Effective date: 15 May 2026
Last updated: 15 May 2026
This Privacy Policy explains how ZenWeb Malaysia (“ZenWeb”, “we”, “our”, or “us”) collects, uses, stores, and protects personal information when you interact with us through our website chatbot, our WhatsApp Business account, our website, or any related digital marketing services.
We comply with the Personal Data Protection Act 2010 of Malaysia (PDPA), the Meta Platform Terms, the Meta Developer Policies, and the WhatsApp Business Messaging Policy.
1. Who we are
ZenWeb Malaysia is a digital marketing agency.
- Address: A-21-01, Pinnacle PJ Tower A, Lorong Utara C, Pjs 52, 46200 Petaling Jaya, Selangor, Malaysia
- Phone / WhatsApp: +60 17-211 0602
- Email (privacy enquiries): hi@pnh.asia
- Website: https://zenweb.my
For the purposes of data protection law, ZenWeb is the data controller of your personal information.
2. Information we collect
We collect only the information needed to respond to your enquiry, deliver our services, and improve our chatbot.
2.1 Information you provide
- Identification information you share with us, such as your name, email address, phone number, company name, role, language preference, or industry.
- Enquiry content, including any text messages, files, voice notes, or images you send to our chatbot or WhatsApp account.
- Business and project information you share to receive a proposal (e.g. website URL, page count, marketing goals, budget range).
2.2 Information collected automatically
- WhatsApp metadata provided by the Meta WhatsApp Cloud API when you message us, including your WhatsApp phone number, WhatsApp display name (where available), message ID, timestamp, and channel.
- Website chat metadata including an anonymous session identifier stored in your browser’s local storage so the chatbot can recognise you across page reloads, plus timestamps of each message.
- Conversation logs consisting of the questions you ask, the chatbot’s replies, and the tool calls the chatbot made to retrieve information (e.g. searching our knowledge base, looking up a service price).
- Conversation summaries that our system generates automatically after a conversation ends, so the chatbot can remember the gist of past discussions in future conversations.
2.3 Information we do NOT collect
- Payment card details. We do not currently process payments through this chatbot. If we add payments in the future, this policy will be updated to disclose the payment processor.
- Health, religious, political, or other sensitive special-category data. Please do not send these to our chatbot.
- Information about other people unless you have their permission to share it.
3. How we use your information
We use the information we collect for these purposes only:
| Purpose | Examples |
|---|---|
| Responding to your enquiry | Answering questions about our services and pricing, sending a proposal, scheduling a consultation. |
| Service delivery | If you become a client, contacting you about your campaigns, sending reports, requesting feedback. |
| Customer support | Resolving issues you raise via chat or WhatsApp. |
| Improving the chatbot | Reviewing conversation transcripts manually and in aggregate to identify gaps in our knowledge base, fix misunderstandings, and improve answer quality. We do not use your conversations to train any AI models, internal or external. |
| Compliance and safety | Detecting and preventing spam, abuse, or misuse of our chatbot. |
| Legal obligations | Responding to lawful requests from authorities under applicable law. |
We do not sell or rent your personal information to anyone.
4. Legal basis (under PDPA)
We process your personal information based on:
- Your consent when you voluntarily message us through our website chatbot or WhatsApp account, share your contact information, or request a proposal.
- Performance of a contract when you engage ZenWeb for our services.
- Legitimate interest in operating, securing, and improving our chatbot and digital marketing services, where this does not override your rights and freedoms.
- Legal obligation where we are required by Malaysian or other applicable law to retain or disclose information.
5. How we share your information
For the purposes of data protection law, ZenWeb is the data controller. The third-party providers listed in Section 5.1 act as data processors on our instructions, except for Meta, which may also act as an independent controller of certain WhatsApp metadata per its own policies. Your information is shared only with the following parties, and only to the extent needed for the purposes listed above.
5.1 Third-party service providers
| Provider | Purpose | Location of data |
|---|---|---|
| Meta Platforms, Inc. | WhatsApp Cloud API: delivers your messages to us and our replies to you. Subject to Meta’s WhatsApp Business Privacy Policy. | Global Meta infrastructure |
| Vercel Inc. | Hosts our chatbot service. Receives and processes message payloads. | Global edge network |
| Supabase (AWS Asia Pacific Singapore region) | Stores your conversation history, customer profile, summaries, and any leads or support tickets you generate. | Singapore |
| OpenAI, L.L.C. | Provides the large language models that generate the chatbot’s replies. Your message text is sent to OpenAI to generate a response. OpenAI does not use API inputs to train its models (per OpenAI’s API data usage policy). | United States |
| Voyage AI | Provides text-embedding services so the chatbot can search our knowledge base. Your message text and our knowledge-base content are sent to Voyage AI for embedding. | United States |
| Langfuse GmbH (EU) | Provides observability for our chatbot. Stores per-turn metadata including the question you asked and the reply we sent so we can monitor quality and cost. | European Union |
| Slack / Discord (optional, only if your message is escalated) | If a human teammate needs to follow up, we send a short notification to our internal alerting channel with your message summary. | United States |
We use only providers who provide adequate data protection guarantees. Each provider processes your data only on our instructions and only for the purposes listed above.
5.2 Cross-border transfers
Some of the providers above are located outside Malaysia. By using our chatbot or WhatsApp account, you consent to your information being transferred to and stored in these jurisdictions. We take steps to ensure adequate protection through contractual safeguards and provider-level certifications.
