This Privacy Policy explains how OC Global Technology Sdn Bhd ("OCare", "we", "us", or "our") collects, uses, discloses, retains, and protects personal data of students, parents, teachers, school coordinators, and administrators who use the OCare platform (the "Service"). We act as a data processor on behalf of participating schools (the "School", which is the data controller for student, staff, and parent records) and as an independent data controller for the limited operational data we collect directly (account credentials, support requests, technical logs).
1. Scope & Roles
This policy covers personal data processed through the OCare iOS and Android applications, the OCare administration dashboard, the OCare API, and the OCare AI content-moderation service.
For data uploaded or generated by School users in the course of using the Service, the School is the data controller and OCare is the data processor under a written Data Processing Addendum (DPA). For account-level data (login credentials, audit logs, support correspondence), OCare is the data controller.
2. Data We Collect
The categories below align with Apple App Privacy and Google Play Data Safety disclosures.
| Category | Examples | Linked to identity? |
|---|---|---|
| Contact Info | Name, email, school affiliation, role | Yes |
| Identifiers | User ID, device ID (for push), session tokens | Yes |
| User Content | Diary entries, posts, chat messages, attachments, mood check-ins, SOS alerts | Yes |
| Health & Wellbeing | Self-reported mood scores, distress indicators from AI moderation | Yes |
| Sensitive Info | Emergency contacts, AI-derived safety risk levels | Yes |
| Location | Approximate/coarse location attached to SOS alerts only when the user triggers SOS. OCare does not store precise GPS coordinates. | Yes |
| Photos & Media | Avatar uploads, post and message attachments, voice notes | Yes |
| Usage Data | Screens viewed, feature interactions, crash logs, performance metrics | Yes |
| Diagnostics | App version, OS, device model, error stack traces | Yes |
| Administrative & audit data | Role, permissions, school affiliation, alert review actions, case escalation status, timestamps, IP/device/session logs, communications with support | Yes |
We do not collect: precise GPS coordinates outside SOS, contacts list, calendar, microphone or camera streams (only user-initiated captures), browsing history, or financial data.
3. Sources of Data
- From you — content you submit, profile edits, support tickets.
- From your School — initial account provisioning, class assignments, parent–student links, date of birth verification.
- Automatically — device identifiers, crash reports, push tokens, audit logs.
4. Purposes & Legal Bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide and operate the Service (accounts, feed, chat, diary) | Performance of a contract; legitimate interests |
| Safety features — SOS, emergency contacts, AI moderation | Vital interests of the data subject; legitimate interests of the School |
| Wellbeing analytics for schools and parents | Performance of a contract; legitimate interests |
| Authentication, audit logging, abuse prevention | Legitimate interests; legal obligation |
| Push notifications for messages, alerts, and announcements | Performance of a contract; consent (where required) |
| Service improvement, debugging, security monitoring | Legitimate interests |
| Comply with court orders, regulators, child-protection law | Legal obligation; vital interests |
Where processing relies on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Health and wellbeing data
OCare processes wellbeing-related data, such as mood check-ins, distress indicators, SOS alerts, and AI-derived risk signals, solely to provide school safeguarding and wellbeing support. OCare does not provide medical diagnosis, treatment, or clinical decision-making, and does not use or share wellbeing data for advertising, marketing profiling, or any unrelated purpose.
5. Device Permissions
OCare requests the following device permissions on a strict need-to-use basis. Each can be revoked from the operating system's settings.
| Permission | Why | When asked |
|---|---|---|
| Camera | Profile photo, posts, chat attachments | When you tap the camera button |
| Photo Library | Upload media to posts, chat, profile | When you tap the gallery button |
| Microphone | Voice notes in chat | When you start a voice recording |
| Notifications | Deliver messages, SOS responses, and admin alerts | At first launch |
| Location (coarse) | Attach approximate location to an SOS alert | When you trigger SOS |
6. AI Content Moderation
To support student safety, OCare runs automated content moderation on diary entries, posts, and chat messages. The AI service is operated by us on infrastructure we control. User content is not used to train any third-party model.
