Privacy Policy

Effective Date: 15 March 2026 | Last Updated: 15 March 2026

Stratel (Malaysia) Sdn Bhd. (Company No. 201901024927 / 1334597-V), operating under the trade name "Go Patrol" ("we", "us", "our", or the "Service Provider"), is committed to protecting the privacy and personal data of all individuals who use our products and services. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data in compliance with the Malaysia Personal Data Protection Act 2010 (PDPA) and other applicable data protection laws.

This Privacy Policy applies to:

Go Patrol Mobile — the guard/patroller mobile application
Go Patrol Monitor — the supervisor/manager mobile application
Go Patrol Web Dashboard — the web-based management platform accessible at app.gopatrol.my
Go Patrol Hardware Integrations — including Active Track RFID readers and G-LINK panic button systems

Collectively referred to as the "Platform" or "Application".

1. Data Controller

The data controller responsible for your personal data is:

Stratel (Malaysia) Sdn Bhd. 12 Jalan Teknologi 3/3A, Surian Industrial Park,
Kota Damansara PJU 5, 47810, Petaling Jaya, Selangor, Malaysia Data Protection Officer: support@stratel.com.my

Where your employer or organization (the "Tenant") has subscribed to Go Patrol, the Tenant acts as the data controller for employment-related processing, and Stratel acts as the data processor on the Tenant's behalf. For questions about how your employer processes your data through Go Patrol, please contact your employer's designated administrator.

2. Categories of Personal Data Collected

Depending on your role and usage of the Platform, we may collect the following categories of personal data:

Category	Data Types	Purpose
Identity Data	Full name, employee ID, username, profile photo, assigned role	Account creation, user identification, access control
Contact Data	Email address, phone number	Account recovery, notifications, emergency contact
Authentication Data	Password (hashed), login timestamps, session tokens, IP address	Secure authentication, fraud prevention, audit logging
Location Data	Real-time GPS coordinates, location history, geofence entry/exit events, background location data	Patrol tracking, geofence monitoring, route verification, emergency response
Biometric Data	Facial image data captured during clock-in/clock-out for face verification	Identity verification to prevent buddy-punching and unauthorized clock-ins
Device Data	Device model, operating system, device serial number, app version, unique device identifiers, push notification tokens	Device management, push notifications, troubleshooting, compatibility
Patrol & Operational Data	NFC/QR/RFID scan records, patrol timestamps, checkpoint logs, route completion data, duty schedules	Core patrol management functionality, compliance verification
Incident & Report Data	Incident reports, photographs, video recordings, voice recordings, text descriptions, complaint records	Security incident documentation, evidence collection, operational reporting
Communication Data	In-app chat messages, SOS/panic alerts, alarm acknowledgments	Team communication, emergency response coordination
Usage & Analytics Data	Pages visited, feature usage patterns, session duration, interaction logs	Service improvement, performance optimization, troubleshooting

3. Sensitive Personal Data

Under the PDPA, certain categories of personal data are classified as "sensitive". We process the following sensitive personal data with your explicit consent or as necessary for the purposes described:

Biometric Data (Facial Recognition): Go Patrol Mobile uses on-device face detection during clock-in and clock-out to verify the identity of the patroller. Facial images are captured and may be transmitted to our servers for verification purposes. This data is used solely for identity verification and is not shared with third parties for any other purpose.
Precise Location Data: Real-time GPS tracking, including background location collection, is a core feature of the Platform. This data is collected continuously while on duty to ensure patrol routes are followed, geofence boundaries are respected, and guards can be located in emergencies. Background location tracking is active only during scheduled duty hours or when the user manually starts a patrol session.
Voice Recordings: Audio recordings submitted as part of incident reports may be processed using Artificial Intelligence for transcription purposes. Original audio files are retained as evidence alongside the generated transcription.

4. Legal Basis for Processing

We process your personal data on the following legal grounds under the PDPA:

Consent: Where you have given explicit consent for the processing of your personal data for specific purposes (e.g., biometric face verification, push notifications, marketing communications).
Contractual Necessity: Processing necessary for the performance of a contract to which you or your employer is a party (e.g., providing the patrol management service as subscribed).
Legitimate Interests: Processing necessary for legitimate interests pursued by us or your employer, provided such interests are not overridden by your rights (e.g., security monitoring, fraud prevention, system integrity).
Legal Obligation: Processing necessary for compliance with a legal obligation (e.g., responding to lawful requests from law enforcement or regulatory authorities).
Vital Interests: Processing necessary to protect the vital interests of you or another person (e.g., SOS/panic alert functionality, emergency location sharing).

