Privacy Policy#

AI WorkerX Sdn. Bhd.
Company No.: 202501054192 (1655598-U)

Last Updated: 6 January 2026

Effective For All Users Worldwide

1. Introduction#

AI WorkerX Sdn. Bhd. (“AI WorkerX”, “we”, “us”, “our”) values your privacy and is committed to safeguarding personal data.

This Privacy Policy explains:

• what data we collect,
• how we use, store, and safeguard it,
• your rights as a user,
• data retention rules,
• cross-border data disclosures,
• data training practices, and
• how we comply with applicable laws including the Malaysia Personal Data Protection Act 2010 (PDPA), GDPR-aligned principles, and global privacy standards.

This Policy applies to all users who visit our website, use our platform, or access any service provided by AI WorkerX.

2. Definitions#

“Personal Data” means any information relating to an identifiable person, including name, email, contact number, company name, payment details, or identifiers.

“Customer Data” refers to any content, conversations, files, or business information uploaded, submitted, or processed by you through the Service.

“Service” refers to all AI WorkerX websites, applications, software, APIs, integrations, and features.

“Processing” includes collection, storage, transmission, analysis, and any other handling of data.

3. Data We Collect#

We collect the following categories of information:

3.1 Personal Identification Data#

• Name
• Email address
• Company name
• Phone number
• Job title
• Country

3.2 Account & Usage Data#

• Username
• Password (hashed)
• Subscription tier
• Conversation volume
• Response logs
• Feature usage metrics
• Top-Up purchase history
• Plan Responses and Top-Up Responses balances
• Usage deductions
• Top-Up expiry dates.

3.3 Operational Data#

• Messages and content generated or uploaded
• Files exchanged during customer conversations
• Order details (if captured through AIdo)
• CRM contact records

3.4 Technical Data#

• IP address
• Browser type, device type
• Operating system
• Cookies and session identifiers
• Analytics data (loading time, clicks, performance metrics)

3.5 Payment Data#

• Billing name and address
• Payment method (processed through secure third-party providers such as Stripe/Xendit). For billing integrity, fraud prevention, and dispute handling, we may also store transaction metadata and consent evidence (e.g., timestamps, subscription status, renewal/cancellation logs, invoices/receipts, device/IP identifiers, and support correspondence).

Note: AI WorkerX does not store credit/debit card numbers.

3.6 Communication Data#

• Support emails
• Chat logs
• Survey responses
• Beta testing feedback

4. How We Use Your Data#

AI WorkerX processes data to:

• Deliver and operate the Service
• Authenticate users and manage accounts
• Provide real-time AI responses
• Improve AI accuracy, performance, and quality
• Detect and prevent fraudulent or harmful use
• Provide customer support
• Conduct analytics and product development
• Comply with legal obligations
• Process payments and renewals
• Administer Plan Responses and Top-Up Responses balances (including expiry/burn rules), detect abuse, and support billing dispute/chargeback handling.

AI WorkerX does not sell, rent, or trade your personal data.

5. Data Training Clause#

To improve AI reliability, accuracy, and performance, AI WorkerX may use anonymised and aggregated Customer Data for:

• model refinement
• algorithm improvement
• quality assurance
• analytics
• system optimisation

Important Safeguards:

• All identifying information is removed before use
• Data is fully anonymised and cannot be linked back to individuals
• Data may be combined with other anonymised datasets
• This process complies with PDPA and global privacy standards

6. Legal Basis for Processing#

Depending on your location, we process data based on:

• Performance of contract (providing the Service)
• Legitimate interest (improving AI WorkerX services)
• Consent (marketing communications)
• Legal obligation (tax, compliance, fraud prevention)
• Protection of vital interests (security-related processing)

7. Sharing & Disclosure of Data#

We may share data with trusted third-party processors:

7.1 Technology Providers#

• Google Cloud / AWS / Azure (hosting)
• LLM providers (OpenAI, Anthropic)
• Analytics tools (Mixpanel, GA4, etc.)

7.2 Communication Platforms#

• WhatsApp / Meta integrations
• Email service providers

7.3 Payment Processors#

• Stripe, Xendit, or others used for billing

(We do not store or access your card numbers.)

7.3A Dispute and Chargeback Handling#

Where a payment dispute or chargeback occurs, we may share necessary records with our payment processors, banks, and relevant service partners to investigate, contest, or resolve the dispute, including consent evidence for recurring payments (where applicable). Payment processor terms can require merchants to keep proof of end-user consent for tokenised/auto-debit transactions and provide it on request.

7.4 Legal & Compliance#

We may disclose data if required by law, regulators, court orders, or to enforce our Terms.

7.5 Business Transfers#

In mergers, acquisitions, or restructuring, data may be transferred with appropriate safeguards.

AI WorkerX will never sell personal data to any third party.

8. Cross-Border Data Transfers#

As part of global cloud operations, data may be stored in or transferred to:

• the United States
• Singapore
• Europe
• Malaysia
• other jurisdictions where our partners host servers

We implement safeguards such as:

• contractual Data Processing Agreements (DPAs)
• anonymisation and encryption
• PDPA-compliant data protection measures

9. Data Security#

We apply industry-standard safeguards, including:

• encryption in transit (TLS/SSL)
• encryption at rest
• role-based access control
• 2FA for internal systems
• secure development practices
• monitoring, logging, and detection
• periodic security reviews

While we take strong measures, no system can guarantee 100% security.

10. Retention of Data#

We retain data only as long as necessary to:

• provide the Service
• meet legal and regulatory obligations
• resolve disputes
• enforce agreements

Default retention periods:

• Account data: retained until account deletion
• Conversation logs: 12–24 months (configurable)
• Payment records: 7 years (legal requirement)
• CRM entries: until customer deletes them
• Backups: 30–90 days rolling retention
• Billing consent and dispute evidence: retained for at least 24 months (or longer where required for chargebacks/disputes, legal obligations, or payment network rules)

11. User Rights (PDPA-Compliant)#

You have the right to:

• Access your data
• Request correction
• Request deletion
• Withdraw consent
• Request data portability (export)
• Restrict or object to certain processing
• File complaints with PDPA authorities

To exercise rights, contact: support@aiworkerx.com