Privacy Policy

Last updated: 1 June 2026

Who we are

LAP Calculator is operated by the Legacy Advisory Program ("we", "us", "our"). For any question about this policy, your data, or to exercise your rights under the Personal Data Protection Act 2010, contact your LAP class administrator.

Short summary

  • We do store your advisor account and the customer profiles you create. They are synced securely so you can resume work across devices.
  • Customer profile data is visible only to you — enforced by strict access controls. Even our administrators and class organisers cannot read it.
  • We do not use analytics, advertising trackers, behavioural cookies, error trackers, or any data brokers. We do not sell data.

What we collect, and why

The categories below describe everything we hold about you, and why each one exists.

  • Advisor identity. Your email address, and — if you sign in with Google — a unique account identifier and the basic profile data (name, picture) Google provides. Purpose: authenticate you.
  • Agent ID binding. Your Agent ID, the name on your LAP class roster, and your binding status. Email-to-Agent-ID binding is permanent and one-to-one. Purpose: verify paid-class enrolment and deter account sharing.
  • Customer profiles you create. A label you choose for the client (commonly a name) and the full calculator state — financial figures, asset breakdown, dependents, and the selections you make in the tool. Purpose: let you save and resume client work across sessions and devices.
  • Share-link snapshots. When you generate a share link, we store a frozen copy of the customer name and the summary totals separately, together with a securely hashed form of the 4-digit PIN you set. Purpose: enable a PIN-gated, time-limited summary you can send to your client.
  • Device sessions. A device identifier (a random value generated and stored on your device), a truncated copy of your browser's user-agent string, and a last-seen timestamp. Purpose: enforce the 2-device-per-account limit by evicting the oldest device when a third signs in.
  • Internal audit log. Each Agent-ID lookup records your user ID, the Agent ID searched, whether a match was found, and a timestamp. Purpose: rate-limit and forensically investigate attempts to scrape the class roster. Never used for marketing or profiling.
  • Web server logs. Our hosting provider automatically logs standard request metadata — IP address, user-agent, request path, timestamp. Purpose: abuse prevention, diagnostics, uptime.

What we do not collect

To be explicit:

  • No analytics tags of any kind.
  • No advertising cookies or remarketing pixels.
  • No behavioural tracking or session recording.
  • No IP-based fingerprinting beyond standard hosting logs.
  • No third-party error or crash reporting.
  • No contact-list, calendar, or social-graph imports.

Customer data is owner-only by design

We treat customer-side data — the names and financial figures you enter on behalf of clients — as the most sensitive category in the system. The guarantees are enforced by the system itself, not just stated in this policy:

  • Every customer profile is tied to its owner and is gated by strict, server-enforced access controls. Only the advisor who created it can read or modify it.
  • No administrator override exists for customer profiles. Class organisers and the platform operator cannot read them directly. The admin portal only ever sees per-advisor profile counts.
  • Share links never read customer profiles directly. They go through a dedicated, tightly scoped path whose output is fixed and audited, and which never exposes the advisor identity, the raw calculator inputs, internal identifiers, or the PIN.

Where your data lives

Your account and the customer profiles you create are stored with reputable third-party cloud infrastructure providers under contractual data-protection terms. We do not share your data with anyone else, and we use no advertisers, no data brokers, and no analytics vendors.

Cross-border data transfer

Some of the infrastructure used to run this service is located outside Malaysia. By using the service you consent to your personal data being processed in those locations under appropriate safeguards.

What stays on your device only

Your browser keeps a few things locally, on your device only:

  • Your current draft and a short local history of saved work, so the tool works offline and survives a tab close.
  • Locale and small UI preferences.
  • A device identifier used to enforce the 2-device limit.
  • Your sign-in session, so you stay signed in between visits.

These values persist until you clear your browser data, sign out, or use the in-app delete / reset controls. The offline cache stores application code only — it never contains personal data.

Share links — what is and isn't exposed

A client who has both the share link and the 4-digit PIN sees the customer name and the summary totals only. They cannot see your identity, the raw figures you entered, the customer profile ID, or other clients of yours. Share links automatically expire 3 days after creation, and auto-revoke after 5 incorrect PIN attempts.

How long we keep things

  • Your account — for as long as your binding is active.
  • Customer profiles — until you delete them or your account is removed.
  • Share links — auto-expire after 3 days, or earlier if revoked.
  • Device sessions — pruned automatically when a third device pushes the oldest out.
  • Internal audit log — retained while it remains useful for abuse investigation; never used for marketing.
  • Backups — short-term backups are retained for a limited period (typically up to 7 days) as part of standard infrastructure operations.

Your rights under PDPA

You have the right to:

  • Access the personal data we hold about you.
  • Correct data that is inaccurate or out of date.
  • Withdraw consent to processing — we will then deactivate your account, subject to any legal retention requirements.
  • Limit how we process your data.
  • Complain to the Personal Data Protection Commissioner if you believe we are mishandling your data.

To exercise any of these, contact your LAP class administrator; we aim to respond within 21 days. Self-service data export and account deletion are not yet built into the app — until they are, we handle these requests manually.

Children

The service is for adult licensed financial advisors and is not directed at children under 18. Calculator inputs can include data about third-party beneficiaries, including minors — please only enter such data where you have a lawful basis to do so.

How we protect your data

  • All traffic to and from the service uses TLS encryption.
  • Every category of personal data is protected by strict, server-enforced access controls.
  • Passwords are stored only as a salted hash — never plaintext, and never visible to us.
  • Share-link PINs are stored only in securely hashed form; the plaintext is never stored.
  • We do not send calculator inputs to any error or crash tracker — we use none.

Changes to this policy

We may update this policy. Material changes will be flagged on the calculator entry screen and reflected in the "Last updated" date at the top of this page.

Contact

Questions, requests, or complaints can be raised through your LAP class administrator.

See also: Terms of Service.