🔐 Privacy Policy

TODAK AI ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsApp AI Assistant service ("Sofia") and related systems.

1. Information We Collect

1.1 Information You Provide

• Employee Information: Name, employee ID, department, position, and contact details
• WhatsApp Data: Phone number, profile name, and message content
• Communication Data: All messages, queries, and interactions with our AI assistant
• Verification Data: Information used for employee verification through our THR system

1.2 Automatically Collected Information

• Usage Data: Timestamps, frequency of interactions, and types of requests
• Technical Data: IP addresses, device information, and connection logs
• Performance Data: Response times, error logs, and system metrics

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide AI-powered assistance through WhatsApp
• Employee Verification: To verify your identity and employment status
• Personalization: To provide context-aware responses and maintain conversation history
• Business Operations: To process requests, claims, and generate reports
• Improvement: To enhance our AI models and service quality
• Security: To detect and prevent unauthorized access or fraudulent activities
• Compliance: To meet legal and regulatory requirements

3. Data Storage and Security

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

• Within TODAK Group: With affiliated companies and subsidiaries for business operations
• Service Providers: With trusted third-party services (Anthropic, OpenAI) for AI processing
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with mergers or acquisitions
• Consent: With your explicit consent for specific purposes

5. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Active Employee Data: Retained during employment and up to 7 years after
• Conversation History: Retained for 2 years for context and improvement
• Audit Logs: Retained for 5 years for compliance purposes
• Anonymized Data: May be retained indefinitely for analytics

6. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Request corrections to inaccurate information
• Deletion: Request deletion of your data (subject to legal requirements)
• Portability: Receive your data in a structured format
• Opt-out: Opt-out of certain data processing activities
• Withdraw Consent: Withdraw previously given consent

To exercise these rights, please contact us using the information provided below.

7. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

8. International Data Transfers

Your information may be transferred to and processed in countries other than Malaysia. We ensure appropriate safeguards are in place to protect your information in accordance with this policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new policy on this page
• Updating the "Last updated" date
• Sending notifications through WhatsApp or email for significant changes

10. Contact Information