Back to Home Road Asset
Legal

Privacy Policy

Last updated: January 2026

RoadAsset ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our road asset management platform and related services.

This policy complies with the General Data Protection Regulation (GDPR), Malaysia's Personal Data Protection Act 2010 (PDPA), and other applicable data protection laws.

Information We Collect

Personal Information

  • Name and email address (for account registration)
  • Organization/company name (optional)
  • Contact information (phone number, when provided)
  • Profile information and preferences

Project Data

  • Video footage and images uploaded for asset tagging
  • GPS coordinates and location data from uploaded videos
  • Asset annotations, classifications, and metadata
  • Project settings and configurations

Usage Information

  • Log data (IP address, browser type, access times)
  • Device information and operating system
  • Feature usage and interaction patterns
  • Error reports and performance data

How We Use Your Information

  • 1. Service Provision: To provide, maintain, and improve our road asset management platform
  • 2. AI Processing: To train and improve our asset detection and classification models (using anonymized data only)
  • 3. Communication: To send service updates, security alerts, and support messages
  • 4. Analytics: To understand usage patterns and improve user experience
  • 5. Legal Compliance: To comply with applicable laws and regulations

Cookies & Tracking Technologies

We use cookies and similar technologies for:

  • Essential cookies: Authentication, session management, security
  • Functional cookies: User preferences, locale settings
  • Analytics: Understanding usage patterns to improve the service

We do not use advertising or third-party tracking cookies. For detailed information, see our Cookie Policy.

Automated Decision-Making & AI

RoadAsset uses AI and machine learning for:

  • Asset detection: Automatic identification of road assets in video frames
  • Classification: Categorizing detected assets by type and condition
  • Signboard recognition: Matching signboards to regional databases

Your rights: AI-generated classifications are suggestions only. You can review, modify, or reject any automated classification. No automated decisions are made that have legal or significant effects on you without human review.

Data Protection & Security

We implement industry-standard security measures including:

  • SSL/TLS encryption for all data in transit
  • Encrypted storage for data at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Secure cloud infrastructure (Cloudflare Workers)
  • Legal Hold capability for compliance requirements (Enterprise/Government plans)

For detailed security information, see our Security Policy.

Your Rights (GDPR/PDPA)

Under applicable data protection laws, you have the right to:

Access

Request a copy of your personal data

Rectification

Correct inaccurate personal data

Erasure

Request deletion of your data

Portability

Export your data in a standard format

Restriction

Limit how we process your data

Objection

Object to certain types of processing

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

  • Account data: Retained while your account is active
  • Project data: Retained until project deletion or account termination
  • Usage logs: Retained for up to 12 months
  • Contact form submissions: Retained for up to 24 months

For detailed information about our data retention policies by plan type, see our Data Retention Policy.

Third-Party Services

We use the following third-party services to provide our platform:

Cloudflare

Hosting, CDN, Workers, KV, Images, Vectorize

Aiven

Database hosting (MySQL)

Resend

Transactional email delivery

MapTiler

Map visualization

Replicate

AI model inference (CLIP embeddings)

Garage S3

Object storage for videos and images

Each third-party service operates under its own privacy policy. We only share data necessary for service operation.

International Data Transfers

Your data may be processed in countries outside your residence, including the United States and European Union, where our service providers operate.

We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all third-party providers
  • Compliance with Malaysia's PDPA cross-border transfer requirements

Children's Privacy

RoadAsset is designed for professional use by organizations and is not intended for children under 18 years of age. We do not knowingly collect personal information from children.

If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@roadasset.app and we will promptly delete such information.

Related Policies

This Privacy Policy should be read in conjunction with our other policies:

Terms of Service
Rules and guidelines for using our service
Security Policy
Our security practices and measures
Cookie Policy
How we use cookies and tracking
Acceptable Use Policy
Guidelines for appropriate service use

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@roadasset.app

Contact Form: /contact

We will respond to your request within 30 days as required by applicable data protection laws.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

enmsid