Privacy Policy

    Last Updated: 9 May 2026 Version: 1.0

    1. Introduction

    This Privacy Policy explains how BITSTRIC collects, uses, stores, protects, and discloses personal data in connection with its website, sales activity, customer engagements, and related services.

    This policy applies to website visitors, prospects, clients, partners, contractors, and users of BITSTRIC services.

    AI audit, private RAG, agentic AI, managed governance, and advisory engagements that involve customer-controlled data are also governed by the applicable customer agreement and DPA.

    2. Definitions

    For purposes of this policy:

    • Personal Data means information relating to an identified or identifiable person.
    • Sensitive Personal Data means personal data that is subject to higher legal or practical protection.
    • Client Data means information supplied by or on behalf of a client for service delivery.
    • AI System Data means governance, workflow, logging, configuration, and evaluation information related to AI systems.
    • Processing means collection, storage, use, disclosure, transfer, analysis, or deletion of data.
    • User means a website visitor or services user.
    • Client means a party receiving services from BITSTRIC.
    • Service Provider means a third party that supports BITSTRIC's operations.

    3. Data We May Collect

    3.1 Website and Contact Data

    BITSTRIC may collect name, email address, phone number, company name, job title, enquiry details, form submissions, newsletter sign-ups, event registrations, and meeting requests.

    BITSTRIC may also collect browser, device, IP address, and usage information. Cookie and tracking-specific details are described in the separate Cookie Policy.

    3.2 Business and Client Engagement Data

    BITSTRIC may process proposal, contract, invoice, payment, procurement, and business communication records.

    It may also process stakeholder contact details, meeting notes, project requirements, support records, and delivery-related correspondence.

    3.3 AI Audit and Advisory Data

    Depending on the engagement, BITSTRIC may receive AI system inventories, use-case descriptions, workflow diagrams, policy documents, control evidence, risk registers, vendor details, screenshots, logs, samples, prompts, outputs, and related documentation.

    4. How We Collect Data

    BITSTRIC may collect data:

    • Directly from you through forms, emails, calls, meetings, workshops, and onboarding materials.
    • Automatically through the website, security logs, and usage monitoring.
    • From third parties such as business partners, referral partners, vendors, public directories, and authorized integrations.

    5. How We Use Data

    BITSTRIC may use personal data to:

    • Provide, deliver, and improve services.
    • Respond to enquiries, schedule meetings, and manage client relationships.
    • Prepare proposals, statements of work, invoices, and related records.
    • Protect systems, detect abuse, investigate incidents, and maintain audit trails.
    • Comply with contractual, legal, tax, accounting, and regulatory obligations.
    • Improve templates, methodologies, workflows, and internal operations.
    • Send service updates, event notices, educational content, and other relevant communications.

    6. Legal Basis and Consent

    BITSTRIC may process personal data based on:

    • Contractual necessity for services that are requested or agreed.
    • Legitimate business interests such as security, operations, relationship management, and service improvement.
    • Consent where required for marketing, cookies, or optional processing.
    • Legal and regulatory obligations such as tax, accounting, dispute resolution, or lawful requests.

    Where consent is required, users may withdraw it at any time, subject to any legal or operational basis for continuing the processing.

    7. Sharing and Disclosure

    BITSTRIC may share personal data with:

    • Personnel, contractors, and advisers with a need to know.
    • Cloud, analytics, CRM, email, payment, security, collaboration, and AI infrastructure providers.
    • Professional advisers such as lawyers, accountants, auditors, and consultants.
    • Specialist subcontractors engaged for security, compliance, engineering, or delivery support.
    • Client-authorized integrations and systems.
    • Courts, regulators, enforcement agencies, or other authorities where required by law or to protect rights and safety.

    Where data is aggregated, anonymized, or de-identified, BITSTRIC may use or share that data without restriction to the extent permitted by law.

    8. International Transfers

    Some personal data may be processed or stored outside Malaysia through cloud, SaaS, AI, analytics, or collaboration platforms.

    Clients may also request specific regions, hosting locations, or infrastructure controls for their engagements.

    BITSTRIC should use safeguards appropriate to the sensitivity of the data, including contractual protections, access controls, encryption, and vendor due diligence.

    9. Security Measures

    BITSTRIC uses administrative, technical, and operational safeguards designed to reduce the risk of unauthorized access, alteration, loss, or misuse.

    These safeguards may include:

    • Confidentiality obligations and training.
    • Access approval and role-based permissions.
    • Data classification and handling rules.
    • Encryption, logging, monitoring, backups, and secure configuration.
    • Segregation of client workspaces where feasible.

    Users should not share credentials through unsecured channels and should maintain their own backups and internal controls.

    10. Data Retention

    BITSTRIC retains personal data only as long as necessary for service delivery, legal obligations, security, dispute resolution, and legitimate business purposes.

    Retention periods may vary by data category, service type, and contractual scope.

    Aggregated or anonymized records may be retained for internal analytics and service improvement.

    Where a client engagement involves AI logs or similar operational records, retention should follow the applicable agreement and governance requirements.

    11. User Rights

    Where applicable, users may request:

    • Access to personal data.
    • Correction of inaccurate or incomplete data.
    • Deletion or restriction of processing.
    • Objection to certain processing activities.
    • Withdrawal of consent.
    • Marketing preference updates.

    BITSTRIC may require reasonable verification before acting on a request. Some requests may be limited where retention is legally, contractually, or technically required.

    12. Children's Data

    BITSTRIC services are intended for business and professional users and are not directed to children.

    BITSTRIC does not knowingly collect children's personal data. If children's data is submitted by mistake, please contact BITSTRIC so it can be reviewed and, where appropriate, deleted.

    13. Changes to This Policy

    BITSTRIC may update this policy from time to time to reflect changes in law, technology, or business practices.

    The latest version will be published on the website and material changes may be communicated through appropriate channels.

    14. Contact

    For privacy questions, requests, or complaints, please contact BITSTRIC at [email protected].

    Client-specific privacy requests should be routed through the account owner or project lead where BITSTRIC acts under a client agreement.