Data Processing Agreement

User data is processed strictly for the purpose of enabling property searches, listings, communications between Users and Agents, AI-powered recommendations, listing enhancements, credit transactions, and Platform operations. Data Recipients may only process user data for the specific purposes for which it was made available through the Platform.

This Agreement applies to all parties who receive, access, or process user information through the Platform, including registered Agents, service providers, merchants, and any other Data Recipients.

Agents and Data Recipients may receive user contact details and inquiry information only when Users voluntarily submit inquiries or interact with listings. Data Recipients must:

• Use user data solely for legitimate property-related communication and the specific purpose for which it was provided
• Not store, copy, share, sell, transfer, or distribute user data to any third party without the express consent of the User and the Company
• Not use user data for unsolicited marketing, spam, or any purpose unrelated to the original inquiry
• Not combine user data obtained through the Platform with data from other sources for profiling or commercial purposes
• Implement reasonable security measures to protect user data in their possession
• Delete or destroy user data when it is no longer required for the purpose it was provided

All Data Recipients must protect user data from unauthorised access, accidental disclosure, loss, alteration, or misuse using commercially reasonable security measures appropriate to the sensitivity of the data.

The Company acts as a processor for information submitted by agents and users. The Company may store, transmit, process, and analyse data to support Platform features including messaging systems, search algorithms, AI-powered recommendations, listing enhancements, credit systems, fraud detection, and analytics.

The Company may use aggregated, anonymised, or de-identified data derived from user activity for Platform improvement, analytics, research, and business purposes. Such data does not constitute personal data and is not subject to individual data access or deletion requests.

The Company may engage third-party sub-processors including hosting providers, cloud infrastructure services, analytics platforms, AI processing services, and technical vendors to support Platform operations. These sub-processors are contractually required to maintain strict data protection standards.

The Company shall not be liable for any data processing activities conducted by third-party sub-processors beyond the Company's reasonable control, provided that the Company has exercised reasonable care in selecting and monitoring such sub-processors.

User data is retained by the Company for as long as necessary to support Platform functions, comply with legal obligations, resolve disputes, enforce agreements, and protect the Company's legitimate business interests. Data Recipients must not retain user data beyond the period necessary for the specific purpose for which it was provided.

User data may be processed and stored in jurisdictions outside of Malaysia as part of the Company's use of cloud infrastructure and third-party service providers. By using the Platform, Users consent to such international transfers. Data Recipients must not transfer user data to jurisdictions outside of Malaysia without the prior written consent of the Company.

All parties must comply with applicable data protection laws, including the Malaysian Personal Data Protection Act 2010 (PDPA). Violation of this Agreement by any Data Recipient may result in:

• Immediate suspension or termination of Platform access
• Forfeiture of all credits, digital assets, and account privileges
• Reporting to relevant data protection authorities and law enforcement
• Civil liability for damages caused by data misuse
• Indemnification of the Company for any losses, damages, or claims arising from the violation

The Company shall not be liable for any data processing activities conducted by Data Recipients that violate this Agreement or applicable law. Data Recipients are solely responsible for their own compliance with data protection obligations and for any consequences of their failure to comply. Data Recipients agree to indemnify and hold harmless the Company from any claims, losses, or damages arising from their misuse of user data.