Privacy Policy

1. Introduction

Bistari Labs ("we", "us", "our") is committed to handling personal data with care and transparency. This Privacy Policy explains what information we collect when you use our website or engage with our services, how we use it, and the choices you have regarding your data.

We operate in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). By using our website or contacting us, you acknowledge that you have read and understood this policy.

For questions about this policy, please contact us at [email protected].

2. Data We Collect

We collect personal data in the following circumstances:

• Contact forms: Name, email address, and optionally phone number and a message.
• Email correspondence: Content you share when contacting us directly.
• Website usage: Anonymised analytics data including pages visited, time on page, and browser type — collected through cookies where consent is given.

We do not collect sensitive personal data, financial information, or data from minors. We do not purchase marketing lists or obtain data from third-party data brokers.

Legal basis for processing

• Consent: Analytics cookies and marketing communications, where you have opted in.
• Legitimate interest: Responding to your enquiries and managing our business relationships.
• Contractual necessity: Processing data needed to deliver a service you have engaged us for.

3. How We Use Your Data

• To respond to enquiries submitted through our contact form or by email.
• To deliver services you have engaged Bistari Labs to provide.
• To send service-related communications during an active project.
• To improve the usability of our website using aggregated, anonymised analytics.
• To comply with legal obligations applicable to our business in Malaysia.

We do not use your data for profiling, automated decision-making, or advertising purposes. We do not sell or rent your personal data to third parties.

Data retention

Enquiry data is retained for up to 24 months unless a service engagement extends beyond that period, in which case it is retained for the duration of the relationship plus 12 months. Analytics data is retained in aggregated form only.

4. Data Protection Measures

• Our website uses HTTPS encryption for all data transmissions.
• Access to personal data is limited to team members who need it to deliver services.
• We use reputable, established third-party services (such as email providers and analytics tools) that maintain their own security standards.
• In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of it.

5. Cookies

We use cookies to understand how visitors use our website. We use essential cookies (required for the site to function), and optional analytics and preference cookies (used only with your consent). You can manage your cookie preferences at any time via our Cookie Policy page.

6. Your Rights Under PDPA 2010

Under Malaysia's Personal Data Protection Act 2010, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Withdraw consent to processing at any time (where consent is the legal basis).
• Request that we stop processing your data for marketing purposes.
• Request deletion of your personal data, subject to our legal retention obligations.

To exercise any of these rights, please write to us at [email protected]. We will respond within 21 days.

If you believe we have not handled your data appropriately, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP).

7. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.

8. Children's Privacy

Our services are directed at business owners and are not intended for use by persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy periodically. The updated version will be posted on this page with a revised "Last Updated" date. We encourage you to review it when you visit our site. Continued use of our services after changes are posted indicates acceptance of the updated policy.

10. Contact Us

For any privacy-related enquiries or to exercise your data rights:

• Email: [email protected]
• Address: Jalan 19/1, 46300 Petaling Jaya, Selangor, Malaysia
• Phone: +60 3-7958 4126