Effective January 1, 2025 App & Services

Privacy Policy

Your information,
handled with care.

We only collect what we need to serve you a great meal — and the same care we give to the kitchen, we give to your data.

Contents

1 Who we are 2 What we collect 3 How we use it 4 Sharing & processors 5 How we protect it 6 Your rights 7 Retention 8 Changes & contact
1

Identity

Who we are

"We", "us", or "our" refers to Oh Yeah! Banana Leaf — a Malaysian South Indian restaurant group operating across Kuala Lumpur and Selangor. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile app, our website, or visit one of our outlets.

2

Data

What we collect

We only collect what's needed to provide our services. This includes:

Account details
Name, email, phone number, and password (always stored encrypted).
Order history
Items ordered, outlet, payment status, delivery / pickup choice.
Loyalty activity
Points earned, points redeemed, rewards claimed, daily check-ins.
Device info
Device type, operating system, app version, push notification token.
Optional details
Date of birth (for birthday rewards), saved addresses, dietary preferences.

We do not store your full payment card details. Payment information is handled directly by our licensed payment partners under their own security standards.

3

Purpose

How we use your information

Process and fulfil your orders, reservations, and merchandise purchases.

Manage your Oh Yeah! Club account, points balance, and reward redemptions.

Send order updates, receipts, and service-related notifications.

Send marketing — only when you have opted in — for promotions and new menu launches.

Improve the app, fix bugs, and analyse usage trends in aggregate.

Comply with Malaysian tax, accounting, and consumer-protection laws.

4

Disclosure

Sharing & processors

We do not sell your data. We share information only where it is necessary to operate our services — and only with trusted partners under written data-protection terms.

Payment partners
Boost and other licensed processors, to charge for orders and merchandise.
Delivery providers
When you place a delivery order, the rider receives the address and order details.
Cloud & analytics
Hosting (Cloudflare, AWS), push notifications (Firebase), error monitoring.
Authorities
When required by Malaysian law, court order, or legitimate regulator request.
5

Safeguards

How we protect your information

Industry-standard safeguards apply across our systems: TLS encryption in transit, hashed passwords, role-based access for staff, and audit logging of administrative actions.

No system is perfectly secure. If a security incident affects your data, we will notify you and the relevant authorities in accordance with Malaysia's Personal Data Protection Act (PDPA) 2010.

6

Control

Your rights

Under the PDPA 2010, you have the right to:

Access the personal data we hold about you.

Correct or update your information from inside the app.

Withdraw marketing consent at any time, without affecting your account.

Request deletion of your account and the personal data tied to it.

Lodge a complaint with the Personal Data Protection Department of Malaysia.

7

Retention

How long we keep it

Account information stays with us while your account is active. Order and payment records are kept for up to 7 years to satisfy Malaysian tax and accounting requirements. Marketing-only data is removed within 30 days of your opt-out.

When you delete your account, we erase or anonymise your personal data — except where we are legally required to keep transactional records.

8

Contact

Changes & getting in touch

We may revise this policy from time to time. The "Effective" date at the top of this page reflects the most recent revision. Material changes will be communicated through the app.

Privacy Enquiries

Oh Yeah! Banana Leaf
Visit any outlet, or reach us through the Help Centre inside the Oh Yeah! Banana Leaf mobile app — our team is happy to walk you through any privacy question.