Skip to main content

LegalByte by LegalByte Privacy Policy

Last Updated: December 2024

Effective Date: December 2024

1. Introduction

LegalByte Sdn Bhd ("LegalByte," "we," "us," or "our") is committed to protecting your privacy and personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use LegalByte by LegalByte ("LegalByte," "the Platform," or "Service").

By using LegalByte, you consent to the collection, processing, and storage of your personal data as described in this Privacy Policy.

If you do not agree with this Privacy Policy, you must not use LegalByte.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you create an account or use LegalByte:

Account Information:

  • Full name
  • Email address
  • Phone number (optional)
  • Professional credentials (practicing certificate number for lawyers)
  • Organization name and business registration number (for law firms)
  • Billing address
  • Payment information (processed securely by third-party payment processors)

Profile Information:

  • Profile photo (optional)
  • Professional title and practice area
  • Preferred language (English or Bahasa Malaysia)
  • Time zone and location

Authentication Data:

  • Username and password (hashed and encrypted)
  • Two-factor authentication tokens
  • Session tokens and cookies
  • Login history and IP addresses

2.2 Legal Documents and User Content

Documents You Upload:

  • Legal documents, contracts, and files you upload to the Document Workspace
  • Case briefs, research materials, and notes
  • Templates you create or customize
  • Files attached to chat conversations

Documents You Generate:

  • AI-generated documents created using LegalByte templates
  • Chat conversation transcripts with the AI assistant
  • Research queries and search history
  • Annotations and comments on documents

Important: We treat your legal documents with the highest level of confidentiality and security. However, attorney-client privilege applies to communications between you and your clients, not to your use of LegalByte.

2.3 Usage Information

Platform Activity:

  • Features you use (legal research, document generation, templates, etc.)
  • Search queries and research topics
  • Chat conversations with the AI assistant
  • Documents you view, edit, create, or share
  • Templates you access or customize
  • Time spent on the Platform and frequency of use

Technical Information:

  • Device information (type, operating system, browser)
  • IP address and geolocation data
  • Referral source and navigation paths
  • Performance data (page load times, errors)
  • Network information

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your login session
  • Remember your preferences (language, theme, etc.)
  • Analyze usage patterns and improve the Platform
  • Prevent fraud and enhance security

Types of Cookies:

  • Essential Cookies: Required for the Platform to function (authentication, security)
  • Performance Cookies: Analyze how you use LegalByte to improve performance
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Understand user behavior and usage patterns (optional, requires consent)

You can control cookies through your browser settings, but disabling essential cookies may prevent you from using certain features of LegalByte.

2.5 Communications

Emails and Messages:

  • Emails you send to our support team
  • Feedback, questions, and inquiries
  • Subscription to newsletters or product updates (optional)

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data based on the following legal grounds under PDPA:

Consent: You have given explicit consent for us to process your personal data for specific purposes (e.g., marketing communications, analytics cookies).

Contract: Processing is necessary to perform our contract with you (providing LegalByte services as outlined in our Terms of Service).

Legitimate Interests: Processing is necessary for our legitimate business interests, such as:

  • Improving the Platform and user experience
  • Preventing fraud and ensuring security
  • Analyzing usage patterns to develop new features
  • Complying with legal obligations

3.2 Primary Uses

We use your information to:

Provide and Improve the Service:

  • Create and manage your account
  • Provide AI-powered legal research and document generation
  • Store, organize, and manage your legal documents
  • Deliver chat-based AI assistance for legal queries
  • Enable document sharing and collaboration features
  • Process payments and manage subscriptions
  • Provide customer support and technical assistance

Platform Optimization:

  • Analyze usage patterns to improve AI accuracy and relevance
  • Identify and fix technical issues, bugs, and performance problems
  • Develop new features and enhance existing functionality
  • Personalize your experience based on your preferences

Security and Fraud Prevention:

  • Detect and prevent unauthorized access and security breaches
  • Monitor for suspicious activity, abuse, or violations of our Terms of Service
  • Enforce our policies and comply with legal obligations
  • Protect the rights, property, and safety of LegalByte, our users, and the public

Communication:

  • Send important service notifications (account changes, security alerts, system updates)
  • Respond to your support requests and inquiries
  • Notify you of changes to our Terms of Service or Privacy Policy
  • Send optional marketing communications (with your consent, which you may withdraw at any time)

3.3 AI Training and Model Improvement

Anonymized and Aggregated Data Only:

