Rimba Inc. Privacy Policy

Last Updated: November 06, 2024

‍Rimba Inc. (“we,” “us,” or “our”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you interact with our services, including our website, the Rimba platform, the Used Cooking Oil Collection App, and other related services (collectively, the “Services”).

By accessing or using the Services, you agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Services.

‍1. Information We Collect

‍Rimba Inc. may collect, use, store, and transfer various types of personal information to deliver our services effectively. This data includes the following categories:

‍Personal Information
- Identifiers
‍This includes your name, business name, email address, physical address, phone number, and any other contact information you provide when signing up for our services or contacting us. We may also collect unique identifiers for verification purposes.
- Driver Information
‍If you are a driver using our platform, we may collect specific information, such as your driver’s license, vehicle registration details, and contact information. This data ensures we can verify driver identity, comply with legal requirements, and facilitate smooth operations.
- Photos and Media
‍Our app may capture photos or media during collection activities to verify completed services, document the status of collected materials, and ensure quality standards. These images help maintain accuracy in service reporting and support operational transparency.
‍
Technical and Usage Information
- Device Data
‍We automatically collect information about the devices you use to access our services, such as device type, operating system, browser type and version, app version, IP address, and unique device identifiers. This helps us diagnose technical issues and optimize our services for different devices.
- Usage Data
To understand how users interact with our website and app, we collect data on pages visited, time and date of visits, actions taken within the app, time spent on each page, and navigation paths. This data supports our efforts to improve user experience, develop new features, and tailor content.
- Location Data: For optimized service delivery, we may collect real-time geolocation data from your device when using location-based features in our app. This data assists in verifying collection points, optimizing routes for drivers, and ensuring user and driver safety.
‍
Cookies and Tracking Technologies
‍We use cookies, beacons, tags, and scripts to monitor and analyze trends, gather demographic information, track user movements, and store preferences. Cookies allow us to remember your preferences, streamline your experience, and enhance the functionality of our website.

We may use different types of cookies, such as:
- Session Cookies
Temporary cookies deleted once you close your browser. These allow us to track user actions during a single session.
- Persistent Cookies
Stored on your device for a set duration to remember your preferences between visits.
- Third-Party Cookies
Cookies placed by third parties that enable tracking and analytics across websites. For example, these may include analytics cookies that help us understand user interaction and advertising cookies that allow us to serve relevant ads.

‍Collection and Service Data
- Collection History
Details of collected materials, such as oil quantities in jerrycans, liters, or kilograms, may be stored to track and verify service history. This data supports accurate reporting and enables transparency in service performance.
- Route and Trip Data
For logistical optimization, we collect data related to route planning, estimated times of arrival, completed trip logs, and other information that helps us verify that collections are completed as planned.

‍Information from Third Parties
‍We may also receive information from third-party sources, including:
- Service Providers
‍Data from logistics or tech partners to assist in providing our services.
- Public Sources: Information that is publicly available, such as social media profiles or business directories, to help us verify identities or gather additional contact information.
- Social Media Platforms
If you interact with our social media pages or marketing content, these platforms may provide us with information about your profile and interactions, subject to your privacy settings on those platforms.
‍
‍2. How We Use Your Information
‍The data we collect serves various business, operational, and legal purposes, ensuring we can deliver services effectively while protecting user interests. Our primary uses of data include:
‍
Providing and Enhancing Services
- Service Delivery
We use your data to manage your account, schedule and perform collection activities, notify you of service updates, and provide relevant documentation of completed services.
- Account Management
For account maintenance, support, and billing purposes, we use identifiers and other contact details to keep your profile up to date, communicate with you, and manage subscription or billing issues.

‍Quality Control and Service Verification
- Service Verification
We use geolocation data, photos, and collection logs to verify that collections are accurately completed according to agreed standards. This helps in quality assurance and transparent service documentation.
- Data Accuracy and Monitoring
By tracking collection and route data, we monitor for discrepancies or irregularities, ensuring our operations are consistent and meet user expectations.

‍Safety and Optimization
- Driver and User Safety
Real-time location tracking helps us support drivers on their routes, optimize travel paths for efficiency, and ensure driver safety. In the event of an incident, location data can assist in providing timely support.
- Route Optimization
Using trip data and traffic information, we optimize routes for fuel efficiency, shorter travel times, and better collection performance.

‍Communication and Customer Support
- Service Updates and Notifications
We send notifications for important updates, service reminders, or changes in terms to keep you informed about your account and service status.
- Customer Support
Data collected during support interactions enables us to address inquiries, troubleshoot issues, and provide follow-up assistance as needed.
‍Improvement and Development
- User Behavior Analysis
We analyze usage data to understand patterns and preferences, which allows us to make informed decisions about new features and service improvements.
- Feature Testing
Usage data may also be used to test new features and analyze their effectiveness in enhancing user experience and operational efficiency.

