platehaus.my Cookie Policy (v1)

Effective date: 14 Dec 2025

Version: v1.6 • Last Updated: 14 Dec 2025

Who we are / Data Controller: Platehaus Sdn. Bhd. (SSM: 202501045049) operating platehaus.my

Contact (privacy): support@platehaus.my

Registered Address:

CT-06-21 Subang Square Corporate Tower,
Jalan SS15/4G, SS15
47500 Subang Jaya
Selangor

This Cookie Policy explains how platehaus.my uses cookies, web beacons, and similar tracking technologies (collectively, "Cookies") on our website and in our services. This policy forms part of our Personal Data Protection (PDP) Notice and should be read alongside our Privacy Policy.

This Policy complies with Malaysia's Personal Data Protection Act 2010 (PDPA) principles and international best practices.

Bahasa Malaysia: A Bahasa Malaysia (BM) version will be provided. If there is any inconsistency, the English version controls.

---

1) What are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently, provide information to the website owner, and enhance user experience. Similar technologies (local storage, session storage, web beacons, pixels) work in similar ways.

---

2) Types of Cookies We Use

We use the following categories of Cookies:

2.1 Essential / Strictly Necessary Cookies

Purpose: These Cookies are necessary for the website to function and cannot be switched off. They enable basic functions like page navigation, access to secure areas, and remembering your authentication status.

Examples:

• Authentication Cookies

  • Purpose: Maintain your login session securely
  • Duration: Session-based (cleared when you log out)
  • Type: HTTP-only secure cookies
  • Third-party: Yes

• Platform Functionality

  • Purpose: Maintain your authentication state across pages
  • Duration: Session-based
  • Type: Session cookies

Legal basis: Necessity for the performance of a contract (providing our services).

Can you opt out? No—these Cookies are essential for the Platform to function.

---

2.2 Functional / Preference Cookies

Purpose: These Cookies allow the website to remember your preferences and choices (e.g., language, region, display settings) to provide enhanced, personalized features.

Examples:

• Banner Dismissal Preferences

  • Name: disclaimer-dismissed, exploreBannerClosedAt, homepage-disclaimer-dismissed
  • Purpose: Remember that you have dismissed informational or promotional banners
  • Duration: 7 to 14 days (as configured per banner)
  • Type: LocalStorage
  • Storage location: Browser localStorage

• UI State Preferences

  • Purpose: Remember your interface preferences (e.g., collapsed menu states, theme)
  • Duration: Session-based or until cleared
  • Type: LocalStorage / SessionStorage

Legal basis: Your consent (implied by continued use).

Can you opt out? Yes—you can delete these via your browser settings, but this will reset your preferences.

---

2.3 Analytics / Performance Cookies

Purpose: These Cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. This helps us improve the way our website works.

Examples:

• Google Analytics 4 (GA4)

  • Provider: Google Ireland Limited
  • Cookie names: _ga, _ga_XXXXXXXXXX, _gid, _gat
  • Purpose: Track page views, user interactions, and performance metrics
  • Cookie duration: 13 months (33696000 seconds as configured)
  • Data retention: Event-level data retained on Google's servers for 14 months (or as configured in GA)
  • Type: HTTP cookies + LocalStorage
  • Additional configuration:
    • IP anonymization: Enabled (anonymize_ip: true)
    • Google Signals: Enabled (for audience insights)
    • Ad personalization: Disabled (allow_ad_personalization_signals: false)
    • Cookie update: Disabled (prevents automatic extension)
  • Third-party: Yes (Google)
  • Data processing location: Region configured in Google Analytics settings

• Platform Analytics (First-Party)

  • Purpose: Track authenticated user interactions (searches, clicks, views, shortlist actions, recommendations)
  • Availability: Only for logged-in/authenticated users
  • Storage: Managed database infrastructure (server-side storage)
  • Duration: Session-based tracking with server-side storage, retained per our data retention policy
  • Data types: Event type, plate ID, metadata, user ID (authenticated users only), timestamp
  • Third-party: No (first-party analytics infrastructure)

Legal basis: Your consent (as indicated by your continued use of non-essential features).

