Privacy Policy

Effective Date: 15 March 2026 | Last Updated: 15 March 2026

Stratel (Malaysia) Sdn Bhd. (Company No. 201901024927 / 1334597-V), operating under the trade name "Go Patrol" ("we", "us", "our", or the "Service Provider"), is committed to protecting the privacy and personal data of all individuals who use our products and services. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data in compliance with the Malaysia Personal Data Protection Act 2010 (PDPA) and other applicable data protection laws.

This Privacy Policy applies to:

Go Patrol Mobile — the guard/patroller mobile application
Go Patrol Monitor — the supervisor/manager mobile application
Go Patrol Web Dashboard — the web-based management platform accessible at app.gopatrol.my
Go Patrol Hardware Integrations — including Active Track RFID readers and G-LINK panic button systems

Collectively referred to as the "Platform" or "Application".

1. Data Controller

The data controller responsible for your personal data is:

Stratel (Malaysia) Sdn Bhd. 12 Jalan Teknologi 3/3A, Surian Industrial Park,
Kota Damansara PJU 5, 47810, Petaling Jaya, Selangor, Malaysia Technical Support: support@stratel.com.my General Inquiries: inquiry@stratel.com.my

Where your employer or organization (the "Tenant") has subscribed to Go Patrol, the Tenant acts as the data controller for employment-related processing, and Stratel acts as the data processor on the Tenant's behalf. For questions about how your employer processes your data through Go Patrol, please contact your employer's designated administrator.

2. Categories of Personal Data Collected

Depending on your role and usage of the Platform, we may collect the following categories of personal data:

Category	Data Types	Purpose
Identity Data	Full name, employee ID, username, profile photo, assigned role	Account creation, user identification, access control
Contact Data	Email address, phone number	Account recovery, notifications, emergency contact
Authentication Data	Password (hashed), login timestamps, session tokens, IP address	Secure authentication, fraud prevention, audit logging
Location Data	Real-time GPS coordinates, location history, geofence entry/exit events, background location data	Patrol tracking, geofence monitoring, route verification, emergency response
Biometric Data	Facial image data captured during clock-in/clock-out for face verification	Identity verification to prevent buddy-punching and unauthorized clock-ins
Device Data	Device model, operating system, device serial number, app version, unique device identifiers, push notification tokens	Device management, push notifications, troubleshooting, compatibility
Patrol & Operational Data	NFC/QR/RFID scan records, patrol timestamps, checkpoint logs, route completion data, duty schedules	Core patrol management functionality, compliance verification
Incident & Report Data	Incident reports, photographs, video recordings, voice recordings, text descriptions, complaint records	Security incident documentation, evidence collection, operational reporting
Communication Data	In-app chat messages, SOS/panic alerts, alarm acknowledgments	Team communication, emergency response coordination
Usage & Analytics Data	Pages visited, feature usage patterns, session duration, interaction logs	Service improvement, performance optimization, troubleshooting

3. Sensitive Personal Data

Under the PDPA, certain categories of personal data are classified as "sensitive". We process the following sensitive personal data with your explicit consent or as necessary for the purposes described:

Biometric Data (Facial Recognition): Go Patrol Mobile uses on-device face detection during clock-in and clock-out to verify the identity of the patroller. Facial images are captured and may be transmitted to our servers for verification purposes. This data is used solely for identity verification and is not shared with third parties for any other purpose.
Precise Location Data: Real-time GPS tracking, including background location collection, is a core feature of the Platform. This data is collected continuously while on duty to ensure patrol routes are followed, geofence boundaries are respected, and guards can be located in emergencies. Background location tracking is active only during scheduled duty hours or when the user manually starts a patrol session.
Voice Recordings: Audio recordings submitted as part of incident reports may be processed using Artificial Intelligence for transcription purposes. Original audio files are retained as evidence alongside the generated transcription.

4. Legal Basis for Processing

We process your personal data on the following legal grounds under the PDPA:

Consent: Where you have given explicit consent for the processing of your personal data for specific purposes (e.g., biometric face verification, push notifications, marketing communications).
Contractual Necessity: Processing necessary for the performance of a contract to which you or your employer is a party (e.g., providing the patrol management service as subscribed).
Legitimate Interests: Processing necessary for legitimate interests pursued by us or your employer, provided such interests are not overridden by your rights (e.g., security monitoring, fraud prevention, system integrity).
Legal Obligation: Processing necessary for compliance with a legal obligation (e.g., responding to lawful requests from law enforcement or regulatory authorities).
Vital Interests: Processing necessary to protect the vital interests of you or another person (e.g., SOS/panic alert functionality, emergency location sharing).

