Privacy Policy

1. Who We Are

Mutiara Labs operates as an AI consulting and training services provider based in Kuala Lumpur, Malaysia. Our registered correspondence address is 56 Jalan Telawi 3, Bangsar Baru, 59100 Kuala Lumpur. For data-related enquiries, you may reach us at [email protected].

References to "we", "us", or "our" in this policy refer to Mutiara Labs. "You" or "your" refers to any individual whose personal data we process in the course of providing our services or operating our website.

2. Personal Data We Collect

Data You Provide Directly

When you contact us through our website or engage with our services, we may collect:

• Your name and job title
• Business email address and phone number
• Organisation name and industry
• Content of messages or enquiries submitted through our contact form
• Any information you voluntarily share during consultations or workshops

Data Collected Automatically

When you visit our website, certain technical information is collected automatically, including:

• IP address and browser type
• Pages visited and time spent on each page
• Referring website or search query
• Device type and operating system
• Cookie identifiers (where you have given consent)

3. How We Use Your Data

We use the personal data we collect for the following purposes:

• Responding to enquiries and providing information about our services
• Delivering consulting engagements, workshops, and monitoring services you have engaged us for
• Sending relevant updates, proposals, or follow-up communication related to your enquiry
• Improving the quality of our website and services based on aggregated usage patterns
• Complying with legal obligations under Malaysian law
• Protecting the security and integrity of our systems

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal Basis for Processing

Under the PDPA, we process personal data on the following grounds:

• Consent — where you have actively submitted a form or agreed to our cookie policy
• Contractual necessity — to deliver services you have requested or entered into an agreement for
• Legitimate interests — to maintain business records, improve our services, and respond to unsolicited enquiries in good faith
• Legal compliance — where processing is required by applicable Malaysian regulations

5. Data Retention

We retain personal data only for as long as is reasonably necessary:

• Enquiry data and contact form submissions: up to 24 months from the date of last contact
• Client engagement records: up to 7 years for financial and legal compliance purposes
• Website analytics data: up to 14 months in aggregated or anonymised form
• Cookie consent records: 12 months from consent date

After these periods, data is securely deleted or anonymised.

6. Data Sharing

We do not sell personal data. We may share data in limited circumstances with:

• Service providers — such as cloud hosting platforms and analytics tools, who are bound by data processing agreements
• Professional advisors — such as legal or financial counsel, where required
• Regulatory authorities — where required by Malaysian law or in response to a lawful request

Any third-party service providers we work with are selected with care and are required to handle data in a manner consistent with this policy.

7. Cookies and Analytics

Our website uses cookies to support functionality and understand how visitors interact with our content. We use:

• Essential cookies — required for basic site operation; always active
• Analytics cookies — help us understand page visits and engagement patterns (optional, requires consent)
• Marketing cookies — used to understand the effectiveness of our outreach (optional, requires consent)
• Preference cookies — remember your choices across visits (optional, requires consent)

You can manage your cookie preferences at any time through our Cookie Policy page.

We may use Google Analytics to collect aggregated data about site usage. This data is pseudonymised and processed in accordance with Google's data processing terms.

8. Your Rights

Under Malaysia's PDPA and applicable data protection principles, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Withdraw consent where processing is based on consent
• Object to the processing of your data for direct marketing purposes
• Request that your data be deleted, subject to our legal retention obligations
• Lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) if you believe your rights have been infringed

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days.

9. Data Security

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. These include:

• TLS encryption for data in transit
• Access controls limiting data to authorised personnel
• Secure server environments with regular security reviews
• Internal policies covering data handling and confidentiality

No method of transmission over the internet is entirely secure. While we take data security seriously, we cannot guarantee absolute security. If you believe your data has been compromised, please notify us promptly.

10. Children's Privacy

Our services are designed for business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that data from a minor has been submitted, we will take steps to remove it promptly.

11. Third-Party Links

Our website may contain links to external websites or resources. We are not responsible for the privacy practices of those sites and encourage you to review their respective policies before sharing personal information.

12. International Data Transfers

Where data is processed or stored outside Malaysia — for example, by cloud infrastructure providers — we take steps to ensure appropriate safeguards are in place consistent with the PDPA's requirements for cross-border transfers. We only work with providers who meet reasonable standards of data protection.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable regulations. When material changes are made, we will update the "Last Updated" date at the top of this page. Continued use of our website following such changes constitutes acceptance of the revised policy.

14. Contact Us

For any questions, corrections, or requests relating to personal data, please contact: