Privacy Policy
This Privacy Policy applies to all users of the EnsoNex platform globally. EnsoNex Sdn. Bhd. is the data controller for personal data collected through this platform. Users in the EU/EEA, Malaysia, Singapore, and other jurisdictions with applicable data protection laws are protected under the provisions described herein.
1. Introduction
EnsoNex Sdn. Bhd. (“EnsoNex”, “we”, “our”, or “us”) operates an influencer marketing and user acquisition (UA) platform that connects content creators with brand partners in the gaming and entertainment industries. We are incorporated in Malaysia and operate globally. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our platform, including our website, mobile application, and related services (collectively, the “Platform”). By registering for or using EnsoNex, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent as a legal basis for processing, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
2. Data Controller
The data controller responsible for your personal data is:
| Detail | Information |
| Company Name | EnsoNex Sdn. Bhd. |
| Registered Address | D2-02-25, Atelier Loso, Block D2, Jalan Atelier 3, Edusphere, Cyber 11, Cyberjaya 63000, Selangor, Malaysia |
| Jurisdiction | Malaysia (Companies Commission of Malaysia) |
| Privacy Contact | privacy@ensonex.com |
| Data Protection Officer | dpo@ensonex.com |
3. What Data We Collect
We collect the following categories of personal data:
3.1 Account & Identity Data
- Full name and username
- Email address and phone number
- Profile photo, bio, and Location
- Card and Bank Information
- Government-issued ID (where required for payment verification, handled via our payment processor)
3.2 Social Media & Platform Data
- Public profile information from collected platform (Youtube, Tiktok, Instagram, X/Twitter, Twitch and Facebook)
- Channel analytics: subscriber/follower counts, views, watch time, engagement rates
- Audience demographic data (aggregate, not individual viewer data)
- Performance metrics from campaigns run through the Platform
This data is collected with your explicit authorization via official platform APIs. You may revoke API access at any time from within your account settings or directly through the respective social media platform.
3.3 Campaign & Transaction Data
- Campaign participation history and deliverables submitted
- Payment records, transaction IDs, and invoice history
- Brand collaboration records and performance reports
- Communications between creators and brand partners via the Platform
3.4 Technical & Usage Data
- IP address and approximate geolocation
- Device type, operating system, and browser history
- Session data, click streams, and feature usage logs
- Cookies and similar tracking technologies (see our Cookies Policy)
4. How and Why We Use Your Data
We process your personal data for the following purpose, each grounded in a lawful basis:
| Purpose | Legal Basis |
| Account creation and platform access | Performance of contract |
| Matching your profile with brand partners | Performance of contract / Legitimate interests |
| Processing payments via Stripe | Performance of contract / Legal obligation |
| Sending campaign opportunities and updates | Consent (withdrawable at any time) |
| Platform analytics and platform integrity | Legitimate interests |
| Fraud prevention and platform integrity | Legal obligation / Legitimate interests |
| Responding to support requests | Performance of contract |
| Complying with legal and regulatory obligations | Legal obligation |
| Enforcing our Terms of Service | Legitimate interests / Legal obligation |
5. Profile Sharing with Brand Partners
When you create a creator profile on EnsoNex, you agree that your public creator profile — including your handle, content category, platform links, audience size, engagement metrics, and campaign history — may be presented to brand partners for the purpose of campaign matching and collaboration opportunities.
We will NOT share the following with brand partners without your separate, explicit consent:
- Your private contact details (email, phone number)
- Payment information or banking details
- Government-issued identification documents
- Any data you have designated as private in your account settings
You may opt out of brand partner profile visibility at any time by adjusting your privacy settings or contacting us at privacy@ensonex.com. Opting out may limit your ability to receive campaign opportunities through the Platform.
