Privacy Notice

1. Who we are

BridgeConnect is operated by Earth Guard Ventures (registration no. 202603144809) ("Earth Guard Ventures", "we", "us"), an invite-only B2B procurement-financing platform operated from Malaysia. Earth Guard Ventures is the data controller for personal data processed through the platform. Where a PO is carried out, related commercial data may also be shared with Earth Guard Sdn Bhd (registration no. 202501001097), the procurement company in the Earth Guard group. This Privacy Notice explains how we collect, use, protect, and disclose personal data in accordance with Malaysia's Personal Data Protection Act 2010 ("PDPA").

Our data protection contact is info@bridgeconnect.network.

2. Personal data we collect

• Account data: name, email address, role, and the admin-issued invite identifier.
• Commercial data: purchase-order references, delivery-order details, supplier information, buyer payment dates, commission and tier history.
• Financial data (for participants providing capital): bank-account details for deposits and disbursement of returns, capital amounts, deployment history.
• Technical data: IP address, device type, session timestamps, and authentication logs.

3. Why we collect it

We process personal data for the following purposes, relying on the following lawful bases under the PDPA:

• Performance of contract: to operate your account, calculate commissions, hold and deploy capital, and pay returns.
• Legitimate interest: to secure the platform, prevent fraud, and improve our service.
• Legal obligation: to comply with Malaysian tax, anti-money-laundering, and record-keeping requirements.
• Consent: for any marketing communications (if applicable; you may withdraw this at any time).

4. Who we share it with

We share personal data only as needed for the purposes above, with:

• Earth Guard Sdn Bhd — the procurement company, for executing and settling the POs your capital is deployed against.
• Supabase — authentication and database hosting.
• Vercel — application hosting and delivery.
• Crossmint — to issue your membership NFT, using your email address.

Supabase, Vercel, and Crossmint process data outside Malaysia (including in the United States and the European Union). By using BridgeConnect, you consent to such cross-border transfer in accordance with section 129 of the PDPA. We require these processors to maintain security standards at least equivalent to those under the PDPA.

Your membership NFT is recorded on the Polygon public blockchain. Anything recorded on a public blockchain — including the token and the tier shown on it — is public and permanent. It cannot be changed or deleted, even after your account is closed.

5. How long we keep it

We retain personal data for as long as your account is active, and thereafter for the period required by Malaysian tax and record-keeping laws (generally seven years from the date of the last relevant transaction). After this period the data is deleted or anonymised.

6. How we protect it

• Data is encrypted in transit using HTTPS/TLS and at rest at our sub-processors.
• Database access is gated by Supabase row-level security; each account can only see its own data.
• Administrative access is limited to authorised personnel.

7. Your rights under the PDPA

You may, at any time and without charge:

• Access the personal data we hold about you;
• Correct data that is inaccurate or incomplete;
• Limit the processing of your data for direct marketing;
• Withdraw consent you have previously given; and
• Lodge a complaint with the Personal Data Protection Commissioner of Malaysia.

To exercise any of these rights, contact us at info@bridgeconnect.network.

8. Cookies

We use only strictly-necessary authentication cookies provided by Supabase to keep you signed in. We do not use analytics, advertising, or tracking cookies and do not share cookie data with any third party for those purposes.

9. Changes to this notice

We will post material changes to this notice on this page at least 30 days before they take effect and notify active users by email.