Privacy Policy
Whats AI Pro Privacy Policy
1. General Provisions
1.1 Basis and Scope of Application
This Privacy Policy (hereinafter referred to as "this Policy") is formulated in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA) and relevant regulations. It applies to the Whats AI Pro platform (including the official website, mobile applications, and related services provided through third-party cooperation channels, hereinafter referred to as "this Platform") operated by Sub Nexs Continental Sdn Bhd (Company Registration Numbers: 202401022211 / 1568060-V, hereinafter referred to as "we").
By accessing, registering, using the Platform's services, or submitting personal data, you confirm that you have read, understood, and agreed to our processing of your personal data in accordance with this Policy. If you do not agree to this Policy, please do not use the Platform's services.
1.2 Definition of Data Subject
"Personal Data" in this Policy refers to information that can identify or be associated with a specific individual (such as name, contact information, device information, etc.); "you" refers to individual users who use the Platform's services or authorized personnel who use the services on behalf of enterprises/organizations (collectively referred to as "Users" hereinafter).
2. Personal Data We Collect
2.1 Scope of Data Collection
We only collect personal data to the extent necessary to achieve the purpose of the services, specifically including:
Registration and Identity Verification Data: Full name, email address (e.g., subnexscontinental@gmail.com is our customer service email; you need to provide your personal email for registration), mobile phone number (e.g., if you register with a Malaysian domestic number such as +601133211456), ID card/passport number (only used for corporate user authentication or activation of high-risk services);
Service Usage Data: IP address, browser type, device model, operating system version, access time, browsing history, function usage logs, Cookie and similar technical data (used to optimize service experience; you can disable Cookies in browser settings, but this may affect the use of some functions);
Transaction-Related Data: If you use paid services, you need to provide payment account information (such as the last 4 digits of the bank card number), transaction amount, payment time, and order information related to the transaction (our official collection bank is Public Bank Berhad, Account Number: 3241910330; transaction data is only used to complete payment and reconciliation);
User-Initiated Submission Data: Opinions, demand descriptions, problem screenshots, etc. submitted through customer service feedback (email, phone), questionnaires, function feedback, etc.;
Third-Party Source Data: If you log in to the Platform through a third-party account (such as a social media account), we will obtain basic information authorized by the third party (such as nickname, avatar), subject to the authorization scope of the third-party platform.
2.2 Collection Methods
Actively filled in or submitted by you during registration and service usage;
Automatically recorded by the Platform during your use of the services (such as server logs, Cookies);
Obtained from legally cooperating third parties (such as transaction confirmation information provided by payment institutions).
3. Purposes of Using Personal Data
The personal data we collect is only used for the following legitimate purposes and complies with the "necessary and appropriate" principle of the PDPA:
To provide you with basic services such as registration, login, and account management, and to ensure account security and identity verification;
To process your service requests (such as function activation, paid package activation, after-sales support) and feedback the processing progress to you;
To optimize the Platform's functions and experience (such as adjusting interface design and fixing function vulnerabilities based on usage logs);
To send you service-related notifications (such as account security alerts, paid service expiration notifications, system maintenance announcements); if you consent, we may send marketing information such as product updates and promotional activities (you can unsubscribe through "Personal Center - Notification Settings" or replying to the customer service email);
To comply with the obligations of Malaysian laws and regulations (such as retaining transaction records for at least 7 years to meet tax requirements, and responding to legal inquiries from law enforcement agencies);
To prevent and handle illegal and irregular behaviors (such as identifying batch registrations and fraudulent transactions, and protecting the legitimate rights and interests of users and the Platform);
To conduct data statistics and analysis (only analyze anonymized and aggregated data, which is not identifiable and can be used for business decisions).
4. Sharing and Disclosure of Personal Data
We strictly protect your personal data and will not sell, rent, or transfer your personal data without your explicit consent. We only share or disclose it in the following circumstances:
4.1 Authorized Partners
Data is only shared with necessary partners for the purpose of providing services, and we will sign data protection agreements with partners requiring them to comply with the PDPA and this Policy:
Payment Service Providers: Such as Public Bank Berhad and other payment institutions; necessary data such as transaction amount and the last 4 digits of the account information are shared to complete the payment;
Technical Service Providers: Such as server hosting providers and cloud service providers; service usage data (such as IP address, device information) is shared to ensure the stable operation of the Platform;
Customer Service and Operation Maintenance Providers: If a third party is entrusted to provide customer service support, only necessary information related to your problem (such as problem description, basic account information) is shared.
4.2 Legal Requirements and Protection of Rights and Interests
When required by laws, regulations, court judgments, or Malaysian law enforcement agencies (such as the police, tax authorities), personal data must be disclosed;
To protect the legitimate rights and interests of users, us, or the public (such as preventing personal injury and property loss, and handling fraudulent behaviors), data may be disclosed if reasonable and necessary;
In the event of business changes such as company merger, acquisition, or asset transfer, personal data may be transferred to the new entity as part of the business assets. However, the new entity must continue to comply with this Policy and the PDPA, and notify you in advance through platform announcements or emails.
