Legal
Privacy policy
How we collect, use, and protect personal data — PDPA-aligned and auditable.
Pre-launch placeholder
This document is an outline only. Do not rely on it. The
final, counsel-reviewed version replaces this file before public launch.
Contact [email protected] if you need a signed copy now.
1. Scope
This policy will cover personal data processed on behalf of workspaces and personal data of visitors to the marketing site, including:
- Data categories collected (employee records, auth events, AI conversations, billing identifiers)
- Lawful basis under PDPA 2010 for each category
- Retention periods and deletion triggers
- Cross-border transfers and the safeguards we rely on
- Subprocessors (Railway, Stripe, Anthropic, Cloudflare) with links to their sub-DPAs
- Individual rights: access, correction, withdrawal, complaint
- Contact point: Data Protection Officer at [email protected]
2. Training and AI
EIAAW Workforce does not use your workspace data to train or fine-tune any AI model, whether our own or a third party's. Anthropic's API — which powers the Workforce Assistant — does not train on customer data by default, and we keep that default in force at the API tier.
3. Where the real text goes
The binding privacy policy will be drafted by counsel to meet PDPA 2010 (Malaysia), and — for Enterprise workspaces with EU data subjects — GDPR compliance, before public launch.