Privacy Policy
Last updated: July 8, 2026
This policy explains how KerjaOn collects, uses, discloses and protects your personal data when you use our platform, in line with Malaysia's Personal Data Protection Act 2010 (PDPA). By using KerjaOn you acknowledge that you have read and understood this policy.
1. Who we are
KerjaOn is an instant gig-shift matching platform operating in Johor Bahru, Malaysia. We connect gig workers with merchants for short shifts, manage payments through escrow and support compliance with the Gig Workers Act 2025 (Act 872). For PDPA purposes, KerjaOn is the data user for personal data processed on this platform.
2. Data we collect
We collect only what the platform needs to operate:
- Account data: your phone number, name and login details.
- Identity verification (eKYC): MyKad details and images you submit for identity and right-to-work checks.
- Location data: your device location when finding nearby shifts and at attendance check-in/out. Location is never tracked in the background.
- Enquiry form data: business name and contact details submitted through the forms on our website.
- Usage data: shift and transaction history, ratings, and in-platform chat messages (contact details are masked automatically).
3. Purposes of processing
We process your personal data for the following purposes:
- Matching workers with nearby shifts and managing grabs and confirmations.
- Processing escrow payments, same-day payouts, commission and financial records.
- Legal compliance: Act 872 service agreements, PERKESO contributions, student work-hour caps and right-to-work checks.
- Platform safety: preventing fraud, abuse and off-platform circumvention.
- Customer support and service improvement.
4. Disclosure to third parties
We never sell your personal data. Data is disclosed only to:
- Payment and payout providers to process escrow and wages.
- Identity verification (eKYC) providers for MyKad checks.
- PERKESO and related agencies, to the extent required by law.
- Authorities or courts where Malaysian law requires it.
5. Retention
We keep personal data while your account is active. After closure, financial records, service agreements and compliance records are kept for the statutory retention periods; other data is deleted or anonymised once no longer needed.
6. Security
Data is protected with encryption in transit, tiered access controls and audit logs on administrator access. No method of transmission or storage is completely secure; we will notify you and the relevant regulator of any serious data breach.
7. Your rights under the PDPA
You may request access to your personal data, correct inaccurate data, and withdraw consent to processing (withdrawal may limit our ability to provide the service). Send data access or correction requests to the contact below; we respond within 21 days.
8. Cookies and analytics
Our public pages use first-party page counters only: we count pageviews and clicks with no cookies, no device fingerprinting and no third-party ad trackers. These counters record no personal data.
9. Changes to this policy
We may update this policy from time to time. Material changes are announced through the platform or website before they take effect; continued use afterwards means you accept the updated policy.
10. Contact us
For data access, correction, consent withdrawal or privacy complaints, contact the KerjaOn team through the in-app support channel.