Zento · Last updated: 7 April 2026 · VISHTECH MX SDN. BHD.
1
Introduction
This Privacy Policy explains how VISHTECH MX SDN. BHD. ("VISHTECH", "Company", "we", "our", "us"), the developer, owner, operator, and maintainer of the Zento platform ("Zento", "Platform", or the "Services"), collects, uses, stores, and protects personal data when providing our cloud-based ERP and business operations platform.
Zento includes modules such as:
HR & Payroll
CRM & Sales
Quotations, Invoices & Receipts
Finance & General Ledger
Inventory & Supplier Management
Operations & Workflow Automation
Dashboard Reporting & Analytics
Administration & Access Control
We believe trust starts with transparency. This Policy explains how we handle company records, employee data, customer information, uploaded files, transaction records, and system credentials.
We comply with applicable data protection laws, including:
General Data Protection Regulation (EU) 2016/679 (GDPR)
UK GDPR
Personal Data Protection Act 2012 (Singapore PDPA)
Personal Data Protection Act 2010 (Malaysia PDPA)
By using Zento, you acknowledge and agree to this Privacy Policy.
2
Data Controller Contact
VISHTECH MX SDN. BHD. Developer, Owner & Operator of Zento Melaka, Malaysia
Email: support@zento.com.my
3
Personal Data We Collect
Depending on how the Client uses Zento, we may process:
A. Account Information
Company name
Contact person name
Email addresses
Phone numbers
Billing details
Subscription records
Login credentials
B. Employee & HR Data
Employee profiles
NRIC / passport numbers
Payroll data
Salary and allowance records
Leave and attendance
EPF / SOCSO / EIS details
Department and role records
C. Customer & CRM Data
Leads and prospect records
Customer contact details
Quotations, invoices, and receipts
Sales communication logs
Follow-up notes
D. Finance & Operational Data
Supplier profiles
Purchase orders
Stock and inventory records
Journal entries and general ledger
Payment and collection history
Financial reports
E. Uploaded Files
Receipts
PDFs
Contracts
Images
Spreadsheets
Reports
Supporting documents
F. Technical Data
IP addresses
Browser and device type
Session logs and cookies
Usage analytics
Audit trails and error logs
⚠️ We do not intentionally collect sensitive personal data unless uploaded or entered by the Client.
4
Purposes and Legal Basis
We process personal data only where legally permitted.
Legal Basis
Application
Contractual Necessity
To provide ERP workflows, HR and payroll processing, CRM and sales operations, finance and reporting, inventory and supplier management, and workflow automation
Legitimate Interests
To improve performance, provide support, monitor uptime, prevent fraud, enhance security, and optimize workflows
Consent
Where required for marketing updates, cookies, optional AI-assisted insights, and third-party integrations
Legal Obligation
To comply with tax regulations, payroll and employment laws, statutory retention requirements, and audit and legal obligations
5
How We Use Personal Data
We use data solely to:
Operate and maintain Zento
Process HR, payroll, finance, CRM, and inventory workflows
Generate quotations, invoices, receipts, and reports
Enable user collaboration and approvals
Provide dashboards and business insights
Support payment gateway, WhatsApp, email, and API integrations
Provide technical support and troubleshooting
Secure user access and permissions
Comply with legal and regulatory obligations
Important Commitments
We do not sell personal data. We do not use Client business data to train public AI models. We do not disclose Client data to competitors. We will never use Client financial records, payroll data, HR data, or customer databases for marketing without explicit written consent.
6
Confidentiality and Business Know-How
Confidential Information
Confidential Information includes:
Payroll data and accounting ledgers
Employee records
Pricing structures and supplier agreements
Internal workflows
Uploaded reports
API keys and credentials
This information will not be disclosed or reused.
General Know-How
VISHTECH may apply general ERP workflow patterns, system architecture learnings, UI/UX improvements, and automation best practices across industries without exposing Client-specific confidential data.
7
Disclosure of Personal Data
We may share data only in the following limited circumstances:
Cloud hosting and infrastructure providers – for server and storage operations
Payment gateways, WhatsApp APIs, SMS, and email integrations – as authorized by the Client
Compliance, payroll, or accounting integrations – as required by service delivery
Legal authorities – where required by applicable law
Mergers, acquisitions, or restructuring – with appropriate safeguards in place
We never sell or rent personal data.
8
Support Access
Authorized VISHTECH support personnel may access Client accounts for the following purposes:
Bug fixing and issue troubleshooting
Migration support
Workflow optimization
User onboarding
All access is role-based, logged, monitored, and restricted to authorized personnel only.
9
Data Retention
We retain data only as long as necessary. Retention periods may include:
Active subscription duration – data is retained throughout the subscription term
Accounting and payroll – in line with legal retention periods under Malaysian law
Backup retention cycles – for platform continuity and disaster recovery
Disaster recovery archives – for limited retention windows post-backup
⚠️ Upon termination, data will be deleted or anonymized within 90 days. Secure backups may remain for limited disaster recovery retention windows.
10
Data Security
We implement enterprise-grade security measures to protect personal data against unauthorized access, loss, or disclosure.
Hosting
Zento is hosted on secure cloud infrastructure with firewall protection, encrypted backups, server monitoring, and disaster recovery controls.
Security Controls
TLS encryption for all data in transit
Role-based access control (RBAC)
Activity logging and anomaly detection
Session timeouts and optional two-factor authentication (2FA)
Secure backup snapshots
11
International Transfers
Where Client data is transferred outside Malaysia or Singapore, VISHTECH applies appropriate safeguards including:
Standard Contractual Clauses (SCCs)
Cloud provider security controls
Data processing agreements with all sub-processors
12
Individual Rights
Subject to applicable laws, individuals may request:
Access
Request access to personal data held about you
Correction
Request correction of inaccurate personal data
Deletion
Request erasure of personal data where applicable
Portability
Request export of your data in a structured format
Objection
Object to certain processing activities
Withdraw Consent
Withdraw consent where processing is consent-based
Restriction
Request restriction of processing in certain circumstances
Requests may be sent to: support@zento.com.my
13
Cookies and Tracking
We use cookies for the following purposes:
Login sessions – to maintain authenticated user sessions securely
Analytics – to understand platform usage and performance
Security – CSRF protection and authentication integrity
User preferences – remembering interface and display settings