Privacy Policy

1. Introduction

Setara (“we”, “us”, or “our”) is a technology platform operated by Axon Avenue PLT (Company No. LLP0033xxxxx) that connects users with independently practicing lawyers during police encounters and other legal emergencies.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Setara mobile application and website (collectively, the “Platform”). We are committed to compliance with the Personal Data Protection Act 2010 (Act 709), as amended in 2024.

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Information You Provide

• Full name and identification card (IC) number
• Phone number and email address
• Emergency contact details
• PIN code (stored in encrypted form only)
• Subscription and payment information

2.2 Information Collected Automatically

• GPS location data (captured when you activate the SOS feature)
• Device information (model, operating system, app version)
• IP address and network information
• App usage data and session logs

2.3 Sensitive Personal Data

• Video and audio recordings — When you use the SOS feature, your session is recorded. These recordings capture facial data (biometric data) and voice recordings, which are classified as sensitive personal data under the PDPA 2010.
• Biometric data — Video captures may include facial recognition data. We process this data solely for evidence integrity and session verification purposes.

3. Purpose of Data Collection

We collect and process your personal data for the following purposes:

• Connecting you with a licensed lawyer during emergencies
• Recording SOS sessions for use as potential legal evidence
• Sending alerts to your designated emergency contacts with your GPS location
• Verifying your identity and managing your account
• Processing subscription payments
• Improving our platform and services
• Complying with legal obligations and responding to lawful requests from authorities
• Providing AI-powered rights briefings based on your situation

4. PDPA 2010 Compliance

We process your personal data in accordance with the seven Data Protection Principles under the Personal Data Protection Act 2010 (as amended 2024). Your explicit consent is obtained before we collect any sensitive personal data, including biometric data from video recordings.

For more detailed information about how we comply with each Data Protection Principle, please refer to our Data Protection Notice (PDPA).

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

• Video and audio recordings: 7 years from the date of recording. This aligns with the standard limitation period for legal evidence in Malaysia.
• Account data: Retained for the duration of your subscription plus 2 years after account closure.
• Transaction and billing data: 7 years, as required by Malaysian tax and financial regulations.
• GPS location data: Retained with the associated session recording for the same 7-year period.

6. Cross-Border Data Transfer

Your personal data is stored on servers located in Singapore (AWS ap-southeast-1 region). By using the Platform, you consent to the transfer and storage of your data outside Malaysia.

We ensure that our data hosting provider maintains security standards that are at least equivalent to those required under the PDPA 2010. AWS Singapore is certified under ISO 27001, SOC 2 Type II, and complies with the APEC Cross-Border Privacy Rules.

7. Disclosure to Third Parties

We may share your personal data with the following parties:

• Lawyers: Your name, location, and session details are shared with the lawyer connected to your SOS call.
• Emergency contacts: Your name and GPS location are shared with your designated emergency contacts when you activate SOS.
• Payment processors: Billing information is shared with our payment processor (Billplz/Stripe) to process your subscription.
• Courts and law enforcement: We will disclose data when required by a valid court order or lawful request from Malaysian authorities.
• Cloud infrastructure: AWS (Amazon Web Services) for data hosting and storage.

8. Your Rights

Under the PDPA 2010, you have the following rights:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to correction: You may request that we correct any inaccurate or incomplete personal data.
• Right to withdraw consent: You may withdraw your consent to the processing of your personal data at any time. Note that withdrawal of consent for essential processing (e.g., video recording during SOS) will mean you cannot use those features.
• Right to data portability: You may request your personal data in a structured, commonly-used, and machine-readable format.
• Right to make a complaint: You may lodge a complaint with the Personal Data Protection Commissioner if you believe your data has been mishandled.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• End-to-end encryption for video calls and recording transmission
• SHA-256 cryptographic hashing for evidence integrity
• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Role-based access controls and audit logging for all data access
• Regular security assessments and penetration testing

10. Cookies and Tracking

Our website uses essential cookies to maintain your session and preferences. We do not use third-party advertising trackers. We use analytics tools to understand how users interact with our Platform, but this data is aggregated and does not identify individual users.

11. Children's Privacy

Setara is not intended for use by persons under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can delete the information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Platform or sending you an email. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

13. Data Protection Officer

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to make a complaint, please contact our Data Protection Officer: