CX
Cortexial Get in Touch

Legal

Privacy Policy

Last Updated: 15 February 2026

1. Introduction

Cortexial ("we", "us", "our") is committed to protecting the personal data of individuals who interact with our services and website. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with our AI consulting services and our website at https://cortexial.info.

Our data handling practices are aligned with Malaysia's Personal Data Protection Act 2010 (PDPA). If you have questions about how we handle your data, please contact us at [email protected].

By using our website or engaging our services, you acknowledge the practices described in this policy.

2. Data Collection

We collect personal data through several channels:

  • Contact forms: Name, email address, phone number, and message content submitted via our website enquiry form.
  • Project engagements: Business contact details, operational data shared for project purposes, and correspondence records.
  • Website analytics: Anonymised usage data collected via cookies, including page visits, session duration, and referring sources.
  • Email communication: Email addresses and message content when you contact us directly.

We do not collect sensitive personal data (as defined under PDPA 2010) through standard website interaction. Project-specific sensitive data — where applicable — is handled under a separate written data handling agreement.

3. Legal Basis for Processing

We process personal data on the following grounds:

  • Consent: Where you have submitted a form or agreed to cookie use.
  • Contractual necessity: Where data processing is required to deliver a consulting engagement you have engaged us for.
  • Legitimate interest: For improving our services, responding to enquiries, and maintaining business records.
  • Legal compliance: Where retention or disclosure is required by applicable Malaysian law.

4. How We Use Your Data

  • Responding to enquiries submitted via the website contact form
  • Delivering AI consulting services to clients under engagement
  • Sending project-related communications and progress updates
  • Improving our website and service offering based on anonymised usage data
  • Maintaining business and financial records as required by law
  • Sending relevant service information — you may opt out at any time

We do not sell personal data to third parties. We do not use your data for any purpose not described in this policy without notifying you and, where required, obtaining your consent.

5. Data Retention

We retain personal data for the following periods:

  • Website enquiry data: Up to 24 months from submission, unless engagement is initiated.
  • Engagement data: Seven years from project close, as required for financial and legal record-keeping under Malaysian law.
  • Project client data: Not retained beyond the agreed engagement period unless the client explicitly requests otherwise in writing.
  • Cookie/analytics data: As described in our Cookie Policy, typically 13 months.

6. Data Protection

We apply the following measures to protect personal data under our custody:

  • Encrypted data transmission (TLS) for all web communications
  • Access control — personal data is accessible only to team members who require it for legitimate project purposes
  • Documented data handling protocols for each client engagement
  • Regular review of data handling practices
  • In the event of a data breach, we will notify affected individuals in accordance with applicable PDPA obligations

7. Cookies

Our website uses cookies to understand how visitors use our site and to support basic functionality. For detailed information on the cookies we use, how long they persist, and how to manage your preferences, please refer to our Cookie Policy.

8. Third-Party Services

We may use the following third-party services that process data on our behalf:

  • Google Analytics: Anonymised website usage analytics. Data is processed in accordance with Google's privacy framework.
  • Email service providers: For sending project communication and responding to enquiries.
  • Cloud infrastructure providers: For hosting and project delivery tools, operating under data processing agreements.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites.

9. Your Rights

Under PDPA 2010 and applicable data protection principles, you have the following rights regarding personal data we hold about you:

  • Right of access: Request a copy of personal data we hold about you.
  • Right to correct: Request correction of inaccurate or incomplete personal data.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
  • Right to limit processing: Request that we restrict how we use your data in certain circumstances.
  • Right to object: Object to processing carried out on the basis of legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.

10. Children's Privacy

Our services are intended for business organisations and their representatives. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted personal data through our website, please contact us and we will take appropriate action.

11. Policy Updates

We may update this Privacy Policy periodically. When we make material changes, we will update the "Last Updated" date at the top of this page. Continued use of our website following any changes constitutes acceptance of the revised policy. We recommend reviewing this page occasionally.

12. Contact

For privacy-related enquiries, data access requests, or concerns about how your data is handled:

Cortexial

27, Jalan Masjid India, 50100 Kuala Lumpur, Malaysia

[email protected]