Can you opt out? Yes—see Section 5 ("Your Choices").

---

2.4 Sales Partner / Attribution Cookies

Purpose: These Cookies enable us to track referrals from our Sales Partners and attribute referrals to the correct Sales Partner when a sale is completed. This ensures accurate attribution and recognition for our sales partners.

Examples:

• Sales Partner Referral Tracking

  • Storage keys: listing-[plate_id], affiliate_referred_user, affiliate_referral_events, globalAffiliateProfile, referralCodes
  • Purpose: Store referral attribution data for Sales Partner commission tracking
  • Attribution model: Last-click (default)
  • Attribution window: 30 days (as displayed in Sales Partner dashboard, may be changed with notice)
  • Duration:
    • Listing-specific referrals: Until authenticated user clicks processed (then cleared)
    • Referred user cache: 24 hours
    • Referral events cache: 1 hour
      • Global Sales Partner profile cache: 3 hours
  • Type: Browser localStorage
  • Third-party: No (first-party tracking)

• Referral Code Processing

  • Purpose: Capture and process referral codes from URL parameters or stored preferences
  • Storage: Browser localStorage
  • Duration: Session-based or until cleared

Legal basis: Legitimate interest (facilitating accurate Sales Partner attribution and recognition).

Can you opt out? Yes—you can clear local storage, but this may affect the accuracy of Sales Partner attribution if you return after a referral.

---

2.5 Confetti / Visual Enhancement Cookies

Purpose: These Cookies store preferences related to visual enhancements (e.g., celebration effects when items are sold).

Examples:

• Sold Confetti Display
  • Storage key pattern: confetti-[plate_id]-[order_id]
  • Purpose: Prevent showing the same celebration animation repeatedly
  • Duration: 1 hour (3600000 milliseconds)
  • Type: Browser localStorage

Legal basis: Your implied consent through continued use.

Can you opt out? Yes—delete via browser settings.

---

2.6 Authentication & Security Cookies

Purpose: These Cookies maintain your secure login session and protect against unauthorized access.

Examples:

• Authentication Tokens

  • Purpose: Maintain authenticated session state
  • Duration: Session-based (automatically refreshed)
  • Type: Secure HTTP-only cookies
  • Third-party: Yes (authentication infrastructure)

• Session Management

  • Purpose: Track active sessions for security and fraud prevention
  • Duration: Session-based
  • Type: Server-side session management

Legal basis: Necessity for the performance of a contract and legitimate interest (security).

Can you opt out? No—these are essential for secure access.

---

3) LocalStorage & SessionStorage

In addition to HTTP cookies, we use Browser LocalStorage and SessionStorage to store data on your device. These are similar to cookies but remain stored until explicitly cleared.

We use LocalStorage/SessionStorage for:

• Banner dismissal preferences (disclaimer-dismissed, exploreBannerClosedAt, homepage-disclaimer-dismissed)
• Sales Partner referral tracking (listing-*, affiliate_referred_user, affiliate_referral_events, globalAffiliateProfile, referralCodes)
• Confetti display preferences (confetti-*)
• UI state preferences (collapsed menus, filter selections, etc.)
• Referral code storage (referralCodes)

Duration:

• SessionStorage: Automatically cleared when you close the browser tab
• LocalStorage: Persists until you manually clear browser data or as specified per item

You can control LocalStorage and SessionStorage through your browser settings in the same way you control Cookies.

---

4) Third-Party Cookies & Services

We integrate with the following third-party services that may set their own Cookies:

Third-Party Service	Purpose	Types of Cookies Used	Privacy Policy
Google Analytics (GA4)	Website analytics	Analytics cookies	Google Analytics Privacy
Supabase	Authentication, database, storage	Essential cookies	Supabase Privacy
Cloudflare Turnstile	Bot protection verification	Essential cookies	Cloudflare Privacy

These third parties may collect information about your online activities across different websites over time. You can find more information about their practices in their privacy policies (linked above).

Note: We use Google Analytics with IP anonymization enabled and have disabled ad personalization signals to protect your privacy. See Section 2.3 for details.