‍Compliance and Security
- Legal Compliance
We process data to comply with applicable laws and regulations, respond to lawful requests by government authorities, and protect the integrity of our services.
- Fraud Detection and Prevention
To prevent fraudulent activities and secure our systems, we monitor patterns and implement security measures to detect and respond to potential risks.

‍Aggregated and Anonymized Data
‍We may aggregate or anonymize personal information so it no longer identifies individual users. Aggregated data may be used for various purposes, such as business analytics, service improvements, research, or shared publicly in reports.

‍3. Information Sharing and Disclosure
‍We take data confidentiality seriously and limit information sharing to third parties under specific, controlled circumstances:

‍Service Providers
‍We share your information with trusted service providers who perform essential tasks on our behalf. Examples include:
- Data Storage and Hosting
Providers who securely store and manage our data infrastructure.
- Analytics and Optimization
Companies that analyze user interactions and site performance to help us improve service delivery.
- Customer Support and Communication
Third-party platforms that enable support interactions, notifications, and engagement. These providers are bound by contractual obligations to protect your data and are only permitted to use it to provide agreed services.

‍Business Transfers
‍If Rimba Inc. is involved in a merger, acquisition, asset sale, or financing arrangement, your personal information may be transferred as part of the transaction. We will require the receiving party to respect this Privacy Policy and will notify you of any ownership changes affecting your data.

‍Legal and Regulatory Compliance
‍In certain situations, we may disclose data:
- As Required by Law
We may be obligated to disclose your information to comply with applicable laws or legal processes, including court orders, subpoenas, or requests by public authorities.
- For Security and Protection
If we believe it is necessary to protect our rights, property, safety, or that of our users, employees, or third parties, we may disclose data as part of our legal obligations.

‍Third-Party Networks and Websites
‍We may share your data with social media platforms or advertising networks for targeted advertising and promotional purposes. This can include your device ID, IP address, or browsing behavior for advertising across websites. Users may choose to opt out of certain types of sharing through settings provided in Section 7.

‍4. International Data Transfers
‍Rimba Inc. is a global business, and as such, your information may be transferred, stored, and processed outside of your country of residence. Transfers are conducted in compliance with applicable legal requirements to ensure the continued protection of your information.
- Data Locations
Your data may be stored and processed at Rimba’s operational sites and by our third-party providers in countries with varying privacy standards, including the United States, Malaysia, and Indonesia.
- Data Protection Measures
We implement safeguards to protect your information in transit and storage. These measures include data encryption, contractual protections with service providers, and adherence to cross-border transfer standards (such as Standard Contractual Clauses under the GDPR).
- User Rights
You have the right to understand where your data is stored and request further details on international transfers, if applicable, by contacting us.By using our services, you consent to the transfer of your personal information to the locations where we and our partners operate, acknowledging that privacy protections in these jurisdictions may differ from those in your country.

‍5. Data Retention and Deletion
‍We will retain your Personal Data for as long as is necessary for the purposes set out in this Privacy Policy. We may also retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Users may request data deletion earlier by contacting us directly (see Contact Information below).

‍6. Security and Protection of Your Information
‍Rimba Inc. prioritizes the security of your personal information and has implemented a series of administrative, technical, and physical safeguards to protect your data. These security measures are designed to prevent unauthorized access, disclosure, alteration, and destruction of the data we collect and store. Below are the core security practices we employ:
- Encryption
All data transmitted over the internet is encrypted using industry-standard encryption protocols, such as TLS (Transport Layer Security) 1.2 or higher. This ensures that your data remains secure during transmission between your device and our servers.
- Access Control
Access to personal information is limited to authorized personnel who require it to perform their job functions. We use multi-factor authentication, secure login credentials, and password management policies to prevent unauthorized access to sensitive information. Access levels are reviewed periodically and adjusted based on role-based needs.
- Data Storage Security
Personal data is stored on servers with advanced security features, including firewalls, intrusion detection systems, and access logs to track data interactions. Our servers are housed in secure facilities with 24/7 surveillance, physical access restrictions, and environmental controls.
- Regular Security Audits
We conduct regular security audits, vulnerability assessments, and penetration testing to identify and mitigate potential security risks. These assessments are conducted by both in-house experts and third-party security firms to ensure our practices remain up-to-date with the latest security standards.
- Third-Party Security Compliance
We work only with third-party providers who adhere to stringent data security and privacy standards. Each provider is required to sign data protection agreements, undergo regular security assessments, and meet compliance obligations, such as GDPR, CCPA, ISO 27001 or SOC 2 standards, where applicable.
- Data Backup and Recovery
Regular backups of personal data are performed to prevent data loss and ensure business continuity. These backups are stored securely and undergo periodic testing to confirm that data can be recovered quickly and accurately if needed.
- Data Minimization and Retention Policies
We follow the principle of data minimization by collecting only the data necessary to fulfill our stated purposes. Personal information is retained only as long as necessary and is deleted or anonymized once it is no longer required, per our data retention policy.Despite our efforts to secure your personal data, no system is entirely secure. If you have any reason to believe your interaction with us is no longer secure, please contact us immediately.

