RedupRedup
Get started

Privacy Policy

Last updated: 11 June 2026

This Privacy Policy explains how Redup (“Redup”, “we”, “us”), operated by Ibudata Solution, collects, uses, shares, and protects your personal data when you use the Redup web application and the Redup mobile app (together, the “Service”). Redup is a community-management platform for Malaysian residential communities (JMB / MC / RA).

By using the Service you agree to this Policy. If you do not agree, please do not use the Service.

1. Who controls your data

Your community's management committee is the primary controller of the data within its community workspace; Redup processes that data on its behalf and is also a controller of account-level data (authentication, billing). Contact us at support@redup.my.

2. Data we collect

  • Account & identity — name, email address, and (optionally) profile photo, managed through our authentication provider (Clerk).
  • Community profile — your member name, email, phone number (optional), unit/house, member type, preferred language, and optional emergency contact name and phone.
  • Content you submit — complaints (title, description, location text), comments, photos and file attachments (e.g. complaint photos, work-order before/after photos, payment proofs), visitor details, facility bookings, and poll votes.
  • Community location — an address and an optional map pin set by the committee for the community. We do notcollect your device's GPS location.
  • Device & notifications — a push-notification token and platform (iOS/Android) when you enable notifications, so we can alert you about activity.
  • Billing — for committees that subscribe, payment and subscription status (handled by Stripe and/or CHIP; we do not store full card numbers).
  • Logs — audit logs of key actions for security and accountability.

3. How we use your data

  • To provide and operate the Service for your community.
  • To route and triage complaints — including AI-assisted categorisation (see section 5).
  • To send transactional emails and push notifications.
  • To process subscription billing for committees.
  • To secure the Service, prevent abuse, and meet legal duties.

We do not sell your personal data, and we do not use it for third-party advertising.

4. Who we share data with

We share data only with service providers that help us run Redup:

  • Clerk — authentication and account management.
  • Convex — application database and file storage.
  • Stripe and CHIP — payment processing for subscriptions.
  • Resend — delivery of transactional email.
  • Expo — delivery of push notifications.
  • OpenRouter / OpenAI — AI triage (see section 5).
  • Cloudflare — DNS and network infrastructure.

We may also disclose data if required by law, or to protect the rights and safety of users and the public.

5. AI processing

When AI triage is enabled for a community, the text of a complaint (title, description, location text, and recent complaint reference numbers for duplicate detection) is sent to our AI provider (OpenRouter, routing to an OpenAI model) to suggest a category and priority. Photos are not sent to the AI provider. The committee can turn AI off at any time in its settings.

6. Data retention

We keep your account data while your account is active. When you delete your account, we remove your identity and contact details and delete your device push tokens; content you authored within a community (such as complaints) is retained as part of that community's records but is anonymised to “Deleted user”. See section 7.

7. Your rights & account deletion

You can access and update your profile in the app at any time. You can delete your account — and trigger the anonymisation described above — from the mobile app (Profile → Delete account) or the web app (Settings → Delete account). For step-by-step instructions, or to request deletion by email, see our account deletion page. Subject to applicable law (including Malaysia's PDPA), you may also request access to or correction of your personal data by emailing support@redup.my.

8. Children

Redup is intended for community committees and adult residents. It is not directed at children, and we do not knowingly collect data from children under 13.

9. Security

Data is encrypted in transit. Access is restricted by role within each community. No method of transmission or storage is 100% secure, but we work to protect your data using industry-standard measures.

10. Changes & contact

We may update this Policy from time to time; we will revise the “last updated” date above. Questions? Email support@redup.my.