FacilityX — IFCA

This Privacy Policy describes how IFCA MSC BHD Software ("we", "us", or "our") collects, uses, and protects your information when you use the FacilityX – IFCA mobile application ("App").

By using the App, you agree to the practices described in this policy. If you do not agree, please discontinue use of the App.

Account Information

• Username and password — required to authenticate your SaaS platform account. Passwords are stored in encrypted form and never transmitted in plaintext.

Device Information

• Device ID (via APNs / JPush) — used solely to route push notifications to your device.

Camera & Media

• Photos or videos captured via the in-app camera — used for App features such as facility inspections, defect reporting, or document uploads. Media is not stored locally beyond the session unless you explicitly save it.

Location (Planned Future Feature)

• Precise or approximate location — will be collected in a future update to support location-based facility management. You will be prompted for explicit permission before any location data is accessed.

• To authenticate your identity and provide access to the App and associated SaaS platform.
• To deliver push notifications regarding alerts, task updates, and system messages.
• To enable camera-based features within the App.
• To diagnose issues, improve App performance, and enhance user experience.
• To comply with applicable legal and regulatory obligations.

We do not sell your personal information. We may share data in the following limited circumstances:

• Service providers — including push notification providers (JPush / APNs) who deliver notifications on our behalf. All providers are contractually obligated to handle data securely and solely for specified purposes.
• Legal obligations — where disclosure is required by applicable law, court order, or regulatory authority.
• Business transfers — in the event of a merger, acquisition, or asset sale, your data may be transferred as part of the transaction, subject to the same protections described in this policy.

We retain your personal data only for as long as necessary to provide our services or as required by applicable law. When data is no longer required, it is securely deleted or anonymised.

You may request deletion of your account and associated data at any time by contacting us at the address below.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your personal data.
• Withdraw consent for optional data processing at any time.
• Lodge a complaint with your local data protection authority.

We implement industry-standard security measures including:

• Encryption in transit (TLS/HTTPS) for all data communications.
• Encrypted storage of credentials.
• Access controls limiting who can access personal data within our organisation.

While we take all reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure.

The App is intended for business users and is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this document and, where appropriate, notify you via the App or email.

Continued use of the App after changes constitutes acceptance of the updated policy.

For questions, requests, or concerns regarding this Privacy Policy, please contact:

The table below summarises the data types to declare in App Store Connect → App Privacy.