Privacy Policy

Nodesify Enterprise ("we", "us", "our") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and its amendments.

We are registered as a Data User with the Personal Data Protection Commissioner of Malaysia. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you engage with our IT consulting, custom software development, and AI SaaS services.

1.1 PDPA Principles We Follow

We adhere to all Seven PDPA Principles in handling your personal data:

• General Principle: Your data is processed lawfully, fairly, and with your consent
• Notice and Choice Principle: You are informed of our data practices and can choose how your data is used
• Disclosure Principle: Your data is only disclosed with your consent or as required by law
• Security Principle: We implement robust security measures to protect your data
• Access Principle: You have the right to access and review your personal data
• Correction Principle: You can request corrections to inaccurate or incomplete data
• Retention Principle: Your data is not retained longer than necessary

2.1 Personal Data Provided by You

We collect personal data that you voluntarily provide when engaging with our services:

• Identity Information: Name, job title, company name, contact details (email, phone, address)
• Business Information: Company registration number, business nature, project requirements
• Account Information: Username, password (encrypted), authentication credentials
• Communication Data: Messages, support tickets, consultation notes, feedback
• Payment Information: Billing address, invoices, payment history (processed securely via third-party payment processors)

This information is collected when you:

• Request IT consultation or custom software development services
• Subscribe to our AI SaaS platforms
• Fill out contact forms, quotes, or project requirements
• Attend webinars, workshops, or training sessions
• Apply for careers or partnerships

2.2 Automatically Collected Information

When you visit our website or use our SaaS platforms, we automatically collect:

• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, features used, time spent, error logs, session analytics
• SaaS Performance Data: API calls, response times, system health metrics
• Cookies & Tracking: Authentication tokens, preference settings, analytics identifiers

We use your personal data only for purposes specified under the PDPA and with your consent:

3.1 Primary Purposes

• Service Delivery: Provide IT consulting, custom development, and AI SaaS services
• Account Management: Create and manage user accounts, authentication, access control
• Communication: Respond to inquiries, send project updates, provide technical support
• Billing & Payments: Process invoices, payment transactions, financial reporting
• Service Improvement: Analyze usage patterns, optimize AI models, improve system performance
• Security & Safety: Detect fraud, prevent abuse, ensure platform security
• Legal Compliance: Comply with PDPA, tax laws, anti-money laundering regulations

3.2 AI & Machine Learning Processing

For our AI SaaS services, your data may be processed to:

• Train and improve machine learning models (using anonymized/aggregated data only)
• Generate AI-powered insights, recommendations, or automated outputs
• Optimize algorithms for performance and accuracy
• We never use your confidential business data to train public AI models without explicit separate consent

3.3 Marketing Communications

We only send marketing communications (newsletters, event invitations, product updates) if you have explicitly opted in. You may opt out at any time via the unsubscribe link or by contacting us.

We respect your privacy and do not sell, rent, or trade your personal data. We only share data under these circumstances:

4.1 Service Providers (Data Processors)

We engage third-party service providers who process data on our behalf under strict contracts:

• Cloud Infrastructure: AWS, Google Cloud, Cloudflare (hosting, CDN, security)
• Payment Processors: Stripe, PayPal (financial transactions)
• Analytics Tools: Google Analytics, Mixpanel (usage analytics)
• Communication Tools: Tawk.to (live chat), email providers
• Development Tools: GitHub, project management platforms

All providers are contractually bound to protect your data and use it only for specified purposes.

4.2 Legal & Regulatory Requirements

We may disclose data if required by law, court order, or government authorities, including:

• Compliance with Malaysian laws (PDPA, Income Tax Act, Companies Act)
• Response to subpoenas, warrants, or legal proceedings
• Protection of our rights, property, or safety
• Prevention of fraud, security threats, or criminal activity

4.3 Business Transfers

In the event of merger, acquisition, or asset sale, your data may be transferred. We will notify you in advance and provide options to opt-out if feasible.

4.4 Affiliated Companies

We may share data within our corporate group for operational purposes, subject to this Privacy Policy.

Your personal data may be transferred, stored, or processed outside of Malaysia in countries where our service providers operate.

5.1 Locations of Data Transfer

Data may be transferred to: Singapore, United States, Europe, Australia (where cloud servers and service providers are located).

5.2 PDPA Compliance for Cross-Border Transfers

We ensure that cross-border transfers comply with PDPA requirements:

• Recipient countries have data protection laws deemed adequate by the Malaysian Commissioner
• Or, we have written contractual obligations ensuring equivalent protection as PDPA
• All service providers sign Data Processing Agreements (DPA) with binding privacy commitments

5.3 Your Consent

By using our services, you consent to cross-border data transfers. If you object, please contact us to discuss alternatives.

