transfers
Some service providers, cloud systems, payment providers, support tools, or technical personnel may be outside Malaysia. Your personal data may therefore be transferred to or accessed from outside Malaysia.
Where this happens, we will take reasonable steps to protect your personal data in line with the PDPA and applicable guidance, such as contractual safeguards, processor obligations, access controls, and security controls.
9. Security and Data Breach
We use reasonable administrative, technical, and organisational measures to protect personal data, including authentication controls, access restrictions, Firebase security rules, logs, backups, monitoring, and provider controls.
No system is completely secure. You must keep your account, email, phone number, and device secure.
If a personal data breach occurs, we will assess, contain, investigate, and respond to it. Where required by Malaysian law, we will notify the Personal Data Protection Commissioner and affected users.
10. Retention
We keep personal data only as long as reasonably needed for account operation, payments, refunds, wallet records, support, fraud prevention, accounting, tax, audit, legal, regulatory, dispute, and security purposes.
When data is no longer required, we will take reasonable steps to delete, destroy, anonymise, or securely retain it where lawful.
11. Your PDPA Rights
Subject to the PDPA and applicable exceptions, you may request to:
- access your personal data;
- correct inaccurate, incomplete, misleading, or outdated personal data;
- withdraw consent where processing is based on consent;
- ask how your personal data is processed;
- request data portability where this right applies;
- complain about how your personal data is handled.
We may need to verify your identity before acting on a request. Some requests may affect your ability to use the App, receive rewards, verify payments, access history, process refunds, or receive support.
12. Marketing
We may send or show service-related promotions, vouchers, rewards, or outlet offers through the App. Where consent is required, we will ask for it.
You may opt out of non-essential marketing where the App or communication channel allows it. Service, security, OTP, payment, refund, support, and account messages may still be sent when needed.
13. Minors
The App is intended for users who can lawfully use payment and laundry services. If you are below the age of majority in Malaysia, you should use the App only with consent and supervision from a parent or legal guardian.
14. Third-Party Services
The App may link to payment pages, maps, external websites, third-party apps, banks, e-wallets, or outlet pages. Their privacy practices are governed by their own policies.
15. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will show the "Last updated" date.
For material changes, we may notify you through the App, email, website notice, or another reasonable method. Where consent is required by law, we will seek consent.
16. Facebook Login Data Deletion
If you use Facebook Login with OPT Rewards, you can request deletion of Facebook-derived data by removing OPT Rewards from your Facebook Apps and Websites settings and sending the deletion request provided by Facebook.
When OPT Rewards receives a valid Facebook data deletion request, we remove or anonymise Facebook-derived login data linked to your OPT Rewards account, such as the Facebook app-scoped user ID and Facebook provider profile details stored for login linkage.
Some payment, wallet, refund, fraud-prevention, tax, accounting, audit, security, support, and dispute records may be retained where OPT Rewards has a lawful or legitimate retention reason. These retained records are not used to continue Facebook Login linkage after deletion.
You may also contact OPT Rewards at sales@onepaytechnology.com with the subject "Facebook Data Deletion" if you need help with a deletion request.
For general account and social login deletion instructions, visit https://member.onepaytechnology.com/data-deletion.
17. Contact
ONE PAY TECHNOLOGY
(202203172397 & IP0573825-U)
1922-1, Jalan Rozhan
Taman Impian, 14000 Bukit Mertajam
Pulau Pinang, Malaysia
Phone: +60 17-5050 429
Email: sales@onepaytechnology.com