Privacy Policy

Strays To Home ("we", "us", or "our") operates straystohome.com, a platform connecting stray animal rescuers and adopters with verified veterinary clinics in Malaysia. We are committed to protecting your personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA 2010).

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform.

We collect the following categories of personal data:

• Account Information: Full name, email address, password (hashed), and account role (adopter, poster, or vet).
• Identity Verification: Malaysian IC number, passport number, date of birth, nationality, and scanned copies of identity documents. This data is collected solely for identity verification purposes.
• Listing Information: Pet details, photos, location (city and state), and adoption story submitted by users who post strays.
• Appointment & Messaging Data: Appointment bookings, clinic preferences, and messages exchanged between users through our platform.
• Adoption Survey Responses: Answers to our pre-adoption questionnaire to assess suitability.
• Usage Data: Pages visited, search queries, and feature interactions collected via cookies and analytics tools.

• To create and manage your account on Strays To Home.
• To verify your identity before allowing contact with pet posters or appointment bookings.
• To facilitate connections between adopters, rescuers, and verified vet clinics.
• To send email notifications including verification emails, appointment confirmations, and platform updates.
• To review and approve vet clinic applications.
• To maintain platform safety and investigate reports of misuse.
• To comply with Malaysian law, including the Animals Act 1953.

IC and passport data is classified as sensitive personal data under PDPA 2010. We handle it as follows:

• IC/passport data is encrypted at rest and in transit.
• Only authorised Strays To Home administrators can access identity documents for verification purposes.
• Document images are reviewed manually and are not shared with third parties, other users, or vet clinics.
• After successful verification, document images are retained for a maximum of 12 months and then securely deleted.
• You may request deletion of your identity data at any time by emailing privacy@straystohome.com.

We do not sell your personal data. We may share data with:

• Verified Vet Clinics: Your name and contact information may be shared when you book an appointment or message a clinic.
• Service Providers: We use Supabase (database hosting), Vercel (platform hosting), and Resend (email delivery). These providers are bound by data processing agreements.
• Legal Authorities: We may disclose data if required by Malaysian law or a valid court order.

We use essential cookies for authentication (session management) and optional analytics cookies to understand platform usage. You may disable non-essential cookies in your browser settings. Disabling essential cookies will prevent you from staying logged in.

• Active account data is retained for as long as your account exists.
• Identity verification documents are deleted within 12 months of verification.
• Deleted accounts have their personal data anonymised within 30 days.
• Messaging and listing data may be retained for up to 24 months for safety and dispute resolution purposes.

Under Malaysia's PDPA 2010, you have the right to:

• Access your personal data held by us.
• Correct inaccurate or incomplete personal data.
• Withdraw consent for data processing (note: this may limit platform functionality).
• Request deletion of your personal data, subject to legal retention obligations.

To exercise any of these rights, contact us at privacy@straystohome.com.

We implement industry-standard security measures including HTTPS encryption, hashed passwords (bcrypt), encrypted database storage, and role-based access controls. However, no system is 100% secure and we cannot guarantee absolute security.

Strays To Home is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify registered users via email of any material changes. Continued use of the platform after changes constitutes acceptance of the updated policy.

For privacy-related queries or to exercise your PDPA rights:

Email: privacy@straystohome.com
Platform: straystohome.com