Privacy Policy

Effective Date: 18 May 2026 | Last Updated: 18 May 2026

Stratel (Malaysia) Sdn Bhd. (Company No. 201901024927 / 1334597-V), operating under the trade name "Go Patrol" ("we", "us", "our", or the "Service Provider"), is committed to protecting the privacy and personal data of all individuals who use our products and services. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data in compliance with the Malaysia Personal Data Protection Act 2010 as amended by the Personal Data Protection (Amendment) Act 2024 (collectively, the “PDPA”) and other applicable data protection laws.

This Privacy Policy applies to:

Go Patrol Mobile — the guard/patroller mobile application
Go Patrol Monitor — the supervisor/manager mobile application
Go Patrol Web Dashboard — the web-based management platform accessible at app.gopatrol.my
Go Patrol Hardware Integrations — including Active Track RFID readers and G-LINK panic button systems

Collectively referred to as the "Platform" or "Application".

1. Data Controller

The data controller responsible for your personal data is:

Stratel (Malaysia) Sdn Bhd. No. 12 Jalan Teknologi 3/3A, Surian Industrial Park, Kota Damansara PJU 5, 47810, Petaling Jaya, Selangor, Malaysia Technical Support: support@stratel.com.my General Inquiries: inquiry@stratel.com.my

Where your employer or organization (the "Tenant") has subscribed to Go Patrol, the Tenant acts as the data controller for employment-related processing, and Stratel acts as the data processor on the Tenant's behalf. For questions about how your employer processes your data through Go Patrol, please contact your employer's designated administrator.

2. Categories of Personal Data Collected

Depending on your role and usage of the Platform, we may collect the following categories of personal data:

Category	Data Types	Purpose
Identity Data	Full name, employee ID, username, profile photo, assigned role	Account creation, user identification, access control
Contact Data	Email address, phone number	Account recovery, notifications, emergency contact
Authentication Data	Password (hashed), login timestamps, session tokens, IP address	Secure authentication, fraud prevention, audit logging
Location Data	Real-time GPS coordinates, location history, geofence entry/exit events, background location data	Patrol tracking, geofence monitoring, route verification, emergency response
Biometric Data	Facial image data captured during clock-in/clock-out for face verification	Identity verification to prevent buddy-punching and unauthorized clock-ins
Device Data	Device model, operating system, device serial number, app version, unique device identifiers, push notification tokens	Device management, push notifications, troubleshooting, compatibility
Patrol & Operational Data	NFC/QR/RFID scan records, patrol timestamps, checkpoint logs, route completion data, duty schedules	Core patrol management functionality, compliance verification
Incident & Report Data	Incident reports, photographs, video recordings, voice recordings, text descriptions, complaint records	Security incident documentation, evidence collection, operational reporting
Communication Data	In-app chat messages, SOS/panic alerts, alarm acknowledgments	Team communication, emergency response coordination
Usage & Analytics Data	Pages visited, feature usage patterns, session duration, interaction logs	Service improvement, performance optimization, troubleshooting

3. Sensitive Personal Data

Under the PDPA, certain categories of personal data may be classified as "sensitive". We process the following sensitive personal data only where required for the purposes described in this Privacy Policy and where there is an applicable legal basis, consent or authorisation:

Biometric Data (Facial Recognition): Go Patrol Mobile uses face verification during clock-in, clock-out or patrol-related events to verify the identity of the patroller and reduce unauthorized clock-ins or buddy-punching. Facial images or facial verification data may be captured or processed for identity verification purposes only and are not shared with third parties for unrelated purposes.
Precise Location Data: Real-time GPS tracking, location history, geofence data and background location data are core features of the Platform. Such data is collected during scheduled duty hours, active patrol sessions or SOS/panic events to support route verification, geofence monitoring and emergency response. Location accuracy may depend on device settings, permissions, network connectivity, SIM card or telco coverage, GPS signal, battery level, device condition and environmental factors.
Voice Recordings: Audio recordings submitted as part of incident reports may be retained as evidence together with the related incident report. Such audio recordings may also be processed using AI speech-to-text models to generate text transcriptions, for faster report review and searchability. Where the translation feature is used, audio-derived text or user-submitted text may also be translated from one language to another.

4. Legal Basis for Processing

We process your personal data on the following legal grounds under the PDPA:

Consent: Where you have given explicit consent for the processing of your personal data for specific purposes (e.g., biometric face verification, push notifications, marketing communications).
Contractual Necessity: Processing necessary for the performance of a contract to which you or your employer is a party (e.g., providing the patrol management service as subscribed).
Legitimate Interests: Processing necessary for legitimate interests pursued by us or your employer, provided such interests are not overridden by your rights (e.g., security monitoring, fraud prevention, system integrity).
Legal Obligation: Processing necessary for compliance with a legal obligation (e.g., responding to lawful requests from law enforcement or regulatory authorities).
Vital Interests: Processing necessary to protect the vital interests of you or another person (e.g., SOS/panic alert functionality, emergency location sharing).