5. How We Use Your Data

Your personal data is used for the following purposes:

Providing and operating the Go Patrol patrol management service
Real-time tracking and monitoring of patrol activities
Verifying identity through biometric face detection during clock-in/clock-out
Processing NFC, QR code, and RFID checkpoint scans
Generating patrol reports, incident reports, and analytics for your employer
Sending push notifications for patrol assignments, alerts, and alarms
Facilitating in-app communication between guards and supervisors
Processing SOS/panic alerts and emergency response coordination
Geofence monitoring and boundary violation alerts
AI-powered voice transcription of incident report audio recordings
System administration, troubleshooting, and technical support
Improving and optimizing the Platform's functionality and performance
Ensuring security, preventing fraud, and detecting unauthorized access
Complying with legal obligations and responding to lawful requests

6. Background Location Tracking

The Go Patrol Mobile application collects location data in the background (i.e., when the app is not actively in use or when the device screen is off). This is essential for:

Continuous patrol route tracking during active duty
Geofence entry and exit detection
Real-time guard location updates for supervisors
Emergency location sharing during SOS/panic events

Background location collection is active only during scheduled patrol duty or when the user has explicitly started a patrol session. You may disable background location access through your device's operating system settings; however, doing so will impair the core functionality of the Application and may affect your ability to complete patrol duties.

7. Use of Artificial Intelligence

The Platform uses Artificial Intelligence (AI) technologies in the following ways:

Voice Transcription: Audio recordings submitted with incident reports are processed using AI speech-to-text models to generate text transcriptions, enabling faster report review and searchability.
Face Detection: On-device face detection technology (Google ML Kit) is used during clock-in and clock-out to verify the presence and identity of the patroller.

AI processing is performed on our servers located in Malaysia. We do not use your data to train general-purpose AI models. AI features process data only for the specific purposes described above and in accordance with this Privacy Policy.

8. Data Sharing and Third-Party Services

We do not sell your personal data. We may share your data with the following categories of recipients:

Recipient	Purpose	Data Shared
Your Employer (Tenant)	Patrol management, performance monitoring, incident review	All operational data collected during your use of the Platform
Firebase Cloud Messaging (Google)	Delivering push notifications to mobile devices	Device push tokens, notification content
Cloudflare	DNS resolution, DDoS protection, CDN services	IP address, request metadata (in transit)
Google ML Kit	On-device face detection for clock-in verification	Processed on-device; no data sent to Google
Telegram (optional)	Alert notifications to designated Telegram groups (configured by Tenant)	Alarm summaries, patrol status updates
Map Tile Providers	Rendering map views in the Application	Map viewport coordinates (no personal identifiers)

We may also disclose your personal data:

As required by law, such as to comply with a subpoena, court order, or similar legal process
When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request
To our trusted service providers who work on our behalf, are bound by contractual confidentiality obligations, and do not have independent rights to use the data we disclose to them

9. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption in Transit: All data transmitted between the Application and our servers is encrypted using TLS/HTTPS (SSL)
Encryption at Rest: Sensitive data fields are encrypted using AES (Advanced Encryption Standard) encryption
Password Security: User passwords are hashed using Argon2, an industry-leading password hashing algorithm. We never store passwords in plaintext
Access Control: Role-based access control (RBAC) ensures users can only access data they are authorized to view. Multi-tenant isolation prevents cross-tenant data access
Session Management: Secure session handling with automatic expiry and CSRF (Cross-Site Request Forgery) protection
Rate Limiting: API request rate limiting to prevent brute-force attacks
Infrastructure Security: Servers are hosted in a physically secured environment with restricted access

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

10. Data Storage Location

Your personal data is stored on servers located in Malaysia. Our primary infrastructure is hosted within Stratel's secured office premises in Petaling Jaya, Selangor, Malaysia. Data transmitted through Cloudflare's CDN network may be transiently processed at Cloudflare edge nodes as part of DDoS protection and content delivery, but is not persistently stored outside Malaysia.

