Reading Progress
0%
Back to Home

platehaus.my Cookie Policy (v1)

Effective date: 12 Mar 2026

Version: v1.7 • Last Updated: 12 Mar 2026

Who we are / Data Controller: Platehaus Sdn. Bhd. (SSM: 202501045049) operating platehaus.my

Contact (privacy): support@platehaus.my

Registered Address:

CT-06-21 Subang Square Corporate Tower,
Jalan SS15/4G, SS15
47500 Subang Jaya
Selangor

This Cookie Policy explains how platehaus.my uses cookies, web beacons, and similar tracking technologies (collectively, "Cookies") on our website and in our services. This policy forms part of our Personal Data Protection (PDP) Notice and should be read alongside our Privacy Policy.

This Policy complies with Malaysia's Personal Data Protection Act 2010 (PDPA) principles and international best practices.

Bahasa Malaysia: A Bahasa Malaysia (BM) version will be provided. If there is any inconsistency, the English version controls.

1) What are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently, provide information to the website owner, and enhance user experience. Similar technologies (local storage, session storage, web beacons, pixels) work in similar ways.

2) Types of Cookies We Use

We use the following categories of Cookies:

2.1 Essential / Strictly Necessary Cookies

Purpose: These Cookies are necessary for the website to function and cannot be switched off. They enable basic functions like page navigation, access to secure areas, and remembering your authentication status.

Examples:

  • Authentication Cookies

    • Purpose: Maintain your login session securely
    • Duration: Session-based (cleared when you log out)
    • Type: HTTP-only secure cookies
    • Third-party: Yes

  • Platform Functionality

    • Purpose: Maintain your authentication state across pages
    • Duration: Session-based
    • Type: Session cookies

Legal basis: Necessity for the performance of a contract (providing our services).

Can you opt out? No—these Cookies are essential for the Platform to function.

2.2 Functional / Preference Cookies

Purpose: These Cookies allow the website to remember your preferences and choices (e.g., language, region, display settings) to provide enhanced, personalized features.

Examples:

  • Banner Dismissal Preferences

    • Name: disclaimer-dismissed, exploreBannerClosedAt, homepage-disclaimer-dismissed
    • Purpose: Remember that you have dismissed informational or promotional banners
    • Duration: 7 to 14 days (as configured per banner)
    • Type: LocalStorage
    • Storage location: Browser localStorage

  • UI State Preferences

    • Purpose: Remember your interface preferences (e.g., collapsed menu states, theme)
    • Duration: Session-based or until cleared
    • Type: LocalStorage / SessionStorage

Legal basis: Your consent (implied by continued use).

Can you opt out? Yes—you can delete these via your browser settings, but this will reset your preferences.

2.3 Analytics / Performance / Advertising Cookies

Purpose: These Cookies help us understand how visitors interact with our website, measure advertising performance, and improve the way our website and campaigns work. Depending on the tool, the data may be pseudonymous rather than fully anonymous.

Examples:

  • Google Analytics 4 (GA4)

    • Provider: Google Ireland Limited
    • Cookie names: _ga, _ga_XXXXXXXXXX, _gid, _gat
    • Purpose: Track page views, user interactions, and performance metrics
    • Cookie duration: 13 months (33696000 seconds as configured)
    • Data retention: Event-level data retained on Google's servers for 14 months (or as configured in GA)
    • Type: HTTP cookies + LocalStorage
    • Additional configuration:
      • IP anonymization: Enabled (anonymize_ip: true)
      • Google Signals: Enabled (for audience insights)
      • Ad personalization: Disabled (allow_ad_personalization_signals: false)
      • Cookie update: Disabled (prevents automatic extension)
    • Third-party: Yes (Google)
    • Data processing location: Region configured in Google Analytics settings

  • Google Ads Conversion Measurement / Enhanced Conversions

    • Provider: Google Ireland Limited
    • Identifier examples: _gcl_*, gclid, gbraid, wbraid
    • Purpose: Measure ad clicks, attribute verified conversions, and improve conversion matching accuracy where permitted
    • Data types: Click identifiers, landing path, conversion time/value/order identifiers, and hashed email / hashed phone number when available and permitted
    • Event examples: Verified purchases and selected contact-intent / lead actions
    • Storage: First-party cookies plus secure server-side conversion logs
    • Additional configuration:
      • Enhanced Conversions: May use hashed first-party identifiers for measurement when you permit advertising cookies
      • Browser-side ad personalization signals: Disabled (allow_ad_personalization_signals: false)
    • Third-party: Yes (Google)

  • Platform Analytics (First-Party)

    • Purpose: Track authenticated user interactions (searches, clicks, views, shortlist actions, recommendations)
    • Availability: Only for logged-in/authenticated users
    • Storage: Managed database infrastructure (server-side storage)
    • Duration: Session-based tracking with server-side storage, retained per our data retention policy
    • Data types: Event type, plate ID, metadata, user ID (authenticated users only), timestamp
    • Third-party: No (first-party analytics infrastructure)