5. How We Use Your Data

Your personal data is used for the following purposes:

Providing and operating the Go Patrol patrol management service
Real-time tracking and monitoring of patrol activities
Verifying identity through biometric face detection during clock-in, clock-out or patrol-related events
Processing NFC, QR code, and RFID checkpoint scans
Generating patrol reports, incident reports, and analytics for your employer or organisation
Sending push notifications for patrol assignments, alerts, and alarms
Facilitating in-app communication between guards and supervisors
Processing SOS/panic alerts and emergency response coordination
Geofence monitoring and boundary violation alerts
Translating user-submitted content, where the translation feature is activated
Transcribing of incident report audio recordings using speech-to-text technology
System administration, troubleshooting, and technical support
Improving and optimizing the Platform's functionality and performance
Ensuring security, preventing fraud, and detecting unauthorized access
Complying with legal obligations and responding to lawful requests

6. Background Location Tracking

The Go Patrol Mobile application collects location data in the background (i.e., when the app is not actively in use or when the device screen is off). This is essential for:

Continuous patrol route tracking during active duty
Geofence entry and exit detection
Real-time guard location updates for supervisors
Emergency location sharing during SOS/panic events

Background location collection is active only during scheduled patrol duty, active patrol sessions, SOS/panic events, or when the user has explicitly started a patrol session. You may disable background location access through your device's operating system settings; however, doing so will impair the core functionality of the Application and may affect your ability to complete patrol duties. Stratel shall not be responsible for incomplete or unavailable location data caused by disabled permissions, device settings, poor signal, telco or network issues, low battery, device malfunction, or any other factor outside Stratel's reasonable control.

7. Use of Artificial Intelligence

The Platform currently uses Artificial Intelligence (AI), machine-assisted or automated technologies in the following ways:

Translation: User-submitted content may be translated from one language to another where the translation feature is activated.
Voice Transcription: Audio recordings submitted with incident reports may be processed using AI speech-to-text models to generate text transcriptions, enabling faster report review and searchability.
Face Detection: On-device face detection technology, including Google ML Kit is used during clock-in, clock-out or patrol-related events to verify the presence and identity of the patroller.

Translation and voice transcription may be performed on Stratel servers, located in Malaysia unless otherwise stated in this Privacy Policy or notified to the Tenant and users. Face detection using Google ML Kit is processed on-device and, as currently configured, facial data is not sent to Google for that purpose.

We do not use your personal data, Client data or user data to train general-purpose AI models unless expressly notified and permitted under applicable law. AI-assisted features process personal data only for the specific purposes described in this Privacy Policy or as otherwise notified to the Tenant and users.

Where any new AI-assisted feature involves additional categories of personal data, new purposes of processing, new third-party processors or material changes to existing processing, we will update this Privacy Policy and/or provide appropriate notice. Where required by law, we will obtain or facilitate the obtaining of the necessary consent or authorisation.

8. Data Sharing and Third-Party Services

We do not sell your personal data. We may share your data with the following categories of recipients:

Recipient	Purpose	Data Shared
Your Employer (Tenant)	Patrol management, performance monitoring, incident review	All operational data collected during your use of the Platform
Firebase Cloud Messaging (Google)	Delivering push notifications to mobile devices	Device push tokens, notification content
Cloudflare	DNS resolution, DDoS protection, CDN services	IP address, request metadata (in transit)
Google ML Kit	On-device face detection for clock-in verification	Processed on-device; no data sent to Google
Telegram (optional)	Alert notifications to designated Telegram groups (configured by Tenant)	Alarm summaries, patrol status updates (no personal data unless configured by Tenant)
Map Tile Providers	Rendering map views in the Application	Map viewport coordinates (no personal identifiers)

We may also disclose your personal data:

As required by law, such as to comply with a subpoena, court order, or similar legal process
When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request
To our trusted service providers who work on our behalf, are bound by contractual confidentiality obligations, and do not have independent rights to use the data we disclose to them

9. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption in Transit: All data transmitted between the Application and our servers is encrypted using TLS/HTTPS (SSL)
Encryption at Rest: Sensitive data fields are encrypted using AES (Advanced Encryption Standard) encryption
Password Security: User passwords are hashed using Argon2, an industry-leading password hashing algorithm. We never store passwords in plaintext
Access Control: Role-based access control (RBAC) ensures users can only access data they are authorized to view. Multi-tenant isolation prevents cross-tenant data access
Session Management: Secure session handling with automatic expiry and CSRF (Cross-Site Request Forgery) protection
Rate Limiting: API request rate limiting to prevent brute-force attacks
Infrastructure Security: Servers are hosted in a physically secured environment with restricted access. Database access is restricted to authorized services only
Regular Monitoring: Continuous monitoring of system logs for suspicious activities

