Privacy Policy

Introduction

Morphiq is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, process, and protect information about you when you use our AI integration services or visit our website.

This policy complies with the Malaysian Personal Data Protection Act 2010 (PDPA) and applies to all personal data we collect from individuals located in Malaysia and internationally. By using our services, you consent to the data practices described in this policy.

Data Collection

We collect personal data that you provide directly to us and information that is generated through your use of our services:

Information You Provide

• Contact information including name, email address, phone number, and business address
• Company details including organization name, industry sector, and role/position
• Communication preferences and inquiry details when you contact us
• Project-specific information shared during consultations and implementations
• Payment information processed through secure third-party providers

Information Collected Automatically

• Website usage data including pages visited, time spent, and navigation patterns
• Device information including IP address, browser type, and operating system
• Cookies and similar tracking technologies (see our Cookie Policy for details)
• Analytics data to improve our services and website performance

Legal Basis for Processing: We process personal data based on consent when you provide information through forms, legitimate business interests for service delivery and improvement, contractual necessity for fulfilling service agreements, and legal obligations under Malaysian law.

How We Use Your Data

We use the information we collect for the following purposes:

• Providing and delivering our AI integration services and solutions
• Responding to inquiries, consultation requests, and customer support needs
• Communicating about projects, updates, and relevant service information
• Processing payments and maintaining financial records
• Improving our services through analysis of usage patterns and feedback
• Sending marketing communications about our services (with your consent)
• Complying with legal obligations and regulatory requirements
• Protecting against fraud and ensuring security of our systems
• Conducting research and development to enhance our AI solutions

We do not sell personal data to third parties. We share data only with service providers necessary for business operations, as required by law, or with your explicit consent.

Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

Service Providers

We engage trusted third-party service providers to support our business operations, including cloud hosting services, payment processors, email communication platforms, analytics providers, and customer relationship management systems. These providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose personal data when required by Malaysian law, court orders, or regulatory authorities. This includes compliance with PDPA requirements, tax obligations, and legal proceedings where disclosure is necessary.

Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

Data Protection Measures

We implement comprehensive security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest in secure storage systems
• Access controls limiting data access to authorized personnel only
• Regular security audits and vulnerability assessments
• Secure authentication and authorization mechanisms
• Data backup and disaster recovery procedures
• Employee training on data protection and privacy practices
• Incident response procedures for potential data breaches

While we implement robust security measures, no internet transmission or electronic storage system is completely secure. We cannot provide absolute security but continuously work to protect your data using industry-standard practices.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law:

• Contact form inquiries: 2 years from last contact
• Client project data: Duration of engagement plus 5 years for business records
• Financial records: 7 years as required by Malaysian tax regulations
• Marketing communications: Until consent is withdrawn
• Website analytics: 26 months from collection date

When personal data is no longer needed, we securely delete or anonymize it to prevent identification. You may request deletion of your data subject to legal retention requirements.

Your Rights Under PDPA

Under the Malaysian Personal Data Protection Act, you have the following rights regarding your personal data:

Right to Access

You have the right to request access to your personal data that we hold. We will provide a copy of your data in a commonly used format within 21 days of your request.

Right to Correction

You can request correction of inaccurate or incomplete personal data. We will update your information promptly upon verification.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.

Right to Object

You can object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit that data to another controller.

To exercise any of these rights, please contact us at [email protected]. We will respond to requests within the timeframes required by Malaysian law.

Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience on our website. These technologies help us understand how visitors interact with our site and improve our services.

For detailed information about the cookies we use and how to manage your cookie preferences, please see our Cookie Policy.

International Data Transfers

Our primary data processing occurs within Malaysia. However, some service providers may process data in other jurisdictions. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

• Standard contractual clauses approved by relevant authorities
• Privacy Shield certification (where applicable)
• Adequacy decisions by Malaysian authorities
• Your explicit consent for specific transfers

Children's Privacy

Our services are intended for businesses and professional users. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected data from a minor without parental consent, we will take steps to delete that information promptly.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. We will notify you of significant changes by posting a notice on our website or sending an email to registered users. The "Last Updated" date at the top of this policy indicates when it was most recently revised. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Personal Data Protection Commissioner of Malaysia.