Privacy Policy

We collect only the data necessary to deliver, improve, and support our business solutions. No personal data is collected without explicit consent.

Types of Data Collected

• Personal Data: Name, email address, company name, contact number, and identifiers required for system setup and account management.
• Transactional Data: Service usage logs, invoices, payment records (securely processed through third-party gateways such as PayNow).
• Usage Data: Browser type, IP address, device identifiers, and interaction analytics to enhance user experience.

• Cookies & Tracking: Used to improve site functionality, user personalization, and performance insights (subject to consent). 

Collected data is used strictly for operational and service purposes, including: 

• Delivering and maintaining our digital solutions (e.g., ERP, HRMS, CRM, AI modules).
• Processing transactions securely via authorized payment providers.
• Providing implementation support, updates, and technical assistance.
• Enhancing platform security and preventing fraud.
• Analyzing system performance to improve usability and scalability.
• Complying with legal, accounting, and regulatory obligations.

We do not sell, trade, or use customer data for marketing purposes without explicit consent.

All customer data remains the property of the client. Moonshot Associates Pte. Ltd. does not claim ownership of any client data stored within its platforms.

We employ rigorous administrative, physical, and technical controls to protect all personal and business data:

• Encryption: All data is encrypted both in transit (TLS) and at rest (AES-256).
• Access Control: Only authorized personnel have access on a need-to-know basis.
• Secure Cloud Hosting: Services are hosted on Cloud Service Providers (e.g. AWS, Azure, Oracle Cloud, etc) and deployed required compliant stack to maintain security requirements.
• Regular Audits: Periodic internal security reviews are conducted to ensure compliance with PDPA, MAS, and ISO 27001 practices.

• Two-Factor Authentication (2FA): Enforced for administrative access and client portals.

• Retention: Data is retained only as long as necessary for operational, contractual, or regulatory purposes.
• Deletion Requests: Clients may request deletion of personal or organizational data by contacting info@moonshotassociates.com, subject to any statutory retention obligations (e.g., tax, audit, or compliance requirements).

We do not disclose data to third parties except under these limited conditions:

• Legal or Regulatory Requirement: When required by law, court order, or competent authority.
• Service Providers: To trusted vendors (e.g., OCI, AWS, Odoo S.A.) solely for service delivery, under strict confidentiality and data-protection terms.
• Business Transfers: In the event of a merger, acquisition, or restructuring, data may be transferred in accordance with PDPA requirements, with prior notice provided.

In the unlikely event of a data breach, we will:

• Notify affected clients promptly.
• Provide full details of the breach, potential impact, and remedial measures.
• Implement corrective actions and security reviews to prevent recurrence.

Moonshot complies fully with the Personal Data Protection Act 2012 (PDPA) and related frameworks, ensuring:

• Data collection and use are based on informed consent.
• Individuals may access, review, or correct their personal data.
• Individuals may withdraw consent at any time, subject to service constraints.
• Data is protected against unauthorized access, modification, or disclosure.

For clients operating regionally, Moonshot extends its compliance model to align with Malaysia PDPA, Thailand PDPA, and GDPR principles where applicable.

Moonshot may update this Privacy Policy periodically to reflect legal or operational changes. The latest version will always be available on our website, with the effective date clearly stated. Your continued use of our services after any update constitutes acceptance of the revised policy.