At Official.my, accessible from https://official.my, the privacy of our users is our highest priority. This Privacy Policy outlines the types of information collected and recorded by Official.my (the "Platform", "the App", "we", "us", or "our") and how we protect your personal data in accordance with the Personal Data Protection Act (PDPA) 2010 of Malaysia and international data protection standards (GDPR/CCPA compliance frameworks).

1. Acceptance of Terms

By accessing Official.my or utilizing our "Login with TikTok" feature, you hereby consent to the practices described in this Privacy Policy. Official.my reserves the right to update this policy to reflect changes in our technology or legal obligations. Continued use of the App constitutes your agreement to the updated terms.

2. Detailed Information We Collect

Official.my operates on a data minimization principle. We only collect data necessary to provide a high-quality landing page experience:

• Personal Identifiers: Legal name, email address, and professional contact details provided during registration.
• Public Identity Data: Social media links (WhatsApp, Instagram, Facebook, etc.) and biographical text that you choose to display publicly on your Official.my profile.
• TikTok Integration Data: When you authorize Official.my via the TikTok for Developers API, we retrieve your public username, display name, and avatar image URL. We do not access private videos, messages, or your TikTok password.
• Technical Logs: IP addresses, browser specifications, device identifiers, and referring URLs are logged to monitor network health and prevent fraudulent activity.

3. Processing of TikTok Platform Data

Official.my is a certified integrator of the TikTok API. Our processing of TikTok data is governed by the following rules:

• Purpose: Data retrieved from TikTok is used exclusively to personalize your identity card and verify your creator status on Official.my.
• Non-Disclosure: Official.my does not share, sell, or trade TikTok platform data with third-party data brokers or advertisers.
• Compliance: We strictly adhere to the TikTok Developer Terms of Service. We do not engage in any unauthorized scraping or profiling using TikTok's ecosystem.

4. Purpose of Data Processing

We process your data for the following advanced operational purposes:

• To generate and host your unique Official.my URL.
• To provide real-time analytics for your profile views via our internal radar system.
• To verify account authenticity using AI-driven vetting to prevent impersonation.
• To enforce security protocols through Google App Check and Firebase Security Rules.

5. Cookies and Tracking Technologies

Official.my uses essential cookies to maintain your session and security. These cookies help us remember your login state and protect your account from Cross-Site Request Forgery (CSRF) attacks. You may disable cookies in your browser settings, but please note that some features of Official.my may not function correctly without them.

6. Data Retention, Deletion, and "Right to be Forgotten"

We believe in user autonomy. Your data belongs to you:

• Retention: Personal data is kept only as long as your account is active.
• User-Initiated Deletion: You can delete your account via the Dashboard. Upon deletion, Official.my initiates a "Hard Purge" where all data, including TikTok-derived metadata, is permanently erased from our production databases within 30 days.
• Manual Deletion Request: Users can formally request data removal by emailing [email protected].

7. Instructions for Data Deletion (TikTok Compliance)

To comply with TikTok's User Data Deletion requirements, Official.my provides a transparent process:

1. Login to your Official.my Dashboard.
2. Navigate to the "Account Settings" section.
3. Select "Delete Account & Purge Data".
4. Alternatively, you can revoke access via your TikTok App: Settings > Security > Manage App Permissions > Official.my > Remove Access.
5. Once access is revoked or account is deleted, Official.my will no longer retain any TikTok platform data related to your profile.

8. Children's Privacy

Official.my does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our platform, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

9. Enterprise Security Standards

Your data is shielded by High-Performance Cloud Architecture, utilizing AES-256 encryption and TLS 1.3 for all transmissions. We prioritize the security of the Official.my network to ensure your digital identity remains uncompromised.

10. Contact Our Data Protection Officer

Official.my Core Infrastructure
Email: [email protected]
URL: https://official.my/support