6. Third-Party Service Providers
We share your personal data with trusted third-party service providers only to the extent necessary to operate the Platform. All third-party processors are bound by Data Processing Agreements (DPAs) requiring them to protect your data in accordance with applicable law.
| Provider / Category | Purpose |
| Stripe | Payment processing – subject to Stripe’s own Privacy Policy |
| Cloud hosting providers (AWS/GCP) | Secure data storage, infrastructure, and platform delivery |
| Analytics tools | Aggregated, pseudonymized platform usage analysis |
| Email service providers | Transactional and marketing communications (with your consent) |
| Identity verification services | Age and payment verification where required |
| Brand partners | Limited public creator profile data as described in section 5 |
We do not sell, rent, or trade your personal data to any third party for their own marketing or commercial purposes — ever.
7. International Data Transfers
EnsoNex is incorporated in Malaysia and operates globally. Your personal data may be transferred to, stored in, and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction.
Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) or equivalent mechanisms for transfers from the EU/EEA
- Adequacy decisions where applicable
- Binding corporate rules or other legally recognised transfer mechanisms
- Compliance with Malaysia’s Personal Data Protection Act 2010 (PDPA) requirements for cross-border transfers
8. Data Retention
We retain your personal data for as long as your account is active or as necessary to provide our services. Specific retention periods are as follows:
| Data Category | Retention Period |
| Account and identity data | Duration of account + 3 years following closure |
| Campaign and transaction records | 7 years (financial and legal compliance) |
| Social media analytics (connected platforms) | Duration of account + 1 year |
| Communications and support tickets | 3 year from last interaction |
| Technical and usage logs | 12 months rolling |
| Payment records (via Stripe) | As required by Stripes and applicable tax law |
You may request deletion of your data at any time (see Section 9). Note that certain data may be retained longer where required by law, regulation, or legitimate business necessity (e.g., fraud prevention, legal proceedings).
9. Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data. We will respond to all requests within 30 calendar days. There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.
| Right | What It Means |
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your data (“right to be forgotten”) |
| Restriction | Request that we limit how we process your data |
| Data Portability | Receive your data in a structured, machine-readable format |
| Object | Object to processing based on legitimate interests or for direct marketing |
| Withdraw Consent | Withdraw consent at any time without affecting prior processing |
| Non-Discrimination | We will not penalise you for exercising your privacy rights |
To exercise any of these rights, submit a request to: privacy@ensonex.com or via the Privacy Centre in your account settings. You also have the right to lodge a complaint with your local data protection authority (e.g., the Department of Personal Data Protection Malaysia, or your national EU supervisory authority).
10. Data Security
We implement industry-standard technical and organisational security measures to protect your personal data, including:
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for data at rest
- Role-based access controls limiting internal data access on a need-to-know basis
- Regular penetration testing and security audits
- Incident response and breach notification procedures
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and relevant regulators within the timeframe required by applicable law (72 hours under GDPR; as required under PDPA Malaysia).
No method of internet transmission is 100% secure. We encourage you to use a strong, unique password and to notify us immediately at security@ensonex.com if you suspect unauthorised access to your account.
11. Children’s Privacy
Our Platform is intended for users aged 18 and above. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that a minor has provided us with personal data, we will delete it promptly.
If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@ensonex.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
- Sending an email notification to your registered email address
- Posting a prominent notice on the Platform
- Updating the “Last Updated” date at the top of this document
Material changes will take effect no earlier than 14 days after notification. Continued use of the Platform after the effective date constitutes acceptance of the updated policy. If you do not agree to the changes, you may close your account before the effective date.
13. Contact Us
For any privacy-related questions, requests, or concerns:
| Contact Type | Details |
| Privacy Officer | privacy@ensonex.com |
| Data Protection Officer | dpo@ensonex.com |
| Security Incidents | security@ensonex.com |
| Postal Address | D2-02-25, Atelier Loso, Block D2, Jalan Atelier 3, Edusphere, Cyber 11, Cyberjaya 63000, Selangor, Malaysia |
| Response Time | Within 30 calendar days of receipt |