DATA & SECURITY OVERVIEW

Company: Rearm Marketing Sdn Bhd - 202201037185 (1482882-P)

Last Updated: December 13, 2025

OUR SECURITY AND RISK FOCUS

At Rearm Marketing Sdn Bhd, our primary security focus is to safeguard our customers’ data. We have partnered with industry-leading software developers and enterprise-grade cloud hosting providers to deliver a highly secure SaaS platform.

This document outlines the technical, administrative, and physical security controls integrated into our platform's architecture.

1. INFRASTRUCTURE SECURITY

• Cloud Hosting Providers: We do not host any product systems or data within our physical offices. Our platform's infrastructure is entirely hosted by leading cloud infrastructure providers (such as Google Cloud Platform and Amazon Web Services). We rely on their audited security and compliance programs (including SOC 2 Type 2 and ISO 27001 certifications) for the efficacy of physical, environmental, and infrastructure security.

• Network and Perimeter: The platform enforces multiple layers of filtering and inspection across web applications, logical firewalls, and security groups. Network-level access control lists are implemented to prevent unauthorized access.

• Logging and Monitoring: Actions and events within the application are continuously monitored. Automated triggers are designed to immediately respond to anomalous situations, such as DDoS attacks or unusual traffic surges.

2. APPLICATION SECURITY

• Web Application Defenses: All customer content hosted on the platform is protected by application-layer monitoring and web application firewalls (WAF). The rules used to detect and block malicious traffic align with OWASP best practices.

• Development and Updates: Our technology partners' core development lifecycle includes strict code reviews, continuous integration, and vulnerability testing. Updates are deployed seamlessly without requiring significant downtime.

• Vulnerability Management: Our infrastructure partners utilize a multi-layered approach to vulnerability management, running regular scans and periodic penetration tests against the application to identify and mitigate risks.

3. CUSTOMER DATA PROTECTION

• Tenant Separation: Our platform provides a multi-tenant SaaS solution where customer data is logically separated using unique IDs to ensure that your data is never accessible by other users.

• Encryption in Transit and at Rest: All data is encrypted in transit using TLS version 1.2 or 1.3 (with 2,048-bit keys or better). Stored platform data is encrypted at rest using AES-256 encryption. User passwords are hashed following industry best practices.

• Data Classification & Prohibited Data: Per our Terms of Service, customers must not use the platform to collect or store highly sensitive, regulated data (e.g., full credit card numbers, government ID numbers, or protected health information).

4. DATA BACKUP AND DISASTER RECOVERY

• System Backups: The platform’s databases are backed up on a regular schedule across distributed availability zones to ensure disaster recovery and business continuity.

• Customer Data Restoration & Deletion: While system-level backups are maintained for disaster recovery, individual customers are responsible for exporting their data if needed. As defined in our Terms of Service, if an account is suspended or terminated, we will only retain the data for a maximum of 30 days. After this period, data is permanently deleted and cannot be restored from any backup.

5. IDENTITY AND ACCESS CONTROL

• Product Login Protections: Customers are empowered to create and manage users within their portal using granular, role-based access control (RBAC). The platform enforces strong password policies and supports Two-Factor Authentication (2FA), which portal administrators can require for all their users.

• Internal Access: Access to the production infrastructure by our technology partners' engineering teams is strictly limited to authorized personnel using secure authentication methods (such as jump boxes or IAM roles) and is granted on a least-privilege basis.

6. COMPLIANCE & PRIVACY

• Payment Processing (PCI Compliance): We leverage PCI-DSS compliant third-party payment processors (e.g., Stripe) to handle all billing transactions securely. Rearm Marketing Sdn Bhd does not store, process, or transmit credit card information directly on our servers.

• PDPA Alignment: We process data in alignment with the Malaysian Personal Data Protection Act 2010 (PDPA), ensuring your data remains private and is never sold to third parties.

• Breach Notification: In the unlikely event of a verified data breach impacting your personal data, we will notify affected customers as required by applicable laws.

DOCUMENT SCOPE AND USE

This document is intended strictly as an informational resource for our customers regarding the security posture of the platform. It does not create a binding contractual obligation, nor does it amend, alter, or supersede the limitation of liability and "As-Is" clauses established in our official Terms of Service.