Privacy Policy

1. Overview

Efficlog is an internship logbook management platform designed for Malaysian university students and their supervisors. We take your privacy seriously. We only collect data that is necessary to provide our services, and we never sell your personal data to third parties.

2. What We Collect

We collect the following categories of personal data:

Category	Data Collected	Source
Account	Email address, role (student or supervisor)	You provide during sign-up
Student Profile	Full name, student ID, university, department, internship start and end dates	You provide during profile setup
Supervisor Profile	Full name, title, department, organisation, supervisor type (university/company)	You provide during profile setup
Logbook Content	Daily log entries (text), attached images, log status, submission timestamps	You create within the app
AI Analysis	Log quality scores, weaknesses, improvement suggestions generated from your log content	Automatically generated when you request analysis
Payment	Subscription plan, billing status. Payments are handled entirely by Apple App Store or Google Play Store — we never see or store your card details.	Apple App Store / Google Play Store
Usage Data	Feature usage counts (e.g. image uploads, analyses per month) for plan enforcement	Automatically tracked
Device & App	Push notification tokens, theme preference	Your device
Security Audit	Authentication events (login, OTP verification), IP address, risk score	Automatically logged for security

3. How We Use Your Data

We use your data only for the following purposes:

• Authentication — to verify your identity via OTP and issue secure session tokens
• Service delivery — to provide log creation, supervisor review, PDF export, readiness analysis, and resume generation features
• AI analysis — your log content is sent to Google Gemini to generate quality scores and improvement suggestions
• Notifications — to send you log review updates, reminders, and important account alerts
• Subscription management — to enforce plan limits and verify purchases through Apple App Store and Google Play Store
• Security — to detect and prevent fraud, abuse, or unauthorised access
• Service improvement — aggregated, anonymised usage patterns to improve the product

We do not use your data for advertising or sell it to any third party.

4. Third-Party Services

Efficlog uses the following third-party services that may process your data:

Service	Purpose	Data Shared
Google Gemini	AI log quality analysis and readiness scoring	Log entry text content
Apple App Store / Google Play	Payment processing and subscription management	Subscription plan, billing events (via RevenueCat)
Email provider	Sending OTP codes and notification emails	Email address, OTP code
Cloud storage	Storing log images you upload	Images you attach to log entries

All third-party providers are contractually required to handle your data securely and only for the purpose described above.

5. Data Sharing

Your data is shared only in these circumstances:

• With your supervisors — your log entries and profile are visible to supervisors you invite via Efficlog
• With third-party processors — as described in Section 4 above, strictly for service delivery
• Legal obligations — if required by Malaysian law, court order, or regulatory authority

We never sell, rent, or trade your personal data.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specific retention periods:

• Account and profile data — retained until you delete your account
• Log entries and images — retained until you delete them or your account
• Security audit logs — retained for 90 days
• Payment records — retained for 7 years as required by Malaysian financial regulations

When you delete your account, all personal data is permanently removed within 30 days, except where retention is required by law.

7. Your Rights Under PDPA 2010

Under Malaysia's Personal Data Protection Act 2010, you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Withdrawal of consent — withdraw consent to processing (note: this may prevent use of certain features)
• Deletion — request deletion of your account and associated data
• Complaint — lodge a complaint with the Personal Data Protection Commissioner Malaysia

To exercise any of these rights, contact us at hello@efficlog.com. We will respond within 21 days as required by the PDPA.

8. Security

We implement the following security measures to protect your data:

• JWT-based authentication with short-lived access tokens (15 minutes) and secure refresh tokens
• Passwords are never stored — we use OTP-based email verification only
• Image uploads validated by MIME type and magic bytes to prevent malicious uploads
• Rate limiting on authentication and API endpoints to prevent abuse
• HTTPS enforced for all data in transit
• All data stored on servers with encryption at rest

No system is 100% secure. If you suspect unauthorised access to your account, contact us immediately at hello@efficlog.com.

9. Children's Privacy

Efficlog is intended for university students aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

10. Policy Changes

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or an in-app notification. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of Efficlog after changes constitutes acceptance of the updated policy.

11. Contact Us

For any privacy-related questions, data access requests, or concerns:

• Email: hello@efficlog.com
• Company: Efficlog Technology
• Country: Malaysia

We aim to respond to all inquiries within 5 business days.