5. How We Use Your Data

Your personal data is used for the following purposes:

Providing and operating the Go Patrol patrol management service
Real-time tracking and monitoring of patrol activities
Verifying identity through biometric face detection during clock-in/clock-out
Processing NFC, QR code, and RFID checkpoint scans
Generating patrol reports, incident reports, and analytics for your employer
Sending push notifications for patrol assignments, alerts, and alarms
Facilitating in-app communication between guards and supervisors
Processing SOS/panic alerts and emergency response coordination
Geofence monitoring and boundary violation alerts
AI-powered voice transcription of incident report audio recordings
System administration, troubleshooting, and technical support
Improving and optimizing the Platform's functionality and performance
Ensuring security, preventing fraud, and detecting unauthorized access
Complying with legal obligations and responding to lawful requests

6. Background Location Tracking

The Go Patrol Mobile application collects location data in the background (i.e., when the app is not actively in use or when the device screen is off). This is essential for:

Continuous patrol route tracking during active duty
Geofence entry and exit detection
Real-time guard location updates for supervisors
Emergency location sharing during SOS/panic events

Background location collection is active only during scheduled patrol duty or when the user has explicitly started a patrol session. You may disable background location access through your device's operating system settings; however, doing so will impair the core functionality of the Application and may affect your ability to complete patrol duties.

7. Use of Artificial Intelligence

The Platform uses Artificial Intelligence (AI) technologies in the following ways:

Voice Transcription: Audio recordings submitted with incident reports are processed using AI speech-to-text models to generate text transcriptions, enabling faster report review and searchability.
Face Detection: On-device face detection technology (Google ML Kit) is used during clock-in and clock-out to verify the presence and identity of the patroller.

AI processing is performed on our servers located in Malaysia. We do not use your data to train general-purpose AI models. AI features process data only for the specific purposes described above and in accordance with this Privacy Policy.

8. Data Sharing and Third-Party Services

We do not sell your personal data. We may share your data with the following categories of recipients:

Recipient	Purpose	Data Shared
Your Employer (Tenant)	Patrol management, performance monitoring, incident review	All operational data collected during your use of the Platform
Firebase Cloud Messaging (Google)	Delivering push notifications to mobile devices	Device push tokens, notification content
Cloudflare	DNS resolution, DDoS protection, CDN services	IP address, request metadata (in transit)
Google ML Kit	On-device face detection for clock-in verification	Processed on-device; no data sent to Google
Telegram (optional)	Alert notifications to designated Telegram groups (configured by Tenant)	Alarm summaries, patrol status updates (no personal data unless configured by Tenant)
Map Tile Providers	Rendering map views in the Application	Map viewport coordinates (no personal identifiers)

We may also disclose your personal data:

As required by law, such as to comply with a subpoena, court order, or similar legal process
When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request
To our trusted service providers who work on our behalf, are bound by contractual confidentiality obligations, and do not have independent rights to use the data we disclose to them

9. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption in Transit: All data transmitted between the Application and our servers is encrypted using TLS/HTTPS (SSL)
Encryption at Rest: Sensitive data fields are encrypted using AES (Advanced Encryption Standard) encryption
Password Security: User passwords are hashed using Argon2, an industry-leading password hashing algorithm. We never store passwords in plaintext
Access Control: Role-based access control (RBAC) ensures users can only access data they are authorized to view. Multi-tenant isolation prevents cross-tenant data access
Session Management: Secure session handling with automatic expiry and CSRF (Cross-Site Request Forgery) protection
Rate Limiting: API request rate limiting to prevent brute-force attacks
Infrastructure Security: Servers are hosted in a physically secured environment with restricted access. Database access is restricted to authorized services only
Regular Monitoring: Continuous monitoring of system logs for suspicious activities

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

10. Data Storage Location

Your personal data is stored on servers located in Malaysia. Our primary infrastructure is hosted within Stratel's secured office premises in Petaling Jaya, Selangor, Malaysia. Data transmitted through Cloudflare's CDN network may be transiently processed at Cloudflare edge nodes in various locations as part of DDoS protection and content delivery, but is not persistently stored outside Malaysia.

If we need to transfer your data outside Malaysia in the future, we will ensure that adequate safeguards are in place in compliance with Section 129 of the PDPA and will update this Privacy Policy accordingly.

11. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention practices are as follows:

Active Account Data: Retained for the duration of the Tenant's active subscription and your active user account
Patrol Logs & Operational Records: Retained for the duration of the Tenant's subscription, subject to the Tenant's data management policies
Incident Reports & Evidence: Retained for the duration of the Tenant's subscription or longer if required for ongoing investigations or legal proceedings
Post-Subscription Data: Upon subscription expiry, data is retained for ninety (90) days to allow for renewal. After this period, data may be permanently deleted
Backup Data: Database backups may retain data for an additional period as part of disaster recovery procedures
Anonymized/Aggregated Data: We may retain anonymized or aggregated data that cannot be used to identify you for analytical and improvement purposes indefinitely