We implement the PDPA Security Principle through robust technical and organizational measures:

6.1 Technical Safeguards

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Access Controls: Multi-factor authentication (MFA), role-based access, least-privilege principle
• Network Security: Firewalls, intrusion detection, DDoS protection via Cloudflare
• Secure Development: Code reviews, penetration testing, vulnerability scanning
• AI Model Security: Input validation, output filtering, adversarial attack prevention

6.2 Organizational Measures

• Employee background checks and confidentiality agreements
• Regular security awareness and PDPA compliance training
• Incident response procedures and breach notification protocols
• Annual security audits and compliance assessments

Under the 2024 PDPA amendments, data breach notification is mandatory. Our commitment to you:

7.1 Notification Requirements

In the event of a personal data breach that poses a risk to your rights or freedoms, we will:

• Notify you without undue delay (and in no event later than 72 hours after becoming aware)
• Notify the Personal Data Protection Commissioner if required
• Provide details of the breach, its impact, and steps you should take

7.2 What We Consider a Breach

A breach includes unauthorized access, disclosure, alteration, or destruction of personal data, including:

• Cybersecurity incidents (hacking, ransomware, malware)
• Accidental disclosure or data leak
• Lost or stolen devices containing personal data
• Misdelivery of sensitive information

We follow the PDPA Retention Principle and do not retain data longer than necessary.

8.1 Retention Periods

• Active Clients: Retained throughout the business relationship and 7 years after termination (tax/legal requirements)
• Prospective Leads: Retained for 2 years from last contact
• Job Applicants: Retained for 1 year from application date
• Marketing Opt-ins: Retained until you opt out or request deletion
• SaaS Usage Logs: Retained for 90 days (system logs) to 2 years (analytics)
• AI Training Data: Anonymized data may be retained indefinitely for model improvement

8.2 Data Disposal

When data is no longer needed, we securely dispose of it via:

• Secure deletion (digital shredding, cryptographic erasure)
• Physical destruction (for hard copy documents)
• Anonymization (for research/model improvement)

As a data subject under the PDPA, you have the following rights:

9.1 Right to Access

You may request access to a copy of your personal data we hold, including:

• The purposes of processing
• The categories of data collected
• Third parties to whom we disclose data

9.2 Right to Correction

You may request correction of inaccurate, incomplete, or outdated personal data. We will respond within 21 days.

9.3 Right to Withdraw Consent

You may withdraw consent for data processing at any time, subject to contractual or legal obligations. Withdrawal may affect our ability to provide certain services.

9.4 Right to Data Portability

You may request your data in a structured, commonly used format for transfer to another service.

9.5 Right to Lodge a Complaint

You may lodge a complaint with the Personal Data Protection Commissioner of Malaysia if you believe we have violated the PDPA.

9.6 How to Exercise Your Rights

Contact us using the information in Section 13. We will respond to all requests within 21 days as required by PDPA.

We use cookies and similar technologies to enhance your experience and analyze usage.

10.1 Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and core functionality (cannot be disabled)
• Performance Cookies: Analytics to understand how users interact with our services
• Functionality Cookies: Remember preferences, language, and settings
• Targeting Cookies: Deliver relevant advertisements (only with your consent)

10.2 Third-Party Cookies

Our services may use third-party cookies from:

• Google Analytics (usage analytics)
• Google Ads, Facebook Ads (marketing)
• Tawk.to (live chat support)
• Cloudflare (security and CDN)

10.3 Cookie Consent

We use a cookie consent banner to obtain your permission before placing non-essential cookies. You can manage preferences via your browser settings or our Cookie Consent panel.

Our IT consulting and AI SaaS services are intended for business professionals and organizations. We do not knowingly collect personal data from individuals under 18 years of age.

If we become aware that we have collected data from a child, we will:

• Immediately delete such information
• Terminate any related accounts
• Notify parents or legal guardians if appropriate

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.

12.1 Notification of Changes

We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending email notifications to existing clients
• Displaying prominent notices on our platform

12.2 Your Continued Use

Continued use of our services after changes constitutes acceptance of the updated policy.

For questions, concerns, or to exercise your PDPA rights, please contact our Data Protection Officer:

• Email: admin@nodesify.com
• Data Protection Officer Email: dpo@nodesify.com
• Address: Nodesify HQ, Kuala Lumpur, Malaysia
• PDPA Registration Number: [To be updated after registration]

We will respond to all inquiries within 21 days as required by the PDPA.