Logo

Company

Privacy Policy

Last updated, December 16, 2025

This Privacy Policy describes how Sync (“Sync,” “SOF,” “we,” “our,” or “us”) collects, uses, discloses, transfers, stores, retains or otherwise processes your information when you (whether you are a person acting as a sole proprietor or on behalf of another business entity) visit our website (www.sync.weresof.com) or apply or sign up for a Sync account (collectively, “Services”).

1. INFORMATION WE COLLECT ABOUT YOU

We collect information about you in three ways: (i) when you provide it to us directly; (ii) When we gather information while you are using the Services; and (iii) when we collect information from other sources. We explain below what types of data are involved in each case, how and why we process (use) it and the lawful basis that applies to our use of the relevant information.

2. INFORMATION YOU PROVIDE (“SYNC USER DATA”)

To provide clarity on how we process your information, we have categorized the data we collect into the following types (“Sync User Data”):

(i) Identity Information: Name, date of birth, government ID, facial recognition data, etc.

(ii) Financial Information: Bank account details, card numbers, transaction history, net worth, etc.

(iii) Tax Information: Tax ID numbers, withholding status, etc.

(iv) Contact Information: Email address, phone number, mailing address, and contact lists (if authorized).

(v) Usage & Device Data: Information about how you use our app, IP address, and device identifiers.

Below is an explanation of how we use this data and the lawful basis that supports each use.

We use your Identity, Financial, and Tax Information to verify your identity, perform background checks, and determine your eligibility to use our Services. This processing is strictly necessary for us to comply with our Legal Obligations under financial crime laws.

These laws include, but are not limited to: the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (Malaysia); the Bank Secrecy Act and USA Patriot Act (USA); EU Directives 2015/849 & 2018/843 (AMLD IV/V); and the Proceeds of Crime Act (Canada). We cannot open an account for you without processing this data.

We use your Identity, Financial, and Contact Information to create your account, process payments, facilitate withdrawals, and maintain your transaction history (including monthly statements). The lawful basis for this processing is the Performance of Contract; effectively, we need this information to fulfill our Terms of Service and deliver the financial features you have requested.

We use your Identity and Contact Information to respond to your inquiries, resolve disputes, fix technical issues, and send you important security alerts or administrative messages. This use is based on our Contractual Obligations to you (ensuring the service works) and our Legitimate Interest in ensuring our users receive efficient support.

When you send or receive payments, we use Contact Information (such as recipient email or phone number) and Financial Information to validate the transaction and prevent fraud. If you choose to grant us access to your device’s contacts, we use this information to help you find friends and reduce the risk of sending money to the wrong person. We process this data based on our Legitimate Interest in protecting the integrity of the Sync platform and preventing financial loss.

We use your Identity Information and usage data to analyze how you interact with our Services, associate your data across multiple Sync accounts you may hold, and personalize your experience. We also use this data to send you surveys to evaluate our updates. This processing is based on our Legitimate Interest in improving our products and developing new features that benefit our users.

We use your Contact and Identity Information to send you news, special offers, and promotions about Sync products that may interest you. You may opt-out of these communications at any time. We conduct this marketing based on our Legitimate Interest in growing our business or, where required by law, your explicit Consent.

3. INFORMATION WE COLLECT FROM YOUR USE OF SERVICES

In addition to the information you provide directly, we collect data from the devices you use to interact with our systems. We refer to this collectively as “User Usage Data”, which includes:

(i) Commercial Information: Data about the services you sell, transaction records, and business performance.

(ii) Location Data: Precise or approximate location based on your IP address or mobile device settings (subject to your device permissions).

(iii) Internet & Device Activity: Information about your web browser, IP address, device model, operating system, and network characteristics.

(iv) Online Identifiers: Cookies, beacons, pixel tags, mobile advertising IDs, customer numbers, and unique device aliases.

(v) Professional Information: Job titles, payroll details, and timecard data (if you use our payroll or team management features).

(vi) Profile Information: Inferences we draw about your preferences based on your activity, such as which features you use after receiving a marketing email.

We use Location Data, Internet Activity, and Online Identifiers to determine if you are located in a jurisdiction where we are authorized to operate. This allows us to comply with local laws, payment processor requirements, and language preferences.

We combine Commercial Information, Internet Activity, and Profile Information with risk signals to detect unusual activity. This helps us:

(i) Identify and block hackers or unauthorized access;

(ii) Investigate and prevent fraud, money laundering, or malicious behavior;

(iii) Debug and fix security incidents; and

(iv) Dispute chargebacks on your behalf by proving the legitimacy of transactions.

We process Professional Information and Commercial Information to deliver specific features you have requested (e.g., payroll processing or inventory tracking). We also analyze this data to:

(i) Measure trends and track usage to improve our products;

(ii) Develop new products and services; and

(iii) Use artificial intelligence (AI) technologies to generate personalized insights or features for your business.

We use Profile Information and Online Identifiers for automated processing, including identity verification. This allows us to confirm you are who you say you are (often using third-party verification services) and to tailor the Services to your specific needs.

4. INFORMATION WE COLLECT FROM OTHER SOURCES

To verify your eligibility, ensure legal compliance, and protect your account from fraud, we may collect information about you from third-party sources. This data helps us assess risk and verify your identity before and during your use of the Services. Types of third-party data we collect:

(i) Background Check Information: Identity verification records, sanctions lists checks (e.g., OFAC/UN lists), and public records regarding business ownership or financial relationships.

(ii) Credit, Compliance & Fraud Information: Credit reports, credit scores, fraud history, and repayment history from credit bureaus, financial institutions, and wireless carriers.

Here’s how we use this data: We collect Background Check Information from specialized vendors to process through our anti-fraud and risk management systems. This enables us to:

(i) Confirm your identity (KYM);

(ii) Detect and prevent identity theft; and

(iii) Assess the risk of onboarding you or your business.

We use Credit, Compliance, and Fraud Information to determine your eligibility for specific financial products (such as loans or instant transfers). We process this data to:

(i) Conduct credit investigations (where lawful and with your consent);

(ii) Monitor for potential fraud or default risks; and

(iii) Exchange relevant credit information with credit reporting agencies (CTOS/CCRIS in Malaysia, or equivalent bureaus globally) as part of our credit management and collection procedures.

5. WHEN AND WITH WHOM WE SHARE YOUR INFORMATION

We do not sell your personal data. However, we may share your information with the following categories of third parties to provide the Services, comply with legal obligations, or improve our business.

We share data with trusted third parties who help us operate our business. These partners are bound by strict confidentiality and data protection agreements:

(i) Service Support Partners: Companies that provide cloud hosting (e.g., AWS, Google Cloud), customer support software, payment processing, fraud detection, and identity verification services.

(ii) Analytics Providers: Tools (like Google Analytics or Mixpanel) that help us understand how users interact with our Services to improve performance.

(iii) Advertising Partners: Third parties that help us deliver interest-based advertising and measure the effectiveness of our marketing campaigns (subject to your opt-out preferences).

(iv) Business Partners: Financial institutions or integration partners that jointly offer products or services with us.

(v) Affiliates & Group Companies: Our subsidiaries and affiliated companies (e.g., SOF Capital entities) to provide unified services, support, and security across our group.

We may also disclose your information in the following specific circumstances:

(i) Other Users: If you transact with another Sync user, we share necessary details (like your name or business name) to complete the transaction and provide a receipt.

(ii) Legal & Regulatory Authorities: To law enforcement, government officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure is necessary to prevent physical harm or financial loss or to report suspected illegal activity.

(iii) Corporate Transactions: In the event of a merger, acquisition, debt financing, sale of assets, or bankruptcy, your information may be disclosed or transferred as a business asset to the acquiring entity.

(iv) At Your Direction: We may share your information with any other third party with your consent or at your specific instruction (e.g., if you authorize a third-party app to access your Sync account).

6. SECURITY

We take the security of your data seriously. We implement robust administrative, technical, and physical safeguards designed to protect your personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.

Our security measures include:

(i) Encryption of sensitive data in transit (using TLS/SSL) and at rest;

(ii) Strict access controls (only authorized employees/contractors with a "need to know" can access your data);

(iii) Regular security audits and vulnerability assessments; and

(iv) Use of secure, certified cloud infrastructure.

Despite our best efforts, please be aware that no security measures are perfect or impenetrable. The internet is not a 100% secure environment, and we cannot guarantee the absolute security of your data during transmission or storage. You acknowledge that you provide your personal information at your own risk.

We store your information on secure servers located at our own premises and with trusted third-party cloud providers (such as Amazon Web Services or Google Cloud). Access to this data is strictly limited to Sync employees, contractors, and service providers who require it to perform their job functions.