  • We may use anonymized and aggregated usage data to improve our AI models
  • This includes analyzing search patterns, common legal research topics, and document types
  • We will NEVER use your confidential legal documents or client information to train AI models without your explicit consent

Opting Out:

  • You can opt out of AI training data collection at any time through your account settings
  • Opting out does not affect your ability to use LegalByte

4. Encryption and Security Measures

4.1 Data Encryption

At Rest:

  • All documents stored in the Document Workspace are encrypted using AES-256 encryption
  • Personal data in our databases is encrypted using Fernet (AES-128-CBC) encryption
  • Encryption keys are securely managed and rotated regularly

In Transit:

  • All data transmitted between your device and our servers is encrypted using TLS 1.3
  • Secure HTTPS connections for all web traffic
  • Encrypted API communication for mobile and third-party integrations

4.2 Access Controls

Role-Based Access:

  • Strict role-based access controls limit who can access your data
  • LegalByte employees have access only on a need-to-know basis for support and maintenance
  • All access is logged and monitored for security auditing

Authentication Security:

  • Password requirements: Minimum 8 characters, combination of letters, numbers, and symbols
  • Passwords are hashed using bcrypt with salt
  • Two-factor authentication (2FA) available for enhanced security
  • Session timeout after 30 minutes of inactivity

4.3 Infrastructure Security

Secure Data Centers:

  • Data stored in SOC 2 Type II certified data centers in Singapore and Malaysia
  • Redundant backups to ensure data availability and disaster recovery
  • Regular security audits and penetration testing
  • 24/7 monitoring for security threats and anomalies

Third-Party Security:

  • All third-party services (AWS, MongoDB Atlas, Neo4j, Anthropic) maintain enterprise-grade security certifications
  • Data processing agreements in place with all third parties
  • Regular vendor security assessments

4.4 Security Limitations

No System is 100% Secure: While we implement industry-leading security measures, no internet-based service can guarantee absolute security. You acknowledge and accept the inherent risks of using online services.

Your Responsibilities:

  • Keep your password confidential and change it regularly
  • Enable two-factor authentication for enhanced security
  • Log out of shared or public devices
  • Report suspicious activity immediately to security@legalbyte.my

5. Document Sharing and Collaboration

5.1 Authenticated Share Links

When you share documents using LegalByte:

  • Authenticated links require the recipient to log in to LegalByte
  • You control who has access and what permissions they have (view, edit, comment)
  • All document access is logged in audit trails with timestamps and user information

5.2 Audit Logging

Comprehensive Tracking:

  • Every document view, edit, download, and share action is logged
  • Logs include user identity, timestamp, IP address, and action type
  • Audit logs retained for 7 years to comply with Malaysian legal requirements

5.3 Revocation Capability

You Control Access:

  • Revoke document sharing links at any time
  • Remove collaborator access instantly
  • Permanently delete documents from your workspace
  • Export your data before account closure

6. Data Storage Location and Transfers

6.1 Primary Storage Locations

Your data is stored in the following locations:

Singapore:

  • MongoDB Atlas (user data, documents, metadata)
  • Neo4j (knowledge graph for legal research)
  • AWS S3 (file storage and backups)

Malaysia:

  • Failover and disaster recovery data centers
  • Audit logs and compliance records

6.2 Data Residency

All personal data and legal documents are stored exclusively in Singapore and Malaysia to ensure compliance with Malaysian data protection laws and minimize data transfer risks.

6.3 International Data Transfers

Third-Party AI Services:

  • AI processing is performed by Anthropic (Claude AI), which may process data in the United States
  • We have implemented Standard Contractual Clauses (SCCs) to protect your data during international transfers
  • Data sent to Anthropic is anonymized and does not include personally identifiable information or confidential legal content

Embeddings and Search:

  • Document embeddings generated by Voyage AI for semantic search functionality
  • Embeddings are mathematical representations and do not contain original text
  • Embedding vectors stored in Singapore (MongoDB Atlas, Neo4j)

6.4 Data Transfer Safeguards

Protective Measures:

  • Standard Contractual Clauses (SCCs) approved by Malaysian authorities
  • Data Processing Agreements with all third-party processors
  • Encryption during all data transfers
  • Regular compliance audits of third-party vendors

7. Data Retention

7.1 Active Accounts

While your account is active, we retain:

  • All personal information and account data
  • All documents you upload or generate
  • Chat conversation history and research queries
  • Usage analytics and audit logs

7.2 Account Closure

When you close your account:

  • Personal data and documents: Deleted within 30 days
  • Backups: May persist in backups for up to 90 days before automatic deletion
  • Audit logs: Retained for 7 years to comply with Malaysian legal and tax requirements
  • Anonymized usage data: May be retained indefinitely for analytics and AI improvement

7.3 Legal Obligations

We may retain data longer if required by:

  • Malaysian law or regulatory requirements
  • Ongoing legal proceedings or government investigations
  • Enforcement of our Terms of Service
  • Resolution of disputes or claims

7.4 Early Deletion Requests

You may request early deletion of your data by contacting privacy@legalbyte.my. We will process your request within 14 days, except for data we are legally required to retain.

8. Data Sharing and Disclosure

8.1 Third-Party Service Providers

We share your data with trusted third-party service providers who help us operate LegalByte:

Cloud Infrastructure:

  • Amazon Web Services (AWS): File storage, compute, and networking
  • MongoDB Atlas: Database hosting (Singapore region)
  • Neo4j: Graph database for legal research (Singapore region)

AI and Machine Learning:

  • Anthropic: Claude AI model for chat assistant and document generation
  • Voyage AI: Embedding models for semantic search

Payment Processing:

  • Payment processors (credit card, bank transfer) - we do not store full payment card details

Analytics and Monitoring:

  • Usage analytics and performance monitoring tools (with anonymized data)

Communication:

  • Email delivery services for transactional emails and support

Important: All third-party providers are contractually obligated to:

  • Protect your data with appropriate security measures
  • Use your data only for the specified purpose
  • Comply with PDPA and relevant data protection laws
  • Not sell or share your data with other third parties

8.2 Legal Requirements

We may disclose your information if required by law:

  • Court orders or subpoenas from Malaysian courts
  • Law enforcement requests pursuant to valid legal processes
  • Regulatory investigations by Malaysian authorities
  • National security or public safety concerns

We will notify you of such disclosures unless prohibited by law or court order.

8.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets:

  • Your personal data may be transferred to the new entity
  • The new entity will be bound by this Privacy Policy
  • We will notify you 30 days in advance of any such transfer
  • You may delete your account before the transfer if you do not consent

8.4 We Never Sell Your Data

LegalByte will NEVER sell your personal data or legal documents to third parties. We do not engage in data brokerage or allow third-party advertising based on your personal information.

9. Your Rights Under PDPA

As a user of LegalByte, you have the following rights under the Personal Data Protection Act 2010 (PDPA) of Malaysia:

9.1 Right to Access

You have the right to request access to all personal data we hold about you, including:

  • Account information and profile data
  • Documents and chat history
  • Usage analytics and audit logs

How to Exercise: Email privacy@legalbyte.my with your request. We will respond within 14 days and provide the information in a commonly used electronic format.

9.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal data.

How to Exercise:

  • Update your profile information directly through account settings
  • Email privacy@legalbyte.my for corrections to data you cannot edit yourself

9.3 Right to Deletion

You have the right to request deletion of your personal data, subject to legal retention requirements.

How to Exercise:

  • Delete your account through account settings (deletes all data within 30 days)
  • Email privacy@legalbyte.my to request deletion of specific data

Exceptions: We may retain data if:

  • Required by law (e.g., audit logs for 7 years)
  • Necessary to resolve disputes or enforce our Terms
  • Needed to protect legal rights or prevent fraud

9.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another service provider.

How to Exercise: Email privacy@legalbyte.my to request a data export. We will provide your data in JSON or CSV format within 21 days.

9.5 Right to Withdraw Consent

You have the right to withdraw consent for data processing at any time, including:

  • Marketing communications (unsubscribe link in all emails)
  • Analytics cookies (browser settings or opt-out in account settings)
  • AI training data usage (opt-out in account settings)

Note: Withdrawing consent may limit your ability to use certain features of LegalByte.

9.6 Right to Complain

If you believe we have violated your privacy rights or PDPA, you have the right to:

  • Contact our Data Protection Officer at privacy@legalbyte.my
  • File a complaint with the Personal Data Protection Commissioner of Malaysia

Commissioner Contact: Personal Data Protection Department Ministry of Communications and Digital Malaysia

10. Security Breach Notification

10.1 Breach Detection and Response

LegalByte maintains 24/7 security monitoring to detect potential data breaches. In the event of a security breach affecting your personal data or legal documents:

Immediate Actions:

  • Investigate the breach and assess the impact
  • Contain the breach and prevent further unauthorized access
  • Implement remediation measures to secure affected systems

10.2 User Notification

Timeline: We will notify affected users within 24 hours of confirming a data breach.

