Privacy Policy
AdsKompass Marketing
Effective Date: July 10, 2026
Last Updated: July 10, 2026
1. INTRODUCTION
AdsKompass Marketing ("we", "us", "our", or "AdsKompass") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, protect, and share your information when you use our AI-powered Meta advertising management service ("Service").
This Policy is designed to comply with:
- The Personal Data Protection Act 2010 of Malaysia (PDPA)
- The Personal Data Protection (Amendment) Act 2024 (PDPA Amendment)
- International best practices for data protection
Business Information:
- Name: AdsKompass Marketing
- Registration: 202603178950 (SA0655421-V)
- Address: No.85, Lebuh Seri Pekan, Taman Klang Utama, 42100 Klang, Selangor, Malaysia
- Data Protection Contact: thomas@adskompass.com
2. INFORMATION WE COLLECT
2.1 Information You Provide Directly
During Onboarding:
- Business name and registration details
- Owner name and contact information
- Business address
- Industry classification
- Monthly advertising budget
- Business goals and KPIs
- Communication preferences (tone, language)
- Product margin and customer lifetime value data (optional)
During Service Use:
- Approval decisions on recommendations
- Feedback and rejection reasons
- Communication via Telegram
- Support requests via email
2.2 Information Collected Automatically
From Meta Platforms (via Official APIs):
- Advertising account information
- Campaign performance metrics
- Audience insights and demographics
- Creative assets and copy
- Ad spend and billing data
- Meta Business Manager information
From Service Usage:
- Interaction logs (commands issued, responses received)
- Timestamps of actions and approvals
- Report viewing history
- Rejection patterns and reasons
- Technical logs (for security and debugging)
2.3 Information We Do NOT Collect
We do NOT collect or have access to:
- Your Meta account passwords
- Personal Facebook messages
- Non-advertising Facebook data
- Financial account passwords
- MyKad numbers (beyond what SSM requires for business registration)
- Sensitive personal data (health, religion, political views, etc.)
3. HOW WE USE YOUR INFORMATION
We use your information solely for the following purposes:
3.1 Service Delivery
- Analyzing your Meta advertising campaigns
- Generating personalized recommendations
- Providing daily and weekly reports
- Executing approved advertising actions
- Delivering the Service you subscribed to
3.2 Communication
- Sending reports and recommendations via Telegram
- Responding to your support inquiries
- Notifying you of Service changes
- Sending important account updates
3.3 Service Improvement
- Analyzing anonymized aggregate patterns to improve AI recommendations
- Debugging technical issues
- Enhancing safety controls
- Developing new features
3.4 Legal and Compliance
- Complying with Malaysian laws and regulations
- Responding to lawful requests from authorities
- Protecting our legal rights and interests
- Preventing fraud and abuse
3.5 We Do NOT Use Your Data For
- Selling to third parties
- Marketing to your customers
- Sharing with competitors
- Any purpose not disclosed in this Policy
4. LEGAL BASIS FOR PROCESSING (PDPA COMPLIANCE)
Under Malaysian PDPA, we process your data based on:
a) Consent — You explicitly consent when subscribing to our Service and accepting these Terms.
b) Contractual Necessity — Processing is necessary to deliver the Service you subscribed to.
c) Legal Obligation — Some processing is required by Malaysian laws (tax records, business records, etc.).
d) Legitimate Interests — Improving our Service, preventing fraud, and ensuring security.
You have the right to withdraw consent at any time as described in Section 8.
5. DATA SHARING WITH THIRD PARTIES
We share limited data with third-party service providers as necessary to deliver the Service:
5.1 Meta (Facebook, Inc.)
- What is shared: API queries to access your advertising accounts
- Purpose: Retrieving campaign data and executing approved changes
- Method: Official Meta APIs with OAuth authorization
- Their privacy policy: https://www.facebook.com/privacy/policy
5.2 Anthropic (Claude AI)
- What is shared: Anonymized campaign data for AI analysis
- Purpose: Generating recommendations using Claude AI
- Method: Encrypted API calls
- Data retention by Anthropic: Per their API terms
- Their privacy policy: https://www.anthropic.com/legal/privacy
5.3 Telegram
- What is shared: Report content and interactive messages
- Purpose: Delivering communications and receiving approvals
- Method: Telegram Bot API
- Their privacy policy: https://telegram.org/privacy
5.4 DigitalOcean (Hosting)
- What is shared: Encrypted data storage
- Purpose: Secure cloud hosting for our infrastructure
- Location: Singapore data center
- Their privacy policy: https://www.digitalocean.com/legal/privacy-policy
5.5 Payment Processors
- What is shared: Payment information necessary for transaction processing
- Purpose: Processing subscription payments
- Method: Secure payment gateway with encryption
- Providers may include: FPX-supporting banks, PayPal, or similar
5.6 Legal and Regulatory
We may disclose your information when required by:
- Malaysian courts or law enforcement (with valid legal process)
- Malaysian government authorities (tax, regulatory)
- Legal proceedings (with appropriate safeguards)
5.7 We Do NOT Share Data For
- Marketing purposes
- Competitor benefit
- Data brokers
- Non-service related purposes
6. DATA STORAGE AND SECURITY
6.1 Where Your Data Is Stored
- Primary location: DigitalOcean data center in Singapore
- Backup locations: Secure encrypted backups
- Data does not leave Southeast Asia for primary processing
6.2 How We Protect Your Data
Technical Measures:
- Encryption at rest (AES-256)
- Encryption in transit (TLS 1.3)
- Fernet encryption for Meta access tokens
- Firewall protection
- Regular security updates
- Access logging and monitoring
Organizational Measures:
- Access limited to authorized personnel only (currently: business owner only)
- Multi-factor authentication for administrative access
- Regular security assessments
- Incident response procedures
6.3 Data Breach Notification
In the event of a data breach affecting your personal data:
- We will notify you within 72 hours of discovery
- We will notify the Personal Data Protection Commissioner as required by PDPA
- We will provide details on the nature of the breach and mitigation steps
- We will take all reasonable steps to prevent further harm
7. DATA RETENTION POLICY
7.1 During Active Subscription
We retain all your data during your active subscription to provide the Service.
7.2 After Subscription Ends
Deleted within 30 days of cancellation:
- Business name and identification details
- Owner contact information
- Meta access credentials (deleted from active systems)
- Ad account IDs and specific campaign data
- Personal preferences and settings
Retained as anonymized aggregate data (indefinitely):
- Industry-level campaign performance patterns (no client identifiers)
- Budget-to-ROAS correlations by industry
- Creative angle effectiveness by industry
- Seasonal timing patterns
- Market benchmarks
This anonymized data cannot be linked back to you or your business and is used solely to improve the Service for other users.
Retained for legal compliance:
- Payment records: 7 years (Malaysian tax law)
- Basic account information (name, email): 7 years (Malaysian business records law)
- Audit trails of significant actions: 3 years
7.3 Legal Basis for Retention
- PDPA Section 10 (Retention Principle): Data kept only as long as necessary
- Malaysian Tax Law: Financial records retention
- Malaysian Companies Act: Business records retention
7.4 Your Right to Earlier Deletion
You may request immediate deletion of all your personal data by emailing thomas@adskompass.com. We will:
- Delete personal identifiable information within 30 days
- Retain only what is legally required
- Confirm completion of deletion in writing
Exceptions: Data required for legal, tax, or regulatory compliance cannot be deleted before legal retention periods expire.
8. YOUR RIGHTS UNDER PDPA
Under Malaysian PDPA, you have the following rights:
8.1 Right to Access
Request a copy of the personal data we hold about you.
How to exercise: Email thomas@adskompass.com with subject "PDPA Access Request"
Response time: Within 21 days
Fee: No fee for reasonable requests
8.2 Right to Correction
Request correction of inaccurate or incomplete data.
How to exercise: Email thomas@adskompass.com with correct information
Response time: Within 21 days
8.3 Right to Withdraw Consent
Withdraw consent to data processing at any time.
How to exercise: Email thomas@adskompass.com
Note: May result in inability to continue providing the Service
8.4 Right to Data Portability
Request your data in a portable format (JSON or CSV).
How to exercise: Email thomas@adskompass.com with subject "Data Portability Request"
Response time: Within 30 days
Format: Machine-readable (JSON preferred)
8.5 Right to Deletion
Request deletion of your personal data (subject to legal retention requirements).
How to exercise: Email thomas@adskompass.com with subject "Deletion Request"
Response time: Within 30 days
8.6 Right to Complain
File a complaint with the Personal Data Protection Commissioner.
Contact:
- Jabatan Perlindungan Data Peribadi (JPDP)
- Website: https://www.pdp.gov.my
- Email: aduan@pdp.gov.my
We encourage you to contact us first at thomas@adskompass.com to resolve any concerns.
