Privacy Policy

Introduction

At WealthAura, your privacy is paramount. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services. It also describes your privacy rights and how you can exercise them.

We are committed to complying with the Personal Data Protection Act 2010 (PDPA) of Malaysia, the General Data Protection Regulation (GDPR) where applicable, and all relevant financial services regulations including those set by Bank Negara Malaysia.

By using WealthAura, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

Personal Information

We collect personal information that you provide to us, including but not limited to:

• Full name and NRIC/Passport number
• Contact information (email address, phone number, mailing address)
• Date of birth and nationality
• Financial information (bank account details, income, investment preferences)
• Device identifiers and IP addresses
• Biometric data (with your explicit consent)

Financial Data

To provide our services, we may collect:

• Transaction history and patterns
• Account balances and financial goals
• Investment portfolio information
• Credit and risk assessment data
• Third-party financial account information (with your consent)

Usage Data

We automatically collect information about how you use our app:

• Device information (type, operating system, browser type)
• Log data (access times, pages viewed, app features used)
• Location data (with your consent)
• Cookies and similar tracking technologies

How We Use Your Information

We use your personal information for the following purposes:

Service Provision

• To create and maintain your account
• To process transactions and provide financial services
• To verify your identity and prevent fraud
• To provide customer support and respond to inquiries
• To send important service-related communications

Service Improvement

• To personalize your experience and improve our services
• To develop new features and functionalities
• To conduct research and analysis
• To monitor and analyze usage patterns and trends

Legal Compliance

• To comply with legal and regulatory requirements
• To respond to legal requests and prevent harm
• To enforce our Terms of Service
• To protect the rights and safety of our users and the public

Information Sharing and Disclosure

We do not sell your personal information. We only share your information as described below:

With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

Service Providers

We may share your information with trusted service providers who assist us in operating our platform, conducting our business, or providing services to you. These providers are bound by confidentiality agreements and data protection obligations.

Legal Requirements

We may disclose your information when required by law, regulation, or legal process, including:

• Bank Negara Malaysia requirements
• Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) obligations
• Court orders and legal investigations
• Government and regulatory authority requests

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: All data is encrypted using AES-256 encryption both in transit and at rest
• Access Controls: Strict access controls and multi-factor authentication for all systems
• Regular Audits: Regular security assessments and penetration testing
• Staff Training: Comprehensive privacy and security training for all employees
• Compliance Monitoring: Continuous monitoring of our security practices and regulatory compliance

Despite our efforts, no security measures are completely impenetrable. We encourage you to use strong passwords and keep your account information confidential.

Your Data Protection Rights

Under Malaysian PDPA and GDPR (where applicable), you have the following rights:

Right to Access

You can request a copy of your personal information we hold about you.

Right to Rectification

You can request that we correct any inaccurate or incomplete information.

Right to Erasure

You can request that we delete your personal information, subject to legal requirements.

Right to Restrict Processing

You can request that we limit how we use your personal information.

Right to Data Portability

You can request that we transfer your information to another organization or to you.

Right to Object

You can object to how we use your information for direct marketing or other purposes.

Right to Withdraw Consent

You can withdraw your consent at any time, though this may affect our ability to provide services to you.

Exercising Your Rights: To exercise any of these rights, please contact us at privacy@wealthaura.my. We will respond to your request within 30 days.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our app and improve your experience. You can control cookie settings through your device or browser settings.

Types of Cookies We Use

• Essential Cookies: Required for the app to function properly
• Performance Cookies: Help us understand how users interact with our app
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us analyze app usage and improve our services

Managing Cookies

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your device and you can set most browsers to prevent them from being placed. However, if you do this, you may have to manually adjust some preferences every time you visit our app and some services may not work properly.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including:

• Providing and maintaining our services
• Complying with legal and regulatory requirements
• Resolving disputes and enforcing our agreements

Financial transaction records are typically retained for 7 years in accordance with Malaysian financial regulations. After this period, data is securely destroyed or anonymized.

International Data Transfers

As a Malaysian company, your data is primarily processed within Malaysia. However, we may transfer your information to other countries in the following circumstances:

• With your explicit consent
• To provide services you've requested (e.g., international transfers)
• To comply with legal obligations
• With adequate safeguards in place

When we transfer your information internationally, we ensure appropriate safeguards are in place to protect your data in accordance with applicable laws.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Data Protection Authority

If you believe we have not handled your personal data in accordance with the law, you may file a complaint with:

Department of Personal Data Protection Malaysia
Phone: +60 3-8911 4400
Website: https://www.pdp.gov.my

Definitions

• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data, including collection, use, disclosure, and deletion
• Data Subject: The individual to whom the personal data relates
• Data Controller: The entity that determines the purposes and means of processing personal data
• Data Processor: The entity that processes personal data on behalf of the data controller