Privacy Policy

The collection, digital processing, cross border transmission and long term archival of Personal and Sensitive Data are not elective. They are a mandatory prerequisite for the activation and maintenance of any insurance facilitation service on this platform.

The Client may withdraw consent for data processing at any time by written notice. However, the Client explicitly acknowledges that certain data remains mandatory for ongoing statutory compliance.

If consent is withdrawn for data essential to the maintenance of the insurance policy, ReVoLTS reserves the right to immediately terminate the service. In such an event, ReVoLTS shall retain 100% of all funds and premiums paid as liquidated damages for the administrative disruption and the structural frustration of the contract caused entirely by the Client's withdrawal.

In accordance with Section 4 of the PDPA, the data processed under this policy is categorized as follows:

The Client grants ReVoLTS a global, unrestricted and royalty free mandate to transmit, share and disclose all collected data to the following Chain of Custody entities:

• Third party Underwriters, insurers, retakaful operators and intermediaries for the purposes of risk placement, premium calculation and policy issuance;
• Third Party Administrators (TPAs) and emergency medical service providers for the management of hospital admissions, “Guarantee of Payment” (GOP) letters, and/or emergency medical evacuations;
• Independent investigators, adjusters and auditors for the investigation of suspicious claims, fraud prevention and/or breaches of disclosure duties.

The Client expressly agrees that ReVoLTS acts solely as a secure conduit for data transmission.

ReVoLTS' liability and duty of care regarding data security completely terminates the moment data is transmitted to any third-party entity for the reasons listed above. Any subsequent data breach, leak and/or unauthorized access occurring within the technical infrastructure of an Insurer, TPA and/or external vendor is a matter strictly between the Client and that third party. The Client irrevocably waives the right to join ReVoLTS as a defendant in any such litigation or data breach dispute.

In strict compliance with the Cross Border Transfer regulations under the PDPA which came into effect on 1 April 2025:

• Your Personal and Sensitive Data may be transferred to, stored in and/or processed by cloud infrastructure, servers, or external outsourcing partners located outside of Malaysia.
• ReVoLTS contractually ensures that any cross border data recipient outside of Malaysia is bound to provide a standard of personal data protection that is at least comparable to the protections enforced under the Malaysian PDPA.

While ReVoLTS respects statutory data access rights, the execution of these rights is strictly governed by the following operational protocols:

• Fulfilling a request for access to your personal data is subject to a mandatory processing fee levied in accordance with the Personal Data Protection (Fees) Regulations 2013.
• ReVoLTS shall refuse any request for data deletion or erasure if the data is required for Statutory Retention and/or for the defense of potential legal claims. The Client acknowledges that their data forms an integral part of ReVoLTS' corporate audit trail and cannot be removed until statutory expiration timelines are met.

The Client explicitly accepts that no digital infrastructure or internet platform is completely immune to cyber terrorism, Zero Day exploits, ransomware and/or advanced persistent threats.

ReVoLTS shall not be held liable for any data compromise, identity theft, or financial loss resulting from:

• Security breaches and/or data leaks originating within the infrastructure of global cloud providers hosting the platform;
• Failures and/or compromises in the international SSL/TLS encryption backbone and/or cyber attacks occurring directly on the Client's own personal device;
• Sophisticated cyber attacks that exceed the commercially reasonable security measures required by Labuan and Malaysian regulatory frameworks.

ReVoLTS is legally mandated under corporate and insurance brokerage guidelines to archive all insurance facilitation records for a minimum duration of seven (7) years. This statutory requirement explicitly supersedes and overrides any individual request for erasure, deletion and/or anonymization under any local and/or international privacy framework.

ReVoLTS will disclose the Client's personal and sensitive data to the Labuan Financial Services Authority (Labuan FSA), Malaysian Law Enforcement agencies, and/or Tax Authorities immediately upon receipt of a lawful demand. ReVoLTS is under no obligation to notify the Client of such a disclosure, and the Client hereby waives all rights to privacy damages or breach claims resulting from such statutory compliance.

If the Client enters personal or sensitive medical data on behalf of family members, travel companions, or minor dependents, the Client warrants that they have obtained explicit legal consent and authorization from those individuals to bind them to this Policy.

The Client shall fully indemnify, defend and hold ReVoLTS harmless against any lawsuits, civil claims, damages and/or regulatory fines resulting from the Client's unauthorized submission of third party data onto this platform.

ReVoLTS explicitly reserves the right to use all Client data collected on this platform including but not limited to IP address logs, activity timestamps, network meta data and signed digital health declarations as admissible evidence to defeat fraudulent credit card chargebacks before banking institutions.

The initiation of a credit card chargeback for any product related and/or coverage dispute is an express material breach of this Policy.

This Privacy Policy shall be exclusively governed by and construed in accordance with the laws of Malaysia including but not limited to the Labuan Financial Services Authority regulations and the Malaysian PDPA 2010.

Any and all disputes, claims and/or litigation regarding this Policy or data handling practices must be adjudicated exclusively within the Courts of Malaysia. The Client explicitly waives any alternative home country forum access.

In the event of a proven data breach or unauthorized data leakage caused solely and directly by the gross negligence of ReVoLTS, total aggregate cumulative damages claimable against ReVoLTS shall be strictly limited to a maximum cap of USD 1,000.00.

This absolute monetary cap is a fundamental condition of service access without which ReVoLTS would not grant platform utility to the Client.

Any legal requests regarding data rights, DSAR submissions and/or compliance questions must be formally directed to our Data Protection Officer: