Privacy Policy

Introduction

Cypher ("we," "our," or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our AI integration services.

We comply with the Malaysian Personal Data Protection Act 2010 (PDPA) and implement appropriate technical and organizational measures to protect your personal data.

If you have questions or concerns about this policy, please contact us at [email protected].

Information We Collect

Personal Data You Provide

We collect personal information that you voluntarily provide when you:

• Submit an inquiry through our contact form (name, email address, phone number, message content)
• Engage our services (business name, job title, company information)
• Subscribe to communications (email address)
• Communicate with us via email or phone

Information Automatically Collected

When you visit our website, we automatically collect certain information about your device and browsing actions:

• Device information (browser type, operating system, device identifiers)
• Usage data (pages viewed, time spent, referring URLs)
• Location data (general geographic location based on IP address)
• Cookies and similar tracking technologies (see our Cookie Policy)

Information from Client Engagements

When providing AI integration services, we may collect:

• Technical information about your AI systems and infrastructure
• Business process and operational information
• Documentation and records related to our engagement
• Communications and correspondence

How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide AI integration services, risk assessments, security development, and compliance programs as contracted
• Communication: To respond to inquiries, provide customer support, and send service-related notifications
• Improvement: To analyze website usage and improve our services and user experience
• Marketing: To send promotional communications (with your consent, which can be withdrawn at any time)
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Security: To protect against fraud, unauthorized access, and security threats

Legal Basis for Processing

We process your personal data based on:

• Contract Performance: Processing necessary to fulfill our service agreements
• Consent: Where you have given explicit consent for specific processing activities
• Legitimate Interests: For business operations, service improvement, and security
• Legal Obligations: Where required by Malaysian law or regulations

Data Sharing and Disclosure

Third-Party Service Providers

We may share your information with third-party service providers who perform services on our behalf:

• Website hosting and infrastructure providers
• Email service providers
• Analytics and tracking services (Google Analytics, with IP anonymization)
• Payment processors (for invoicing and transactions)

These providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.

Business Transfers

If Cypher is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and the implications for your data.

Legal Requirements

We may disclose your information when required to:

• Comply with legal obligations, court orders, or government requests
• Enforce our terms and conditions
• Protect our rights, property, or safety, or that of others
• Prevent or investigate fraud or security issues

Data Security

We implement appropriate technical and organizational security measures to protect your personal data:

• Encryption of data in transit using SSL/TLS protocols
• Secure storage systems with access controls
• Regular security assessments and vulnerability testing
• Employee training on data protection and confidentiality
• Incident response procedures for data breaches

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but maintain security measures consistent with industry standards.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Contact Inquiries: 2 years from last contact
• Client Engagement Data: 7 years after engagement completion (for legal and professional liability purposes)
• Marketing Consent: Until consent is withdrawn
• Website Analytics: 26 months (Google Analytics default)

After the retention period, we securely delete or anonymize your personal data.

Your Rights Under PDPA

Under the Malaysian Personal Data Protection Act, you have the following rights:

• Right to Access: Request copies of your personal data we hold
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Withdraw Consent: Withdraw consent for processing based on consent (where applicable)
• Right to Limit Processing: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 21 days as required by PDPA.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us immediately.

International Data Transfers

We primarily operate in Malaysia. If we transfer your data outside Malaysia, we ensure appropriate safeguards are in place, including:

• Ensuring the recipient country has adequate data protection laws
• Implementing standard contractual clauses
• Obtaining your explicit consent where required

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to registered users
• Displaying a prominent notice on our website

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

Contact Information

For questions, concerns, or to exercise your privacy rights, please contact us:

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with: