Who We Are
PetaKerja is a Malaysia-focused geospatial data platform operated under the PetaKerja brand. In this policy, "PetaKerja", "we", "us", and "our" refer to the operator of the PetaKerja service. For Malaysia privacy purposes, we act as the data controller or data user, as those terms apply under Malaysian personal data protection law.
Privacy questions and rights requests can be sent to privacy@petakerja.my. General support questions can be sent to support@petakerja.my.
Personal Data We Collect
We collect only the personal data needed to provide, secure, improve, and support PetaKerja. The categories may include:
- Google sign-in data: your Google account identifier, name, email address, profile image, OAuth account metadata, and Better Auth session identifiers used to keep you signed in.
- Account and profile data: profile details you provide, role and admin state, points, preferences, dashboard settings, notification choices, and account deletion requests.
- Usage and workspace data: map views, searches, selected layers, saved settings, user actions, feature usage, diagnostics, browser/device information, IP address, and security logs.
- User content: blog posts, comments, uploaded media, resume or job materials you choose to submit, AI prompts, saved job states, watchlist entries, and related metadata.
- Cookies and similar data: authentication cookies, session cookies, preferences, security tokens, and limited analytics or operational identifiers.
- Location-related data: map interactions and searched places. If a future feature asks for browser location permission, we will use that location only for the feature you choose to enable.
Google User Data
When you sign in with Google, PetaKerja uses Google user data only to authenticate you, create or link your PetaKerja account, display your basic profile, secure your session, and provide account-related functionality you request.
We do not sell Google user data. We do not use Google user data for targeted advertising, broker resale, credit decisions, generalized AI model training, or unrelated profiling. We do not transfer Google user data except to service providers that help operate PetaKerja, or where required by law, security, or your explicit action.
If a feature later requests extra Google permissions beyond sign-in, the feature will explain the requested access before you authorize it.
How We Use Personal Data
We use personal data for the following purposes:
- To create, authenticate, maintain, and secure your PetaKerja account.
- To provide geospatial search, workspace settings, blog, job, dashboard, AI, notification, and account features.
- To preserve existing roles, admin state, points, and profile settings when accounts are linked by email.
- To respond to support requests, account deletion requests, and privacy rights requests.
- To detect abuse, investigate security events, prevent fraud, enforce our terms, and protect users.
- To maintain service reliability, debug errors, measure feature performance, and improve PetaKerja.
- To comply with legal obligations, regulatory requests, dispute resolution, and recordkeeping duties.
Sensitive Data And Health Information
HIPAA is a United States health privacy law and is not the Malaysian statutory framework that governs PetaKerja. PetaKerja is not a hospital, clinic, insurer, medical record system, emergency service, or clinical decision tool.
You should not upload medical records, health records, patient information, or other regulated health data to PetaKerja unless a future feature expressly supports that use under separate terms and consent. If you include sensitive personal data in resumes, blog content, comments, or uploads, you are responsible for ensuring you have the right to submit it.
Where Malaysian law treats certain data as sensitive personal data, we will handle it with appropriate safeguards, consent where required, access controls, and retention limits.
How We Share Data
We share personal data only when needed to operate PetaKerja, comply with law, protect the service, or follow your instructions. Recipients may include:
- Infrastructure and database providers that host the application, database, backups, logs, and storage.
- Authentication providers such as Google OAuth and Better Auth infrastructure used for account sign-in.
- Email and notification providers used for transactional messages, blog subscriptions, alerts, and support replies.
- AI providers only when you choose to use an AI feature or configure a provider, and only for the prompt, content, or settings needed for that feature.
- Analytics, security, and diagnostics providers used to detect issues, improve reliability, and protect the platform.
- Legal, safety, or corporate recipients where required by law, to enforce terms, prevent harm, respond to lawful requests, or support a reorganization of the service.
Cross-Border Processing
PetaKerja is built for users in Malaysia, but cloud infrastructure, authentication, storage, support, analytics, and AI providers may process data in Malaysia or other countries. Where personal data is transferred outside Malaysia, we use contractual, technical, and organizational safeguards appropriate to the service and the provider.
Retention And Deletion
We keep personal data for as long as needed to provide PetaKerja, maintain security, comply with legal obligations, resolve disputes, and enforce our terms. Account, session, and OAuth records are retained while your account is active or as needed for security and audit purposes.
You may request account deletion or deletion of specific personal data by contacting us. Some backup, log, fraud-prevention, legal, or billing records may remain for a limited period where retention is necessary or legally required.
Security And SOC 2-Style Controls
We design PetaKerja security around practical SOC 2-style principles, including least-privilege access, authentication controls, encrypted transport, controlled service credentials, role-based admin access, audit-friendly logging, backups, vulnerability patching, and incident response procedures.
This policy does not claim that PetaKerja is SOC 2 certified. Security can never be guaranteed completely, but we work to apply reasonable technical and organizational measures appropriate to the data and service risk.
Your Privacy Rights
Subject to applicable law, you may request access to your personal data, correction of inaccurate data, withdrawal of consent, deletion or account closure, information about processing, and portability where available. You may also object to certain processing or raise a privacy complaint.
To exercise these rights, contact privacy@petakerja.my from the email address associated with your account. We may need to verify your identity before acting on a request.
Children
PetaKerja is not directed to children. If you believe a child has provided personal data to PetaKerja without appropriate consent, contact us so we can review and delete the data where required.
Changes To This Policy
We may update this policy as PetaKerja changes or as legal requirements evolve. Material changes will be posted on this page, and where appropriate we will provide additional notice in the product or by email.