Privacy Policy

This Privacy Policy explains how AIHubWorks collects, uses, shares and protects personal data when delivering AI software implementation services. Our operations are based in Malaysia and our office is at Jalan Pandak Mayah 3, Pekan Kuah, 07000 Langkawi, Kedah, Malaysia. For operational contact, phone +60127166817 and email [email protected] may be used. Business ID: 351914129269. The policy describes practical scenarios from project scoping to production support and clarifies what information is needed at each stage. It also explains data handling in integrations, analytics used to measure deployment success, and legal bases for processing. Date of this version: 22-02-2026.

22-02-2026 AIHubWorks [email protected]

Definitions

This section defines key terms used in the policy and gives practical examples tied to implementation scenarios. Definitions help project teams and customers understand what types of data are referenced at different stages of an engagement.

Personal data means any information relating to an identifiable person. In a typical implementation project this includes contact names and emails for project stakeholders, billing details for contracting, and any end-user identifiers that arise when integrating a client system with AIHubWorks services.
Processing covers any operation performed on personal data, such as collection, storage, adaptation, analysis, transfer or deletion. For example, transforming customer CSV uploads into normalized training tables is processing, as is logging API requests during model inference.
User refers to any natural person who interacts with AIHubWorks services or whose data is provided as part of an implementation. Example users include client administrators, operators who submit requests to AI models, and end customers affected by automated decisions in deployed scenarios.
Service means the AI software implementation and related tools provided by AIHubWorks through AIHubWorks.pro and integrations. Services cover project scoping, model deployment, integration, monitoring, and support for production use cases.
Cookies are small data files placed on a device to identify a browser or record activity. In practical deployments we use cookies for session management in customer portals and to gather anonymous usage metrics that inform tuning and operational decisions.

Data We Collect

We collect data required to run projects and operate the service. The following subsections separate data you provide from automatically collected data and third-party sources. Each category includes examples tied to typical implementation tasks such as onboarding, integration testing and post-deployment monitoring.

User-provided data

During onboarding and project work clients provide data needed to configure, train and integrate AI components. We document required items in project charters and limit collection to what is necessary for the agreed scope.

  • Contact details for project stakeholders: names, business emails, phone numbers and job titles used for scheduling and coordination.
  • Company and billing information needed to establish contracts, invoicing data and tax identifiers relevant to the engagement.
  • Project data supplied for model training or testing, which may include anonymized customer records, logs, images or domain-specific files shared under a defined scope.
  • Credentials and access information provided for limited-time integration tasks; these are stored only as needed for secure integration and removed when the task completes.
  • Configuration preferences and acceptance test results documented during handover, such as chosen thresholds, alert contacts and deployment schedules.
  • Support correspondence, issue reports and feedback submitted by client teams during implementation and post-deployment troubleshooting.

Automatically collected data

We collect technical and usage data automatically to operate services, diagnose issues and measure performance. Collection is aligned to use cases like monitoring model drift or assessing response times in production.

  • IP addresses, device/browser information and connection metadata recorded when users access our portals or APIs for support and configuration.
  • Usage logs and telemetry about API calls, model inference requests, throughput and latency used to monitor service health and tune deployments.
  • Error reports and crash logs that help engineers reproduce and fix operational issues during rollout scenarios.
  • Performance metrics, model scoring summaries and aggregated analytics used to evaluate deployment outcomes against KPIs.
  • Cookie identifiers and similar tracking vouchers used to maintain sessions in the project portal and to gather anonymous analytics.
  • Audit trails of administrative actions for compliance and troubleshooting, including timestamps and actor identifiers within the client project scope.

Third-party data sources

We may receive data from third parties as part of integrations, tooling or platform services used in implementations. Such data is handled according to contractual terms and the purposes described here.

  • Payment processors and billing platforms that provide transaction records and invoice confirmations necessary for business reconciliation.
  • Cloud hosting and infrastructure providers that supply logs and operational metrics used to maintain uptime and capacity for deployed models.
  • Analytics and monitoring vendors that provide aggregated insights into system performance and usage patterns used to improve implementation outcomes.

Purposes of Processing

We process personal data to deliver services across the lifecycle of an implementation. The list below maps purposes to practical examples and scenarios where the processing is necessary for project delivery and operational needs.

  • Project delivery: onboarding, scoping workshops, data preparation and technical integration tasks required to implement an agreed solution.
  • Service operations: running, monitoring and maintaining deployed models, including incident response and performance tuning in production.
  • Billing and contract administration: invoicing, payment processing and maintaining contract records for completed phases of work.
  • Customer support: triaging reported issues, reproducing problems and communicating fixes with project teams.
  • Security and fraud prevention: detection of unauthorized access, anomaly detection in API usage and enforcement of access controls.
  • Product and implementation improvement: analyzing anonymized usage data and case outcomes to refine playbooks and integration patterns.
  • Legal compliance and dispute resolution: responding to lawful requests from authorities or retaining records needed for legal obligations.
  • Marketing and outreach (where consent has been obtained): sharing case studies, best practices and event invitations based on opt-in preferences.

Legal basis for processing

We rely on legitimate bases for processing personal data. Depending on the activity, bases include performance of a contract, compliance with legal obligations, the legitimate interests of AIHubWorks and explicit consent where required by law.

  • Performance of a contract: processing necessary to deliver agreed implementation services, perform work and fulfill contractual obligations.
  • Legitimate interests: operational needs such as security, fraud prevention and service improvement where those interests are balanced against individual rights.
  • Consent: where required for marketing communications or optional analytics features, consent will be obtained and recorded.
  • Legal obligation: processing necessary to comply with applicable laws, tax rules and regulatory requests.

Rights Under GDPR and Similar Regimes

For individuals in jurisdictions with data protection frameworks similar to the GDPR, the following rights may be available. We describe practical steps for exercising these rights in project scenarios and support request flows.

  • Right of access: you may request a copy of personal data we hold about you and information on processing purposes and recipients.
  • Right to rectification: you may ask us to correct inaccurate or incomplete personal data related to a project contact or account.
  • Right to erasure: subject to legal and contractual exceptions, you may request deletion of personal data when it is no longer necessary for the reasons it was collected.
  • Right to restriction and objection: you can request restriction of processing or object to certain types of processing based on legitimate interests or direct marketing.
  • Right to data portability: where processing is based on consent or contract and carried out by automated means, you may request a structured, machine-readable copy of provided personal data.
  • Right to lodge a complaint: you may contact a supervisory authority if you believe processing violates applicable data protection laws. We will provide cooperation information when handling such requests.

Cookies and Tracking Technologies

We use cookies and similar technologies to enable core site functionality, remember preferences and collect analytics that help improve our implementation playbooks and support flows. This section explains types and management options.

Common types include session cookies (temporary and deleted when the browser closes), persistent cookies (remain for set periods), functional cookies (remember settings), and analytics cookies (collect aggregated usage data).

Cookies fall into necessary (required for the site to function), preferences (user settings), statistics (usage analytics) and marketing (tracking for outreach). Necessary cookies are enabled by default; others require consent where applicable.

You can manage cookie preferences via the cookie settings interface in the portal, by adjusting browser cookie controls, or by using provided opt-out links for analytics vendors. Clearing browser cookies will reset portal preferences and may require re-authentication.

Detailed cookie policy and management options

Data sharing and disclosures

We share personal data only as needed for service delivery, with vendors under contracts, and in compliance with legal obligations. Below are common recipient categories and example scenarios from implementations.

  • Service providers: cloud hosting, monitoring and analytics vendors engaged to run and support deployed models and project portals.
  • Payment processors: third parties that handle invoices and payment authorizations for contract execution.
  • Professional advisors: legal and accounting firms that assist with compliance, audits and contract-related matters.
  • Affiliates and subcontractors: partners performing agreed work under confidentiality terms during specific phases of an implementation.
  • Authorities: disclosure when required by law, court order or to respond to lawful contribute related to misuse or security incidents.
  • Business transfers: in a merger, acquisition or sale of assets, personal data relevant to projects may be transferred as part of the transaction subject to appropriate protections.

International transfers

Project operations often rely on global infrastructure and vendors. Data may be transferred to Malaysia and other countries to execute hosting, analytics and support tasks required for implementation and production operation.

When transfers cross borders we use safeguards such as data processing agreements, standard contractual clauses, encryption in transit and at rest, and technical controls to limit access to authorized personnel only. We document transfer pathways in project records where required.

Data retention

We retain personal data only as long as necessary for the purpose it was collected, to meet contractual obligations, support operations and comply with legal requirements. Retention schedules are set per data category and project needs.