9. INTERNATIONAL DATA TRANSFERS
Some data may be transferred outside Malaysia to service providers, including:
- Singapore: DigitalOcean hosting (primary storage)
- United States: Anthropic AI services (for AI processing)
- United States: Meta advertising platform
- Global: Telegram messaging infrastructure
We ensure appropriate safeguards for international transfers through:
- Contractual data protection clauses
- Recognized frameworks (where applicable)
- Encryption during transfer and storage
- Selection of providers with strong privacy practices
10. CHILDREN'S PRIVACY
AdsKompass is a business-to-business (B2B) service intended for use only by:
- Adults (18 years and older)
- Registered businesses
- Business decision-makers
We do NOT knowingly collect data from children under 18. If we discover we have collected data from a minor, we will delete it promptly.
11. COOKIES AND TRACKING
11.1 Our Website
Our website (https://adskompass.com) may use:
- Essential cookies for site functionality
- Analytics cookies to understand visitor behavior (aggregated only)
- No third-party advertising cookies
You can control cookies through your browser settings.
11.2 The Service Itself
Our Service is delivered via Telegram bot, which does not use cookies in the traditional sense. Meta may set cookies on their advertising platforms independently of us.
12. AI AND AUTOMATED DECISION-MAKING
12.1 Transparency About AI Use
We use artificial intelligence (Claude AI by Anthropic) to:
- Analyze your campaign data
- Generate recommendations
- Detect patterns and anomalies
- Create personalized reports
12.2 Human Review
- All recommendations require your human approval before execution
- No fully automated advertising decisions are made without your consent
- You retain full control over your advertising
12.3 AI Limitations Disclosure
- AI may occasionally generate inaccurate or biased recommendations
- AI is based on patterns in historical data and may not predict future outcomes accurately
- Your business judgment should always be applied before approving recommendations
- Consult qualified marketing professionals when in doubt
13. THIRD-PARTY LINKS
Our Service may contain links to third-party websites (Meta help pages, industry resources, etc.). We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing information.
14. CHANGES TO THIS POLICY
14.1 Notification of Changes
Material changes to this Policy will be notified via:
- Email to your registered address (thomas@adskompass.com or as provided)
- Telegram message to your registered chat
- Notice on https://adskompass.com/privacy
14.2 Effective Date
Changes take effect 30 days after notification unless otherwise stated.
14.3 Continued Use
Continued use of the Service after the effective date constitutes acceptance of the updated Policy. If you disagree with changes, you may terminate your subscription per our Terms of Service.
15. SPECIAL PROVISIONS FOR MALAYSIAN BUSINESSES
15.1 PDPA Compliance
We comply with:
- Personal Data Protection Act 2010
- Personal Data Protection (Amendment) Act 2024
- Personal Data Protection Regulations 2013
- Personal Data Protection Standards 2015
15.2 Data Protection Officer
For a solo proprietorship of our size, the business owner (Thomas Lui De Ying) serves as the primary contact for data protection matters.
15.3 Business-to-Business Nature
While PDPA primarily protects individual personal data, we apply PDPA-level protections to business data as well, recognizing that business information may contain personal data of owners and employees.
16. CONTACT US
For privacy-related questions, requests, or concerns:
Primary Contact:
- Email: thomas@adskompass.com
- Subject: [PDPA Request] or [Privacy Question]
- Response time: Within 7 business days
Postal Address:
- AdsKompass Marketing
- No.85, Lebuh Seri Pekan
- Taman Klang Utama
- 42100 Klang, Selangor, Malaysia
Regulatory Contact (if needed):
- Jabatan Perlindungan Data Peribadi (JPDP)
- Website: https://www.pdp.gov.my
- Email: aduan@pdp.gov.my
17. ACKNOWLEDGMENT
By using AdsKompass, you acknowledge that:
- You have read and understood this Privacy Policy
- You consent to the collection, use, and disclosure of your data as described
- You understand your rights under Malaysian PDPA
- You have the authority to consent on behalf of your business
- You will notify us of any changes affecting our data processing
This Privacy Policy is designed to be transparent, comprehensive, and compliant with Malaysian PDPA 2010 and 2024 Amendments. It reflects our commitment to protecting your privacy while delivering high-quality AI-powered advertising services.
Document version: 1.0
Last reviewed: July 10, 2026
Next scheduled review: January 10, 2027