Marigig - Skill to Income

Marigig ("we," "our," or "the Platform") values your trust and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services, including our websites, applications, and related tools (collectively, the "Platform"). The Platform is operated by Marigig Sdn Bhd.

1. Who We Are and Scope

This Privacy Policy applies to all users of the Marigig Platform, including:

Members / Buyers who browse services, contact sellers, or save posts.
Sellers (freelancers, self-employed, businesses) who create profiles, subscribe to plans, and publish posts.
Visitors who access our websites or interact with our marketing pages.

By using the Platform, you agree to the practices described in this Privacy Policy, in addition to our Terms of Use.

2. Information We Collect

We collect the following categories of information:

2.1 Account Registration

Email address (verified via Email OTP)
Password (stored in hashed form)
Name, state, district, preferred language and basic profile settings

2.2 Seller Verification & Profile Data

Identification documents (e.g., IC upload), where required
Phone number (verified via SMS OTP)
Business-related information (services, pricing ranges, advertisements, portfolio, social links, videos, service locations, etc.)
Subscription and plan information (plan type, trial status, quotas and plan history)

2.3 Platform Activity & Content

Services and posts you browse, click, save, like, share or report
Listings, photos, videos, descriptions and other content you create or upload
Views of phone numbers and actions such as "Call" or "WhatsApp" on seller profiles
Messages or interactions (where available) between buyers and sellers

2.4 Technical & Device Information

Device type, operating system, browser type and version
IP address and approximate location (e.g., city/state level)
Log data such as access times, pages viewed, referral URLs and error logs
Information used for bot-detection and fraud-prevention (e.g., device fingerprint signals)

2.5 Subscription, Billing & Payment Data

Plan type, trial eligibility, billing cycle, renewal status and quota usage
Billing history (dates, amounts, status of subscription payments and renewals)
Payment method details shared with our payment partners (e.g. masked card information, payment reference IDs) — we do not store full card numbers on our servers.

2.6 Communications & Support

Messages and information you provide when you contact us (e.g. via contact forms or support email)
Marketing and notification preferences (e.g. email preferences, language)

2.7 Cookies & Similar Technologies

We use cookies, pixels and similar technologies to remember your preferences, secure your session, and measure traffic and performance. More details are provided in the Cookie Policy section below.

3. How We Use Your Information

We use your data to:

Verify your identity and secure your account (Email OTP for all users, SMS OTP + IC verification for sellers).
Create, operate and personalise your account and seller profile.
Publish and display seller information (such as services, ads, photos, videos and reviews) to potential buyers.
Facilitate communication between buyers and sellers, including phone-reveal and "Call/WhatsApp" interactions.
Administer subscriptions, trials, renewals and billing; generate invoices and payment records; and detect chargeback abuse.
Apply viewing and contact limits (for example, tiered phone-reveal rules) to prevent abuse and protect sellers.
Improve Platform performance, user experience, relevance of listings and search quality.
Monitor for fraud, scams, bots and misuse of the Platform, and enforce our Terms of Use.
Send important service messages (e.g. security alerts, changes to Terms or Privacy Policy) and, where permitted, marketing messages.
Comply with legal obligations and cooperate with regulators or law enforcement where required.

4. Legal Basis and Consent

Where required by applicable law (including the Personal Data Protection Act), we rely on one or more of the following legal bases to process your personal data:

Consent – for example, when you agree to create an account, upgrade to a seller plan, accept cookies, or opt in to marketing communications.
Contractual necessity – to provide the services you request, such as managing your account, subscription, and access to seller features.
Legitimate interests – such as improving the Platform, protecting users from fraud and abuse, enforcing our Terms, analysing usage, and developing new features, in a way that does not unfairly impact your rights.
Legal obligations – to comply with applicable laws, regulations or lawful requests (for example, keeping certain records for audit, tax, or law-enforcement purposes).

5. What Information is Public

Normal Members (Buyers): Your email, IC and phone number are not shown publicly on the Platform.

Sellers (Service Providers): By upgrading to seller and publishing content, you consent to making the following information publicly visible on the Platform:

Service listings, advertisements, descriptions, photos and videos
Business name / personal name and basic profile details (e.g. service area, categories)
Reviews and ratings from clients
WhatsApp or phone contact entry points (for example, click-to-reveal phone number or "WhatsApp" button, subject to our phone-reveal limits and anti-abuse rules)

We may also display aggregated statistics (for example, number of views or phone-reveals) without exposing individual user identities.