  • TikTok Pixel + Events API

    • Provider: TikTok Business Products
    • Cookie / identifier examples: _ttp, ttclid, and related TikTok event identifiers
    • Purpose: Measure ad effectiveness, match website events to TikTok campaigns, improve conversion attribution, suppress duplicate audience targeting, and optimise campaign delivery
    • Data types: Page URL, referrer, click IDs, cookie IDs, event metadata, browser/device data, IP address, user agent, and hashed match keys such as hashed email, hashed phone number, and hashed internal user ID/external ID where available
    • Event examples: Page views, listing views, searches, WhatsApp contact intent, registration, checkout progression, and verified purchases
    • Additional settings we may enable: First-party cookies, Automatic Advanced Matching (AAM), and expanded data sharing
    • Storage: Browser cookies plus secure server-side event logs
    • Duration: Browser cookie duration varies by TikTok/browser configuration; server-side event records are retained per our Privacy Policy
    • Third-party: Yes (TikTok)

Legal basis: Your consent, as indicated by your use of these non-essential technologies.

Can you opt out? Yes—see Section 5 ("Your Choices").

2.4 Sales Partner / Attribution Cookies

Purpose: These Cookies enable us to track referrals from our Sales Partners and attribute referrals to the correct Sales Partner when a sale is completed. This ensures accurate attribution and recognition for our sales partners.

Examples:

  • Sales Partner Referral Tracking

    • Storage keys: listing-[plate_id], affiliate_referred_user, affiliate_referral_events, globalAffiliateProfile, referralCodes
    • Purpose: Store referral attribution data for Sales Partner commission tracking
    • Attribution model: Last-click (default)
    • Attribution window: 30 days (as displayed in Sales Partner dashboard, may be changed with notice)
    • Duration:
      • Listing-specific referrals: Until authenticated user clicks processed (then cleared)
      • Referred user cache: 24 hours
      • Referral events cache: 1 hour
        • Global Sales Partner profile cache: 3 hours
    • Type: Browser localStorage
    • Third-party: No (first-party tracking)

  • Referral Code Processing

    • Purpose: Capture and process referral codes from URL parameters or stored preferences
    • Storage: Browser localStorage
    • Duration: Session-based or until cleared

Legal basis: Legitimate interest (facilitating accurate Sales Partner attribution and recognition).

Can you opt out? Yes—you can clear local storage, but this may affect the accuracy of Sales Partner attribution if you return after a referral.

2.5 Confetti / Visual Enhancement Cookies

Purpose: These Cookies store preferences related to visual enhancements (e.g., celebration effects when items are sold).

Examples:

  • Sold Confetti Display
    • Storage key pattern: confetti-[plate_id]-[order_id]
    • Purpose: Prevent showing the same celebration animation repeatedly
    • Duration: 1 hour (3600000 milliseconds)
    • Type: Browser localStorage

Legal basis: Your implied consent through continued use.

Can you opt out? Yes—delete via browser settings.

2.6 Authentication & Security Cookies

Purpose: These Cookies maintain your secure login session and protect against unauthorized access.

Examples:

  • Authentication Tokens

    • Purpose: Maintain authenticated session state
    • Duration: Session-based (automatically refreshed)
    • Type: Secure HTTP-only cookies
    • Third-party: Yes (authentication infrastructure)

  • Session Management

    • Purpose: Track active sessions for security and fraud prevention
    • Duration: Session-based
    • Type: Server-side session management

Legal basis: Necessity for the performance of a contract and legitimate interest (security).

Can you opt out? No—these are essential for secure access.

3) LocalStorage & SessionStorage

In addition to HTTP cookies, we use Browser LocalStorage and SessionStorage to store data on your device. These are similar to cookies but remain stored until explicitly cleared.

We use LocalStorage/SessionStorage for:

  • Banner dismissal preferences (disclaimer-dismissed, exploreBannerClosedAt, homepage-disclaimer-dismissed)
  • Sales Partner referral tracking (listing-*, affiliate_referred_user, affiliate_referral_events, globalAffiliateProfile, referralCodes)
  • Confetti display preferences (confetti-*)
  • UI state preferences (collapsed menus, filter selections, etc.)
  • Referral code storage (referralCodes)

Duration:

  • SessionStorage: Automatically cleared when you close the browser tab
  • LocalStorage: Persists until you manually clear browser data or as specified per item

You can control LocalStorage and SessionStorage through your browser settings in the same way you control Cookies.

4) Third-Party Cookies & Services

We integrate with the following third-party services that may set their own Cookies:

Third-Party Service Purpose Types of Cookies Used Privacy Policy
Google Analytics (GA4) Website analytics Analytics cookies Google Analytics Privacy
Google Ads Advertising measurement, conversion attribution, and enhanced conversion matching Advertising / attribution cookies, first-party click identifiers, server-side conversion identifiers Google Privacy Policy
TikTok Business Products Advertising measurement, attribution, and event matching Advertising / analytics cookies, pixels, server-side event identifiers TikTok Privacy Policy
Supabase Authentication, database, storage Essential cookies Supabase Privacy
Cloudflare Turnstile Bot protection verification Essential cookies Cloudflare Privacy

These third parties may collect information about your online activities across different websites over time. You can find more information about their practices in their privacy policies (linked above).

