1 MYR = 1 MYRT · ON LAUNCH 100% RINGGIT CASH · 1:1 BACKED BUILT FOR PAYROLL · COMMERCE ↗ COMPLIANT BY DESIGN NETWORK · ETHEREUM SEGREGATED RESERVES COMPLIANCE-FIRST INFRASTRUCTURE RINGGIT-BACKED 1:1 SINCE DAY ONE 1 MYR = 1 MYRT · ON LAUNCH 100% RINGGIT CASH · 1:1 BACKED BUILT FOR PAYROLL · COMMERCE ↗ COMPLIANT BY DESIGN NETWORK · ETHEREUM SEGREGATED RESERVES COMPLIANCE-FIRST INFRASTRUCTURE RINGGIT-BACKED 1:1 SINCE DAY ONE
Legal

Privacy Policy.

Your privacy matters to us. This policy explains how we collect, use, and protect your personal information.

Last updated: February 3, 2026

1. Introduction

MyStable Sdn Bhd ("MyStable," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our stablecoin platform, website, and related services (collectively, the "Services").

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our Services.

2. Information We Collect

We collect the following categories of information:

  • Identity & verification data: name, date of birth, nationality, identity-document data (MyKad, passport), liveness/biometric data, address.
  • Contact data: email, phone, postal address.
  • Financial data: bank account details for redemption, transaction history on the Services, source-of-funds information.
  • Wallet & on-chain data: wallet addresses, signed messages, transaction metadata.
  • Technical data: IP address, device identifiers, browser, operating system, log data.

3. How We Use Information

We use personal information to:

  • Verify your identity (KYC/KYB) and screen against sanctions and PEP lists;
  • Provide, operate, and improve the Services;
  • Monitor transactions for fraud, AML/CFT compliance, and security;
  • Communicate service updates, security alerts, and support responses;
  • Comply with legal, regulatory, and audit obligations.

4. Sharing & Disclosure

We share information only as needed to operate the Services and comply with the law. Recipients may include:

  • Licensed Malaysian bank custodians, registered redeemers, and HR/EOR partners involved in payroll flows;
  • Identity-verification, sanctions-screening, and transaction-monitoring providers;
  • Auditors, attestation providers, and professional advisers;
  • Regulators, law-enforcement agencies, and courts where lawfully required.

We do not sell your personal information.

5. Cookies & Analytics

We use cookies and similar technologies to maintain sessions, remember preferences, secure the Services, and understand aggregate usage. You can manage cookies through your browser settings; some Services may not function correctly with cookies disabled.

6. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, access controls, segregated production environments, key management, and regular security testing.

No system is fully secure. We do not guarantee that personal information will be protected from all unauthorised access, loss, alteration, or misuse, particularly where breaches result from your own actions (e.g. credential reuse, phishing, malware) or from the failure of third-party systems outside our control. Notify us immediately via our contact page if you suspect your account, credentials, or wallet has been compromised.

7. Data Retention

We retain personal information for as long as needed to provide the Services and to comply with legal, regulatory, audit, and reporting obligations. Identity-verification and transaction records are typically retained for the period required by Malaysian AML/CFT law and applicable tax law, even after an account is closed.

8. Your Rights

Subject to applicable law, including the Personal Data Protection Act 2010 of Malaysia ("PDPA") and the equivalent regimes in your jurisdiction, you may have the right to:

  • access the personal information we hold about you;
  • request correction of inaccurate or incomplete information;
  • withdraw consent (subject to lawful exceptions);
  • object to or restrict certain processing;
  • request deletion of your information, subject to retention obligations under AML/CFT, tax, audit, and other applicable laws;
  • lodge a complaint with the Personal Data Protection Department of Malaysia or the equivalent authority in your jurisdiction.

Some rights have legal exceptions - for example, we may refuse a deletion request where retention is required by Malaysian AML/CFT law, by tax authorities, or by an ongoing investigation. We will explain any refusal where lawful to do so.

To exercise these rights, please use our contact page.

9. International Transfers

Where we transfer personal information outside Malaysia, we do so only to recipients that provide an adequate level of protection or under appropriate safeguards (such as contractual data-protection clauses).

10. Updates to this Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date and, where required, notify you directly of material changes.

11. Contact Us

For privacy questions, data-rights requests, or to report a privacy incident, please use our contact page.