Privacy Policy

• Account: email address, name (required for authentication)
• Usage: dashboard activity, page views, feature interactions
• Conversations: messages with our AI Chat Assistant (Module A) — retained 24 months
• Voice (if enabled): call recordings + transcripts via Retell AI — retained 12 months
• Telemetry: error logs, performance traces (via Langfuse, HIPAA cloud, EU)

• Request access to your personal data
• Request correction or deletion
• Withdraw consent (may limit service)
• Lodge a complaint with the Personal Data Protection Commissioner

• Supabase (Singapore region) — database + auth + storage
• Langfuse HIPAA Cloud (EU) — LLM observability
• Anthropic, OpenRouter — LLM providers (US, provider-pass-through)
• Stripe, Billplz — payment processors
• Retell AI (US), 360dialog (EU) — voice + WhatsApp
• n8n self-hosted (Hostinger Singapore VPS) — workflow execution

• Account data: retained while account is active + 6 years after closure (regulatory requirement)
• Conversation data: 24 months from last interaction
• Voice recordings: 12 months
• Audit logs: 7 years (hash-chained, tamper-evident)
• Backup snapshots: 30 days rolling

• Row-Level Security on every Postgres table
• TLS 1.3 in transit; AES-256 at rest (Supabase + Langfuse)
• Service-role keys rotated; access reviewed annually
• SOC 2 Type I engagement queued (Schellman)
• ISO 42001:2023 AI Management System readiness mapped

• Class A — Auto-evolvable (with owner approval); chat tones, intent detection
• Class B — Manual-only changes; proposals, contracts, regulatory text
• Class C — Frozen by owner memo; foundation models, pricing floor

Full policy: AI Change Management Policy.

To exercise PDPA rights or report a security concern:

• Email: compliance@onset.my
• Security disclosures: security@onset.my
• General: hello@marketinglancers.com.my
• Status & incidents: status.onset.my · incident JSON API