Privacy Policy

1. PDPA Compliance Statement

We are fully committed to compliance with the Personal Data Protection Act 2010 and all seven PDPA principles. This Privacy Policy is designed to meet the requirements of the PDPA and provide you with transparent information about our data processing practices.

Our Data Protection Officer can be reached at:

2. Personal Data We Collect

We collect personal data only with your explicit consent. The type of data we collect depends on whether you are registering as a Tenant or as an Owner/Landlord.

2.1 Data Collected from All Users

• Account Information: Full name, email address, Malaysian mobile phone number
• Authentication Data: Password (encrypted and managed by Supabase Auth), one-time passwords (OTP) for login verification
• Identity Verification: MyKad (Malaysian Identity Card) photograph and details including NRIC number, full name as per IC, date of birth, and address
• Communications: Messages sent through the Platform, support inquiries, and correspondence with us
• Technical Data: IP address, browser type, device information, access times (collected automatically when you use the Platform)

2.2 Additional Data Collected from Tenants

• Financial Information: Income proof documents (payslips, EPF statements, bank statements), employment details including employer name, position, and tenure
• Credit Information (Optional): CTOS credit report - submission of this document is entirely optional and at your discretion
• Rental History: Previous rental addresses, landlord references, rental payment history
• Personal References: Contact details of personal or professional references you choose to provide

2.3 Additional Data Collected from Owners/Landlords

• Property Ownership Documents: Property title documents (geran), grant documents, Sale and Purchase Agreement (SPA) pages
• Property Information: Property address, photographs, descriptions, rental terms, amenities, and pricing
• Bank Information: Bank account details for payment processing (when integrated with payment systems)

2.4 Data We Will Collect in the Future

We plan to implement the following data collection features. We will notify you and obtain fresh consent before activating these:

• Website Analytics: Google Analytics data including page views, session duration, user behavior patterns
• Cookies: Tracking cookies for analytics and user experience optimization
• Error Tracking: Automated error logs and crash reports for technical troubleshooting

3. Legal Basis for Processing Personal Data

3.1 Consent

We process your personal data based on your explicit consent, which you provide when:

• Creating an account on EZLEASE
• Submitting verification documents
• Subscribing to our services
• Opting in to marketing communications

3.2 Contractual Necessity

Certain data processing is necessary to fulfill our contractual obligations to you, including:

• Providing access to the Platform
• Processing payments and subscriptions
• Verifying your identity and documents
• Facilitating connections between Tenants and Owners

3.3 Separate Consent for Optional Data

For optional data such as CTOS credit reports, we obtain separate, explicit consent. You may choose not to provide optional data without affecting your core access to the Platform.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

4.1 Service Provision

• Creating and managing your account
• Authenticating your identity and securing your account
• Verifying the authenticity of submitted documents
• Displaying verification status to appropriate parties
• Facilitating connections between Tenants and Owners
• Processing subscription payments

4.2 Communication

• Sending transactional emails (account verification, password resets, subscription confirmations)
• Responding to your support inquiries
• Sending service announcements and updates
• Sending marketing communications (only with your explicit consent, which can be withdrawn at any time)

4.3 Platform Improvement

• Analyzing usage patterns to improve user experience
• Identifying and fixing technical issues
• Developing new features based on user needs

4.4 Legal Compliance and Safety

• Complying with legal obligations under Malaysian law
• Enforcing our Terms of Service
• Preventing fraud, abuse, and illegal activities
• Protecting the rights and safety of Users

4.5 What We Do NOT Do

We will NEVER:

• Sell your personal data to any third party
• Share your documents with other Users (Tenants will never see Owner documents; Owners will never see Tenant documents)
• Use your data for purposes beyond those stated in this Privacy Policy without obtaining fresh consent
• Share your data with third parties for their marketing purposes

5. Document Visibility and Confidentiality Rules

We maintain the highest standards of document confidentiality. Your sensitive verification documents are treated with utmost discretion.

5.1 EZLEASE as Trusted Intermediary

EZLEASE acts as a trusted intermediary in the verification process. We review and verify your documents, but we do not expose them to other Users.