6. Data Sharing and Third Parties

We do not sell your personal information. We may share your information only with:

Service providers who help us operate the Platform, such as:
- Cloud hosting and infrastructure providers
- Email and SMS OTP providers
- Payment processors and payment gateways
- Analytics, anti-fraud, and security vendors
- Moderation and AI-based content analysis services, where used
Business partners where we integrate or co-offer products or services (for example, payment or verification partners), in which case we will clearly describe the arrangement where required.
Legal and regulatory authorities when required by law, court order, or to protect our users, our rights, or the rights of others.
Corporate transactions, such as a merger, acquisition, financing or sale of all or part of our business, where your data may be transferred as part of that transaction, subject to appropriate safeguards.

Where we transfer personal data outside of Malaysia, we take steps to ensure that an adequate level of protection is provided in accordance with applicable law.

7. Data Retention & Deletion

We retain your personal data only for as long as necessary to provide the Platform, operate our business, and meet legal, accounting or reporting requirements.
Account and profile data are generally kept while your account is active. If you request deletion, we will remove or anonymise your personal data, except where we are required or permitted to keep certain information (for example, for fraud prevention, dispute resolution or legal obligations). For step-by-step instructions, see our User Data Deletion page.
Seller advertisements, reviews and public posts may remain visible or stored in backup systems for a reasonable period, even after account closure, unless removal is required by law or technically feasible.
Logs and security records (such as device, IP and phone-reveal logs) may be retained for a period necessary to investigate abuse, enforce our Terms, and comply with law.

8. Security Measures

OTP verification for account security (Email OTP for all users, SMS OTP + IC verification for sellers).
Use of industry-standard security practices to protect data in transit and at rest, including encryption for sensitive information where appropriate.
Access controls to ensure only authorised staff and service providers can access personal data where necessary.
Monitoring and logging to help detect suspicious activity, abuse or security incidents.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

9. Your Rights and Choices

As a Marigig user, and subject to applicable law, you have the right to:

Access the personal information we hold about you.
Update or correct inaccurate or incomplete personal information via your account settings or by contacting us.
Request deletion of your account and personal data, subject to our legal obligations and legitimate interests as explained above. See our User Data Deletion page for how to submit a request.
Withdraw consent for certain processing where we rely on consent (for example, marketing communications), without affecting the lawfulness of processing based on consent before its withdrawal.
Object to or request restriction of certain processing where permitted by law.
Manage cookies and tracking technologies through your browser or device settings, and through any cookie banners or preferences we provide.
Report misuse, scams or privacy concerns via our contact channels.

To exercise any of these rights, please contact us using the details in Section 12 below, or follow the process in Section 18. We may need to verify your identity before fulfilling your request.

10. Children

The Platform is intended for adults and business users. If you are under 18, you should only use the Platform with the consent and supervision of a parent or legal guardian. We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided us with personal data without appropriate consent, please contact us and we will take appropriate steps.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be posted on this page with an updated "Last Updated" date. Where changes are material, we may also provide additional notice (for example, via email or an in-app banner).

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Marigig Sdn Bhd (1664420-D)

Email: askmarigig@gmail.com

Phone: +6011-1078 2689

WhatsApp Call

13. PDPA Principles and Consent Management

13.1 General Principle (Consent). We will obtain your consent before collecting, using, or disclosing your personal data, except where otherwise permitted by applicable law.

13.2 Consent Records. For compliance and audit purposes, we may keep records of consent and policy acceptance, including the date/time, policy version, language presented, account identifier, and related system logs.

13.3 Withdrawal of Consent. You may withdraw consent for optional processing (for example, marketing communications) at any time via your account settings or by contacting us. Withdrawal does not affect processing lawfully carried out before withdrawal.

14. Notice, Choice, and Mandatory Data

14.1 Notice. We will inform you of the categories of personal data we collect, the purposes of processing, and the classes of third parties to whom data may be disclosed.

14.2 Choice. Where practicable, we provide choices regarding optional data collection and optional communications (such as promotional messages).

14.3 Mandatory Data and Service Impact. Certain data is required to provide core services (for example, account security, fraud prevention, subscription billing, and legal compliance). If you do not provide required data, we may be unable to create, maintain, or secure your account or provide certain Platform features.

15. Disclosure Controls and Cross-Border Transfers

15.1 Purpose-Limited Disclosure. We disclose personal data only on a need-to-know and purpose-limited basis to service providers and partners supporting Platform operations.

15.2 Contractual Safeguards. Where we engage third parties, we require appropriate contractual measures, including confidentiality and data protection obligations.

