Legal

Privacy Policy

Platform-level legal terms for Recqa Circle. Community owners may publish additional community-specific rules and policies.

Recqa Circle Privacy Policy

Effective date: 2026-05-05

This Privacy Policy explains how Recqa Circle ("Recqa Circle", "we", "us", or "our") collects, uses, stores, discloses, and protects personal data when you access or use our website, platform, communities, content, payments, communications, and related services (the "Services").

This document is intended as an operational draft for review by qualified legal counsel before publication.

1. Who We Are

Recqa Circle provides an online community platform that allows users, community owners, administrators, instructors, and members to create communities, manage memberships, publish content, offer courses and resources, communicate with members, process payments, and use related platform tools.

For privacy questions, contact us at:

  • Email: privacy@recqa.com
  • Website: https://circle.recqa.com

2. Scope

This Privacy Policy applies to personal data processed by us as platform operator.

Community owners and administrators may also process member data through their own communities, content, groups, courses, communications, and moderation actions. Where a community owner independently determines how member data is used, that community owner may be responsible for its own privacy obligations. We are not responsible for privacy notices, practices, representations, or unlawful processing carried out by community owners, administrators, instructors, members, or other third parties.

3. Personal Data We Collect

We may collect the following categories of personal data:

  • Account data: name, email address, password hash, profile information, avatar, location, biography, website, account status, verification status, and preferences.
  • Community data: communities joined or owned, roles, memberships, group participation, course enrollments, resources accessed, comments, posts, announcements, reports, appeals, and moderation history.
  • User-generated content: threads, comments, replies, resources, course materials, files, images, videos, links, messages, submissions, feedback, and other content you provide.
  • Payment and billing data: subscription status, plan information, transaction references, invoices, payout records, refund status, tax or billing details, and payment processor identifiers. We do not store full payment card numbers when payments are handled by third-party payment processors.
  • Communications data: support requests, contact forms, email delivery events, unsubscribes, bounce and complaint information, notification preferences, and correspondence with us.
  • Technical and usage data: IP address, device and browser information, user agent, session data, cookies, logs, pages visited, features used, timestamps, referral URLs, security events, and diagnostic data.
  • Administrative and compliance data: audit logs, admin actions, abuse reports, content moderation records, security flags, sanctions, appeals, legal requests, and records needed to enforce our Terms.

We may also collect sensitive personal data if you voluntarily include it in your profile, posts, files, messages, reports, appeals, support requests, or other user-generated content. You should not submit sensitive personal data unless necessary.

4. How We Collect Personal Data

We collect personal data when:

  • you create or update an account;
  • you use the Services;
  • you join, create, manage, or interact with a community;
  • you publish, upload, comment on, or interact with content;
  • you enroll in courses or purchase paid access;
  • you contact us or receive communications from us;
  • community owners, administrators, or other users submit information involving you;
  • third-party providers send us payment, email, analytics, hosting, security, or operational events;
  • we automatically collect logs, cookies, and device information.

5. Purposes of Processing

We may process personal data for the following purposes:

  • to provide, operate, maintain, secure, and improve the Services;
  • to create and manage accounts, authentication, sessions, and email verification;
  • to enable communities, memberships, groups, courses, resources, discussions, announcements, and user-generated content;
  • to process payments, subscriptions, refunds, invoices, payouts, and related financial records;
  • to send transactional emails, service notices, security alerts, verification emails, billing notices, membership updates, course notifications, and administrative messages;
  • to send marketing or community communications where permitted and subject to applicable unsubscribe controls;
  • to provide customer support and respond to inquiries;
  • to detect, prevent, investigate, and respond to fraud, abuse, spam, security incidents, policy violations, unauthorized access, and unlawful activity;
  • to moderate content, process reports and appeals, enforce our Terms, and protect users, communities, and the platform;
  • to analyze usage, performance, reliability, and feature adoption;
  • to comply with legal, regulatory, accounting, tax, audit, law enforcement, and dispute-resolution obligations;
  • to protect our rights, property, business, users, partners, and the public.

6. Legal Basis and Consent

Where applicable law requires a legal basis for processing, we rely on one or more of the following:

  • your consent;
  • performance of a contract with you;
  • compliance with legal obligations;
  • our legitimate business interests, including platform security, fraud prevention, service improvement, content moderation, and enforcement of our Terms;
  • protection of vital interests or public interests where applicable.

Where consent is required, you may withdraw consent, but withdrawal may affect your ability to use some Services.

7. Malaysia Personal Data Protection Act

If the Malaysia Personal Data Protection Act 2010 and its amendments apply, we aim to process personal data consistently with applicable principles, including notice and choice, disclosure, security, retention, data integrity, and access/correction rights.

The Malaysian Personal Data Protection Act has been amended by the Personal Data Protection (Amendment) Act 2024. Compliance requirements may evolve through implementation dates, regulations, codes of practice, and regulator guidance. We may update this Privacy Policy and our practices as required.