5.2 Tenant Document Visibility

Documents submitted by Tenants (MyKad, income proof, CTOS reports, employment details) are:

• Visible ONLY to: Authorized EZLEASE verification personnel
• NEVER visible to: Property Owners, Landlords, or any other Users
• What Owners see: Only verification status indicators (e.g., "Verified" or "Not Verified")

5.3 Owner Document Visibility

Documents submitted by Owners (MyKad, property titles, grant documents, SPA pages) are:

• Visible ONLY to: Authorized EZLEASE verification personnel
• NEVER visible to: Prospective Tenants or any other Users
• What Tenants see: Only verification status indicators (e.g., "Property Verified" or "Owner Verified")

5.4 No Cross-User Document Sharing

We categorically do not share any User's raw personal documents with other Users under any circumstances. The verification model ensures privacy and security while building trust through verified status badges.

6. How We Store Your Data

6.1 Data Storage Infrastructure

All personal data and documents are stored securely using Supabase, a trusted cloud database platform:

• Storage Location: Singapore region (cross-border transfer disclosed in Section 11)
• Encryption: Data is encrypted both in transit (TLS/SSL) and at rest
• Access Control: Row-Level Security (RLS) policies ensure Users can only access their own data
• Authentication: Managed by Supabase Auth with industry-standard security protocols

6.2 Document Storage

Verification documents are stored in encrypted cloud storage with:

• Access restricted to authorized EZLEASE verification personnel only
• Secure upload and download protocols
• Audit logs tracking all access to sensitive documents

6.3 Password Security

Your password is never stored in plain text. We use industry-standard cryptographic hashing through Supabase Auth to protect your credentials.

7. Data Retention

7.1 Retention Period

We retain your personal data indefinitely while your account remains active, unless you request deletion. This allows you to maintain your verified status and continue using the Platform seamlessly.

7.2 Deletion Upon Request

You have the right to request deletion of all your personal data at any time. Upon receiving a valid deletion request, we will permanently delete your data within thirty (30) days, except where retention is required by Malaysian law or for legitimate legal purposes (e.g., resolving disputes, enforcing agreements).

7.3 How to Request Deletion

You may request data deletion through:

• The in-app data deletion feature in your account settings
• Sending a written request to privacy@ezlease.my

8. Third-Party Data Sharing and Processors

We share your personal data only with trusted third-party service providers who help us operate the Platform. These third parties are contractually obligated to protect your data and use it only for the specified purposes.

8.1 Current Third-Party Processors

Supabase

• Purpose: Database hosting, authentication, file storage
• Data Shared: All account data, verification documents, user-generated content
• Location: Singapore

Twilio (via Supabase Auth)

• Purpose: SMS delivery for one-time passwords (OTP)
• Data Shared: Mobile phone number
• Location: United States (operates globally)

8.2 Planned Third-Party Integrations

We will notify you and obtain fresh consent before activating the following integrations:

BillPlz

• Purpose: Payment processing for subscriptions
• Data Shared: Name, email, payment amount (BillPlz handles all card details directly; we never store payment card information)
• Location: Malaysia

Resend or Mailchimp

• Purpose: Transactional and marketing emails
• Data Shared: Name, email address
• Location: United States (Mailchimp) / United States (Resend)

Google Analytics

• Purpose: Website usage analytics
• Data Shared: Anonymized usage data, IP address (anonymized), browser information
• Location: United States
• Note: When activated, we will implement cookie consent mechanisms

Error Tracking Tools

• Purpose: Technical error monitoring and debugging
• Data Shared: Error logs, device information, anonymized user identifiers
• Location: To be determined

8.3 No Data Sale

We do not sell, rent, or trade your personal data to any third party for marketing or any other purposes.

9. Your Rights Under PDPA

Under the Personal Data Protection Act 2010, you have the following rights:

9.1 Right of Access

You have the right to request access to your personal data held by us. To exercise this right, contact privacy@ezlease.my. We will provide you with a copy of your data within twenty-one (21) days.

Note: Data download functionality is currently under development and will be available in future updates.

9.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal data. You can update most of your information directly through your account settings or by contacting us at privacy@ezlease.my.

9.3 Right to Withdraw Consent

You may withdraw your consent for data processing at any time by:

• Unsubscribing from marketing emails via the unsubscribe link
• Contacting privacy@ezlease.my
• Deleting your account

Note that withdrawing consent may affect your ability to use certain Platform features.

9.4 Right to Data Portability

You have the right to request your data in a structured, commonly used format. Contact privacy@ezlease.my to request data export.

9.5 Right to Deletion

You have the right to request permanent deletion of your personal data as described in Section 7.

9.6 Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with the PDPA, you have the right to lodge a complaint with:

10. Cookies and Tracking Technologies

10.1 Current Status

We currently do not use cookies or tracking technologies beyond essential session cookies required for Platform functionality.

10.2 Future Implementation

When we implement analytics tools such as Google Analytics, we will:

• Provide a clear cookie consent banner
• Allow you to accept or decline non-essential cookies
• Provide detailed information about each cookie type
• Allow you to manage cookie preferences at any time

10.3 Essential Cookies

Essential cookies required for Platform functionality (such as authentication session cookies) will continue to be used as they are necessary for the service to operate.

11. Cross-Border Data Transfers

11.1 Data Transfer Disclosure

Your personal data is transferred from Malaysia to Singapore where our data hosting provider, Supabase, maintains its infrastructure. This transfer is necessary for the provision of our services.

11.2 Safeguards

Singapore maintains data protection laws that are substantially similar to Malaysia's PDPA. Additionally:

• Supabase is contractually obligated to maintain the security and confidentiality of your data
• All data transfers are encrypted
• Access to data is restricted and monitored
• Supabase complies with international security standards

11.3 Consent

By using EZLEASE, you consent to the transfer of your personal data to Singapore and other jurisdictions where our third-party service providers operate, as disclosed in this Privacy Policy.

12. Children's Privacy

12.1 Age Restriction

EZLEASE is not intended for use by individuals under the age of 18 years. We do not knowingly collect personal data from anyone under 18.

12.2 Parental Notice

If you are a parent or guardian and believe your child under 18 has provided us with personal data, please contact us immediately at privacy@ezlease.my. We will promptly delete such data from our systems.

13. Data Breach Notification

13.1 Security Incident Response

In the unlikely event of a data breach that may affect your personal data, we will:

• Notify the Personal Data Protection Commissioner as required by law
• Notify affected Users via email within seventy-two (72) hours of becoming aware of the breach
• Provide details of what data was affected and the steps we are taking to address the breach
• Advise you on protective measures you can take

13.2 Security Measures

We implement industry-standard security measures to prevent data breaches, including:

• Encryption of data in transit and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response plans

14. Marketing Communications

14.1 Opt-In Required

We will only send you marketing communications if you have explicitly opted in to receive them. Marketing emails may include:

• New feature announcements
• Special promotions and offers
• Tips for using the Platform effectively
• Property market insights

14.2 Unsubscribe

You can unsubscribe from marketing emails at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Emailing marketing@ezlease.my

14.3 Transactional Emails

Please note that unsubscribing from marketing emails will not affect essential transactional emails such as:

• Account verification and password resets
• Subscription confirmations and payment receipts
• Important service announcements
• Security alerts

15. Changes to This Privacy Policy

15.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.

15.2 Notification of Material Changes

When we make material changes (major version updates that affect your rights or how we handle your data), we will:

• Update the version number and effective date at the top of this document
• Send notice to your registered email address at least fourteen (14) days before the changes take effect
• Display a prominent notice on the Platform
• For significant changes, request your fresh consent where required by law

15.3 Version Control

We maintain version control of this Privacy Policy as follows:

• Major updates (e.g., 2.0.0): Significant changes to data collection, use, or user rights
• Minor updates (e.g., 1.1.0): New third-party integrations or additional data types
• Patch updates (e.g., 1.0.1): Clarifications, corrections, or contact detail updates

15.4 Continued Use

Your continued use of EZLEASE after the effective date of the updated Privacy Policy constitutes acceptance of the changes. If you do not agree to the updated policy, please discontinue use and request deletion of your data.

16. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

By using EZLEASE, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal data as described in this Privacy Policy.