If we need to transfer your data outside Malaysia in the future, we will ensure that adequate safeguards are in place in compliance with Section 129 of the PDPA and will update this Privacy Policy accordingly.

11. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

Active Account Data: Retained for the duration of the Tenant's active subscription and your active user account
Patrol Logs & Operational Records: Retained for the duration of the Tenant's subscription, subject to the Tenant's data management policies
Incident Reports & Evidence: Retained for the duration of the Tenant's subscription or longer if required for ongoing investigations or legal proceedings
Post-Subscription Data: Upon subscription expiry, data is retained for ninety (90) days to allow for renewal. After this period, data may be permanently deleted
Anonymized/Aggregated Data: We may retain anonymized or aggregated data that cannot be used to identify you for analytical purposes indefinitely

12. Your Rights Under the PDPA

Under the Malaysia Personal Data Protection Act 2010, you have the following rights:

Right of Access (Section 12): You have the right to request access to your personal data that we hold
Right of Correction (Section 34): You have the right to request correction of any inaccurate, incomplete, or misleading personal data
Right to Withdraw Consent (Section 38): Where processing is based on consent, you may withdraw your consent at any time. Please note that withdrawing consent for essential processing (e.g., location tracking) may render the Application non-functional
Right to Prevent Direct Marketing (Section 43): You may request that we cease processing your personal data for direct marketing purposes
Right to Complain: You may lodge a complaint with the Personal Data Protection Commissioner of Malaysia

To exercise any of these rights, contact our Data Protection Officer at support@stratel.com.my. We will respond within 21 days.

Note for Patrollers/Guards: As your employer (the Tenant) is the data controller for employment-related data, certain requests may need to be directed to your employer.

13. Employer-Employee Data Processing

Go Patrol operates in a multi-tenant environment where organizations (Tenants) subscribe to the Platform to manage their security patrol operations. In this context:

Your employer (the Tenant) determines the purposes and means of processing your data through the Platform
Stratel processes your data on behalf of your employer as a data processor
Your employer is responsible for having a lawful basis to collect your data through Go Patrol
Your employer's designated administrators have access to your operational data, including location data, patrol logs, incident reports, and attendance records

14. Children's Privacy

Go Patrol is a professional security patrol management system intended for use by adults in a professional capacity. We do not knowingly collect personal data from children under the age of 18. If we become aware that we have collected data from a child under 18, we will take immediate steps to delete such data. Contact our Data Protection Officer at support@stratel.com.my if you believe a child has provided personal data to us.

15. Data Breach Notification

In the event of a personal data breach that is likely to result in significant harm to affected individuals, we will:

Notify the affected Tenant(s) and their designated administrators as soon as practicable
Provide details of the nature of the breach, the data affected, and the measures taken to address and mitigate the breach
Report the breach to the Personal Data Protection Commissioner of Malaysia as required under the PDPA
Take all reasonable steps to contain and remediate the breach

16. Opt-Out Rights

Push Notifications: Disable through your device's operating system settings
Marketing Communications: Contact support@stratel.com.my or follow unsubscribe instructions in any marketing email
Location Tracking: Disable location permissions through device settings (this will impair core functionality)
Camera/Microphone: Disable through device settings (this will prevent face verification and voice recording features)
Complete Opt-Out: Uninstall the Application to stop all data collection. For web dashboard data, contact your Tenant administrator

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify Tenant administrators. Your continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

18. Your Consent

By using the Platform, you acknowledge that you have read, understood, and agree to the collection and processing of your personal data as described in this Privacy Policy. Where processing is based on consent, you have the right to withdraw your consent at any time by contacting our Data Protection Officer.

19. Contact Us

If you have any questions or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

Stratel (Malaysia) Sdn Bhd. 12 Jalan Teknologi 3/3A, Surian Industrial Park,
Kota Damansara PJU 5, 47810, Petaling Jaya, Selangor, Malaysia Phone: +603 6157 1848 / +603 6157 5848 General Inquiries: inquiry@stratel.com.my Data Protection Officer: support@stratel.com.my

For complaints regarding the processing of your personal data, you may also contact the Personal Data Protection Department (JPDP), Ministry of Communications and Digital, Malaysia — www.pdp.gov.my