15.3 No Unauthorised Third-Party Marketing. We do not disclose your personal data to unrelated third parties for their own direct marketing purposes without your consent, unless required or permitted by law.

15.4 Cross-Border Transfers. Where personal data is transferred outside Malaysia, we take reasonable steps to ensure comparable protection in accordance with applicable law.

16. Data Retention Schedule

16.1 General Rule. We retain personal data only for as long as necessary for legitimate business purposes and legal obligations.

16.2 Standard Retention Periods. Unless a longer period is required by law, we generally apply the following retention periods:

Account and profile data: for as long as the account remains active, and up to 24 months after account closure or prolonged inactivity, unless earlier deletion is requested and legally permissible.
Subscription, billing, and payment records: up to 7 years for accounting, audit, tax, dispute, and fraud prevention purposes.
Security and abuse-prevention logs (including IP/device/session records): up to 24 months.
Customer support communications: up to 24 months after ticket closure.
Backup data: retained in rolling backup cycles and deleted or overwritten according to backup schedules.

16.3 Deletion and Anonymisation. When retention is no longer necessary, data will be deleted or irreversibly anonymised, subject to technical feasibility and legal requirements.

17. Data Accuracy and User Responsibilities

17.1 Accuracy. We take reasonable steps to keep personal data accurate, complete, and up to date for the purposes for which it is used.

17.2 User Responsibility. You are responsible for updating your account information promptly if it changes.

17.3 Re-Verification. We may request additional verification or temporarily restrict features if we reasonably believe certain personal data is inaccurate, incomplete, or outdated.

18. Access, Correction, and Deletion Request Process

18.1 Rights Request Submission. You may request access to, correction of, or deletion of your personal data by contacting us through the channels listed in Section 12 of this Privacy Policy.

18.2 Identity Verification. We may require reasonable proof of identity before processing any request.

18.3 Response Timeline. We aim to acknowledge requests within 7 days and provide a substantive response within 21 days, or within such period as required by applicable law. If additional time is needed, we will inform you of the reason and expected timeline.

18.4 Lawful Limitations. In limited circumstances permitted by law, we may refuse or limit a request (for example, where disclosure would affect legal privilege, ongoing investigations, security, or rights of other persons).

19. Security Incident Response

19.1 Incident Handling. We maintain processes to identify, contain, investigate, and remediate suspected personal data security incidents.

19.2 Notifications. Where required by applicable law, we will notify relevant authorities and/or affected users within a reasonable timeframe, including information on the nature of the incident and recommended protective steps.

Cookie Policy – Marigig

Last Updated: March 2026

1. What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit our Platform. They help us provide a better user experience by remembering your preferences, analyzing site performance, and delivering personalized content or advertisements.

2. Types of Cookies We Use

(a) Strictly Necessary Cookies

Essential for the operation of the Platform.
Enable functions such as user login, account verification, and security.
Without these cookies, certain services cannot be provided.

(b) Performance & Analytics Cookies

Collect anonymous data on how users interact with the Platform.
Help us monitor traffic, identify technical issues, and improve performance.
Example: Google Analytics cookies.

(c) Functional Cookies

Remember your language preference, region, and customized settings.
Provide a more personalized browsing experience.

(d) Advertising & Targeting Cookies

Track browsing habits to deliver relevant advertisements.
May be set by us or trusted third-party advertising partners.
Used to measure campaign effectiveness and avoid showing repetitive ads.

3. Third-Party Cookies

Some cookies are placed by trusted third-party service providers for purposes such as analytics, advertising, and social media integration (e.g., Google, Facebook, TikTok, YouTube). These third parties may collect data about your online activity across websites and apps.

4. How Long Do Cookies Stay on Your Device?

Session Cookies: Temporary and deleted when you close your browser.
Persistent Cookies: Remain on your device until they expire or are manually deleted.

5. How to Manage or Disable Cookies

You can control cookies by adjusting your browser settings:

Block all cookies.
Allow only certain cookies.
Delete cookies already stored on your device.

⚠️ Note: Disabling cookies may affect platform functionality (e.g., login, saved preferences, or checkout features).

For details, visit:

6. Consent to Use of Cookies

When you first visit the Platform, a cookie banner will appear to inform you that we use cookies. By selecting your preferences, you consent to our use of cookies in accordance with this Policy, unless you disable them in your browser settings.

7. Updates to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in technology, applicable law, or our business practices. The updated version will be posted on this page with the "Last Updated" date.

8. Contact Us (Cookies)

If you have any questions or concerns about our use of cookies, please contact us at: