Privacy Policy
Last Updated: 21 April 2026
1. Introduction
Clawd AI Enterprise (SSM: 003843011-D) ("we", "us") is committed to protecting your personal data in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.
2. Data We Collect
| Data Type | Purpose | Retention |
|---|
| Name, email, phone | Account creation, communication | Duration of service + 12 months |
| Business name, SSM number | Service configuration, invoicing | Duration of service + 7 years (tax records) |
| Chat messages (bot interactions) | Service delivery, AI training improvement | 90 days rolling |
| Payment information | Billing and invoicing | 7 years (Malaysian tax law) |
| IP address, browser info | Security, rate limiting | 30 days |
| Bot configuration (SOUL.md) | Customizing your AI bot | Duration of service |
3. How We Use Your Data
- Service Delivery: To set up, maintain, and operate your AI bot.
- Communication: To send invoices, receipts, service updates, and support responses.
- Billing: To process payments and generate tax-compliant invoices.
- Improvement: To improve our AI models and service quality (anonymized data only).
- Legal Compliance: To comply with Malaysian tax, accounting, and legal requirements.
4. Data Sharing
We do not sell your personal data. We may share data with:
- Payment processors (Fiuu/MOLPay) — to process payments securely.
- AI providers (Google Gemini, Anthropic Claude) — chat messages are sent to AI models for processing. No personal identifiers are shared beyond what's in the conversation.
- WhatsApp/Meta — as required for WhatsApp Business API operation.
- Malaysian authorities — if required by law (e.g., LHDN tax audit).
5. Data Security
- All data transmitted via HTTPS (TLS 1.2+).
- Database access restricted to authenticated services only.
- API keys stored in encrypted credential stores.
- Daily automated backups with 30-day retention.
- Server hardened with firewall rules and SSH key authentication.
6. Your Rights (PDPA)
Under the Personal Data Protection Act 2010, you have the right to:
- Access your personal data held by us.
- Correct inaccurate or incomplete data.
- Withdraw consent for data processing (this may affect service delivery).
- Request deletion of your data (subject to legal retention requirements).
To exercise these rights, email support@clawdai.my with your request.
7. Cookies
Our website uses minimal cookies for:
- Session management (login state)
- Chat widget session continuity
We do not use tracking cookies or third-party analytics.
8. Data Retention
- Active account data: retained while service is active.
- Post-cancellation: data available for export for 30 days, then deleted.
- Financial records: retained 7 years per Malaysian tax law.
- Chat logs: 90-day rolling retention.
9. Children's Privacy
Our services are intended for businesses. We do not knowingly collect data from individuals under 18.
10. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. Material changes will be notified via email.
11. Contact
Clawd AI Enterprise (003843011-D)
Labuan, Malaysia
Email: support@clawdai.my
WhatsApp: +60178018359
Website: https://clawdai.my