Privacy & Security Policy

Last updated: 19 April 2026

1. Who We Are (Data Controller)

GatherPlate is operated by Gatherplate PLT (Registration No. 202604000816), a company incorporated in Malaysia (“GatherPlate”, “we”, “us”, or “our”). We are the data controller responsible for your personal data collected through the Platform.

2. Personal Data We Collect

We collect the following categories of personal data when you use GatherPlate:

Data you provide directly:

  • Full name, email address, and phone number
  • Delivery address and event location details
  • Payment method details (we do not store raw card numbers — all payment credentials are tokenised by our payment processor)
  • Profile information (e.g., profile photo)
  • Order details, special dietary requirements, and event notes
  • Messages exchanged with Vendors via in-platform messaging
  • Reviews and ratings you submit

Data collected automatically:

  • IP address and approximate geolocation (derived from IP or browser)
  • Device type, browser, and operating system
  • Pages visited, clicks, and session duration
  • Cookies and similar tracking technologies

For Vendors only:

  • Business registration details and food handling licence information
  • Bank account details for payout purposes
  • Menu and service listing content

3. How We Use Your Data

We use your personal data to:

  • Create and manage your account
  • Process and fulfil your Orders, including sharing relevant details with your chosen Vendor
  • Process payments and issue refunds
  • Send Order confirmations, status updates, and receipts by email or SMS
  • Handle customer support queries and resolve disputes
  • Detect and prevent fraud and abuse
  • Improve the Platform through anonymised usage analytics
  • Send promotional emails or offers (only with your consent; you may opt out at any time)
  • Comply with applicable legal and regulatory requirements

4. Who We Share Your Data With

We do not sell your personal data. We may share it with the following categories of recipients:

  • Vendors: We share your name, event details, delivery address, contact number, and Order notes with the Vendor who accepts your Order, solely for the purpose of fulfilling that Order.
  • Payment processor: For payment authorisation, capture, and refund processing. Our payment processor is PCI DSS compliant and handles your payment data securely.
  • Cloud storage provider: For secure storage of user-uploaded files (e.g., Vendor menu photos). Our storage provider's servers are located outside Malaysia. By using the Platform, you consent to this transfer. We ensure your data is processed securely and only as instructed by us.
  • Email service provider: For transactional emails (Order confirmations, dispute notifications). We share only the email address and Order reference necessary to send each communication.
  • Legal and regulatory authorities: Where required by law, court order, or to protect the rights and safety of GatherPlate, its users, or the public.

All third-party service providers are required to process your data only as instructed by GatherPlate and in accordance with applicable data protection laws.

5. What Happens If You Don't Provide Your Data

Providing your personal data is optional. However, if you choose not to provide certain information, we may be unable to:

  • Create or maintain your account on the Platform
  • Process or fulfil your Orders
  • Contact you regarding your bookings or disputes
  • Issue refunds to the correct payment method.

Providing data marked as optional (such as dietary preferences) is at your discretion and its absence will not prevent you from using the Platform.

Privacy & Security Policy | GatherPlate