Privacy Policy

This Privacy Policy explains how MyResearchHub ("we", "us", "our") collects, uses, and protects your personal data. We are committed to compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

1. Data We Collect

We collect the following personal data when you register or use the Platform:

• Account information: name, email address, and password (stored as a secure hash).
• Researcher profile: institution, biography, and academic profile URLs (Google Scholar, ORCID, Scopus, personal website) — provided voluntarily.
• Social login data: when you sign in via Google, LinkedIn, or Microsoft, we receive your name and email address from that provider. We do not receive or store your social media password.
• Usage data: pages visited, search queries, and standard server logs (IP address, browser type, timestamps).

2. How We Use Your Data

• To create and manage your account.
• To process and display research submissions.
• To send transactional emails (email verification, password reset, submission status).
• To maintain the security and integrity of the Platform.
• To improve the Platform based on usage patterns.

We do not sell or rent your personal data to third parties.

3. Third-Party Services

We use the following third-party services, each with their own privacy policies:

• Google OAuth — social sign-in. Google Privacy Policy
• LinkedIn OAuth — social sign-in. LinkedIn Privacy Policy
• Microsoft OAuth — social sign-in. Microsoft Privacy Statement
• Mailgun — transactional email delivery.
• Google reCAPTCHA — spam and bot protection on forms.

4. Cookies

We use session cookies to keep you logged in and to maintain your preferences. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect your ability to log in.

5. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, your personal data will be removed within 30 days, except where retention is required by law or for legitimate business purposes (e.g. published research records).

6. Your Rights (PDPA)

Under the Personal Data Protection Act 2010, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete personal data.
• Withdraw consent to the processing of your personal data.
• Request that we limit or cease processing your personal data.

To exercise these rights, contact us via the Contact page.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Passwords are hashed and never stored in plain text. All data is transmitted over HTTPS.

8. Children's Privacy

The Platform is not directed at children under 18. We do not knowingly collect personal data from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Platform after changes are posted constitutes acceptance of the revised Policy.

10. Contact

For privacy-related enquiries or to exercise your PDPA rights, please contact us via the Contact page.