Effective Date: 1 April 2026
AcctBridge (“we”, “our”, “us”) operates the AcctBridge platform accessible at acctbridge.com and portal.acctbridge.com. This Privacy Policy explains how we collect, use, disclose, and protect personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
By using the Service, you consent to the practices described in this Privacy Policy.
AcctBridge is a Developer API Gateway providing ISVs, system integrators, and developers with secure REST API access to on-premise SQL Accounting and AutoCount Accounting installations across Malaysia and Southeast Asia.
Data Controller: AcctBridge — privacy@acctbridge.com
Account Data: Full name, company name, business email, billing address, subscription tier and usage records. Payment information is processed by approved third-party payment providers such as Stripe, PayPal, Payoneer, or banking providers; we do not store card numbers.
API Request Data (Transient Only): API payloads are proxied in real-time and are not written to our database. Only metadata (API call status, timestamp, tenant ID, response code) is retained.
Technical Data: IP addresses, browser/device information, API request logs (tenant ID, endpoint, timestamp, status code — no payload content), Cloudflare Tunnel connection metadata.
| Purpose | Legal Basis |
|---|---|
| Provision of Service | Contractual necessity |
| Billing and subscription management | Contractual necessity |
| Security monitoring and fraud prevention | Legitimate interests |
| Service notifications | Contractual necessity / Consent |
| Legal obligations | Legal obligation |
We do not use your data for advertising or sell it to third parties.
API requests are proxied in real-time and not written to our database. Our cloud systems retain operational metadata such as tenant ID, endpoint, timestamp, status code, latency, and tunnel or connection status, but not accounting document payloads. This architecture is designed with PDPA data minimisation principles in mind.
| Data Type | Retention |
|---|---|
| Account and profile data | Duration of subscription + 2 years |
| Operational metadata | 2 years from event date |
| Billing records | 7 years (Malaysian tax compliance) |
| API access logs | 90 days |
You have the right to access, correct, withdraw consent, and request deletion of your personal data. Email privacy@acctbridge.com with subject “PDPA Data Request”. We respond within 21 days.
All data in transit encrypted via TLS 1.2+. API authentication via SHA-256 hashed keys and Ed25519 JWT tokens. Cloudflare Tunnel encrypts all traffic between our cloud and your local agent.
Privacy Officer: privacy@acctbridge.com
If unsatisfied with our response, you may lodge a complaint with the Department of Personal Data Protection Malaysia at pdp.gov.my.