Note: We use Google Analytics with IP anonymization enabled. Our browser-side Google tag currently keeps ad personalization signals disabled, even where Google Ads conversion measurement or Enhanced Conversions are enabled for measurement. See Section 2.3 for details.

5) Your Choices: Managing Cookies

5.1 Browser Controls

You can control and/or delete Cookies as you wish. You can delete all Cookies already on your device and set most browsers to prevent them from being placed. However, if you do this, you may have to manually adjust some preferences every time you visit the Platform, and some services and functionalities may not work.

Browser-specific instructions:

5.2 Managing Non-Essential Cookies

You can manage non-essential Cookies through your browser controls and privacy tools. Blocking or clearing these Cookies may reduce measurement accuracy and may reset certain preferences or site behavior.

5.3 Opting Out of Google Analytics and Google Ads Measurement

If you wish to opt out of Google Analytics tracking or Google Ads measurement, you can:

  1. Install the Google Analytics Opt-out Browser Add-on
  2. Adjust your browser settings to block Cookies (see Section 5.1)
  3. Clear your browser's local storage (this will remove stored data but may reset your preferences)

5.4 Managing TikTok Measurement Cookies

If you want to limit TikTok measurement:

  1. Block or delete cookies in your browser settings (see Section 5.1)
  2. Clear browser storage and site data for platehaus.my
  3. Use browser privacy controls or content blockers that restrict advertising pixels/scripts
  4. Avoid interacting with the Platform while logged in if you do not want server-side conversion events associated with your account activity

5.5 Clearing LocalStorage and SessionStorage

To clear LocalStorage and SessionStorage:

  1. Open your browser's Developer Tools (F12)
  2. Go to the "Application" or "Storage" tab
  3. Select "Local Storage" or "Session Storage"
  4. Right-click and choose "Clear" or delete specific entries

Alternatively, you can use your browser's "Clear browsing data" function (see Section 5.1).

6) Retention Periods

The specific retention periods for our Cookies are listed in Section 2 above. In summary:

Cookie Type Retention Period
Essential Cookies Session-based
Functional Cookies 7-14 days (banner prefs)
Google Analytics Cookies 13 months
GA Event Data 14 months
Google Ads Click IDs / Conversion Data Cookie duration varies by browser / Google configuration; server-side conversion records retained per Privacy Policy
TikTok Cookies / Click IDs Varies by TikTok/browser configuration
TikTok Server Event Data Retained per Privacy Policy / platform records
Sales Partner Referral Tracking 30 days (attribution window)
Confetti Display 1 hour
Sales Partner Cache 1-24 hours (varies)

Note: Some data collected via Cookies may be stored in our backend databases for longer periods as described in our Privacy Policy (e.g., transaction records retained for 7 years for legal compliance).

7) Children's Privacy

platehaus.my is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information and remove the account.

8) Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we may:

  • Update the Effective date at the top of this Policy
  • Notify you in-app (for material changes)
  • Post the updated Policy on this page

Your continued use of the Platform after the updated Effective Date constitutes acceptance of the revised Cookie Policy.

9) Data Controller & Contact

Data Controller:
Platehaus Sdn. Bhd. (Company No. 202501045049)
Registered Address: CT-06-21 Subang Square Corporate Tower, Jalan SS15/4G, SS15, 47500 Subang Jaya, Selangor

Contact (Privacy):
Email: support@platehaus.my

For questions, concerns, or requests about our use of Cookies, please contact us using the information above.

10) Additional Resources

Related Documents:

  • Privacy Policy — Detailed information about how we handle personal data
  • Terms of Use — Legal terms governing your use of the Platform

External Resources:

11) Summary

Quick Summary:

  • We use Cookies, LocalStorage, and SessionStorage to make the Platform work, improve your experience, and analyze usage.
  • Essential Cookies cannot be disabled (they are necessary for the Platform to function).
  • Analytics and Tracking Cookies help us understand how you use the Platform.
  • Sales Partner Cookies track referrals to ensure accurate attribution and recognition for our partners.
  • You can control Cookies through your browser settings or by clearing browser data.
  • Google Analytics is configured with IP anonymization and ad personalization disabled for privacy.
  • We also use TikTok Pixel + Events API for advertising measurement, including first-party cookies, advanced matching, and server-side conversion events where enabled.
  • Children under 18 are NOT PERMITTED to use the Platform.

Your Rights:

Under PDPA, you have the right to:

  • Access information about the Cookies we use
  • Object to certain types of data processing
  • Request deletion of non-essential data
  • File a complaint with JPDP

For more details, see our Privacy Policy.

Last Updated: 12 Mar 2026

[END OF AGREEMENT]