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

10. Data Storage Location

Your personal data is primarily stored on servers located in Malaysia. Our primary infrastructure is hosted within Stratel's secured office premises in Petaling Jaya, Selangor, Malaysia. Data transmitted through Cloudflare's CDN network or other technical infrastructure may be transiently routed or processed through edge nodes in various locations as part of DDoS protection, content delivery, security filtering, network routing or performance optimisation, but is not persistently stored outside Malaysia unless otherwise stated in this Privacy Policy.

Where any personal data is transferred, routed, accessed or processed outside Malaysia, including where users access the Platform from outside Malaysia or where third-party infrastructure is used to deliver the Platform, we will take reasonable steps to ensure that appropriate safeguards are in place in accordance with Section 129 of the PDPA and other applicable data protection requirements. By using the Platform outside Malaysia or by permitting users outside Malaysia to access the Platform, the Tenant and users acknowledge that personal data may be transferred to, stored in, viewed from or processed in Malaysia and, where technically necessary, across borders as described in this Privacy Policy.

11. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention practices are as follows:

Active Account Data: Retained for the duration of the Tenant's active subscription and your active user account. Once the account is deactivated or the subscription ends, we may retain the data for up to ninety (90) days to allow for account reactivation or renewal. After this period, data may be permanently deleted.
Patrol Logs & Operational Records: Retained for the duration of the Tenant's subscription or as required by the Tenant's data management policies. Upon subscription expiry, data may be retained for up to ninety (90) days to allow for renewal, after which it may be deleted unless further retention is required for legal, regulatory or contractual purposes.
Incident Reports & Evidence: Retained for the duration of the Tenant's subscription or longer where required for ongoing investigations, legal proceedings, regulatory obligations or legitimate business purposes.
Post-Subscription Data: Upon subscription expiry, suspension or termination, existing personal data and operational data may be retained for up to ninety (90) days to allow for renewal, reactivation, legal compliance, dispute resolution or other legitimate business purposes. After this period, Stratel may review and permanently delete any data that is no longer required, unless further retention is necessary to comply with applicable legal, regulatory or contractual obligations.
Backup Data: Database backups may retain data for an additional period as part of disaster recovery procedures, but will be deleted no later than six (6) months after the data is no longer needed.
Anonymized/Aggregated Data: We may retain anonymized or aggregated data that cannot be used to identify you for analytical, research and system improvement purposes indefinitely.

12. Your Rights Under the PDPA

Under the Malaysia PDPA, you have the following rights regarding your personal data:

Right of Access: You may request access to the personal data that we hold about you. To request a copy of your data, please log in to your account, submit a request through the Platform where available, or contact our Technical Support.
Right of Correction: You may request correction of any personal data that is inaccurate, incomplete, misleading or not up to date. Please contact our Technical Support or use your account settings, where available, to make corrections.
Right to Deletion: You may request deletion of your personal data. Please note that certain data, especially employment-related data, may need to be requested through your employer (or organization as the Tenant).
Right to Restrict Processing: If you believe that your data is being processed unlawfully or wish to restrict certain types of processing, please contact our Technical Support for more information.
Right to Data Portability: You may request your data in a structured, commonly used, and machine-readable format, where technically feasible.
Right to Withdraw Consent: Where we process your personal data based on consent (including biometric data or location tracking, where applicable), you may withdraw your consent at any time by contacting our Technical Support. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Please note that withdrawing consent for essential processing may affect or prevent your use of the Platform.

To exercise any of these rights, please contact our Technical Support at support@stratel.com.my. We will respond to your request within twenty-one (21) days of receiving it, subject to verification of your identity and any applicable legal exceptions.

Please be aware that where specific rights are exercised, such as requesting deletion, restricting processing or withdrawing consent, it may affect your ability to fully use the Platform. We shall not be held responsible for any limitations or restrictions on your use of the Platform resulting from the exercise of these rights.

Note for Patrollers/Guards: As your employer (the Tenant) is the data controller for employment-related data processing, certain data access and deletion requests may need to be directed to your employer. We will assist in facilitating such requests where applicable.

If you are unable to resolve concerns with us, you may lodge a complaint with the Personal Data Protection Commissioner (JPDP) of Malaysia.

