Summary: monopoli.my collects your personal data only to operate the platform — verify your asset ownership, maintain your leaderboard ranking, and award points. We do not sell your data. We do not share it with advertisers. Your uploaded documents are stored in encrypted private storage and used only for verification.
This policy complies with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
WHO WE ARE
monopoli.my is a verified asset owner network operated in Malaysia. The platform allows property and business owners to verify their real-world asset holdings, earn points, and compete on a national leaderboard.
The platform is currently operated as an unregistered business pending company incorporation. References to "we", "us", or "monopoli.my" refer to the platform operator. Upon incorporation, this policy will be updated with the registered company name and registration number.
For all data-related matters, contact us at strategy@monopoli.my.
DATA WE COLLECT
We collect the following categories of personal data:
| Data Type | What It Includes | When Collected |
|---|---|---|
| Account data | Full name, email address, state of residence, password (hashed) | At registration |
| Profile data | Username, phone number, profile photo (optional) | After registration |
| Asset data | Property name, state, district, type, market value, rental income, square footage | When adding a property |
| Verification documents | SPA pages, Land Grant (Geran), MyKad front and back | When uploading for verification |
| Points & activity data | Points earned, level, rank, event log, login history | Continuously during platform use |
| Technical data | IP address, browser type, device type (via Netlify hosting logs) | Automatically on access |
We do not collect payment information, banking credentials, or financial account details.
HOW WE USE YOUR DATA
Your personal data is used solely for the following purposes:
- Account operation — creating and maintaining your profile, enabling login and authentication
- Asset verification — manually reviewing uploaded documents to confirm property ownership and award verified status
- Leaderboard and points — calculating your rank, total points, level, and displaying your profile on the public leaderboard
- Platform communications — sending email confirmations, verification updates, and important platform notices
- Platform improvement — understanding how users interact with the platform to improve features and fix issues
- Legal compliance — maintaining records as required by Malaysian law
We do not use your data for advertising, profiling for third-party marketing, or automated decision-making that produces legal effects.
LEGAL BASIS FOR PROCESSING
Under the PDPA 2010, we process your personal data on the following bases:
- Consent — you explicitly consent at registration by ticking the PDPA consent checkbox. You may withdraw consent at any time by deleting your account or contacting us.
- Contractual necessity — processing is necessary to provide the platform services you have registered for.
- Legitimate interests — platform security, fraud prevention, and maintaining the integrity of the verification system.
DATA STORAGE & SECURITY
Your data is stored on infrastructure provided by Supabase, hosted on Amazon Web Services (AWS) in the Singapore (ap-southeast-1) region.
We implement the following security measures:
- Encryption in transit — all data transmitted between your device and our servers uses TLS 1.2 or higher
- Encryption at rest — all data stored in the database and file storage is encrypted using AES-256
- Row-Level Security (RLS) — database-level access controls ensure users can only access their own data
- Private document storage — uploaded verification documents are stored in private buckets inaccessible via public URL
- Access controls — only the platform administrator can access uploaded documents for verification purposes
No system is completely secure. In the event of a data breach that affects your rights, we will notify you within a reasonable time and take appropriate remedial action.
THIRD-PARTY SERVICES
We use the following third-party services to operate the platform:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database, authentication, file storage | All platform data | Singapore (AWS) |
| Netlify | Website hosting and delivery | IP address, browser data (access logs) | Global CDN |
We do not share your personal data with any other third parties. We do not sell your data. We do not use advertising networks or tracking pixels.
Both Supabase and Netlify maintain their own privacy policies and security certifications. Links: Supabase Privacy Policy · Netlify Privacy Policy.
DOCUMENT HANDLING
Uploaded verification documents — including Sale & Purchase Agreements, Land Grants (Geran), and MyKad copies — are treated with the highest level of confidentiality.
- Documents are stored in private, encrypted storage and are not accessible via any public URL
- Access is restricted to the platform administrator only, solely for the purpose of manual verification
- Documents are never shared with other users, third parties, government agencies, or advertisers
- MyKad data is used solely to confirm name matching against property documents — we do not store or process your IC number for any other purpose
- Upon account deletion, all uploaded documents are permanently deleted from storage
Important: monopoli.my is a data verification and display platform. We do not transmit your documents to any government registry, NAPIC, or land office. Verification is conducted manually by the platform administrator based on document review only.
YOUR RIGHTS UNDER PDPA
Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights:
- Right of access — you may request a copy of all personal data we hold about you
- Right of correction — you may request correction of inaccurate or incomplete data via your Profile Settings
- Right to withdraw consent — you may withdraw your consent to data processing at any time; this will result in account deletion
- Right to be forgotten — you may delete your account at any time via Profile Settings → Danger Zone; this permanently removes your profile, properties, points, and uploaded documents
- Right to limit processing — you may contact us to request that we limit processing of your data in specific circumstances
To exercise any of these rights, contact us at strategy@monopoli.my. We will respond within 21 days of receiving your request, in accordance with PDPA requirements.
DATA RETENTION
We retain your personal data for as long as your account is active. Specific retention periods:
- Account and profile data — retained until account deletion
- Asset and points data — retained until account deletion; leaderboard Hall of Fame entries for Season winners may be retained indefinitely in anonymised form
- Verification documents — retained until account deletion or upon written request
- Technical/access logs — retained by Netlify for up to 30 days per their standard policy
Upon account deletion, all personal data is permanently deleted within 30 days.
CHILDREN'S PRIVACY
monopoli.my is intended for adults aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has registered on the platform, please contact us at strategy@monopoli.my and we will immediately delete the relevant account and data.
CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time, particularly upon company incorporation or the addition of new platform features. When we make material changes, we will:
- Update the Last Updated date at the top of this page
- Display a notice within the platform for users who are logged in
- For significant changes, send an email notification to all registered users
Continued use of the platform after changes are posted constitutes acceptance of the updated policy.
CONTACT US
For all privacy-related inquiries, data access requests, or complaints:
If you are unsatisfied with our response, you have the right to lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at pdp.gov.my.