Skip to content
Studio open · taking projects for Q3 +60 3-2287 4670 [email protected]
Neurabit Digital Start a brief
Home/Privacy
Policy

Privacy Policy

This policy explains how Neurabit Digital Sdn Bhd collects, uses, stores and discloses your personal information when you visit neurabit.bond, contact us or work with us as a client.

Got a question?

Last updated: 28 May 2026. Governed by: the Personal Data Protection Act 2010 (Malaysia).

1. Who we are

Neurabit Digital Sdn Bhd ("Neurabit", "we", "us") is a private limited company registered in Malaysia under company number 202401041285 (1655243-V). Our office is at Suite 15-08 The Boulevard Office, Mid Valley City, Lingkaran Syed Putra, 59200 Kuala Lumpur. For data-protection queries, write to [email protected] with the subject line "Privacy".

2. What information we collect

We try to collect as little as possible. The categories of personal data we hold are:

  • Contact information you give us — name, company, email, phone, project brief — when you fill in the brief form, email us, or call.
  • Visit data — IP address, user-agent, referring URL and pages viewed — collected by our server logs and, where you have opted in, our privacy-respecting analytics tool.
  • Cookie data — only the cookies you explicitly opt in to via our cookie banner. We do not load any analytics or marketing cookies before consent.
  • Client engagement data — billing details, contracts, project artefacts and meeting notes — held under our standard professional-services confidentiality terms.

3. Why we collect it

We use your personal data for the following purposes only:

  • To respond to enquiries you submit through the contact form, email or phone.
  • To deliver the services you have engaged us for under a signed scope of work.
  • To raise invoices, collect payment and fulfil our statutory accounting obligations.
  • To improve our website using aggregated, non-identifying analytics, where you have opted in.
  • To send infrequent newsletters, only if you have explicitly subscribed.

4. Legal basis (PDPA 2010)

We rely on the following lawful bases under Section 6 of the PDPA: (a) your consent for marketing communications and analytics; (b) necessary for the performance of a contract for client-engagement data; and (c) compliance with a legal obligation for accounting and tax records.

5. Who we share it with

We do not sell your data and we do not share it for advertising purposes. We share data only with the following categories of processor, under written confidentiality terms:

  • Our managed hosting partner (a Singapore-based ISO 27001 certified facility) which serves this website.
  • Our accounting and tax advisor for invoice processing, retention period seven years.
  • Our courier or signing platform (e.g. DocuSign) where contracts need countersignature.
  • Government authorities where compelled by Malaysian law or court order.

6. International transfers

Our hosting is located in Singapore. Some sub-processors (e.g. Google Workspace for email) operate from outside Malaysia. By using our services or contacting us, you consent to your personal data being transferred to and processed in those jurisdictions, all of which maintain a data-protection standard at least equivalent to the PDPA.

7. How long we keep it

Contact form submissions are deleted six months after we close the conversation. Client engagement records are retained for seven years following completion of the engagement, in line with our accounting obligations. Newsletter subscriber lists are kept until you unsubscribe. Server logs are kept for thirty days.

8. Your rights

Under the PDPA, you have the right to:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate or out-of-date personal data.
  • Limit the processing of your personal data for direct marketing.
  • Withdraw consent at any time for processing that relies on consent.

To exercise any of these rights, email [email protected] with the subject line "Privacy". We respond inside fourteen calendar days.

9. Security

We protect your data with reasonable technical and organisational measures, including encrypted transport (TLS 1.3), encrypted database storage, restricted role-based access for our team, and two-factor authentication on all administrative accounts. No system is perfectly secure; if a breach occurs that affects your personal data, we will notify you within 72 hours of discovery, as required under the PDPA Standard 2015.

10. Children

Our services are not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have done so, please contact us so we can delete it.

11. Changes to this policy

We may update this policy when our practices change or when the law requires. The "last updated" date at the top of this page reflects the most recent revision. Material changes are flagged on the home page for at least seven days.

12. Contact

For any data-protection matter, write to Neurabit Digital Sdn Bhd, Suite 15-08 The Boulevard Office, Mid Valley City, Lingkaran Syed Putra, 59200 Kuala Lumpur, or email [email protected]. We acknowledge every request inside two working days.