FQuantify AI
Sign inGet started
Legal

Privacy Policy

Last updated: 4 May 2026. This policy governs how Quantify AI collects, uses, and protects your data under the Malaysian Personal Data Protection Act 2010.

1. What we collect

Mortgage applications are document-heavy by their nature. We collect what banks require for a refinancing or purchase loan submission, plus the usage metadata needed to run the service. Concretely:

Identity (collected at calculator stage)

  • Full name, full Malaysian NRIC (12-digit) or passport number for foreigners
  • Date of birth (or derived from NRIC)
  • Mobile number (E.164 format), email address
  • Race (required by some bank application forms)
  • Marital status, number of dependents
  • Full residential address, postcode, state

Employment & income

  • Employment type (employed / self-employed / business owner)
  • Employer name, job title, years employed
  • Monthly gross income, monthly net income (after EPF/SOCSO/tax)
  • Variable income (commissions, allowances, bonuses) where applicable

Financial & credit profile

  • Number of existing properties owned
  • Total existing debt commitments, monthly instalments
  • Debt-Service-Ratio (DSR%) — calculated, not asked
  • CTOS score, CCRIS open facilities (when you authorise the credit check)
  • Existing lender, outstanding loan balance, current interest rate, remaining tenure

Property details (the property being financed)

  • Property address, city, state, postcode
  • Property type (landed / strata / leasehold / freehold), built-up & land sqft
  • Bedrooms, bathrooms, year built, title type, developer name (if applicable)
  • Original purchase price, purchase date
  • Valuer details (firm, name, phone) and valuation amount
  • Proposed loan amount, tenure, interest rate, purpose (refinance / purchase / cashout)

Supporting documents (uploaded to your case)

  • NRIC / passport (front & back photos)
  • Latest 3 months’ payslips, latest 6 months’ bank statements
  • EA Form, EPF statement, BE Form / income tax submission (where required by bank)
  • Signed Letter of Offer, Sale & Purchase Agreement (SPA), Memorandum of Transfer (MOT)
  • Title document, valuation report

Bank payout details (agents and referrers only)

  • Bank name, full account number, account holder name (for commission payouts)

Usage & service metadata

  • Calculator inputs you submit and resulting comparison reports
  • Page views, device type, browser version, IP address
  • WhatsApp message metadata (delivery / read receipts, opt-out status)
  • Email delivery logs (sent / opened / bounced)
  • Referrer activity: who you refer, conversion outcome, commission attribution
  • Audit trail of every status change on your case (who, what, when)

We collect what is required to submit your loan to the bank and run your case end-to-end. We do not collect biometric data, location tracking, contact lists, or social-media profiles.

2. Why we collect it

  • To run loan eligibility checks and produce comparison reports
  • To submit your application to the bank you select, with your written authorisation per submission
  • To verify your identity (NRIC + OTP) and prevent spam / fraud
  • To deliver case updates, OTPs, and report PDFs via WhatsApp / email
  • To compute commission and process payouts to your servicing agent and referrer
  • To enrol you in our referrer programme (only if you tick the optional consent box)
  • To run a CTOS / CCRIS credit check (only with explicit consent, separately from bank submission)
  • To meet anti-money-laundering (AML) and bank-fraud-prevention obligations under Malaysian law
  • To improve the service through aggregated, anonymised analytics

3. Who we share it with

  • Banks and lenders you choose to apply through, with your written authorisation per application
  • Meta Platforms (WhatsApp) for message delivery only — Meta processes message metadata under their own privacy policy
  • Payment processors for subscription billing — no card data touches our servers
  • Cloud hosting providers — Supabase (data centres in Singapore and the European Union)

We do not sell your data to third parties for marketing.

4. How long we keep it

  • Calculator submissions without case progression: 12 months from submission, then anonymised
  • Uploaded supporting documents (NRIC, payslips, bank statements, EPF, signed LO, MOT, SPA): auto-deleted 12 months after case acceptance — files purged from storage; metadata stub kept for audit trail only
  • Structured financial data (income, property, valuation, loan terms): kept indefinitely with consent for benchmarking + repeat-customer service. Withdraw consent at any time for full erasure (subject to AML retention below).
  • Mortgage / financial transaction records: retained for 7 years after case closure to comply with Malaysian financial-services and tax law (AMLA 2001, Income Tax Act 1967).
  • Referrer relationships and commission history: until you withdraw consent + 6 months grace for any pending payouts
  • WhatsApp / email delivery logs: 24 months for delivery troubleshooting and billing reconciliation
  • Bank payout account details (agents / referrers): kept while account is active, deleted on account closure

5. Your rights under PDPA

You may at any time:

  • Request a copy of the data we hold about you
  • Request correction of inaccurate data
  • Withdraw consent for any optional processing (referrer programme, marketing partners)
  • Request deletion of your account and data (subject to regulatory retention requirements)

Send requests to hello@quantifyai.me. We respond within 21 days.

6. WhatsApp-specific terms

By providing your phone number and verifying via OTP, you consent to receive automated WhatsApp messages from our verified Business Account, including:

  • One-time passwords (OTP) for identity verification
  • Your calculator report PDF after submission
  • Login links for the referrer dashboard (when requested)

You may opt out at any time by replying STOP to any message. Opt-out cancels all future automated messages and processes within 24 hours.

7. Cookies

We use essential cookies for login session management and analytics cookies to understand traffic patterns. You can disable analytics in your browser settings without affecting service functionality.

8. Data security

We protect your data using industry-standard practices: encryption in transit (TLS 1.3) and at rest (AES-256), role-scoped access control, row-level security on database tables, and quarterly security reviews. We will notify affected users within 72 hours of any confirmed data breach.

9. Changes to this policy

We will notify you of material changes via WhatsApp and email at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests under PDPA:

Quantify AI
Email: hello@quantifyai.me
Kuala Lumpur, Malaysia

Terms of Service·Data deletion·Contact us
Privacy Policy | Quantify AI