Privacy Policy

Data Controller

ResidenC is operated in Malaysia. As the data controller, we are responsible for deciding how your personal data is collected and used. For any data protection inquiries, you can reach us at hello@residenc.app.

Personal Data We Collect

We collect different categories of personal data depending on how you interact with our platform. Below is a breakdown by user type and feature:

Resident Profiles

Full name, email address, phone number, and residential unit assignment.

Visitor Information

Full name, phone number, identification card or passport number, vehicle plate number, and check-in photographs.

Guard Data

GPS location data during active patrol sessions, patrol checkpoint photos, shift clock-in and clock-out records, and duty history.

Payment Data

Receipt images, billing amounts, transaction history, and payment method details processed through our payment gateway.

Domestic Staff Records

Full name, phone number, photograph, identification documents, work schedule, and attendance records.

Parcel Tracking

Sender name, tracking number, parcel photos at intake and collection, and collection timestamps.

Marketplace Bookings

Service booking details, vendor reviews and ratings, booking history, and scheduled appointment times.

How We Collect Data

• Direct input from users when registering accounts, creating visitor passes, submitting payments, or filling out forms within the app.
• Automated collection through app usage, including device information, access logs, and interaction data generated when you use the platform.
• Cookies and analytics tools (PostHog) that collect anonymised usage patterns to help us improve the service.

Purpose of Data Processing

We process your personal data for the following purposes:

• Service delivery: Managing visitor registrations, generating QR-coded visitor passes, processing check-ins and check-outs, and maintaining visitor records.
• Security management: Tracking guard patrols, managing shift schedules, recording security incidents, and maintaining access logs for community safety.
• Billing and payments: Processing maintenance fee payments, generating receipts, and managing subscription billing for residential communities.
• Push notifications: Sending timely alerts about visitor arrivals, payment reminders, incident updates, and parcel availability.
• Community management: Facilitating announcements, news articles, incident reporting, and communication between residents and management.
• Compliance and reporting: Meeting regulatory requirements under Malaysian law, maintaining audit trails, and generating reports for building management committees.

Third-Party Data Sharing

We share your data with the following third-party service providers, each for a specific purpose. We do not sell your personal data to any third party.

• Supabase — Database hosting and cloud infrastructure (PostgreSQL). All community data is stored securely on Supabase servers with encryption at rest.
• Firebase / FCM — Push notification delivery to mobile devices. Only device tokens and notification content are shared.
• Chip — Payment processing for subscription billing. Payment card details are handled directly by Chip and never stored on our servers.
• AWS SES — Transactional email delivery (OTP codes, payment reminders, invitations). Only email addresses and message content are shared.
• PostHog — Product analytics with a 10% sampling rate. Data is aggregated and used for service improvement only.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law:

• Visitor records: 2 years from the date of the visit.
• Access logs and security records: 1 year from the date of the event.
• Collected and returned parcel records: 45 days after collection or return.
• Account data: Retained until you request deletion of your account.
• Billing and payment records: 7 years in accordance with Malaysian tax requirements.

Your Rights

Under the Malaysia PDPA 2010 and its 2024 amendment, you have the following rights regarding your personal data:

• Right to access: Request a copy of your personal data that we hold.
• Right to correction: Request correction of inaccurate or incomplete personal data.
• Right to withdraw consent: Withdraw your consent for data processing at any time, though this may affect your ability to use the service.
• Right to deletion: Request deletion of your personal data, subject to legal retention requirements.
• Right to data portability: Request your data in a structured, commonly used format (as supported under the PDPA 2024 amendment).
• Right to complaint: Lodge a complaint with the Personal Data Protection Commissioner if you believe your rights have been violated.

To exercise any of these rights, please email us at hello@residenc.app. We will respond to your request within 21 working days.

For EU Residents (GDPR)

If you are located in the European Union, we acknowledge your rights under the General Data Protection Regulation (GDPR). Our legal basis for processing is consent (provided at registration) and legitimate interest (for security and service delivery). We do not engage in automated profiling or decision-making. For GDPR-related inquiries, please contact us at hello@residenc.app.

Security Measures

We take the security of your personal data seriously and implement the following measures:

• Encryption at rest and in transit using TLS/SSL protocols for all data communication between your device and our servers.
• Row-Level Security (RLS) policies on our database to ensure users can only access data they are authorised to view.
• Secure token storage for authentication credentials, with automatic session refresh and secure logout.
• Regular security reviews and vulnerability assessments of our infrastructure and application code.
• Comprehensive access logging and audit trails to detect and respond to unauthorised access attempts.

Cookies & Analytics

• PostHog analytics with a 10% sampling rate for performance monitoring and product improvement. Analytics data is aggregated and not linked to individual user profiles.
• Essential cookies for session management and authentication. These are strictly necessary for the service to function and cannot be opted out of.
• We do not use any third-party advertising cookies or tracking pixels. Your browsing activity is not shared with advertisers.

Children's Privacy

ResidenC is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at hello@residenc.app.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and notify users through the app or via email. Your continued use of ResidenC after changes are posted constitutes your acceptance of the updated policy.

Contact Us

For any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact our data protection team at hello@residenc.app. We are based in Malaysia and aim to respond to all inquiries within 21 working days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Malaysia Personal Data Protection Commissioner (Jabatan Perlindungan Data Peribadi) at www.pdp.gov.my.