PDPA Notice

Nukmans Technology is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This notice describes how we collect, use, and protect your data, and explains the rights available to you as a data subject.

This PDPA Notice should be read alongside our Privacy Policy. In the event of any conflict, the terms of this PDPA Notice shall prevail in relation to your rights under Malaysian law.

1. Data Controller

The data controller responsible for your personal data is:

2. Categories of Personal Data Processed

We process personal data across three user categories on the platform:

Category	Data Elements	Applies To
Identity Data	Full name, national IC number, passport number, photo/selfie	Resident Guard
Contact Data	Email address, phone number	Management Resident Guard
Property Data	Unit number, vehicle plate number(s)	Resident
Organisational Data	Property/company name, role/designation	Management
Technical Data	Device token, IP address, browser and device type	Management Resident Guard
Usage Data	Login times, features accessed, visitor logs, QR pass records	Management Resident Guard

3. Purposes of Processing

We process your personal data for the following purposes:

1. Account registration and authentication — to create and verify your user account
2. Visitor access management — to issue, validate, and process visitor QR passes at the gate
3. Identity verification — to confirm the identity of residents, guards, and visitors
4. Resident and guard management — to enable Management to administer their property users
5. Security record-keeping — to maintain visitor logs and audit trails for property security
6. Push notification delivery — to alert residents when visitors arrive and guards of access requests
7. Platform improvement and analytics — to understand usage patterns and improve the service
8. Billing and payment processing — for subscription management (upcoming feature)
9. Legal and regulatory compliance — to meet obligations under Malaysian law

4. Legal Basis for Processing

Under the PDPA 2010, we process your personal data on the following grounds:

• Consent — you have provided explicit consent to the processing of your personal data during registration
• Contractual necessity — processing is necessary to deliver the services you have requested and agreed to
• Legal obligation — processing is required to comply with applicable Malaysian laws and regulations
• Legitimate interests — processing is necessary for our legitimate interest in securing the platform and preventing fraud, where such interests are not overridden by your rights

5. Data Processors

We engage the following data processors to operate the platform. All processors are bound by written agreements requiring them to protect your data and process it only as directed by us:

Processor	Purpose	Data Location
DigitalOcean	Cloud hosting and data storage	USA / Singapore
Push Notification Vendor	Mobile and in-app notification delivery	Various
Analytics Provider	Aggregated usage analytics (anonymised)	Various
Payment Processor	Subscription billing and payment handling (upcoming)	To be confirmed

6. Data Retention

We retain personal data only for as long as necessary for the stated purposes or as required by law:

• Visitor logs — 12 months from the date of visit, then permanently deleted
• Resident data — retained for the duration of tenancy or residency, plus 90 days after account closure
• Guard accounts — deleted within 30 days of termination of assignment or employment
• Management accounts — retained for the duration of the active subscription, plus 90 days after termination

You may request earlier deletion (see Section 7). We will comply unless we are required by law to retain the data.

7. Your Rights Under PDPA 2010

As a data subject under the Personal Data Protection Act 2010, you have the following rights:

To exercise any of these rights, submit a written request to us at nukmans.tech@gmail.com. Please include your full name, the email address associated with your account, and a description of your request. We will respond within 21 days.

8. Security Measures

We have implemented appropriate technical and organisational measures to safeguard your personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction:

• All data transmitted between your device and our servers is encrypted using HTTPS/TLS
• Role-based access controls ensure staff can only access data relevant to their duties
• Authentication requirements for all administrative and platform access
• Regular security monitoring, patching, and vulnerability assessments
• Data access is logged and auditable

9. Cross-Border Data Transfers

Some of our data processors (including DigitalOcean) may store or process data in countries outside Malaysia, including the United States and Singapore. When transferring data internationally, we ensure that appropriate safeguards are in place, consistent with the requirements of the PDPA 2010 and any applicable guidelines issued by the Personal Data Protection Commissioner.

10. Complaints

If you believe that your personal data protection rights have been violated, you may:

• Contact us directly at nukmans.tech@gmail.com — we will investigate and respond within 21 days
• Lodge a complaint with the Personal Data Protection Commissioner of Malaysia at www.pdp.gov.my

11. Updates to This Notice

We may update this PDPA Notice from time to time to reflect changes in our practices or applicable law. We will notify you of material updates by email or via an in-app notice before the changes take effect. The revised notice will be published on this page with the updated effective date.