Privacy Policy

01What data we collect

We keep data collection to what we genuinely need. When you contact us or work with us, we may collect:

• Enquiry details — your name, business name, email address and phone number when you fill in a contact form or reach out to us.
• WhatsApp messages — the content of the WhatsApp conversations you have with us, including your number, your messages, and any photos or business details you send us so we can build or support your site.
• Project information — the content you give us to build your website (business description, services, opening hours, photos, logos and similar material).
• Billing details — the information we need to invoice you for setup fees and monthly support. We do not store full card or bank account numbers ourselves; payments are handled through standard payment channels.
• Basic website analytics — anonymous or pseudonymous data about how visitors use our website, such as pages viewed, approximate location, device and browser type.

We do not intentionally collect sensitive personal data. Please don't send us sensitive information through our forms or WhatsApp unless it is genuinely necessary for your project.

02How and why we use your data

We use your personal data only for clear, practical reasons, including to:

• Reply to your enquiry and answer your questions.
• Prepare quotes and explain our Starter Website (RM2,000 setup + RM350/month) and Business Website (RM3,500 setup + RM650/month) plans.
• Build, launch and maintain your website, and provide the monthly support included with your plan (minimum 6 months).
• Invoice you and keep proper business and accounting records.
• Communicate with you about your project, support requests and service updates.
• Improve our own website and services using basic analytics.

We do not sell your personal data, and we do not send you unrelated marketing without your consent.

03Lawful basis and consent

Under the PDPA, we process your personal data on the basis of your consent and because it is necessary to provide the services you have asked for. When you send us an enquiry, message us on WhatsApp, or engage us to build and support your website, you consent to us handling your data for the purposes described in this policy.

For existing clients, we also process data where it is necessary to perform our agreement with you and to meet our legal and accounting obligations. Where we rely on your consent, you can withdraw it at any time. Withdrawing consent may mean we can no longer provide some or all of our services to you.

04Cookies and analytics (Google)

Our website may use cookies and similar technologies to make the site work, remember basic preferences, and understand how visitors use it.

We may use Google Analytics to collect anonymous or pseudonymous statistics — for example, which pages are popular and roughly where visitors come from. Google processes this data on our behalf, and may transfer it outside Malaysia (see 'International transfer'). You can find Google's privacy information at policies.google.com/privacy.

You can control or block cookies through your browser settings, and opt out of Google Analytics using Google's opt-out tools. Blocking cookies may affect how some parts of the site work, but you can still contact us by email or WhatsApp.

05WhatsApp and third-party services

We use WhatsApp (operated by Meta) as a primary way to talk with enquirers and clients. When you message us on WhatsApp, your messages and number are handled within WhatsApp's own platform and are subject to WhatsApp's and Meta's privacy terms, which may involve processing and storage outside Malaysia. We use the information you share on WhatsApp only to respond to you and to deliver and support your website.

To run our service we also rely on trusted third-party providers — for example, website hosting, domain registration, email, analytics and payment processing. We choose reputable providers and only share what is needed for the task.

06Data sharing and disclosure

We treat your data as confidential. We do not sell or rent it. We may share personal data only in these limited situations:

• With service providers (such as hosting, domains, email, analytics and payments) who process it on our behalf.
• Where you ask us to — for example, registering a domain in your business's name.
• Where we are required to by law, by a regulator, or by a valid legal request.
• To protect our rights, our clients, or the safety of others where genuinely necessary.

If our business is ever restructured, sold or merged, your data may be transferred as part of that process, and we would take reasonable steps to ensure it stays protected.

07How long we keep your data

We keep personal data only for as long as we reasonably need it:

• Enquiries that don't become projects — kept for a limited period so we can follow up, then removed or anonymised.
• Active clients — kept for as long as we provide your website and monthly support, including the 6-month minimum and any continuation after it.
• After our work ends — we keep certain records (such as invoices and contracts) for as long as Malaysian tax, accounting and legal rules require, then securely delete or anonymise them.

You can ask us to delete data we no longer need to keep.

08How we keep your data secure

We take reasonable technical and organisational steps to protect your personal data against loss, misuse and unauthorised access. This includes using reputable hosting and service providers, limiting who can access client data, and being careful about what we collect in the first place.

No method of transmission or storage over the internet is ever completely secure, so we cannot promise absolute security. If we ever become aware of a data breach that seriously affects you, we will act promptly and let you know where appropriate.

09Your PDPA rights

Under the Personal Data Protection Act 2010, you have rights over your personal data, including the right to:

• Access — ask for a copy of the personal data we hold about you.
• Correct — ask us to fix data that is inaccurate, incomplete or out of date.
• Withdraw consent — tell us to stop using your data for purposes you previously agreed to.
• Limit processing — ask us to restrict how we use your data in certain circumstances.

To exercise any of these rights, contact us at contact@exodia.technology or via WhatsApp. We may need to verify your identity first, and we aim to respond within a reasonable time as required by the PDPA.

10International transfer of data

Some of the services we use — such as Google Analytics, WhatsApp/Meta, email and hosting providers — may store or process data on servers outside Malaysia. Where your personal data is transferred abroad, we take reasonable steps to ensure it continues to receive a level of protection consistent with the PDPA, including relying on reputable providers with their own privacy safeguards.

11Children's data

Our services are aimed at businesses and the adults who run them, not at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with personal data, please contact us and we will take reasonable steps to remove it.

12Changes to this policy

We may update this Privacy Policy from time to time — for example, if we change our services, our tools, or to reflect updated legal requirements. When we do, we will revise the effective date at the top. The latest version published on our website always applies. We encourage you to review this page occasionally.

13How to contact us or make a request

If you have any questions about this policy, want to access or correct your data, withdraw consent, or make any other privacy request, please get in touch:

• Entity: Exodia Labs Sdn. Bhd. (operating as Exodia Design), Reg. No. 202601017485 (1679582-A)
• Email: contact@exodia.technology
• WhatsApp: message us using the chat button on our website
• Business address: Level 33, Ilham Tower, No. 8 Jalan Binjai, 50450 Kuala Lumpur, Malaysia

If you are not satisfied with how we have handled your personal data, you may also contact the Personal Data Protection Commissioner of Malaysia.