Privacy Policy

1. Introduction

Flexi Translate Enterprise ("Flexi Translate", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our translation services, including our certified human translation services and instant translation tool.

We operate in strict compliance with the Malaysian Personal Data Protection Act 2010 (PDPA) and the General Data Protection Regulation (GDPR) where applicable.

2. Information We Collect

2.1 Personal Information

When you use our certified human translation services, we may collect:

• Identity Data: Name, company name, position title
• Contact Data: Email address, phone number, mailing address
• Transaction Data: Payment information, service history, invoice details
• Communication Data: Your messages, inquiries, and support requests

2.2 Technical Data (Automatic Collection)

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, time spent, features used
• Cookies: Session cookies for authentication (no tracking cookies)

3. Zero Cloud Storage Policy

3.1 Instant Translation App - 100% Ephemeral Processing

No Storage. No Retention. No Cloud. Your translation requests are processed in real-time using the following privacy-first architecture:

• In-Memory Only: Text is processed in volatile memory (RAM) and never written to any persistent storage
• Real-Time Deletion: Within milliseconds of translation completion, all data is purged from memory
• No Logging: We do not maintain any logs of your translation history or content
• No Training Data: Your translations are NEVER used to train or improve AI models
• Anonymous Processing: All API calls are made without any user-identifying information

3.2 Certified Human Translation - Secure Processing

For our professional certified translation services, we implement the following data protection measures:

• Encrypted Upload: All files are encrypted using AES-256 during transmission (TLS 1.3)
• Secure Workspace: Files are stored in an encrypted, access-controlled environment
• Limited Retention: Documents are retained for 7 days after project completion for quality assurance, then PERMANENTLY DELETED
• No Subcontractors: All certified translations are performed by in-house sworn translators under strict NDAs
• Physical Security: Our office in Johor Bahru maintains secure, access-controlled facilities

4. Legal Basis for Processing (PDPA & GDPR Compliance)

We process your personal data only when we have a valid legal basis:

• Contractual Necessity: To perform translation services you requested (Section 6(1)(a) of PDPA)
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with Malaysian laws, including tax and record-keeping requirements
• Consent: For marketing communications (you may withdraw consent at any time)

5. Data Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: TLS 1.3 for all data in transit | AES-256 for data at rest
• Access Control: Role-based access, multi-factor authentication for staff
• Regular Audits: Quarterly security assessments and penetration testing
• Staff Training: All employees undergo mandatory data protection training
• Incident Response: 72-hour breach notification protocol as required by PDPA

6. Data Retention Periods

7. Your Data Protection Rights (PDPA Section 5-7)

Under the Malaysian Personal Data Protection Act 2010, you have the following rights:

• Right to Access: Request copies of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Withdraw Consent: Opt-out of marketing communications
• Right to Data Portability: Receive your data in a structured format
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to processing based on legitimate interests

8. International Data Transfers

Our AI translation service utilizes third-party AI providers for processing. For these temporary, ephemeral translations:

• Data is processed in volatile memory only and deleted immediately after response
• We have executed Standard Contractual Clauses (SCCs) with the third-party providers ensuring adequate protection
• No data is stored or retained by any third-party processor

For certified human translations, all processing occurs within Malaysia and no data leaves the country.

9. Cookie Policy

We use only essential cookies that are necessary for the functioning of our website:

• Session Cookies: For authentication (deleted when you close your browser)
• Preference Cookies: Remember your language selection (expires after 30 days)

We do NOT use: Tracking cookies, advertising cookies, analytics cookies, or any third-party marketing cookies.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such data, please contact us immediately for deletion.

11. Data Breach Notification

In the unlikely event of a personal data breach, we will:

• Notify the Malaysian Personal Data Protection Commissioner within 72 hours of discovery (PDPA Section 10(1))
• Notify affected individuals without undue delay if the breach is likely to result in serious harm
• Provide regular updates on remedial actions taken

12. Policy Updates

We may update this Privacy Policy from time to time. Material changes will be notified via:

• Email notification to registered users (30 days advance notice)
• Website banner notification (14 days before effective date)

The "Last Updated" date at the top of this policy indicates when changes were made. Continued use of our services constitutes acceptance of the updated policy.