xiaoluotech
xiaoluotech
Back

PRIVACY

Privacy Policy

Last updated: 28 April 2026

xiaoluotech ("we", "us", "our") is committed to protecting the privacy of visitors and customers of xiaoluotech.solutions. This policy explains what personal data we collect, how we use it, how long we keep it, and your rights under the Malaysian Personal Data Protection Act 2010 ("PDPA").

1. Who we are

xiaoluotech is a Malaysia-based website and software service that builds custom websites and configures an AI Agent for small and medium businesses. The data controller for personal data submitted through this site is xiaoluotech.

2. Personal data we collect

When you submit our enquiry or get-started form, we collect: your name, email address, phone number, company name, business sector, and the description of what you want your website to do. We may also collect basic technical information such as your IP address, browser type, and pages visited via privacy-respecting analytics.

3. How we use your data

We use your data to: (a) reply to your enquiry and follow up via email or WhatsApp; (b) plan, build, and deliver your website and AI Agent; (c) issue invoices and keep records required by Malaysian law; (d) improve our service. We do not sell your data, and we do not use it for unrelated marketing.

4. Lawful basis for processing

Under the PDPA, we rely on your consent (given when you submit a form), the necessity of processing for performance of our service to you, and our legitimate interests in running and securing the business.

5. Sharing with third parties

We share data only with service providers necessary to deliver our service, such as our cloud hosting provider and our email delivery service. These providers are bound by their own data protection obligations. We do not transfer your data outside Malaysia except to such providers.

6. How long we keep your data

Enquiries that do not turn into a project are kept for up to 24 months and then deleted. Customer records (orders, invoices, communications) are kept for 7 years to comply with Malaysian tax and accounting requirements, then deleted.

7. Your rights under PDPA

You have the right to: access your data; correct inaccurate data; withdraw consent and request deletion (subject to legal retention requirements); limit how we process your data; and lodge a complaint with the Personal Data Protection Department of Malaysia. To exercise any of these rights, email us using the address below.

8. Security

We protect your data with TLS encryption in transit, encrypted storage, access controls limited to authorised staff, and bot-protection on public forms. No system is perfectly secure, but we treat any data incident seriously and will notify affected users where required.

9. Cookies and analytics

We use a small number of essential cookies for site functionality. We use Cloudflare Web Analytics, which is privacy-respecting and does not track individual users across sites or use cookies for tracking.

10. Changes to this policy

We may update this policy from time to time. The 'last updated' date above shows the latest revision. We will notify customers of material changes by email.

If you have any questions about this policy or you wish to exercise your PDPA rights (access, correction, withdrawal of consent, or deletion), please contact us at support@xiaoluotech.solutions