Privacy Policy

Rooftop Energy Tech Sdn Bhd
(Company Registration No: 202501013544 (1614958-P))
3-2, Block D2, Dataran Prima,
47301 Petaling Jaya, Selangor, Malaysia
Last Updated: 16th December 2025

1. Introduction

Rooftop Energy Tech Sdn Bhd (“Rooftop”, “we”, “our”, or “us”) is committed to protecting personal data and handling it responsibly. This Privacy Policy describes how we collect, use, store, disclose, and protect personal data in accordance with applicable data protection laws, including the Personal Data Protection Act 2012 of Singapore (“PDPA”), where applicable.
This Privacy Policy applies to users, clients, and authorised representatives who access or use the RooftopIQ platform, including during pilot, evaluation, and commercial use.

2. Scope

This Privacy Policy applies to:

  • Users accessing the RooftopIQ platform
  • Clients participating in pilot, evaluation, or commercial programs
  • Personal data processed in connection with RooftopIQ services

Where there is any inconsistency between this Privacy Policy and a signed agreement (such as a Pilot Service Agreement or subscription agreement), the terms of the signed agreement shall prevail.

3. Personal Data We Collect

Depending on the nature of use, we may collect and process the following categories of personal data:

  • Name
  • Email Address
  • Phone Number
  • User account identifiers and credentials
  • Property-related data (site location, photographs, aerial imagery)
  • Energy consumption data (e.g. electricity bills)
  • User activity logs and system access records

We only collect personal data that is reasonably necessary for providing and operating the RooftopIQ platform.

4. Purpose of Collection and Use

We only collect personal data that is reasonably necessary for providing and operating the RooftopPersonal data is collected and processed for the following purposes:IQ platform.

  • Providing access to and operating the RooftopIQ platform
  • User account management, authentication, and access control
  • Platform setup, onboarding, training, and support
  • System security, monitoring, auditing, and troubleshooting
  • Evaluation, testing, and improvement of the platform
  • Compliance with contractual and legal obligations

Personal data is not used for unrelated marketing purposes unless permitted by law or with consent.

5. Data Storage & Cross-Border Transfer

Personal data may be stored and processed in secure data centres located in Malaysia and/or Singapore.
Where personal data is transferred or stored outside Singapore, Rooftop ensures that the data is afforded a standard of protection comparable to the requirements under the PDPA.

6. Data Protection & Security Measures

We implement reasonable administrative, technical, and organisational measures to protect personal data, including:

  • Dedicated single-tenant infrastructure for each customer environment
  • Network isolation through Virtual Private Cloud (VPC) configurations
  • Encryption of data in transit using Transport Layer Security (TLS)
  • Encryption of sensitive data at rest
  • Role-based access controls restricting access to authorised personnel
  • Logging and monitoring of access to customer data

7. Data Retention & Deletion

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected.
For pilot or evaluation programs:

  • Data is retained for the duration of the program
  • Network isolation through VirtuaA grace period of up to 30 days may be provided for data exportl Private Cloud (VPC) configurations
  • If no commercial agreement is entered into, data will be permanently deleted through full environment termination, subject to legal retention requirements

8. Data Breach Management

In the event of any actual or suspected data breach affecting personal data, Rooftop will:

  • Promptly assess the incident
  • Take reasonable steps to mitigate impact
  • Notify affected clients without undue delay, in accordance with contractual and applicable legal requirements

9. Access and Correction

Subject to applicable laws, users may request access to or correction of their personal data by contacting our Data Protection Officer using the details below.

10. Disclosure to Third Parties

Personal data may be disclosed to third-party service providers strictly for operational purposes, such as cloud hosting and infrastructure services.Current sub-processors may include:

  • Amazon Web Services (AWS) – hosting and infrastructure (Malaysia / Singapore)

All third-party service providers are required to implement appropriate data protection safeguards.

11. Data Protection Officer (DPO)

For enquiries, access requests, correction requests, or other data protection matters, please contact:

Data Protection Officer
Rooftop Energy Tech Sdn Bhd
Email: jonsh@rooftop.my

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or technical operations. The updated version will be published on our website with the revised “Last Updated” date.

Privacy Policy

Rooftop Energy © 2025