---

5) Your Choices: Managing Cookies

5.1 Browser Controls

You can control and/or delete Cookies as you wish. You can delete all Cookies already on your device and set most browsers to prevent them from being placed. However, if you do this, you may have to manually adjust some preferences every time you visit the Platform, and some services and functionalities may not work.

Browser-specific instructions:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge
• Opera

5.2 Cookie Consent / Preference Center

We are developing a Cookie Preference Center where you can manage your consent for non-essential Cookies. Once available, you can access it via a link in our footer or through your Account Settings.

Current status: We use an implied consent model for non-essential Cookies. By continuing to use the Platform, you consent to our use of Cookies as described in this Policy.

Planned enhancements: We plan to implement an explicit consent banner and preference center where you can:

• Accept all Cookies
• Reject non-essential Cookies
• Customize settings by Cookie category
• Update your preferences at any time

5.3 Opting Out of Google Analytics

If you wish to opt out of Google Analytics tracking, you can:

1. Install the Google Analytics Opt-out Browser Add-on
2. Adjust your browser settings to block Cookies (see Section 5.1)
3. Clear your browser's local storage (this will remove stored data but may reset your preferences)

5.4 Clearing LocalStorage and SessionStorage

To clear LocalStorage and SessionStorage:

1. Open your browser's Developer Tools (F12)
2. Go to the "Application" or "Storage" tab
3. Select "Local Storage" or "Session Storage"
4. Right-click and choose "Clear" or delete specific entries

Alternatively, you can use your browser's "Clear browsing data" function (see Section 5.1).

---

6) Retention Periods

The specific retention periods for our Cookies are listed in Section 2 above. In summary:

Cookie Type	Retention Period
Essential Cookies	Session-based
Functional Cookies	7-14 days (banner prefs)
Google Analytics Cookies	13 months
GA Event Data	14 months
Sales Partner Referral Tracking	30 days (attribution window)
Confetti Display	1 hour
Sales Partner Cache	1-24 hours (varies)

Note: Some data collected via Cookies may be stored in our backend databases for longer periods as described in our Privacy Policy (e.g., transaction records retained for 7 years for legal compliance).

---

7) Children's Privacy

platehaus.my is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information and remove the account.

---

8) Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we may:

• Update the Effective date at the top of this Policy
• Notify you in-app (for material changes)
• Post the updated Policy on this page

Your continued use of the Platform after the updated Effective Date constitutes acceptance of the revised Cookie Policy.

---

9) Data Controller & Contact

Data Controller:
Platehaus Sdn. Bhd. (Company No. 202501045049)
Registered Address: CT-06-21 Subang Square Corporate Tower, Jalan SS15/4G, SS15, 47500 Subang Jaya, Selangor

Contact (Privacy):
Email: support@platehaus.my

For questions, concerns, or requests about our use of Cookies, please contact us using the information above.

---

10) Additional Resources

Related Documents:

• Privacy Policy — Detailed information about how we handle personal data
• Terms of Use — Legal terms governing your use of the Platform

External Resources:

• PDPA 2010 (Malaysia)
• Jabatan Perlindungan Data Peribadi (JPDP)
• Google Analytics Privacy & Security

---

11) Summary

Quick Summary:

• We use Cookies, LocalStorage, and SessionStorage to make the Platform work, improve your experience, and analyze usage.
• Essential Cookies cannot be disabled (they are necessary for the Platform to function).
• Analytics and Tracking Cookies help us understand how you use the Platform.
• Sales Partner Cookies track referrals to ensure accurate attribution and recognition for our partners.
• You can control Cookies through your browser settings or by clearing browser data.
• Google Analytics is configured with IP anonymization and ad personalization disabled for privacy.
• Children under 18 are NOT PERMITTED to use the Platform.

Your Rights:

Under PDPA, you have the right to:

• Access information about the Cookies we use
• Object to certain types of data processing
• Request deletion of non-essential data
• File a complaint with JPDP

For more details, see our Privacy Policy.

---

Last Updated: 14 Dec 2025

---

[END OF AGREEMENT]