AutoMalaya OBD logoAutoMalaya OBDDownload on the App Store

Privacy Policy

Last updated: 23 June 2026

This Privacy Policy explains how the AutoMalaya OBD team (“we”, “us”, “our”) handles information in connection with the AutoMalaya OBD app and website (the “Service”). We designed the Service to be local-first and privacy-first. This policy is intended to align with Malaysia’s Personal Data Protection Act 2010 (PDPA) and applicable Apple App Store requirements.

1. Our core principle

By default, your vehicle and diagnostic data stay on your device. We do not operate an application server that collects your diagnostic data. We do not sell personal data, and we do not use it for advertising or cross-app tracking.

2. Information processed on your device

  • Vehicle details: make, model, year, fuel type, nickname, and (optionally) VIN.
  • Diagnostic data: fault codes, freeze-frame data, readiness monitors, live sensor snapshots, battery voltage, health score, and generated reports.
  • Adapter info: the adapter’s name/identifier and connection details.
  • Trip/location: optional and off by default. If you record a trip, your location is used only while recording — to map the route and measure distance — and the trip (route, distance, estimated fuel economy) is stored on your device and never uploaded.
  • Service records: any maintenance, cost, and odometer entries you choose to log.

3. Bluetooth

Bluetooth is used solely to discover and connect to your OBD-II adapter. It is not used to track you or your location.

4. On-device AI

Reports are generated on your device. No diagnostic data is sent to any server for AI processing. The only optional network feature is the VIN lookup described in section 5; if we ever introduce other cloud features, we will request your explicit consent and explain what is sent before any data leaves your device.

5. Optional online VIN lookup

If you tap “Decode VIN”, the app sends only the VIN to the U.S. National Highway Traffic Safety Administration (NHTSA) vPIC database to retrieve vehicle details (make, model, year, engine). This is optional and user-initiated — it never runs automatically, and no other data is sent. If you don’t use it, the app makes no such network calls. Your VIN is not sent to our servers (we don’t operate one).

6. Optional iCloud sync

If you enable sync, your data is stored in your own iCloud account via Apple’s CloudKit private database. It is not stored on our servers and is governed by Apple’s privacy terms. You can disable sync or delete the synced data at any time.

7. Analytics

If enabled, we process only minimal, privacy-friendly product events (for example, “scan completed” or “report generated”) to improve the app. We do not collect raw diagnostic data, specific fault codes tied to you, VIN, precise location, or device fingerprints for analytics.

8. Purchases

One-time purchases (Pro and the used-car report) are processed by Apple. We receive your entitlement status (e.g. unlocked) from Apple but not your payment-card details.

9. How we use information

To provide diagnostic features, generate and export reports, enable optional sync and reminders, provide support, and (with consent) improve the Service. We process data on the lawful bases of performing our agreement with you and your consent, consistent with the PDPA.

10. Sharing & disclosure

We do not sell your data. Data leaves your device only when you choose to export or share a report, enable iCloud sync (to your own iCloud), use the optional VIN lookup (only the VIN, to NHTSA — see section 5), or contact support. We may disclose information if required by law or to protect rights and safety.

11. Retention & your rights

Local data is retained until you delete it or uninstall the app. You can delete any vehicle, scan, or report, or wipe all data from within the app. Under the PDPA you may request access to, or correction of, personal data we hold (if any), and withdraw consent; contact us using the details below.

12. Children

The Service is not directed to children and is intended for adults.

13. Security

We rely on device and platform protections (iOS sandboxing and, where enabled, your iCloud account security). No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

14. Changes

We may update this policy; material changes will be posted here with a revised date.

15. Contact

For privacy questions or PDPA requests: hello@automalaya.app.

This document is provided for general information and does not constitute legal advice. Please have a qualified privacy/legal adviser confirm it reflects your registered entity and data practices before public launch.