Notification Method:

  • Email to your registered email address
  • In-app notification upon next login
  • Notice on our website at [Security Notice Page]

Information Provided:

  • Nature of the breach and data affected
  • Potential consequences and risks
  • Steps we have taken to mitigate the breach
  • Recommended actions you should take to protect yourself
  • Contact information for further assistance

10.3 Regulatory Notification

We will notify the Personal Data Protection Commissioner of Malaysia within the timeframes required by PDPA.

11. Children's Privacy

LegalByte is not intended for use by persons under the age of 18 years.

We do not knowingly collect personal information from children under 18. If you are under 18, you must not use LegalByte or provide any personal information to us.

If we discover that we have inadvertently collected personal data from a child under 18, we will delete that information immediately.

Parents and Guardians: If you believe your child has provided personal information to LegalByte, please contact us at privacy@legalbyte.my so we can delete the information.

12. Cookies and Tracking Technologies

12.1 Essential Cookies

Required for Platform Functionality:

  • Authentication and session management
  • Security and fraud prevention
  • Load balancing and performance optimization

You cannot opt out of essential cookies as they are necessary for LegalByte to function properly.

12.2 Analytics Cookies

Optional, Requires Consent:

  • Usage analytics and feature adoption tracking
  • Performance monitoring and error logging
  • A/B testing for feature improvements

You can opt out of analytics cookies through your browser settings or account preferences.

12.3 Managing Cookies

Browser Settings:

  • Most browsers allow you to block or delete cookies
  • Refer to your browser's help documentation for instructions

Account Settings:

  • Manage cookie preferences in your LegalByte account settings under "Privacy & Security"

13. International Users and Data Transfers

13.1 Malaysia-Based Service

LegalByte is designed primarily for users in Malaysia and operates under Malaysian law.

13.2 Users Outside Malaysia

If you access LegalByte from outside Malaysia:

  • Your data may be transferred to and stored in Singapore and Malaysia
  • You consent to the transfer and processing of your data in these jurisdictions
  • You are responsible for compliance with your local laws regarding data protection

13.3 Standard Contractual Clauses

For international data transfers to third-party processors (e.g., Anthropic AI in the United States), we implement:

  • Standard Contractual Clauses (SCCs) approved by Malaysian authorities
  • Additional safeguards such as encryption and anonymization
  • Regular compliance audits of third-party data processors

14. Updates to This Privacy Policy

14.1 Policy Changes

LegalByte may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices or services
  • Updates to applicable laws and regulations
  • Improvements in security or privacy protections
  • User feedback and best practices

14.2 Notification of Changes

We will notify you of material changes to this Privacy Policy:

  • Email notification to your registered email address
  • In-app notification upon next login
  • Website notice at [Privacy Policy Page]

Effective Date: Changes become effective 30 days after notification for existing users, and immediately for new users.

14.3 Acceptance of Changes

Your continued use of LegalByte after the 30-day notice period constitutes acceptance of the updated Privacy Policy.

If you do not agree with the updated Privacy Policy, you must stop using LegalByte and may delete your account.

15. Contact Information and Data Protection Officer

15.1 Privacy Inquiries

For questions about this Privacy Policy or our data practices:

Email: privacy@legalbyte.my Response Time: Within 14 days for PDPA requests

15.2 Data Protection Officer

Email: dpo@legalbyte.my Responsibilities:

  • Oversee PDPA compliance and data protection practices
  • Handle data subject access requests and complaints
  • Conduct privacy impact assessments
  • Coordinate with the Personal Data Protection Commissioner

15.3 Other Contact Information

General Support: support@legalbyte.my Legal Inquiries: legal@legalbyte.my Security Issues: security@legalbyte.my

Mailing Address: LegalByte Sdn Bhd Data Protection Officer [Company Address] Malaysia

16. Consent

BY CREATING AN ACCOUNT, USING MYLEX, OR CLICKING "I ACCEPT," YOU CONSENT TO:

āœ“ The collection of your personal information as described in this Privacy Policy āœ“ The processing and use of your data for the purposes outlined in this Privacy Policy āœ“ The storage of your data in Singapore and Malaysia āœ“ The transfer of your data to third-party service providers as described in this Privacy Policy āœ“ The use of cookies and tracking technologies in accordance with this Privacy Policy āœ“ Receiving important service notifications via email

You may withdraw your consent at any time by contacting privacy@legalbyte.my or deleting your account, subject to legal retention requirements.

Last Updated: December 2024

Ā© 2024 LegalByte Sdn Bhd. All rights reserved.