BizVitalSign in

Privacy Policy

Agilec Technology Sdn Bhd · Last updated 12 June 2026

This Privacy Policy explains how Agilec Technology Sdn Bhd("we", "us") collects, uses, and protects personal data when you use BizVital, in accordance with the Malaysian Personal Data Protection Act 2010 (PDPA).

1. What we collect

  • Account data — name, email address, and a hashed password.
  • Organization data — org name, membership roles, plan and licensing records, audit logs of administrative actions.
  • Content you provide — uploaded files (which may include financial statements and other business documents, together with the figures we extract from them), connected data sources, agent configurations, skills, analyses, and board chat questions.
  • API keys — AI provider keys your organization supplies, stored encrypted with AES-256-GCM and never displayed after entry.
  • Technical data — session tokens (hashed) and basic request metadata used for security and rate-limiting.

2. How we use it

  • To operate the service: run analyses you request, manage memberships, enforce plan limits.
  • To secure the service: authentication, audit trails, abuse and rate-limit controls.
  • To communicate service matters to your registered email (e.g., licensing changes).
  • We do not sell personal data, and we do not use your business data to train AI models.

Financial data. Financial statements and figures you import are processed only to produce the health scores and board analyses you request, and to display them back to you. They are stored within your organization (logically isolated from other tenants), are never used for advertising or model training, and are deleted when you delete the source, run, or organization (see section 5). The deterministic health score is computed locally and involves no third party; only when you run a board analysis are the relevant excerpts sent to your configured AI provider (section 3).

3. AI providers and sub-processors

  • When you run an analysis, the relevant data excerpts and prompts are sent to the AI provider whose API key your organization configured (Anthropic, OpenAI, Google, Groq, or DeepSeek). Their handling of that data is governed by their own terms and privacy policies. TRIAL organizations run on a platform-managed Google Gemini key until they add their own.
  • Our infrastructure sub-processors include our database host (Neon — PostgreSQL) and application host. Data may be stored or processed outside Malaysia by these providers.

4. Tenant isolation

Every organization's data is logically isolated. All application queries are scoped to your organization; other tenants cannot access your data, and platform administrators access tenant records only for licensing and support purposes.

5. Retention and deletion

  • Account and organization data is retained while your account is active.
  • You can delete data sources, agents, runs, and API keys in-app at any time; deletions cascade to dependent records.
  • On written request we will delete your organization and associated personal data, except records we must keep by law.

6. Security

  • Passwords hashed with bcrypt; session tokens stored hashed; admin and tenant sessions are separate.
  • API keys encrypted at rest (AES-256-GCM); transport over HTTPS in production.
  • Cross-origin request checks, rate limiting, server-side input validation, and audit logging throughout.

7. Your rights (PDPA)

You may request access to, correction of, or deletion of your personal data, or withdraw consent to processing (which may end your ability to use the service). Write to success@agilectechnology.com and we will respond within the timelines required by the PDPA.

8. Cookies

We use strictly necessary cookies only: an authentication session cookie and an active-organization selector. No advertising or third-party analytics cookies are set by the application.

9. Changes

We may update this policy from time to time; material changes will be notified in-app or by email. Continued use after changes constitutes acceptance.

10. Contact

Data protection enquiries: Agilec Technology Sdn Bhd, No. 2A-1, Jalan Puteri 2/5, Bandar Puteri, 47100 Puchong, Selangor, Malaysia. Email: success@agilectechnology.com.

Questions about this policy? Contact success@agilectechnology.com