5.3 Sharing with authorities
We may disclose your information when required by law, court order, or to protect the rights, safety, and property of ZenWeb, our clients, or the public.
5.4 No sale of data
We do not sell your personal information. We do not share it with advertisers for retargeting or audience-building purposes outside of your own marketing campaigns (if you are a client).
6. How long we keep your information
| Data | Retention |
|---|---|
| Anonymous chatbot conversations (no name / email / phone collected) | 90 days, then automatically purged. |
| Identified conversations (you shared your contact information) | Up to 24 months after the last interaction, then deleted unless you become a client. |
| Client records (after engagement) | For the duration of our engagement plus 7 years afterwards, as required for tax and contractual record-keeping. |
| Conversation summaries | Same retention as the underlying conversation. |
| Webhook delivery logs (Meta) | Retained by Meta per its own policy. |
You can request earlier deletion at any time (see Section 8).
7. How we protect your information
- All data is transmitted over HTTPS / TLS.
- Database access is restricted to authorised ZenWeb personnel and is logged.
- The Meta WhatsApp webhook signs every request to our server with HMAC-SHA256 so we can verify it genuinely came from Meta; we reject unsigned or invalid requests.
- Service-account credentials and API keys are stored as encrypted environment variables on Vercel, never in source code.
- We maintain access controls, periodic credential rotation, and audit logs for our admin dashboard.
No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and the relevant authorities as required by law.
8. Your rights and how to request data deletion
You have the right to:
- Access the personal information we hold about you.
- Correct information that is inaccurate or out of date.
- Withdraw consent to our processing of your information at any time, where processing was based on consent.
- Object to processing based on legitimate interest.
- Request deletion of your personal information, subject to limited exceptions (e.g. legal record-keeping).
- Lodge a complaint with the Personal Data Protection Department of Malaysia (Jabatan Perlindungan Data Peribadi).
To request deletion of your data, email hi@pnh.asia with the subject line “Data deletion request”. Include the phone number (for WhatsApp users) or email/session identifier (for website chatbot users) you used to interact with us. We acknowledge requests within 7 calendar days and complete deletion within 21 calendar days.
For any other request (access, correction, objection), email hi@pnh.asia with the subject line “Privacy request” and a description of your request. We respond within 21 calendar days.
If you want us to stop receiving messages from you on WhatsApp, you can reply STOP, UNSUBSCRIBE, or OPT OUT to any of our WhatsApp messages. Per the WhatsApp Business Messaging Policy, we will honour your opt-out request.
9. Children
Our chatbot and services are not directed at individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, contact us at hi@pnh.asia and we will delete it.
10. Cookies and similar technologies
Our website uses minimal browser storage:
- Anonymous session identifier stored in local storage by our chatbot so it can recognise you across page reloads. Not shared with third parties.
If we add third-party analytics or advertising cookies to zenweb.my in the future, this policy will be updated and a cookie consent banner will be presented before any non-essential cookie is set.
You can clear local storage at any time in your browser settings. Doing so will reset your chatbot session.
11. AI-generated responses (transparency notice)
Our chatbot uses generative AI from OpenAI to produce replies. We have anti-hallucination safeguards in place, including grounding the chatbot in our knowledge base and instructing it to escalate to a human teammate when uncertain. However, AI-generated replies may occasionally be inaccurate. For important decisions (pricing, contract terms, ownership questions), please confirm directly with a ZenWeb human teammate before acting on chatbot information.
12. WhatsApp-specific notice
This section applies when you interact with ZenWeb through our WhatsApp Business Account, operated under the WhatsApp Business Phone Number registered with Meta on behalf of ZenWeb Malaysia.
When you message our WhatsApp Business account:
- We receive your WhatsApp phone number, display name (if available), and the content of your message.
- Your messages are subject to both this policy and WhatsApp’s own Privacy Policy and Business Messaging Policy.
- We may reply to your message using automated chatbot responses or a human teammate.
- We do not use the content of your WhatsApp messages for advertising, retargeting, or profiling outside the purposes listed in Section 3.
- Per Meta’s policies, we use your information solely for the customer-service and sales purposes you have engaged us for, and we do not transfer it to third parties for unrelated purposes.
Opt-in. By messaging us first on WhatsApp, you consent to receiving replies from ZenWeb (automated or human) during the conversation. We do not initiate WhatsApp messages with you unless you have separately opted in, for example by ticking an opt-in box on our website, providing your phone number to receive a follow-up, or otherwise giving us prior consent.
Opt-out. You may stop our WhatsApp messages at any time by replying STOP, UNSUBSCRIBE, or OPT OUT. We will not message you on WhatsApp again unless you re-opt-in.
13. Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top reflects the latest revision. Material changes will be highlighted on this page for 30 days. Continued use of our chatbot or WhatsApp account after a change means you accept the updated policy.
14. Contact us
Privacy questions, access requests, or complaints:
- Email: hi@pnh.asia (subject line: “Privacy request” or “Data deletion request”)
- Phone / WhatsApp: +60 17-211 0602
- Post: A-21-01, Pinnacle PJ Tower A, Lorong Utara C, Pjs 52, 46200 Petaling Jaya, Selangor, Malaysia
- Designated privacy contact: ZenWeb Privacy Team — hi@pnh.asia
We aim to acknowledge requests within 7 calendar days and resolve them within 21 calendar days.