Account and contract-related records are retained for the duration of the business relationship and for a reasonable period afterward to meet tax, audit or legal requirements. Typical retention for business records may be up to seven years where required by law.

Support tickets, correspondence and implementation notes are retained according to project needs; operational messages needed for troubleshooting are typically kept for up to three years unless a longer period is required for dispute resolution.

Operational logs and telemetry used for monitoring system health are generally retained for up to 12 months to allow trend analysis and incident contribute, with aggregated summaries kept longer for performance benchmarking.

When data is no longer required, we delete or anonymize it in accordance with our retention schedule. Exceptions may apply when retention is necessary for legal compliance, dispute resolution or other legitimate business reasons documented in project records.

Security of personal data

AIHubWorks applies technical and organizational measures to protect personal data against unauthorized access and accidental loss. Security is implemented with a focus on practical controls used during implementations: network protections, access governance, encryption and documented incident response procedures.

  • Encryption in transit (TLS) and at rest for sensitive stored data used in deployments and backups.
  • Role-based access controls, multi-factor authentication for administrative access, and least-privilege principles for service accounts.
  • Regular security reviews, vulnerability scanning, periodic penetration testing and employee security training tailored to handling client project data.

User Rights and Requests

You have specific rights regarding your personal data when working with AIHubWorks. Below we list practical examples and scenarios to help you exercise those rights, such as requesting copies of project data, correcting configuration details, or asking for restrictions on processing for a particular deployment.

  • Right of access — Request a copy of personal data we hold about you, for example logs tied to a project or account details related to an AI implementation engagement.
  • Right to correction — Ask us to update inaccurate or incomplete information, such as contact details or billing information used for an implementation case study.
  • Right to deletion — Request deletion of personal data in specific scenarios, like removing a stakeholder's contact from archived project files when no longer required by contract.
  • Right to restrict processing — Request temporary limits on how we use your data, for instance pausing use of your test datasets during an audit or dispute.
  • Right to data portability — Request a structured, machine-readable copy of personal data we processed for you, which can be useful when migrating project records to another provider.
  • Right to object — Object to processing in certain scenarios, such as profiling for non-essential marketing; we will evaluate and respond based on applicable law and contractual duties.
  • Right to withdraw consent — If you consented to a specific processing activity (for instance, use of anonymized logs for product improvement), you may withdraw that consent going forward.
  • Right to complain — If you believe your rights under applicable data protection law in Malaysia have been infringed, you can raise a complaint with us and, if unresolved, with the relevant supervisory authority.

How to make a privacy rights request

To submit a request about your personal data, contact AIHubWorks via the contact details below and describe the right you wish to exercise and the scope (for example, project name, date range, or specific data types). Include photo ID if needed to verify identity for sensitive requests. Practical examples: requesting export of project metadata, correcting an invoicing address, or pausing analytics on a specific deployment.

[email protected]

We aim to respond to understandable requests within 30 days of receipt. Complex requests or those requiring follow-up verification may require additional time as allowed by applicable law; we will inform you if more time is needed and explain why.

Marketing communications and choices

AIHubWorks may send messages about product updates, case studies, workshops, and offers relevant to AI software implementation. Communications are tailored based on your role and interactions, for example sending deployment best-practices to technical leads involved in an implementation scenario.

To stop marketing communications, use the unsubscribe link in any marketing email, update preferences in your account on AIHubWorks.pro, or contact us at the address below. Unsubscribing will not affect transactional messages related to active services or projects.

Children's privacy

AIHubWorks does not target services to children. We do not knowingly collect personal information from individuals under 16 in the context of our AI software implementation services. If we become aware of such collection, we will take steps to remove the data, following applicable law and considering relevant contractual obligations.

Third-party links and tools

Our website and services may link to or integrate third-party tools and services used in practical implementation scenarios, such as cloud providers, analytics platforms, and open-source libraries. These third parties have their own privacy practices. Review their privacy notices before sharing personal data with them during a project.

Changes to this privacy notice

We update this notice to reflect operational changes and legal requirements. The current version was updated on 08-02-2026. When we make significant changes affecting your rights or the way we process project data, we publish a clear notice on AIHubWorks.pro and, where appropriate, notify affected users directly.

Amir Tan
Amir Tan
Hello — I'm Amir, AI Solutions Lead at AIHubWorks. Share a brief description of your operational challenge and I will suggest practical next steps and an example pilot.