This Privacy Policy explains how LegalByte.my Sdn Bhd ([SSM No.]) (“LegalByte”, “we”, “us”, “our”) handles personal data in connection with our website and the LegalByte aOS platform (the “Services”). We process personal data in accordance with the Malaysian Personal Data Protection Act 2010 (the “PDPA”) and its seven data protection principles — General, Notice and Choice, Disclosure, Security, Retention, Data Integrity, and Access.
1. Scope of this Policy
This Policy applies to personal data for which LegalByte is the data user— namely data about our website visitors, enquirers, and the authorised users who administer or access our customers’ accounts. It does not apply to the documents, instructions, and other content a customer firm or its users submit to the Services (“Customer Content”). We process Customer Content as a data processor on the instructions of the customer firm, which remains the data user for that content; our handling of it is governed by our agreement with that firm and our Terms of Service.
2. Personal data we collect
2.1 Information you provide — your name, work email, firm, role, and the details you give when you request a demonstration, contact us, or register for an account.
2.2 Information collected automatically — log, device, and usage data generated when you use the website or platform, collected through cookies and similar technologies.
2.3 Information from third parties — where lawful, limited information from your firm (e.g. when your firm provisions your account) or from service providers that help us operate and secure the Services.
3. How we use personal data
We use personal data to provide, operate, secure, and improve the Services; to authenticate users and administer firm accounts; to respond to enquiries and provide support; to send service communications; and to comply with our legal obligations. We rely principally on your consent and on the necessity of processing for the performance of a contract with you or your firm. We do not use personal data for automated decisions producing legal effects without human involvement, and we do not use Customer Content to train, fine-tune, or develop any artificial intelligence model.
4. Who we share personal data with
We do not sell personal data. We disclose it only to:
(a) Service providers who process data on our behalf under contract — including Amazon Web Services, which hosts the platform in its Kuala Lumpur region (ap-southeast-5), and the providers of the large language models that power our AI features. Our model providers process Customer Content only to return a result to us in real time and do not train on, retain, or otherwise re-use that content for their own purposes. Each provider receives only the minimum data required for its purpose.
(b) Your firm, where you are an authorised user of a customer account.
(c) Authorities or third parties, where required by law or to protect our legal rights.
5. Cross-border transfers
Customer Content and the personal data within it are stored and processed in Malaysia (AWS ap-southeast-5, Kuala Lumpur). Where any processing would involve transferring personal data outside Malaysia, we will do so only on a ground permitted by Section 129 of the PDPA — for example with your consent, where the transfer is necessary for the performance of a contract, or to a place that ensures an adequate level of protection — and subject to appropriate safeguards.
6. Your rights under the PDPA
Subject to the PDPA and its exceptions, you may:
• request access to the personal data we hold about you (Section 30);
• request correction of inaccurate, incomplete, or out-of-date data (Section 34);
• withdraw consent to our processing (Section 38);
• require us to stop processing that is likely to cause you damage or distress (Section 42); and
• require us to stop processing for direct marketing (Section 43).
To exercise these rights, contact us using the details below. Where you are an authorised user of a customer firm, requests relating to Customer Content may be directed to your firm as the data user.
7. How we keep personal data safe
We maintain technical and organisational measures appropriate to the risk, including encryption in transit and at rest, firm-level tenant isolation, access controls, and a tamper-evident audit log of system actions. No method of transmission or storage is completely secure, but we work to protect personal data in line with the standards described on our Security page.
8. How long we keep personal data
We retain personal data only for as long as necessary for the purposes set out in this Policy, and for any longer period required to meet our legal, accounting, and regulatory obligations. Customer Content is retained for the term of the customer’s agreement and deleted or returned on the terms of that agreement when it ends.
9. Cookies
Our website uses cookies and similar technologies that are necessary for the site to function and to help us understand how it is used. You can control non-essential cookies through your browser settings.
10. Updates to this Policy
We may update this Privacy Policy from time to time. We will post the updated version here and revise the “Last updated” date above. Where changes are material, we will take reasonable steps to notify you.
11. Contact us
For privacy enquiries or to exercise your rights, contact us at
support@legalbyte.my, or by post to LegalByte.my Sdn Bhd ([SSM No.]), [REGISTERED ADDRESS]. You also have the right to lodge a complaint with the Personal Data Protection Commissioner of Malaysia (Jabatan Perlindungan Data Peribadi).