ObieChat
Sign up — free

Privacy Policy

Last updated: 23 May 2026

This Privacy Policy explains how ObieOnline (Obie, sole proprietor), based in Kuala Lumpur ("we"), handles personal data in the ObieChat platform. It is written to comply with Malaysia's Personal Data Protection Act 2010 ("PDPA").

1. Who is the data controller

For your account data (your business info, your sign-in credentials), we are the Data Controller. For visitor leads captured through your chatbot, you are the Data Controller and we act as Data Processor on your instructions.

2. Data we collect about you (the account holder)

  • Account info: business name, owner name, email, password (bcrypt-hashed), WhatsApp number, region.
  • Configuration: knowledge base, allowed origins, branding, language preferences.
  • Usage: credit ledger entries, login timestamps, IPs (for security + rate-limiting).

3. Data we process on your behalf (visitor leads)

  • Visitor-provided fields: name, phone / WhatsApp number, email, business, enquiry text — whatever the visitor chooses to share.
  • Transcript: the conversation between the visitor and the chatbot is stored on the lead row for your review.
  • Visitor IP: recorded once per lead for abuse investigation.

4. Why we collect it

  • To run the service (authenticate you, render the chatbot).
  • To deliver lead notifications to you.
  • To enforce rate limits, detect abuse, and meter credits.
  • To improve the platform (aggregated, non-identifying analytics).

5. Who has access

Your data is isolated per tenant at the database layer (PostgreSQL Row-Level Security). Other ObieChat tenants cannot see your data.

Service providers we use:

  • An AI language-model provider — receives chat messages and your knowledge base to generate replies. Our provider contractually commits not to train on API traffic. See our subprocessors list (linked from this page) for the current provider name and location.
  • Resend (email delivery) — receives lead- notification + auth emails. Used only for delivery.

We don't sell your data. We disclose data only when required by law.

6. How long we keep it

  • Account data: while your account is active, plus 30 days after closure.
  • Leads: 12 months by default. You can delete them at any time.
  • Chat transcripts: stored only on the corresponding lead row.
  • Login + access logs: 90 days.

7. Your rights under the PDPA

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Withdraw consent / request deletion.
  • Lodge a complaint with the Personal Data Protection Commissioner of Malaysia.

To exercise any of these, WhatsApp us at +60 19 313 9312 or email obie@obieonline.com. We respond within 21 working days.

8. Security

  • HTTPS-only (TLS) for all traffic.
  • Passwords stored with bcrypt (12 rounds).
  • PostgreSQL Row-Level Security enforces tenant isolation at the database layer.
  • Daily off-server backups of the database.
  • Server access limited to the founder.

9. Visitor data on your website

When a visitor chats with your bot, our widget shows a brief PDPA notice. You should ALSO link your own privacy policy explaining how leads will be used. We don't share visitor data across tenants or with third parties beyond the service providers above.

10. International transfers

Our AI subprocessor processes chat traffic on infrastructure in the United States. Resend processes email on infrastructure in the United States and the European Union. By using the Service you consent to these transfers. The current subprocessor list is available on our subprocessors page.

11. Changes

We'll email material changes to your account email at least 14 days before they take effect.

12. Contact

ObieOnline (Obie), Taman Melati, Setapak, Kuala Lumpur, Malaysia. WhatsApp: +60 19 313 9312. Email: obie@obieonline.com.

← Back to ObieChat