13. Cookies and Web Session Data

The Go Patrol Web Dashboard uses the following technologies:

Session Cookies: Essential cookies are required for user authentication and maintaining your logged-in session. These are strictly necessary for the operation of the web dashboard and cannot be disabled.
CSRF Tokens: Security tokens are used to prevent cross-site request forgery attacks and ensure secure transactions on the Platform.
Local Storage: Used to store user interface preferences (such as sidebar state or language preference)

We do not use third-party advertising cookies or tracking cookies to serve personalized advertisements or track users across other websites or platforms outside of the Go Patrol Web Dashboard. You may manage or disable cookies through your browser settings, although doing so may affect the functionality of the Platform.

14. Children's Privacy

Go Patrol is a professional security patrol management system intended for use by adults in a professional capacity. We do not knowingly collect personal data from children under the age of 18. The Platform is not directed at children and should not be used by anyone under the age of 18.

If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete such data. If you believe that a child has provided personal data to us, please contact our Technical Support at support@stratel.com.my.

15. Data Breach Notification

In the event of a personal data breach that is likely to result in significant harm to affected individuals, we will:

Notify the affected Tenant(s) and their designated administrators without undue delay and, in any event, notify the Personal Data Protection Commissioner of Malaysia within 72 hours of becoming aware of the breach.
Provide details of the nature of the breach, the data affected, and the measures taken to address and mitigate the breach
Take all reasonable steps to contain and remediate the breach

16. Employer-Employee Data Processing

Go Patrol operates in a multi-tenant environment where organizations (Tenants) subscribe to the Platform to manage their security patrol operations. In this context:

The Tenant determines the purposes and means of processing employment-related data through the Platform
Stratel processes personal data on behalf of the Tenant as a data processor
The Tenant is responsible for having an applicable legal basis, notice, consent or authorization for collecting and processing personal data through the Platform
The Tenant’s designated administrators may access your operational data, including location data, patrol logs, incident reports, and attendance records, according to the access rights configured within the Platform
Stratel does not independently decide how employment-related data is used by the Tenant; such decisions are made by the Tenant in accordance with its own privacy policies and employment arrangements and applicable laws.

For data-protection purposes, the Tenant shall ensure that its employees, contractors, patrollers, guards and other users receive appropriate notices regarding the collection and processing of personal data through the Platform, including GPS/location data, biometric recognition data, attendance data, incident data, AI-assisted processing and role-based access by authorized administrators or managers.

17. International Users

Go Patrol serves organizations across multiple countries. If you are located outside Malaysia, please be aware that your data may be transferred to, stored, and processed in Malaysia where our primary servers are located. Depending on your location, device, network route, CDN/security services and support arrangements, data may also be transmitted or transiently processed across borders. By using the Platform outside Malaysia or by permitting users outside Malaysia to access the Platform, the Tenant and users acknowledge that cross-border transmission or access may occur as described in this Privacy Policy. We will take reasonable steps to ensure that personal data is protected in accordance with this Privacy Policy and applicable data protection laws.

For users or Tenants located in the European Union (EU) or European Economic Area (EEA), where personal data is transferred to Malaysia or otherwise processed outside the EU/EEA, Stratel will implement appropriate data transfer safeguards as required under the GDPR.

18. Opt-Out Rights

Push Notifications: You may disable push notifications through your device's operating system settings
Marketing Communications: You may opt out of marketing communications by contacting us at support@stratel.com.my or by following the unsubscribe instructions in any marketing email
Location Tracking: You may disable location permissions through your device settings; however, this will impair the core functionality of the Application
Camera/Microphone: You may disable camera and microphone permissions through your device settings; however, this will prevent you from using features such as face verification, incident photo/video capture, and voice recording
Complete Opt-Out: You may stop all data collection by the mobile Application by uninstalling it. For web dashboard data, contact your Tenant administrator to request account deactivation

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Notify Tenant administrators via email or system notification for significant changes
Where required by law, seek renewed consent for material changes to how we process your data

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

20. Your Consent

By using the Platform, you acknowledge that you have read, understood, and agree to the collection and processing of your personal data as described in this Privacy Policy. Where processing is based on consent, you have the right to withdraw your consent at any time by contacting our Technical Support.

21. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:

Stratel (Malaysia) Sdn. Bhd. No. 12 Jalan Teknologi 3/3A, Surian Industrial Park,
Kota Damansara PJU 5, 47810, Petaling Jaya, Selangor, Malaysia Phone: +603 6157 1848 / +603 6157 5848 General Inquiries: inquiry@stratel.com.my Technical Support: support@stratel.com.my

For complaints regarding the processing of your personal data, you may also contact:

Personal Data Protection Department (JPDP) Ministry of Communications and Digital, Malaysia www.pdp.gov.my