Privacy Policy

Last updated: March 2026 · Effective date: March 2026

How ResidenC collects, uses and protects your personal information.

Introduction

This Privacy Policy explains how ResidenC ("we", "our" or "us") collects, uses, shares and protects personal data of residents, visitors, guards and other users of our residential-management platform.

By using the platform, you acknowledge that you have read and understood this policy. We are committed to protecting your privacy and handling your data in compliance with applicable laws, including the Personal Data Protection Act 2010 (Malaysia).

Data Controller

ResidenC Sdn. Bhd. is the data controller responsible for personal data processed through the platform. For privacy-related enquiries, please contact us using the details in the Contact section below.

Data We Collect

We collect different categories of data depending on your role and how you interact with ResidenC.

Residents

Name, phone number, email, unit number, profile photo, family-member details, vehicle information, and any payment or billing information you provide.

Visitors

Name, phone number, identification number where required, vehicle plate, visit purpose, host unit, check-in/check-out times and any photos taken at the gate.

Guards & Security Staff

Name, employee ID, contact details, patrol-route GPS logs, shift clock-in/clock-out records and incident reports filed through the app.

Payment Information

Invoice records, payment receipts, DuitNow QR references and transaction identifiers provided by our payment processor. Card and bank account numbers are handled by our payment processor and not stored on our servers.

Domestic Staff

Name, contact number, role, scheduled working hours and attendance logs recorded when staff check in or out at a unit.

Parcel Deliveries

Recipient name, unit number, courier name, parcel reference, photo of the parcel and timestamps when the parcel is received by security and collected by the resident.

Marketplace & Community Forum

Listings you publish, messages you send to other residents, and content posted in the community Forum. These features are visible to other residents in your community.

How We Collect Data

  • Directly from you when you register, invite a visitor, submit a payment, file an incident or use any feature that requires input.
  • Automatically when you use the platform (device identifiers, IP address, OS version, app version and basic usage analytics).
  • Through cookies and similar technologies on the web portal, as described in the Cookies section below.

Purpose of Processing

We process your personal data for the following purposes:

  • Providing and operating the residential-management service (visitor passes, unit management, access logs).
  • Ensuring security within the residential community (gate screening, incident handling, SOS response).
  • Billing, invoicing and payment processing for service charges and facility bookings.
  • Sending operational notifications (visitor arrivals, approvals, announcements, SOS alerts).
  • Enabling community features such as announcements, Forum discussions and marketplace listings.
  • Complying with legal obligations, including responding to lawful requests from authorities and record-keeping requirements.

Third-Party Services

We rely on reputable third-party processors to deliver the service. Each processor is bound by its own privacy commitments:

  • SupabaseHosts our database and authentication in the Asia-Pacific region with encryption at rest and in transit.
  • Firebase / FCMDelivers push notifications to your mobile device. Only a device token and the notification payload are sent; no account data is shared beyond what the notification displays.
  • ChipProcesses DuitNow QR and online banking payments. Chip receives only the information needed to complete the transaction.
  • AWS SESDelivers transactional emails (OTP codes, invitations, password reset links). The recipient address and message body pass through AWS SES.
  • PostHogAggregates anonymous product-usage analytics. We do not send your name, phone number or address to PostHog.

Data Retention

We retain personal data only for as long as necessary for the purposes described above or as required by law. Typical retention periods:

  • Visitor records: 2 years from the check-out date, after which they are archived or anonymised.
  • Access and audit logs: 12 months for security and compliance reviews.
  • Parcel records and photos: 90 days after the parcel has been collected.
  • Account data: retained while your account is active; deleted within 30 days after account closure unless retention is required by law.
  • Billing and payment records: 7 years to comply with Malaysian tax and accounting regulations.

Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Right to access the personal data we hold about you.
  • Right to correct inaccurate or incomplete personal data.
  • Right to withdraw consent where processing is based on consent.
  • Right to request deletion of your personal data where retention is no longer required.
  • Right to receive a copy of your data in a portable, machine-readable format.
  • Right to lodge a complaint with the Personal Data Protection Commissioner of Malaysia.

To exercise any of these rights, contact us using the details in the Contact section. We will respond within 21 days.

GDPR (for EU residents)

If you are located in the European Economic Area, you additionally have rights under the General Data Protection Regulation (GDPR), including the right to object to processing and the right to lodge a complaint with your local supervisory authority.

Security Measures

We implement the following safeguards to protect your data:

  • Encryption at rest and TLS/HTTPS encryption in transit for all data between your device and our servers.
  • Row-Level Security (RLS) policies in Supabase, so each user can only read or modify data they are authorised to see.
  • Session tokens stored in secure storage on mobile devices; tokens are short-lived and rotated regularly.
  • Regular security reviews of our codebase, dependencies and database policies.
  • Audit logging of sensitive actions so suspicious activity can be investigated promptly.

Cookies & Analytics

  • Analytics cookies help us understand which features are used most so we can improve the product.
  • Essential cookies are required to keep you signed in and to operate the web portal.
  • We do not use advertising cookies or sell personal data to advertisers.

Children's Privacy

ResidenC is not intended for children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete the information.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with the updated effective date. Material changes will be highlighted in-app or by email.

Contact Us

For privacy-related enquiries, access requests or to exercise your rights, email privacy@residenc.app. We aim to respond within 21 days.

You may also write to us at our registered office address. We take every enquiry seriously and will investigate all complaints promptly.