Privacy Policy

DEGO – PRIVACY POLICY

Effective Date: 3 August 2025
Last Updated: 3 August 2025

This Privacy Policy explains how Dego Technologies Sdn. Bhd. ("Dego", "we", "us") collects, uses, discloses, and protects your personal data when you interact with our mobile applications, websites, and related services (collectively, the "Platform"). It applies to:

• Users / Customers – individuals who request transportation services.
• Drivers / Team Leaders – independent service providers who accept bookings.
• Affiliates – Users or Drivers who participate in the Referral Program.
• Website visitors, job applicants, and support contacts.

By creating an account, accessing, or using the Platform you acknowledge that you have read, understood, and agree to this Policy.

1. Personal Data We Collect

Category	Typical Data Elements	Source
Account Info	Name, NRIC/Passport, email, mobile number, password hash	Provided by you
Identity & KYC (Drivers)	Driving licence, selfie, vehicle log card, insurance, background‑check report	Provided by Driver & third‑party verifiers
Booking Details	Pick‑up & drop‑off points, timestamps, route, fare, vehicle type	Generated during use
Payment & Wallet	Tokenised card PAN, e‑wallet ID, transaction history, bank account (Drivers)	Payment processors
Referral Data	Referral code, hierarchy (L1–L3), commission earned	Generated
Device & Usage	Device model, OS, app version, IP address, language, crash logs, diagnostics	Automatically collected
Location (Users & Drivers)	Real‑time GPS when app active or in foreground	Device permissions
Communications & Content	In‑app chat, call metadata, call recordings (where lawful), reviews, support tickets	Generated
Marketing Preferences	Push/SMS/email opt‑in status, campaign interactions	Provided / generated

Note: We do not store full payment‑card numbers; these are handled by PCI‑DSS compliant processors.

2. How We Use Your Data

Purpose	Legal Basis*
Provide & operate the Platform, match Users with Drivers, process payments	Contractual necessity
Verify identity, perform KYC/AML checks, prevent fraud	Legal obligation; Legitimate interests
Real‑time navigation, safety monitoring, customer support	Contractual necessity; Legitimate interests
Calculate & disburse Driver earnings and Affiliate commissions	Contractual necessity
Send transactional receipts, notifications & service updates	Contractual necessity
Personalise content, improve features, run analytics & A/B tests	Legitimate interests
Marketing emails, push notifications, surveys, promotions	Consent (where required)
Comply with PDPA, tax, accounting & other laws	Legal obligation

 

3. Sharing & Disclosure

We disclose personal data only as needed:

1. Service Providers – payment gateways, cloud hosting, SMS/email vendors, mapping APIs, analytics, background‑check agencies.
2. Insurance Partners – for optional Trip Protection policy administration.
3. Affiliates / Team Leaders – limited data (first name, booking status, commission) to credit referrals.
4. Law Enforcement / Regulators – when required by subpoena, court order, or to protect rights, safety, or property.
5. Corporate Transactions – merger, acquisition, or asset sale (with notice & safeguards).

We never sell or rent your data to third‑party marketers.

4. International Transfers

Our servers are located in Malaysia, Singapore and United States. Transfers outside Malaysia occur only with adequate safeguards (e.g., standard contractual clauses or regulator‑approved mechanisms) to ensure a comparable level of protection.

5. Data Retention

Data Type	Retention Period
Account & KYC	Life of account + 7 years (statutory)
Trip & Payment Records	7 years (tax & audit)
GPS Logs	3 years (safety & dispute resolution)
Call Recordings	6 months (longer if required for investigation)
Reviews & Ratings	Life of account
Marketing Consents	Until withdrawn

After expiry we delete or anonymise data unless required for legal proceedings.

6. Cookies & Similar Tech

Our websites and apps use cookies, SDKs, and device identifiers to:

• keep you logged in;
• remember preferences;
• measure performance & marketing attribution.

You can disable non‑essential cookies; some functionality may be limited.

7. Your Rights

Subject to local law, you can:

• Access – obtain a copy of personal data we hold.
• Correct – rectify inaccurate or incomplete data.
• Erase – request deletion (some data retained if legally required).
• Withdraw Consent – opt‑out of marketing at any time.
• Restrict / Object – limit processing in certain scenarios.
• Data Portability – receive data in structured format.

Submit requests in‑app or email privacy@degoapp.com. We respond within 21 days.

8. Security

We employ TLS encryption in transit, AES‑256 at rest, ISO 27001‑certified cloud hosting, role‑based access controls, periodic penetration testing, and staff privacy training. Despite best efforts, no method is 100 % secure; please protect your own credentials and devices.

9. Children’s Privacy

The Platform is not directed to children under 13. We do not knowingly collect data from children. If we learn we have collected data from a child without parental consent, we will delete it promptly.

10. Changes to This Policy

We may update this Policy periodically. Material changes will be notified via email or in‑app at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.

11. Contact

Data Protection Contact
Dego Technologies Sdn. Bhd.
Email: privacy@degoapp.com

If unresolved, you may lodge a complaint with the Malaysian Personal Data Protection Commissioner.

© 2025 Dego Technologies Sdn. Bhd. All rights reserved.