Rimba & Co. Sdn Bhd ("Rimba", "we", "us") operates the website rimba.casa. This Privacy Policy explains how we collect, use, store and protect your personal data in compliance with the Malaysia Personal Data Protection Act 2012 (PDPA), the EU General Data Protection Regulation (GDPR) for customers in the European Economic Area, and the Australian Privacy Act 1988 for customers in Australia.
When you place an order or submit an enquiry, we collect: your name, email address, delivery address, phone number (optional), and order details. When you use our chatbot (Sari) or the wholesale enquiry form, we also collect the content of your messages. We do not store payment card details — payments are processed securely by our payment partners (FPX, GrabPay, Stripe).
We use your data to: process and fulfil your order, communicate about your order status, respond to your enquiries, and improve our products and services. We do not sell, rent or share your data with third parties for marketing purposes.
Our website uses AI technology powered by Anthropic PBC (claude.ai) to assist with: order confirmation messages, the Sari chatbot, wholesale enquiry responses, and the contact form. When you use these features, your message content (including name, order details, and enquiry text) is processed by Anthropic's API to generate responses. Anthropic processes this data in accordance with their Privacy Policy. We use Anthropic's API with minimal data retention settings.
We use a single functional cookie to remember your cookie consent preference. We do not use analytics, advertising or tracking cookies. No third-party tracking scripts (Google Analytics, Facebook Pixel, etc.) are active on this website.
Order data is retained for 7 years for accounting and legal compliance purposes. Enquiry data is retained for 12 months. You may request deletion of your data at any time by contacting us, subject to our legal retention obligations.
As an AI-assisted service, your message data may be processed by Anthropic's infrastructure in the United States. Such transfers are subject to appropriate safeguards under Anthropic's Standard Contractual Clauses and data processing terms.
Under the PDPA, GDPR (where applicable) and Australian Privacy Act, you have the right to: access your personal data, correct inaccurate data, request deletion ("right to be forgotten"), withdraw consent at any time, and lodge a complaint with your local data protection authority. To exercise these rights, contact us at hello@rimba.casa.
We implement appropriate technical measures including HTTPS encryption for all data in transit. Our website is hosted on Vercel's infrastructure with industry-standard security practices.
Our services are not directed at children under 18. We do not knowingly collect personal data from minors.
We may update this Privacy Policy. The "Last Updated" date indicates when changes were made. Continued use of the website constitutes acceptance of any updates.
Rimba & Co. Sdn Bhd
12 Jalan Ampang, Kuala Lumpur 50450, Malaysia
hello@rimba.casa