‍7. Cookies and Tracking Technologies
‍Rimba Inc. uses a variety of cookies and tracking technologies to personalize your experience, improve our services, and gather data on how users interact with our platform. This section outlines the types of cookies and similar technologies we use, as well as options available to manage your preferences.

-Types of Cookies Used:
‍Necessary Cookies: These cookies are essential for enabling core site functions, such as navigation and secure access to certain features. Without these cookies, some areas of the site may not function properly.
‍Functional Cookies: Functional cookies allow us to remember your choices, preferences, and settings, such as language, login information, and display options. This enables a more personalized experience and eliminates the need for you to re-enter information on each visit.
‍Analytics Cookies: These cookies collect aggregated data on user activity and site performance. By analyzing this data, we can improve website layout, functionality, and user experience. For example, we may track how users navigate through pages or how long they stay on each page.
‍Advertising Cookies: Advertising cookies track your online activities to help us deliver relevant ads based on your interests. These cookies can follow your browsing habits across multiple sites, allowing us and third-party advertisers to display targeted advertisements.
- Managing Cookie Preferences
You can adjust your browser settings to block or delete cookies. However, disabling certain types of cookies may limit functionality or your experience on our website. For more detailed information about the cookies we use and how to manage your settings, please refer to our full Cookie Policy.
- Third-Party Tracking Technologies: We may also use third-party tracking technologies, such as Google Analytics, which uses cookies to collect and analyze data on user interactions with our site. This information helps us understand trends, optimize the website, and measure the effectiveness of our marketing campaigns. Third-party providers may have access to your data in a pseudonymized form and may use it according to their own privacy policies.

We do not currently respond to Do Not Track (DNT) signals, as no industry standard exists regarding DNT compliance.

‍8. Tailored Advertising and Online Analytics
‍To better serve our users, we engage with third-party vendors, such as Google Analytics and advertising networks, to help us analyze site usage and deliver targeted advertisements. Here is how we handle online analytics and personalized advertising:
- Online Analytics
Our third-party analytics providers use cookies, pixel tags, and other tracking technologies to collect information about your interactions with our services. This includes data such as which pages you visit, how long you spend on each page, and the links you click. This information is aggregated and used to improve our website’s performance, understand user preferences, and guide future product developments. To opt out of data collection by Google Analytics, you may install the Google Analytics Opt-Out Browser Add-on available through Google.
- Tailored Advertising
We use advertising networks to display personalized ads based on your browsing history, inferred interests, and engagement with Rimba’s content. For example, if you visit certain sections of our website, you may see related advertisements on other websites. Advertising partners may use cookies and tracking technologies to gather information about your activity on our website and other sites to deliver ads targeted to your interests. You can manage your advertising preferences through tools provided by the Digital Advertising Alliance or adjust your browser settings to limit targeted advertising.
‍
‍9. Your Privacy Rights
‍Depending on your location, you may have specific rights regarding your personal data. These rights empower you to manage your data and control how it is processed. Rimba Inc. is committed to respecting and facilitating these rights, as outlined below:
- Access and Correction
You may request access to the personal data we hold about you. Additionally, if you believe any information we have is inaccurate or incomplete, you may request that we correct it.
- Data Portability
You may request a copy of your personal data in a structured, machine-readable format, which allows you to transfer it to another data controller. This right is often exercised for data portability between service providers.
- Deletion
You may request the deletion of your personal information in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected. Please note that we may retain certain information if required by law or for legitimate business purposes.
- Restriction of Processing
You may request that we restrict the processing of your personal information in specific cases, such as if you contest the accuracy of your data or object to the processing.
- Objection and Withdrawal of Consent
If we process your personal data based on consent, you have the right to withdraw that consent at any time. Additionally, you may object to certain types of data processing, such as processing for direct marketing purposes.

‍Additional Rights by Jurisdiction
- California Residents (CCPA)
California residents have the right to access, delete, or opt out of the sale of their personal data. Additionally, under the CCPA, you may be entitled to learn how we process personal data and with whom we share it.
- EU Residents (GDPR)
Under the GDPR, EU residents have the right to data portability, processing restriction, the right to lodge complaints with data protection authorities, and more detailed rights regarding automated decision-making.
- Malaysia (PDPA) and Indonesia
Under PDPA in Malaysia and similar legislation in Indonesia, residents have rights to access, correct, and request limitations on the processing of their data.