12. Your Rights Under the PDPA

Under the Malaysia Personal Data Protection Act 2010, you have the following rights regarding your personal data:

Right of Access (Section 12): You have the right to request access to your personal data that we hold. We will provide a copy of the data upon verification of your identity, subject to any exceptions under the PDPA
Right of Correction (Section 34): You have the right to request correction of any personal data that is inaccurate, incomplete, misleading, or not up-to-date
Right to Withdraw Consent (Section 38): Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Please note that withdrawing consent for essential processing (e.g., location tracking) may render the Application non-functional for its intended purpose
Right to Prevent Processing for Direct Marketing (Section 43): You have the right to request that we cease processing your personal data for direct marketing purposes
Right to Complain: You have the right to lodge a complaint with the Personal Data Protection Commissioner of Malaysia if you believe your data protection rights have been violated

To exercise any of these rights, please contact our Technical Support at support@stratel.com.my. We will respond to your request within 21 days of receiving it. We may request additional information to verify your identity before processing your request.

Note for Patrollers/Guards: As your employer (the Tenant) is the data controller for employment-related data processing, certain data access and deletion requests may need to be directed to your employer. We will assist in facilitating such requests where applicable.

13. Cookies and Web Session Data

The Go Patrol Web Dashboard uses the following technologies:

Session Cookies: Essential cookies required for user authentication and maintaining your logged-in session. These are strictly necessary for the operation of the web dashboard and cannot be disabled
CSRF Tokens: Security tokens used to prevent cross-site request forgery attacks
Local Storage: Used to store user interface preferences (e.g., sidebar state, language preference)

We do not use third-party advertising cookies or tracking cookies on the Web Dashboard.

14. Children's Privacy

Go Patrol is a professional security patrol management system intended for use by adults in a professional capacity. We do not knowingly collect personal data from children under the age of 18. The Platform is not directed at children and should not be used by anyone under the age of 18.

If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete such data. If you believe that a child has provided personal data to us, please contact our Technical Support at support@stratel.com.my.

15. Data Breach Notification

In the event of a personal data breach that is likely to result in significant harm to affected individuals, we will:

Notify the affected Tenant(s) and their designated administrators as soon as practicable
Provide details of the nature of the breach, the data affected, and the measures taken to address and mitigate the breach
Report the breach to the Personal Data Protection Commissioner of Malaysia as required under the PDPA
Take all reasonable steps to contain and remediate the breach

16. Employer-Employee Data Processing

Go Patrol operates in a multi-tenant environment where organizations (Tenants) subscribe to the Platform to manage their security patrol operations. In this context:

Your employer (the Tenant) determines the purposes and means of processing your data through the Platform
Stratel processes your data on behalf of your employer as a data processor
Your employer is responsible for having a lawful basis (such as employment contract or legitimate interest) to collect your data through Go Patrol
Your employer's designated administrators have access to your operational data, including location data, patrol logs, incident reports, and attendance records
Stratel does not independently decide how your employment-related data is used; such decisions are made by your employer in accordance with their own privacy policies and applicable employment laws

17. International Users

Go Patrol serves organizations across multiple countries. If you are located outside Malaysia, please be aware that your data will be transferred to, stored, and processed in Malaysia where our servers are located. By using the Platform, you consent to the transfer of your data to Malaysia. We will ensure that your data is protected in accordance with this Privacy Policy and applicable data protection laws.

18. Opt-Out Rights

Push Notifications: You may disable push notifications through your device's operating system settings
Marketing Communications: You may opt out of marketing communications by contacting us at support@stratel.com.my or by following the unsubscribe instructions in any marketing email
Location Tracking: You may disable location permissions through your device settings; however, this will impair the core functionality of the Application
Camera/Microphone: You may disable camera and microphone permissions through your device settings; however, this will prevent you from using features such as face verification, incident photo/video capture, and voice recording
Complete Opt-Out: You may stop all data collection by the mobile Application by uninstalling it. For web dashboard data, contact your Tenant administrator to request account deactivation

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Notify Tenant administrators via email or system notification for significant changes
Where required by law, seek renewed consent for material changes to how we process your data

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

20. Your Consent

By using the Platform, you acknowledge that you have read, understood, and agree to the collection and processing of your personal data as described in this Privacy Policy. Where processing is based on consent, you have the right to withdraw your consent at any time by contacting our Technical Support.

21. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:

Stratel (Malaysia) Sdn Bhd. 12 Jalan Teknologi 3/3A, Surian Industrial Park,
Kota Damansara PJU 5, 47810, Petaling Jaya, Selangor, Malaysia Phone: +603 6157 1848 / +603 6157 5848 General Inquiries: inquiry@stratel.com.my Technical Support: support@stratel.com.my

For complaints regarding the processing of your personal data, you may also contact:

Personal Data Protection Department (JPDP) Ministry of Communications and Digital, Malaysia www.pdp.gov.my