Back antaraChat

Legal

Privacy Policy

Effective date: 1 January 2025  ·  Last updated: 29 June 2026

antaraAI and antaraChat ("we", "our", or "us") are products of Rocketweb Sdn. Bhd., a company incorporated in Malaysia. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform at dash.antara.chat (the "Platform").

This policy is governed by the Personal Data Protection Act 2010 (PDPA) of Malaysia and applies to all users, including individuals from government agencies, GLCs, and SMEs. By accessing or using our Platforms, you consent to the practices described herein.

1. Personal Data We Collect

We collect personal data through your interactions with the Platforms, including:

Account & Identity Data

Full name, email address, job title, organisation name, profile photo, and authentication credentials.

Usage & Activity Data

Features accessed, AI prompts submitted, content generated, chatbot conversations, workflow executions, login timestamps, and browser/device metadata (IP address, browser type, operating system).

Billing & Payment Data

Subscription plan details, credit balance, invoice records, and payment processor references. We do not store full card numbers — payment processing is handled by Stripe, which is PCI-DSS compliant.

Content & Knowledge Data

Documents, files, images, audio, and other content you upload to train AI agents or use within our tools. You retain ownership of all content you submit.

Communications Data

Messages sent via in-app support, email correspondence, and feedback forms.

2. How We Use Your Personal Data

We process your personal data for the following purposes:

  • Service Delivery — to create and manage your account, provide access to AI features, process transactions, and deliver support.
  • Platform Improvement — to analyse usage patterns, diagnose technical issues, and improve the performance and reliability of our services.
  • Security & Fraud Prevention — to monitor for suspicious activity, enforce our Terms of Service, and protect users and the platform.
  • Communications — to send transactional emails (invoices, password resets, usage alerts) and product updates. You may opt out of marketing communications at any time.
  • Legal Compliance — to fulfil obligations under Malaysian law and respond to lawful requests from authorities.

We do not use your submitted content or AI conversations to train shared AI models without your explicit consent.

3. Disclosure of Personal Data

We do not sell your personal data. We may share it only in the following circumstances:

  • Service Providers — trusted third-party vendors who assist in operating our Platforms (cloud hosting, payment processing, email delivery, AI inference). These parties are contractually bound to protect your data.
  • Team Members — if you are part of a team workspace, authorised team administrators may access shared workspace data.
  • Legal Requirements — when required by law, court order, or a lawful request by a public authority.
  • Business Transfers — in the event of a merger, acquisition, or asset sale, your data may be transferred as part of that transaction.

4. Third-Party AI & Technology Services

To deliver AI-powered features, we transmit relevant data (such as prompts and uploaded content) to third-party AI providers, including but not limited to:

  • Anthropic (Claude) — Large Language Model inference
  • xAI (Grok) — Budget LLM inference
  • fal.ai — Image and video generation
  • ElevenLabs — Text-to-speech synthesis
  • Deepgram — Speech-to-text transcription

Each provider has its own privacy and data handling policies. We encourage you to review them. We select providers that operate under data processing agreements consistent with applicable privacy laws.

5. Google API Services & User Data

antaraChat's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect your Google Account to antaraChat, we may access the following Google services on your behalf, based on the permissions you grant:

  • Gmail — to read and send emails as part of AI-powered agent workflows you configure
  • Google Calendar — to read and create calendar events as part of AI-powered agent workflows you configure
  • Google Sheets — to read and write spreadsheet data as part of AI-powered agent workflows you configure

We access Google user data solely to provide the features you have explicitly enabled. Specifically, we do not:

  • Sell your Google user data to any third party
  • Share your Google user data with any third party for advertising or marketing purposes
  • Use your Google user data to train AI or machine learning models
  • Allow humans to read your Google user data without your consent, except as required by law

You may revoke antaraChat's access to your Google Account at any time via Google Account Permissions or through antaraChat's integration settings.

6. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide services. Upon account deletion, we will delete or anonymise your personal data within 30 days, except where retention is required by law or legitimate business purposes (such as financial records mandated under Malaysian tax law).

You may configure data retention preferences within your account settings under Settings → Data Retention.

7. Cookies & Tracking

We use cookies and similar technologies to maintain your session, remember your preferences (such as dark mode), and analyse platform usage. Types of cookies used:

  • Essential Cookies — required for authentication and platform functionality. Cannot be disabled.
  • Preference Cookies — store your UI preferences (e.g., sidebar state, dark mode).
  • Analytics Cookies — help us understand how users interact with the platform to improve our services.

8. Data Security

We implement industry-standard security measures to protect your personal data, including:

  • TLS/HTTPS encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Role-based access controls and team-scoped data isolation
  • Two-factor authentication (2FA) support
  • Regular security audits and vulnerability assessments

While we strive to protect your data, no system is completely secure. In the event of a data breach that poses a risk to your rights, we will notify affected users in accordance with applicable Malaysian law.

9. Your Rights Under PDPA 2010

Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:

Right of Access

Request a copy of the personal data we hold about you.

Right to Correction

Request correction of inaccurate or incomplete personal data.

Right to Withdraw Consent

Withdraw consent for processing at any time (subject to legal obligations).

Right to Prevent Processing

Request that we stop processing your data for direct marketing purposes.

Right to Erasure

Request deletion of your account and associated personal data.

Right to Data Portability

Receive a structured export of your data in a machine-readable format.

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days as required under PDPA.

11. Children's Privacy

Our Platforms are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will take appropriate steps to remove the information.

12. Cross-Border Data Transfers

As a cloud-based platform utilising third-party AI and infrastructure providers, your data may be processed outside Malaysia, including in the United States and European Union. We ensure such transfers comply with PDPA requirements and that recipient organisations maintain adequate data protection standards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice within the Platform. Continued use of the Platform after changes take effect constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Rocketweb Sdn. Bhd.

Malaysia

Email: [email protected]

General enquiries: [email protected]