8. Cookies and Similar Technologies

We use cookies and similar technologies to:

  • keep you logged in;
  • protect sessions and prevent cross-site request forgery;
  • remember preferences;
  • measure usage and performance;
  • improve security and reliability;
  • support analytics, diagnostics, and platform features.

You can control cookies through your browser settings. Disabling certain cookies may prevent the Services from functioning correctly.

9. User-Generated Content and Public Areas

Content you post, upload, publish, or share in communities may be visible to community owners, administrators, instructors, members, guests, or the public depending on community settings and feature behavior.

You are responsible for the personal data you include in user-generated content. Do not post personal data of others unless you have the legal right to do so. We may remove, restrict, preserve, review, or disclose user-generated content where necessary for moderation, security, legal compliance, enforcement, or protection of rights.

10. Community Owners and Administrators

Community owners and administrators may access, export, moderate, communicate with, or otherwise process data relating to their communities and members. They are responsible for using those tools lawfully and for providing any additional privacy notices required for their own activities.

We are not liable for community owners' or administrators' independent misuse of personal data, unlawful communications, unauthorized exports, or failure to comply with their legal obligations.

11. Email, Bounces, Complaints, and Unsubscribes

We may process email delivery data, including delivery status, bounces, complaints, opens or clicks if enabled by our providers, suppression status, unsubscribe preferences, and related metadata.

We may suppress or restrict emails to recipients where messages bounce, recipients complain, users unsubscribe, or continued sending may harm deliverability, violate law, or create platform risk. Some transactional or legally necessary emails may still be sent where permitted.

12. Payments and Third-Party Payment Providers

Payments may be processed by third-party payment providers such as Stripe or other providers we enable. These providers may collect and process payment information under their own terms and privacy policies.

We may receive payment status, customer identifiers, subscription details, invoice references, dispute information, refund status, payout records, and related transaction metadata, but we do not control third-party payment processor systems.

13. Service Providers and Disclosure

We may disclose personal data to:

  • hosting, infrastructure, database, storage, backup, and security providers;
  • email delivery, notification, and communication providers;
  • payment processors, banks, payout providers, and billing service providers;
  • analytics, monitoring, logging, and diagnostics providers;
  • customer support, operations, and professional advisers;
  • community owners or administrators where needed to operate their communities;
  • law enforcement, regulators, courts, government authorities, or third parties where required or permitted by law;
  • buyers, successors, investors, or advisers in connection with a merger, acquisition, financing, restructuring, sale of assets, or similar business transaction.

We do not sell personal data as a standalone business. We may share data as necessary to provide, secure, monetize, analyze, and improve the Services.

14. International Transfers

We may process, store, or transfer personal data outside Malaysia or your country of residence, including where our service providers operate infrastructure or support services in other countries.

By using the Services, you acknowledge that personal data may be transferred internationally, subject to safeguards we consider appropriate or legally required.

15. Data Security

We use administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. These may include access controls, encryption where appropriate, logging, backups, monitoring, and least-privilege controls.

No internet service, software system, email channel, or storage system is completely secure. We cannot guarantee absolute security.

16. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain records, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, maintain audit logs, and protect our rights.

We may retain certain records after account closure, including transaction records, audit logs, security records, moderation records, legal records, backup copies, and data required to comply with law or defend claims.

17. Account Closure and Deletion

You may request account closure or deletion where available and subject to applicable law. We may refuse, delay, limit, or retain data where necessary for:

  • legal, tax, accounting, audit, or regulatory reasons;
  • security, fraud prevention, or abuse investigation;
  • dispute resolution or enforcement of our Terms;
  • preservation of community records and user-generated content;
  • backup, archival, or technical constraints;
  • legitimate business purposes permitted by law.

Deleting your account may not automatically remove content you posted in communities, especially where that content is part of shared discussions, course records, moderation history, transaction records, or community operations.

18. Your Rights

Depending on applicable law, you may have rights to:

  • request access to your personal data;
  • request correction of inaccurate personal data;
  • withdraw consent where processing is based on consent;
  • object to or restrict certain processing;
  • request deletion where legally available;
  • request information about disclosure of your personal data;
  • lodge a complaint with a relevant regulator.

We may need to verify your identity before responding. We may refuse requests that are unlawful, abusive, technically impracticable, disproportionate, harmful to others, or otherwise exempt under applicable law.

19. Children's Privacy

The Services are not intended for children under the age required by applicable law to consent to online services. Users must meet the eligibility requirements in our Terms of Service. If we learn that we have collected personal data from a child without required consent, we may delete or restrict the account.

20. Third-Party Links and Integrations

The Services may contain links, embeds, integrations, or content from third parties. We are not responsible for third-party websites, services, policies, security, or data practices.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a revised effective date. If changes are material, we may provide additional notice through the Services, email, or other reasonable means. Continued use of the Services after an update means you accept the updated Privacy Policy to the extent permitted by law.

22. Contact

For privacy questions or requests, contact:

  • Email: privacy@recqa.com
  • Website: https://circle.recqa.com