Legal Document
Privacy Policy
This policy explains how Cahaya AI collects, uses, stores, and protects information you share with us. We encourage you to read it at your own pace.
Last updated: 1 January 2025
1. Who We Are
Cahaya AI operates as an online AI development school based in George Town, Penang, Malaysia. We offer structured learning programmes in artificial intelligence, machine learning, and related subjects to individuals across Malaysia and beyond.
Our registered address is Persiaran Gurney 18, 10250 George Town, Penang, Malaysia. You may reach us by phone at +60 13-857 2649 or by email at [email protected].
This Privacy Policy applies to all personal data we process in connection with our website, courses, communications, and related services. It is informed by the Personal Data Protection Act 2010 (PDPA) of Malaysia.
2. Information We Collect
We collect personal data only when there is a clear reason to do so. The types of information we may gather include:
- Contact and enquiry data — your name, email address, and phone number when you submit an enquiry or contact form.
- Enrolment data — additional details required to register you for a course, such as your level of experience or preferred cohort dates.
- Payment data — billing details processed through our secure payment partners. We do not store full card numbers on our servers.
- Usage data — pages visited, session duration, device type, and browser information, collected through analytics tools to help us improve the website.
- Communication records — messages you send us by email or through contact forms, kept so we can respond appropriately and follow up if needed.
- Cookie data — small files placed on your device as described in Section 6 of this policy.
We do not collect sensitive personal data such as identification numbers, race, religion, or health information unless specifically required and with your explicit consent.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Responding to your enquiries and providing information about our courses.
- Processing enrolments and managing your access to course materials.
- Sending administrative communications related to your enrolment, such as schedule updates or mentor introductions.
- Sending occasional course news or updates where you have given consent to receive them.
- Improving our website and courses through anonymised analytics.
- Meeting our legal and regulatory obligations under Malaysian law.
4. Legal Basis for Processing
Under the Personal Data Protection Act 2010, we process your data on the following grounds:
- Consent — where you have given clear agreement, such as subscribing to updates or accepting cookies.
- Contractual necessity — to fulfil a course enrolment or respond to a direct enquiry.
- Legitimate interests — for analytics and service improvements, balanced against your privacy interests.
- Legal obligation — where we are required to retain or disclose data by law.
7. Data Retention
We keep your personal data for as long as it is needed for the purpose it was collected, or as required by law. As a general guide:
- Enquiry data is kept for up to 12 months from the date of last contact.
- Enrolment and course records are kept for up to 7 years in line with standard accounting and contractual requirements.
- Marketing consent records are kept until you withdraw consent or for 3 years after your last interaction, whichever comes first.
- Website analytics data is held in aggregated or anonymised form and is not subject to the same retention limits.
8. Your Rights
Under the PDPA 2010 and applicable data protection principles, you have the right to:
- Access the personal data we hold about you.
- Request corrections to inaccurate or incomplete data.
- Withdraw consent for marketing communications at any time.
- Request that we stop processing your data in certain circumstances.
- Ask us to delete your data where it is no longer needed.
To exercise any of these rights, please contact us at [email protected]. We will aim to respond within 21 days. There is no charge for reasonable requests.
9. Security
We take reasonable technical and organisational steps to protect your personal data from unauthorised access, loss, or misuse. These include encrypted connections (HTTPS), restricted staff access, and regular review of our data handling practices.
No method of data transmission or storage is entirely without risk. If you have concerns about the security of your information, please contact us directly.
10. Third-Party Services
Our website may link to external sites or integrate with third-party tools such as payment gateways or communication platforms. We are not responsible for the privacy practices of those services. We encourage you to read their policies before submitting any personal data to them directly.
11. Children's Privacy
Our courses are intended for individuals aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe a minor has submitted data through our site, please contact us and we will remove it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we do, we will revise the "last updated" date at the top of the page. We encourage you to revisit this page periodically.
Where changes are significant, we will take reasonable steps to notify you directly if you are an enrolled learner or have given us contact details.
13. Contact Us
If you have any questions about this Privacy Policy or the way we handle your data, you are welcome to get in touch.
Cahaya AI
Persiaran Gurney 18, 10250 George Town, Penang, Malaysia
Questions about your data?
We are glad to clarify anything in this policy. Reach out at any time — we read every message carefully.
Get in Touch