We accept virtually all paper-based confidential materials, including but not limited to:

• Financial records, invoices, and bank statements
• Personnel files, HR records, and payroll documents
• Client contracts, legal agreements, and case files
• Medical and patient records
• Printed emails, internal memos, and board papers
• Outdated company policies and procedure manuals
• Branded stationery, letterheads, and obsolete marketing materials

If you are unsure whether a specific item qualifies, contact us and we will advise.

Our primary base of operations is in Miri, Sarawak, and we regularly serve clients throughout Miri and the surrounding areas. For clients located further afield within Sarawak or across Malaysia, we can discuss tailored collection arrangements.

Please contact us with your location and volume requirements and our team will advise on the best available options for you.

We do not impose a strict minimum volume requirement. Whether you have a single box of outdated personnel files or an entire archive room of historical records, we can accommodate your needs.

For very small volumes, a one-off collection may be the most cost-effective option. For organisations with regular ongoing needs, our Scheduled Collection Plan is the most economical choice. Contact us and we will recommend the most suitable service for your situation.

Yes. We welcome clients who wish to be present and witness the destruction of their materials at our facility. If you prefer not to travel, we are also able to provide remote monitoring access so you can observe the destruction process live from your own premises.

In addition, every Certificate of Destruction we issue can be independently verified through our online certificate authentication system at any time — giving you documented, third-party-verifiable proof of destruction for your records and compliance requirements.

Please indicate your preference when making an enquiry and we will arrange accordingly.

Collection turnaround times depend on volume and scheduling. Once we receive your enquiry, we will confirm an available collection date — typically within a few business days for standard requests. Urgent collections can often be arranged on a priority basis; please contact us to discuss.

Following collection, destruction is completed and your Certificate of Destruction is issued within the same business cycle. For Scheduled Collection Plans, your chosen frequency (weekly, fortnightly, or monthly) determines the regular collection cadence.

From the moment your materials enter our custody, they are protected through a strict chain of custody process:

• Secure transport — Materials are transported in GPS-tracked locked vehicles directly to our secure facility.
• Facility security — Our destruction facility is access-controlled and monitored at all times.
• Documented destruction — Every destruction event is logged with weight, batch number, date, and time, forming a complete audit trail.

At no point during this process are your documents accessible to unauthorised parties.

We use industrial cross-cut double shredding — every document passes through our shredder twice, producing particles no larger than 5×20mm (100mm²). This is significantly smaller than what a single-pass office shredder produces, and renders material completely and permanently unreadable. Reconstruction of double-shredded particles is not practically possible.

For hard drives and digital media, we carry out physical destruction of the storage medium itself, permanently and completely eliminating any possibility of data recovery. Unlike software-based wiping — which can be incomplete and is often unverifiable — physical destruction ensures that data is gone regardless of the tools or methods used against it.

Every destruction job is documented with a Certificate of Destruction, which records the date, materials, and method used — providing your organisation with verifiable proof of compliant disposal.

All shredded paper material is transferred to certified recycling facilities for responsible disposal. Because material from multiple clients is consolidated during this process, the content of any individual document is rendered completely irrecoverable — providing an additional layer of security beyond the shredding itself.

This approach also means that your organisation's document destruction actively contributes to reducing paper waste. We take our environmental responsibility seriously, and ensuring that destroyed materials are diverted from landfill is a core part of how we operate.

The Personal Data Protection Act 2010 (PDPA) is Malaysia's primary data protection legislation. It governs how organisations collect, process, store, and — critically — dispose of personal data belonging to individuals.

Under the PDPA, organisations are legally obligated to take reasonable steps to ensure personal data is not retained longer than necessary, and that when it is disposed of, it is done securely so that it cannot be reconstructed or accessed by unauthorised parties.

Simply throwing documents in a bin or using an office strip-cut shredder does not meet this standard. Using a certified destruction service like Grass Stories — with a documented Certificate of Destruction — provides clear, verifiable evidence of lawful disposal.

Under the PDPA, organisations that fail to comply with data protection obligations — including improper disposal of personal data — can face significant penalties, including fines of up to RM 500,000 and/or imprisonment of up to three years for responsible individuals.

Beyond legal penalties, a data breach resulting from improper disposal can cause serious reputational damage, loss of client trust, and civil liability. Maintaining documented proof of secure disposal — such as our Certificate of Destruction — is an important part of any organisation's PDPA compliance programme.

Note: This information is general in nature. For specific legal advice regarding your organisation's PDPA obligations, we recommend consulting a qualified legal practitioner.

Document retention periods vary depending on the type of document and applicable regulations. As a general guide for Malaysian businesses:

• Financial & accounting records — Minimum 7 years (Companies Act 2016)
• Tax records — Minimum 7 years (Income Tax Act)
• Employee records — Duration of employment plus 6 years
• Contracts — 6 years from expiry (Limitation Act)
• Personal data (general) — Only as long as necessary for its original purpose (PDPA)

We strongly recommend maintaining a formal document retention schedule within your organisation. Once documents pass their required retention period, secure destruction should be carried out promptly. Retaining data beyond its necessary period is itself a PDPA compliance risk.

A Certificate of Destruction is an official document issued by Grass Stories Sdn Bhd confirming that your materials have been destroyed in accordance with our secure destruction procedures. Each certificate includes:

• A unique certificate reference number
• Your organisation's name and details
• Date and time of destruction
• Description and estimated weight of materials destroyed
• Destruction method used
• Authorised signatory from Grass Stories

This certificate serves as your documented proof of lawful data disposal — essential for PDPA compliance, internal audits, and regulatory inspections.

Our certificate authentication system allows clients to independently verify the authenticity of any Certificate of Destruction issued by Grass Stories. Using the unique certificate reference number printed on your certificate, you can access our secure verification portal and confirm:

• That the certificate is genuine and was issued by Grass Stories
• The destruction date, method, and material details
• The audit log history associated with that certificate

This feature is particularly valuable during compliance audits, as it provides an independent third-party verification that cannot be falsified. Access to the authentication portal is provided to clients upon engagement.

We recommend retaining your Certificates of Destruction for a minimum of 7 years, in line with standard document retention requirements under Malaysian law. In regulated industries such as banking, healthcare, or legal services, your sector regulator may specify longer retention periods — please check with your compliance team.

Since our certificates are also accessible through our online authentication system, your records are additionally backed up through our secure portal for the duration of your client relationship with us.

When you delete a file or format a drive, the operating system simply removes the file's reference in its index — the actual data remains on the drive's storage medium and can be recovered using widely available forensic software. This applies to standard format operations on both traditional hard disk drives (HDDs) and solid-state drives (SSDs).

Even specialised software-based "wiping" tools, while more effective than deletion, are not always reliable — particularly on SSDs with wear-levelling technology, which can retain data in inaccessible sectors. Physical destruction is the only method that guarantees permanent, irrecoverable data elimination.

We handle the physical destruction of a comprehensive range of digital storage media, including:

• Hard disk drives (HDDs) — desktop and laptop
• Solid-state drives (SSDs)
• USB flash drives and thumb drives
• Magnetic backup tapes (LTO, DLT, DAT)
• CD-ROMs, DVDs, and Blu-ray discs
• Memory cards (SD, microSD, CompactFlash)
• Circuit boards and server components containing storage
• Smartphones and tablets (please contact us to discuss)

If you have a media type not listed above, please contact us and we will advise whether we are able to assist.

Yes. For hard drive and digital media destruction, we issue a Certificate of Destruction that can include the unique serial number of each device destroyed (upon request). This provides device-level documentation — particularly important for IT asset disposal audits and compliance records in industries such as banking, healthcare, and government.

Please advise us at the time of collection if you require individual serial number logging.

Our pricing is tailored to each client's requirements and depends on several factors, including:

• The type of service required (off-site destruction, digital media destruction, scheduled plan)
• Volume and estimated weight of materials
• Collection frequency (for scheduled plans)
• Location and logistics considerations

We do not publish fixed rates because every client's needs are different, and we prefer to provide an accurate, fair quote rather than a misleading one-size-fits-all price. All initial consultations and quotes are completely free of charge — simply submit an enquiry and our team will respond within 1 business day.

Setting up a Scheduled Collection Plan is straightforward:

• Step 1 — Contact us to discuss your volume, frequency preference, and the number of locations requiring collection.
• Step 2 — We will consult with you (in person or remotely) to confirm the collection schedule and any specific requirements.
• Step 3 — Collections proceed on your agreed schedule (weekly, fortnightly, or monthly), with consolidated Certificates of Destruction issued per collection cycle.

Plans can be adjusted — frequency, volume, or locations — at any time by contacting your dedicated account contact.

For standard one-off collections, we aim to confirm a collection date within 1–3 business days of receiving your enquiry, subject to scheduling availability.

If you have an urgent requirement — for example, an impending audit or office relocation — please flag this clearly in your enquiry and we will do our best to prioritise your collection. Contact us directly by phone at 012-652 7719 for time-sensitive requests.