Last updated: 30 Nov 2025
This Privacy Policy describes how RSA AUTO NETWORK SDN BHD (Company No. 1233447-A) (“RSA Auto Network”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal data when authorised service providers (“Providers”, “you”) use our mobile application and related systems used for roadside assistance and towing operations (“RSA AUTO PROVIDER”).
This Policy is prepared in accordance with the Personal Data Protection Act 2010 (PDPA Malaysia).
By using the App, you agree to the practices described in this Privacy Policy.
RSA AUTO NETWORK SDN BHD (1233447-A)
Tel: +603-27020843
Address: 1-3A VIM 3 Menjalara, No 99 Jalan Menjalara Idaman 6,
Bandar Sri Menjalara, 52200 Kuala Lumpur, Malaysia
Email: admin@rsanetwork.group
We collect the following types of personal data when you use the App:
Full name
Phone number
Email address
Provider team and role
Account status (active/suspended)
Authentication information using Firebase Auth
Note: Provider onboarding and identity verification documents are handled through the Admin Portal, not the App.
We collect this data for security, performance, and push notifications:
Device model and operating system
Device ID / push notification token
App version and usage logs
IP address
The App collects your location only during your working status, and only for operational purposes:
Live GPS location updated approximately every 5 seconds during active duty
Background location (when you are on-duty even if the app is minimised)
Location stored as the last known position in the database
Journey Sharing:
When you choose to enable “Share Journey”, your live movement is temporarily visible to the assigned customer. Once the job is completed, journey sharing is automatically turned off.
Login and logout timestamps
Case acceptance, rejection, and reassignment actions
Status updates during a case
Any in-app actions needed for operational tracking
We use your information for the following purposes:
To verify and authenticate your provider account
To assign, manage, and track roadside assistance cases
To allow team leaders to accept or reassign cases
To provide your live location to customers only when you explicitly enable Share Journey
To improve performance, stability, and safety of the App
For customer support and operational audits
For push notifications and job updates
To comply with legal and regulatory requirements
We process your personal data under the following PDPA principles:
Performance of a contract (providing roadside assistance services)
Legitimate interest (operations, safety, fraud prevention)
Compliance with legal obligations
Consent, where required (e.g., enabling journey sharing)
Your data is stored in:
Firebase Firestore (database)
Firebase Authentication
Firebase Cloud Messaging (notifications)
PostHog (analytics)
Data is encrypted in transit (HTTPS) and at rest according to the security standards of these providers.
We may share your data only with the following:
Only when you manually enable Share Journey, customers may see your:
Live GPS location
Estimated arrival movement on the map
This visibility stops automatically once the job ends.
We use third-party tools strictly for operational and analytical purposes:
Firebase (authentication, database, messaging)
PostHog (app analytics)
Your data may be accessed by authorised administrators for:
Job assignment
Auditing and support
Account suspension or reactivation
We do not sell or rent your data.
If you are unsure of exact durations, here is a compliant default:
Account information: as long as you remain an active provider
Suspended accounts: retained for up to 7 years for audit/legal reasons
Job and activity logs: 7 years (industry standard for insurance & claims)
Location logs: stored as last known location only, not full historical tracking
Analytics data: retained according to Firebase/PostHog policies
We implement reasonable administrative and technical safeguards, including:
Firebase Auth secure login
Encrypted data storage on Firebase
Access control restrictions for admin portal
Password hashing handled by Firebase
Regular security monitoring and audits
No system is 100% secure, but we strive to protect your data against loss, misuse, and unauthorised access.
Under PDPA Malaysia, you may request:
Access to your personal data
Correction of inaccurate data
Withdrawal of consent (where applicable)
To stop sharing journey visibility
Account deletion is not available through the App.
Providers may request suspension or closure by contacting the administrator.
This App is intended only for registered providers aged 18 and above.
We do not knowingly collect data from minors.
We may update this Privacy Policy from time to time. You will be notified through the App or by email when updates occur.
For any privacy-related questions or requests, contact:
RSA AUTO NETWORK SDN BHD
Email: admin@rsanetwork.group
Tel: +603-27020843