Models in use
- Mental-BERT (
mental/mental-bert-base-uncased) — distress signal detection - Toxic-BERT (
unitary/toxic-bert) — toxicity classification - mDeBERTa cyberbullying — cyberbullying classification
- NLLB-200 (
facebook/nllb-200-distilled-600M) — translation for Malay or Indonesian inputs so the English classifiers can run on a translated copy - XLM-RoBERTa sentiment — dampens false positives on the original (untranslated) text
In-app disclosure
Before students submit diary entries, posts, chat messages, mood check-ins, or SOS alerts, OCare shows an in-app disclosure explaining that the content may be analysed by automated safety systems and, if risk is detected, may be surfaced to authorised school coordinators or administrators for human review. AI scores do not automatically create disciplinary action or formal cases. The full disclosure is repeated during onboarding and remains accessible from Settings → Privacy.
What we send and what we keep
- Original text is sent to the AI service for classification and is processed in memory only — the AI service does not write the content to durable storage.
- The original diary entry, post, or chat message itself continues to live in the user's account in our main content database (PostgreSQL or MongoDB, depending on the feature). When an authorised coordinator opens an alert, the dashboard reads the original content from that primary store — not from a separate review copy.
- For verdicts at MEDIUM or higher, an internal admin alert is created. The alert record stores only metadata (risk level, reason, content type and a foreign-key identifier pointing back to the original record, and a SHA-256 hash of the analysed text) — the alert record itself does not contain the raw user content.
- Resolved alerts are purged after 90 days; unresolved alerts are retained until reviewed.
- If the underlying diary entry, post, or message is deleted by the user (or anonymised on account deletion), the dashboard view of any related alert loses access to the raw content at the same time, subject to backup overwrite (see Section 10).
Human oversight
Only named school coordinators and OCare administrators with role-based access can open alerts. AI verdicts never trigger automated disciplinary action; cases are escalated only by a human reviewer. You have the right to contest a verdict from any AI badge in the app ("Tell us this is wrong"), and to request human review under Section 11.
Crisis support
When an own diary entry is rated CRITICAL, OCare surfaces an in-app sheet with crisis resources (Talian Kasih 15999, Befrienders Malaysia +60 3-7956 8145, and a link to your school counsellor) before any other action is taken.
7. User-Generated Content Safety
OCare hosts user-generated content (posts, diary entries, chat messages, media attachments, and voice notes). To reduce harm we combine automated filtering (see Section 6) with human moderation and in-app safety controls.
- Report. Every post, chat message, and user profile has an in-app Report control. Reports route to your School's coordinators and to OCare support.
- Block / mute. Users may block or mute other users from chat and feed surfaces where the feature is available; school administrators may also restrict communications between specific users.
- Review timelines. We aim to review reports flagged as urgent (self-harm, threats, sexual content involving a minor) within 24 hours, and other reports within 7 days. Content depicting minors in a sexual context is removed immediately and reported to the relevant authorities.
- Escalation. Repeated or serious violations may result in content removal, account suspension, School referral, or law-enforcement referral.
- Identity-linked. OCare does not provide anonymous public posting or random chat with strangers. All communications are limited to users and roles authorised by the participating School and are subject to School oversight.
For urgent content-safety concerns email [email protected].
9. International Transfers
Personal data is primarily hosted in Singapore. Some sub-processors (notably Firebase) may process data in the United States or European Union. Where data leaves Malaysia, the EEA, or the United Kingdom, transfers are protected by Standard Contractual Clauses, adequacy decisions, or equivalent safeguards as required by the Personal Data Protection Act 2010 (Malaysia), the GDPR (EU/EEA), and the UK GDPR.
10. Retention & Account Deletion
| Data | Retention |
|---|---|
| Active account profile and content | Until account deletion or School termination |
| Deleted account — soft-delete grace period | 30 days, then permanent erasure |
| Diary entries and private messages of a deleted account | Erased at end of 30-day grace period |
| Public posts authored by a deleted account | Author name and all personally identifiable information within the post are permanently removed/anonymised; only the de-identified text is preserved for shared context. @mentions of the deleted user are stripped. |
| Resolved admin alerts (AI moderation) | 90 days |
| Unresolved admin alerts | Until reviewed |
| AI alert metadata (linkage to source content) | Resolved alerts purged after 90 days; unresolved retained until reviewed. Raw user content associated with an alert remains governed by the retention period of the underlying diary entry, post, message, media attachment, or voice note — it is not held in a separate review copy. |
| Security audit logs | 12 months |
| Backups | ≤ 35 days, then overwritten |
How to delete your account
From the app: Settings → Account → Delete Account. Your account is immediately locked and you are signed out. After 30 days the deletion is irreversible. Signing in again before the grace period ends cancels the deletion.