To exercise any of these rights, please contact us through the details provided in Section 15. We may request verification of your identity before processing your request to ensure your data is protected.

‍10. Children’s Privacy
‍Our Services are intended for users aged 13 and older, and we do not knowingly collect or solicit personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child under 13, please contact us at the information provided in Section 15, and we will take appropriate action.

For residents of jurisdictions with stricter age limitations, such as the European Union, our services are directed to users above the minimum required age for lawful processing of personal data without parental consent. We will comply with all local laws regarding children’s privacy.

‍11. Artificial Intelligence and Data Processing
‍Rimba Inc. employs Artificial Intelligence (AI) and machine learning (ML) technologies to improve our service efficiency and data processing capabilities. These tools may process user data, such as images and geolocation information, in a manner that supports automated decision-making for route optimization, collection verification, and service quality enhancement. Here’s how we use AI and ML responsibly:
- Anonymization and Data Minimization
To protect user privacy, all data processed by AI is anonymized or aggregated wherever possible. This means that personal identifiers are removed to prevent individual user identification.
- Temporary Data Retention
Data processed by our AI and ML systems is subject to strict retention policies. Please see section 5 for more details.
- Third-Party AI Compliance
When partnering with third-party AI providers, we ensure they adhere to the highest standards of data protection and do not use or retain user data beyond the scope of our agreements. Third-party AI systems are contractually restricted from using Rimba data to train or improve their own algorithms.By using AI responsibly, we aim to enhance our service delivery while respecting user privacy. If you have concerns about our use of AI in data processing, please contact us for more information.

‍12. Additional Information for Residents of California, Indonesia, and Malaysia
California Residents (CCPA)
‍Under the California Consumer Privacy Act (CCPA), California residents have specific rights regarding their personal data. If you are a California resident, you may:
- Request Access: Obtain information about the personal data we collect, use, disclose, and “sell” (as defined under the CCPA).
- Request Deletion: Ask us to delete your personal information, subject to certain exceptions.
- Opt-Out of Data Sale: Choose to opt out of the “sale” of your personal data. While Rimba does not sell personal information as commonly understood, some activities may constitute a “sale” under the CCPA’s broad definitions (e.g., sharing with advertising partners).
- Request Information on Data Collection and Sharing: Learn the categories of personal information we collect, the purposes of collection, and the categories of third parties with whom data is shared.
To exercise these rights, please contact us using the contact information in Section 15. We will verify your identity to ensure we protect your privacy and fulfill your requests. Rimba does not discriminate against users who exercise their privacy rights under the CCPA.

‍Indonesia Residents (PDPA)
‍In compliance with Indonesia’s Personal Data Protection Act (PDPA), residents of Indonesia have specific rights over their personal data. These rights include:
- Access and Correction: Request access to or correction of inaccurate personal information.
- Deletion and Restriction: Request the deletion or restriction of personal data that is no longer relevant or accurate.
- Objection: Object to certain types of data processing, including processing for direct marketing purposes.
- Withdrawal of Consent: Withdraw your consent for data processing at any time, where processing is based on consent.
To exercise these rights, please contact us using the contact details in Section 15. We will make reasonable efforts to verify your identity and comply with your request in accordance with local law.

‍Malaysia Residents (PDPA)
‍Under Malaysia’s Personal Data Protection Act (PDPA), Malaysian residents have specific rights regarding their personal information. These include:
- Access and Correction: Request access to personal information we hold about you and request correction of any inaccuracies.
- Limit Data Processing: Request to limit the processing of personal data, especially where processing is for marketing purposes.
- Objection: Object to data processing activities that are not aligned with the original purposes of collection.
- Withdrawal of Consent: Withdraw consent where processing is based on consent, which may affect the availability of some services.
For exercising these rights, Malaysian residents may contact us through the contact information provided in Section 15. We will take steps to verify your identity and respond in compliance with the requirements of the PDPA.

‍13. Updates to This Privacy Policy
‍We may periodically update this Privacy Policy to reflect legal or operational changes. Significant updates will be communicated via email or on our website. By continuing to use our Services after a policy change, you agree to the updated practices.

‍14. Links to Other Websites
‍Our Services may contain links to third-party websites, applications, and services. We do not control these sites and are not responsible for their privacy practices. We encourage you to review their privacy policies when visiting these sites.

‍15. Contact Information
‍If you have questions about this Privacy Policy, or wish to exercise any of your privacy rights, please contact us at:

‍Rimba Inc.
Email: support@rimba.ai

‍Data Protection Officer
For privacy-related inquiries, please reach out to our Data Protection Officer at the above email.