5. Personal Data Protection Measures (Continued)
5.1 Technical Protection
Data Transmission Encryption: SSL/TLS protocol is used to encrypt the transmission of personal data (such as registration information, payment data) to prevent theft or tampering during transmission;
Storage Security: Personal data is stored on servers that meet security standards (some are located outside Malaysia, see Clause 6 for details), and firewalls and intrusion detection systems are used to prevent unauthorized access;
Access Control: Only authorized personnel (such as customer service, technical operation and maintenance staff) are allowed to access personal data, and they must pass identity verification (such as account password, permission approval).
5.2 Management Protection
Employee Training: Regular PDPA and data protection training are provided to employees to clarify data processing standards and responsibilities;
Security Audits: Regular audits of data processing processes and protection measures are conducted to promptly fix potential risks;
Incident Response: In the event of a data breach or other security incidents, we will, in accordance with PDPA requirements, notify affected users and Malaysia's Personal Data Protection Commissioner within 72 hours of discovery, and take remedial measures.
5.3 Your Security Responsibilities
Please keep your account password safe and do not disclose it to others; if you find any unauthorized use of your account, please immediately notify us via the customer service phone (+601133211456) or email (subnexscontinental@gmail.com), and we will assist in freezing the account and investigating risks.
6. Cross-Border Data Transfer
Due to the needs of some technical services of this Platform, your personal data may be transferred to servers outside Malaysia (such as cloud service nodes in Singapore and Hong Kong, China). We ensure that cross-border transfers comply with PDPA requirements:
The recipient has adopted protective measures equivalent to those of this Platform (such as signing a cross-border data transfer agreement and meeting the "adequacy determination" standard);
Cross-border transfers are only used to achieve the purposes specified in this Policy, and the recipient shall not process data beyond the authorized scope;
By using the Platform's services, you are deemed to agree to such cross-border transfers. If you do not agree, you may contact customer service to apply for the termination of relevant services, but this may affect the use of some functions.
7. Your Rights as a Data Subject (Pursuant to the PDPA)
In accordance with the PDPA, as a data subject, you are entitled to the following rights, and we will assist you in exercising these rights free of charge:
Right to Inquiry and Access: You have the right to inquire whether we hold your personal data and obtain information such as the content, purpose of use, and source of the data;
Right to Correction: If your personal data is incorrect, incomplete, or outdated, you have the right to request us to correct or supplement it (you can modify it yourself through "Personal Center - Profile Management" or contact customer service for assistance);
Right to Erasure/Restriction of Processing: You may request the erasure or restriction of processing of data in the following circumstances: (1) the purpose of data use has been achieved; (2) you withdraw your consent and there is no other legal basis for retention; (3) data processing violates the PDPA;
Right to Withdraw Consent: For personal data collected based on your consent (such as marketing information), you may withdraw your consent at any time (this does not affect the legality of data processing conducted before the withdrawal);
Right to Complaint: If you believe that our data processing activities violate the PDPA, you may file a complaint with us or directly with Malaysia's Personal Data Protection Commissioner (official website: https://www.pdp.gov.my/).
7.1 Methods to Exercise Rights
To exercise the above rights, you may submit an application through the following methods:
Email: Send the application to subnexscontinental@gmail.com (please indicate "Data Rights Application" and provide account information, identity proof, and details of the application);
Phone: Call +601133211456 (Contact Person: Liu Chienlung) to explain the application requirements;
Mailing: Send a written application (including a copy of identity proof) to the company address: A-1-27 Residensi Bandar Razak, Jalan Razak Mansion, Sungai Besi 57100 Kuala Lumpur.
We will verify and respond within 14 working days of receiving the application; for complex cases, the period may be extended to 30 working days (we will notify you in advance).
8. Data Retention Period
We retain personal data in accordance with the "necessary minimum period" principle. The retention period is determined based on the following factors:
The time required to achieve the purpose of data use (such as the validity period of paid services + 3 months of after-sales support);
Mandatory requirements of laws and regulations (such as retaining tax records for at least 7 years, the statute of limitations for contract disputes);
The time required to resolve potential disputes (such as retaining user complaint records for 6 months after the complaint is resolved).
After the expiration of the data retention period, we will process the data through secure methods (such as encrypted deletion, physical destruction) or anonymize it (anonymized data is no longer considered personal data and can be used freely).
9. Updates to the Policy and Notification
We reserve the right to update this Policy in accordance with revisions to the PDPA, business adjustments, or technological developments. The updated Policy will be published in a prominent position on the Platform's official website and marked with the "Update Date".
If the updated content involves your core rights and interests (such as expansion of the scope of data collection, change of purpose of use), we will notify you 7 working days in advance via your registered email or in-platform notification. Your continued use of the Platform after the Policy is updated shall be deemed as your consent to the revised Policy; if you do not agree, you may stop using the services and apply for the deletion of your personal data.
10. Contact Information
If you have any questions about this Policy, need to exercise your data rights, or file a complaint, you may contact us through the following methods:
Customer Service Email: subnexscontinental@gmail.com (priority processing channel, usually responding within 1 working day);
Customer Service Phone: +601133211456 (Contact Person: Liu Chienlung, Service Hours: Monday to Friday 9:00-18:00, Malaysian Time);
Company Address: A-1-27 Residensi Bandar Razak, Jalan Razak Mansion, Sungai Besi 57100 Kuala Lumpur;
Supervision and Feedback: If you are not satisfied with the customer service handling result, you may send an email to the above email address with the subject "Privacy Policy Supervision Feedback".
Update Date: August 26, 2025