7. COOKIE, OTHER SIMILAR TECHNOLOGIES, AND ADVERTISING

When you interact with our websites, mobile apps, or emails, we use automated technologies, such as cookies, web beacons, pixel tags, and server logs, to collect information about your device and activity.

(i) Cookies: Small text files sent to your device to uniquely identify your browser or store settings.

(ii) Web Beacons (Pixel Tags): Tiny graphic images embedded in our website or emails to track engagement (e.g., seeing if you opened an email).

We use these technologies to enhance your experience and improve our Services. Specifically, they help us:

(i) Authentication: Recognize when you are signed in so you don't have to re-enter your password repeatedly.

(ii) Analytics: Track how you use our Services and identify which features are most popular.

(iii) Personalization: Tailor the dashboard and content to your preferences.

(iv) Marketing Attribution: Measure the effectiveness of our ads and email campaigns.

(v) Security: Detect unusual behavior that might indicate fraud.

Some cookies are placed by us ("First-Party Cookies"), while others are set by third-party service providers ("Third-Party Cookies").

(i) Analytics: We use tools like Google Analytics to evaluate site traffic.

(ii) Interest-Based Advertising: We work with advertising partners to show you ads relevant to your interests. These partners may track your browsing activity across different websites to build a profile for targeted advertising.

You have control over how cookies and tracking technologies are used:

(i) Browser Settings: Most browsers allow you to block or delete cookies. However, please note that disabling strictly necessary cookies may break certain features of the Sync platform (like logging in).

(ii) Mobile Device Settings: iOS: Go to Settings > Privacy > Tracking and disable "Allow Apps to Request to Track." And for Android: Go to Settings > Google > Ads and select "Opt out of Interest-Based Ads" or "Delete advertising ID."

(iii) Ad Network Opt-Outs: You can opt out of targeted ads from participating companies via the Network Advertising Initiative (NAI) or the Digital Advertising Alliance (DAA).

8. HOW LONG WE RETAIN YOUR INFORMATION

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

(i) Active Accounts: We retain your Sync Account Data and Usage Data for as long as your account is active. This allows us to maintain your transaction history, provide customer support, and ensure the Services function correctly.

(ii) Closed Accounts: If you close your account, we may delete or anonymize your data, subject to the legal exceptions below.

Even after you close your account, we are often legally required to retain certain information for specific periods. Factors influencing these retention periods include:

(i) Legal & Regulatory Obligations: Financial laws (such as AML/CTF laws in Malaysia and globally) typically require us to store transaction and identity records for at least 7 years after the business relationship ends.

(ii) Dispute Resolution: We retain records to resolve potential disputes, chargebacks, or complaints that may arise after account closure.

(iii) Fraud Prevention & Security: We may retain data (such as device fingerprints or flagged accounts) indefinitely to prevent banned users from opening new accounts and to protect the integrity of our platform.

(iv) Litigation: If we are involved in a legal claim, regulatory investigation, or receive a valid preservation order (e.g., a subpoena), we will retain relevant data until the matter is fully resolved.

9. YOUR CHOICES

Regardless of where you live, Sync is committed to providing you with control over your personal information. Subject to legal limitations (such as our obligation to retain transaction records), you have the following rights:

(i) Right to Access: You can request a copy of the personal data we hold about you, including the categories of data, sources, and purposes for processing.

(ii) Right to Correction: You can ask us to fix inaccurate or incomplete personal information (e.g., updating your phone number).

(iii) Right to Deletion (Erasure): You can request that we delete your personal information. Note: We may deny this request if we are legally required to keep the data for tax or anti-money laundering purposes.

(iv) Right to Portability: You can ask for your data in a structured, commonly used format to transfer it to another service.

(v) Right to Opt-Out: You can opt-out of marketing communications or the sharing of your data for targeted advertising.

To submit a request for access, deletion, or correction:

(i) Email: legal@e.911.so

(ii) Phone: +60176783113

For your protection, we must verify your identity before processing any request. We may ask you to confirm specific account details or provide a copy of your ID. If we cannot verify you, we will deny the request.

You may designate an authorized agent to make a request on your behalf. The agent must provide proof of your signed authorization and their own identity.

If we deny your request (e.g., because we are legally required to keep the data), we will explain why. If you disagree with our decision, you may email us to file an appeal.

While we collect sensitive data (such as government IDs or facial biometrics) to verify your identity, we only process this information for purposes strictly authorized by law (e.g., fraud prevention and KYC compliance) and do not use it for marketing or inferring characteristics about you.