From the web: https://ocare.ocgt.app/delete-account. You may also email [email protected] with the subject line "Account deletion request" — we respond within 30 days.
11. Your Rights
Subject to your jurisdiction you may have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion (see Section 10).
- Restriction — limit how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Object — to processing based on legitimate interests, including automated decision-making.
- Withdraw consent — at any time, where consent is the basis.
- Lodge a complaint — with the Personal Data Protection Department of Malaysia or your local data-protection authority.
To exercise any right, email [email protected]. We verify identity before responding and reply within 30 days (extendable by a further 60 days for complex requests). Student requests are processed in coordination with the School where required by law.
12. Children & Minimum Age
OCare is intended for users aged 13 and older. We do not knowingly create accounts for, or collect personal data from, children under 13.
OCare is not intended for Apple's Kids Category and is not marketed as "for kids" or "for children." It is a school-provisioned safeguarding platform for authorised school communities and users aged 13 or older, unless a higher local minimum age applies.
Student accounts are provisioned by the school administrator. As part of provisioning, the School confirms each student's date of birth and the platform rejects any student under 13. On first launch, every user must confirm they are 13 or older before signing in.
Where local law sets a higher minimum age (for example, GDPR-K in the European Union, where the age may range from 13 to 16 depending on member state), the higher local minimum applies and the School must record appropriate parental authorisation before creating the account.
For US users: OCare complies with the Children's Online Privacy Protection Act (COPPA). Schools provide consent for student users under applicable school-authorisation provisions. Parents may review, refuse, or request deletion of their child's data by contacting the School or [email protected].
If you become aware that a child under 13 has been registered, contact us at [email protected] and we will delete the account and associated data promptly.
13. Security
- TLS 1.2+ for all data in transit; HSTS enforced.
- AES-256 encryption at rest for databases and backups.
- Short-lived JWT access tokens; refresh tokens stored in
expo-secure-store(iOS Keychain / Android Keystore) on device. - Role-based access control with the principle of least privilege.
- Audit logs for all administrative actions.
- Regular dependency scanning and quarterly third-party penetration testing.
- Mandatory two-factor authentication for OCare administrators.
No method of transmission or storage is 100% secure. We continuously improve our controls and invite responsible disclosure at [email protected].
14. Data Breach Notification
If we become aware of a personal-data breach likely to result in a risk to the rights and freedoms of natural persons, we will notify the affected School(s) without undue delay and, where required by law, the relevant supervisory authority within 72 hours. Affected users will be notified directly when the breach is likely to result in a high risk.
15. Region-Specific Disclosures
15.1 Malaysia (PDPA 2010)
We are registered with the Personal Data Protection Department where required. You may lodge a complaint with the PDP Commissioner at www.pdp.gov.my.
15.2 European Economic Area & United Kingdom (GDPR / UK GDPR)
Our EU/UK representative can be reached at [email protected]. Supervisory authorities: EDPB members (EU) and the Information Commissioner's Office (UK).
15.3 California, USA (CCPA / CPRA)
California residents have the right to know, delete, correct, and limit the use of sensitive personal information, and to opt out of "sale" or "sharing". OCare does not sell or share personal information as those terms are defined under the CPRA. To exercise California rights, email [email protected].
15.4 Other US states
Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have equivalent rights and may contact us at the same address.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified in the app and/or by email at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance.
17. Contact & Complaints
Data controller: OC Global Technology Sdn Bhd
Privacy / DPO: [email protected]
General support: [email protected]
Security disclosure: [email protected]
Postal address: OC Global Technology Sdn Bhd, Unit 09-04, Level 9, City Plaza, Jalan Tebrau, 80300 Johor Bahru, Johor Malaysia
If you are not satisfied with our response, you have the right to complain to the Personal Data Protection Commissioner (Malaysia) or your local supervisory authority.