Privacy Policy

Last updated: 2026-04-20

3D Ninjaz (“3D Ninjaz”, “we”, “us”) collects and uses personal data to run our online store. This notice explains what we collect, why, how long we keep it, and your rights under Malaysia’s Personal Data Protection Act 2010 (PDPA).

1. Who we are

3D Ninjaz is operated by 3D Ninjaz, based in Kuala Lumpur, Malaysia. We run a small e-commerce store selling 3D-printed goods, printed to order on our own printers.

2. What data we collect

We collect only the data we need to run the store. There are four groups:

Account data
Your name, email address, a password (stored as a one-way salted hash — we never see or store the plaintext), and the timestamp at which you agreed to this policy during registration.
Order data
Shipping address, phone number (for delivery), items purchased, sizes, quantities, and the total amount paid.
Payment data
Payments are handled entirely by PayPal. We store the PayPal transaction reference so we can match your order to the payment — we do not store your card number, CVC, or PayPal sign-in details.
Technical data
Your IP address, browser and device details, and essential session cookies used to keep you signed in and to hold your bag between pages.

3. Why we collect it (purpose)

We use your data to:

  • Fulfil and deliver your orders.
  • Provide customer support for your orders.
  • Keep accurate accounting and transaction records as expected of a Malaysian business.
  • Detect and prevent fraud or abuse of the store.
  • Keep the site secure and operational.

We do not sell your data to third parties. We do not use your data to build advertising profiles.

4. Who we share it with (third parties)

We share only the minimum necessary data with a small set of trusted providers:

  • PayPal — payment processing. Governed by PayPal’s own privacy policy at paypal.com.
  • Our email provider — transactional order emails (confirmations, shipping notices). We use our cPanel SMTP mail server; emails are sent from info@3dninjaz.com.
  • Our hosting provider — the site and database are hosted on our cPanel account for 3dninjaz.com.
  • Couriers — when we ship your order we share your name, phone number, and shipping address with the courier.
  • Analytics — we do not currently run any third-party analytics, advertising pixels, or marketing trackers. If we add any in future, we will update this notice before they go live.

5. How long we keep it (retention)

  • Order and invoice records: 7 years from the date of the order (Malaysian accounting and record-keeping practice).
  • Account data: 3 years after your last sign-in; you can request earlier deletion at any time.
  • Marketing communications: Until you unsubscribe. (We do not run marketing lists in v1; this clause is future-proofing.)

Beyond these periods we delete or irreversibly anonymise the data.

6. Your rights under PDPA 2010

  • Right of access: request a copy of the personal data we hold about you.
  • Right of correction: ask us to correct inaccurate or incomplete data.
  • Right to withdraw consent: withdraw the consent you gave at registration. Withdrawing consent may limit our ability to provide some services (for example, we can no longer process new orders without an account).
  • Right to request deletion: ask us to delete your account. We may still need to retain order records for the accounting period noted above; we will delete what we can and anonymise the rest.
  • Right to data portability: request your data in a machine-readable format.
  • Right to complain: if you’re unhappy with our response, you can escalate to the Department of Personal Data Protection, Malaysia.

7. How to exercise your rights / contact us

Email our data-protection contact at info@3dninjaz.com with your request. Please include enough information for us to verify your identity (for example, the email address on your account) so we only release data to the right person.

We respond to data-access requests within 21 business days, as required by PDPA 2010.

8. Cookies

We use essential cookies only. Specifically:

  • A signed session token that keeps you signed in after you log in.
  • A small amount of local storage on your device to remember the items in your bag between pages.

We do not set advertising, tracking, or cross-site cookies. If we add any analytics cookies in future, we will update this notice and, where required, ask for your consent before setting them.

9. Security

  • Passwords are stored as one-way salted hashes; nobody at 3D Ninjaz can read your password.
  • The whole site runs over HTTPS; data in transit is encrypted.
  • Access to the admin area and the customer database is limited to authorised staff.
  • Payment card details never touch our servers; PayPal handles that data under its own PCI-DSS controls.

No system is ever 100% secure. If we become aware of a breach that affects your personal data, we will notify you by email as soon as reasonably possible.

10. Changes to this policy

We may update this notice from time to time. The “Last updated” date at the top of the page shows when it last changed. If we make a material change that affects how we use your data, we will email registered customers to let them know before the change takes effect.

11. Consent record

When you create an account you tick a PDPA consent checkbox and submit the registration form. At that moment we store a timestamp of your consent against your account, which serves as our record that you agreed to this notice on that date. You can withdraw your consent at any time by emailing info@3dninjaz.com; note that withdrawing consent may prevent us from processing new orders for you.