Privacy Policy & Personal Data Protection Notice

Effective Date: 1 October 2023
Last Updated: 17 November 2025

This Privacy Policy & Personal Data Protection Notice (“Notice”) explains how AVA Semarak Berhad (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use the redNote platform and related services.

We are committed to complying with the Personal Data Protection Act 2010 (PDPA) of Malaysia and to minimizing the personal data we collect through system design.


1. Core Privacy Principle

redNote is designed around a zero-knowledge, non-custodial architecture.

  • We do not store encrypted message content or sealed files.

  • We do not have access to the contents of files encrypted using redNote.

  • We cannot read, recover, unlock, or modify user-encrypted data.

Where possible, privacy is enforced by technology, not policy.


2. Scope of This Notice

This Notice applies to:

  • The redNote website

  • The redNote web application and related services

  • User accounts created on the redNote platform

Certain features or extensions may be governed by additional notices, which will be provided where applicable.


3. How We Collect Personal Data

We collect personal data only when you:

  • Register an account

  • Use authentication, verification, or account recovery features

  • Contact us for support or enquiries

  • Interact with system processes that require identity confirmation (e.g. verification workflows)

We do not collect personal data from encrypted files or sealed content.


4. What Personal Data We Collect

Depending on how you use redNote, we may collect:

  • Account information (e.g. email address, username)

  • Authentication and security data

  • Basic system metadata required for service operation

  • Verification-related data (where applicable)

  • Communications you send directly to us (e.g. support emails)

We do not collect:

  • Message contents

  • File contents

  • Private Encryption keys

  • Sealed file payloads


5. Why We Collect Personal Data

We collect and process personal data to:

  • Create and manage user accounts

  • Authenticate users and prevent misuse

  • Operate verification and rule-based system features

  • Provide technical support and respond to enquiries

  • Maintain system security, integrity, and availability

  • Meet legal and regulatory obligations

We do not use personal data for unsolicited direct marketing without your consent.


6. Who Has Access to Your Personal Data

Access to personal data is limited to:

  • Authorized personnel of AVA Semarak Berhad

  • Trusted service providers performing essential functions (e.g. hosting, email delivery), under confidentiality obligations

  • Regulatory or legal authorities where required by law

Encrypted content and sealed files are never accessible to us or third parties.


7. Where Personal Data Is Stored and Processed

Personal data may be stored and processed:

  • On secure servers operated by us or trusted service providers

  • Within or outside Malaysia, subject to appropriate safeguards

  • Personal data is encrypted in transmission (SSL) and AES256 in storage.

We take reasonable steps to ensure that any cross-border data transfers comply with applicable data protection laws.


8. How Long We Retain Personal Data

We retain personal data only for as long as necessary to:

  • Fulfil the purposes outlined in this Notice

  • Meet legal, regulatory, or operational requirements

Encrypted files and sealed content are not retained by redNote.


9. Your Rights Under PDPA

Subject to applicable laws, you have the right to:

  • Request access to your personal data

  • Request correction of inaccurate or incomplete data

  • Withdraw consent for certain processing activities

  • Request deletion of your account data, where applicable

Requests may be subject to identity verification and legal limitations.


10. Third-Party Personal Data

If you provide personal data of another individual (“Third Party Individual”), you confirm that:

  • You have obtained their consent

  • You have informed them of this Notice

  • You are authorized to provide their data to us


11. Security Measures

We implement reasonable administrative, technical, and organizational measures to protect personal data against:

  • Unauthorized access

  • Loss or misuse

  • Disclosure or alteration

However, no system is completely risk-free, and users are responsible for safeguarding their credentials and sealed files.


12. Websites and External Services

The redNote platform may contain links to third-party websites or services.
We are not responsible for the privacy practices of those third parties.


13. Changes to This Notice

We may update this Notice from time to time.
Changes will be reflected by an updated “Last Updated” date.

Continued use of redNote after updates indicates acceptance of the revised Notice.


14. Enquiries and Contact

If you have questions, requests, or concerns regarding this Notice or your personal data, please contact:

AVA Semarak Berhad
201801037188 | 1299218-V
29A-0702, The Maritime Suites,
Persiaran Karpal Singh 2, 11600,
Jelutong, Penang.
O: +604-2866-779
M: +6019-2868-517
E: manager@rednote.my