Singapore’s personal data watchdog is investigating cellphone maker Xiaomi following a user’s complaint that the company is giving out user data to telephone marketers.

The user claims he received marketing calls from overseas after acquiring the phone, according to the Wall Street Journal.

Earlier this month, security firm F-Secure looked into a complaint to see if Xiaomi was sending user data to remote servers in China without customer consent. Researchers at F-Secure took a brand new RedMi 1S, set it up, added a contact to their address book, then called and texted that number.

What they found was that both the number and the phone’s identification number were sent to a Xiaomi server,, which the company announced on its blog. Xiaomi VP Hugo Barra responded in his own blog post, saying the issue pertained specifically to Xiaomi’s cloud messaging service, which sends messages over the Internet free of charge. “As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users,” he wrote on Google Plus.

Despite the update, complaints are still coming in, and the Personal Data Protection Commission is concerned Xiaomi is violating crucial user data laws.

“We have reached out to Singapore’s PDPC to clarify any issues,” said Barra, in a statement to The Wall Street Journal.

If the PDPC determines the company is mishandling client data, Xiaomi can face heavy fines upwards of $1 million dollars. Though that may seem like pocket change to the quickly growing company, privacy concerns may damage Xiaomi’s trajectory in markets outside of China.

Last week, Xiaomi overtook Samsung as the leading mobile vendor in China. Now the company is looking to take a larger share of the world market.

Xiaomi currently serves China, where it’s based, India, Malaysia, the Philippines, Indonesia, and Singapore.