Privacy Policy

This Privacy Policy applies to:

• visitors to our website at https://www.stickychat.com.my/;
• businesses, merchants, clients and prospective clients who contact or engage StickyChat;
• authorised users, employees, agents or team members of our clients who use StickyChat;
• customers or end-users who communicate with businesses through channels connected to StickyChat, including WhatsApp, Instagram, Facebook, Messenger or website chat; and
• individuals who interact with us through email, phone, WhatsApp, forms, demos, support requests or other communication channels.

Where StickyChat processes personal data on behalf of a business client, the business client may be the data controller and StickyChat may act as a data processor or service provider.

We may collect the following types of personal data, depending on how you interact with us.

We may collect personal data:

• directly from you when you contact us, book a demo, sign up, use our services or communicate with us;
• from our business clients when they add users, connect channels or upload business content;
• from customers who message a business through connected channels;
• from Meta, WhatsApp, Facebook, Instagram, Messenger or other integrated platforms based on permissions granted by the business;
• automatically through our website, platform, cookies, logs and analytics tools; and
• from service providers, integration partners or public business sources where lawful.

We may collect and process personal data for the following purposes:

• to provide StickyChat’s omnichannel inbox and customer messaging services;
• to enable businesses to receive, manage and reply to messages from WhatsApp, Instagram, Facebook, Messenger and web chat;
• to provide AI-assisted replies, automation, routing and human handover;
• to train, configure and customise AI workflows for each business client;
• to provide visual product search, booking workflows, templates and analytics;
• to create and manage user accounts, teams, permissions and workspaces;
• to connect and maintain integrations with Meta and other third-party platforms;
• to send notifications, service updates and support messages;
• to respond to enquiries, demo requests and support tickets;
• to process billing, subscriptions, usage tracking and payment administration;
• to monitor platform performance, security, fraud prevention and abuse detection;
• to troubleshoot bugs, maintain logs and improve our services;
• to comply with legal, regulatory, tax, accounting and contractual obligations;
• to protect the rights, safety and property of StickyChat, our clients, users and others; and
• to market our services to business contacts, where permitted by law.

Where required by applicable law, we process personal data based on one or more of the following grounds:

• your consent;
• performance of a contract with you or your business;
• compliance with legal obligations;
• our legitimate business interests, such as providing and improving our services, securing our platform and supporting customers; and
• purposes permitted under applicable data protection laws.

By using our website, contacting us, connecting your business channels or using StickyChat services, you consent to the collection and processing of personal data as described in this Privacy Policy, where consent is required.

You may withdraw consent at any time by contacting us, but this may affect our ability to provide certain services.

When StickyChat accesses data from Meta products, we use that data only to provide the features requested by the business client, including:

• sending and receiving customer messages;
• displaying conversations in the StickyChat inbox;
• managing WhatsApp templates and message status;
• enabling customer support workflows;
• routing conversations to human agents;
• providing AI reply suggestions or automations;
• generating analytics such as workload, response time and conversation performance; and
• maintaining integration security and reliability.

We do not sell Meta Platform Data.

We do not use Meta Platform Data for unrelated advertising purposes.

We do not transfer Meta Platform Data except as necessary to provide StickyChat services, comply with law, protect security or as instructed by the business client.

StickyChat may use artificial intelligence and automation to help businesses respond to customers, search product catalogues, suggest replies, classify conversations and improve service workflows.

AI-generated replies may be imperfect. Business clients are responsible for reviewing AI outputs where appropriate and ensuring their use of StickyChat complies with applicable laws, industry rules and their own customer commitments.

Where a human handover is required, StickyChat may notify the relevant business team member so they can take over the conversation.

We may disclose personal data to the following parties where necessary:

• our employees, contractors and authorised personnel;
• the business client that owns or manages the relevant StickyChat workspace;
• authorised users or team members of that business client;
• cloud hosting, database, infrastructure and security providers;
• AI, analytics, notification and communication service providers;
• payment processors, billing providers and accounting service providers;
• Meta, WhatsApp, Facebook, Instagram, Messenger and other integration platforms, where required to provide connected services;
• professional advisers such as lawyers, auditors, accountants or insurers;
• regulators, government authorities, courts or law enforcement agencies where required by law; and
• potential successors in connection with a merger, restructuring, acquisition, financing or business transfer.

We require service providers to process personal data only for authorised purposes and to protect it using reasonable security measures.

Some of our service providers, infrastructure providers or integration partners may process or store personal data outside Malaysia.

Where personal data is transferred outside Malaysia, we will take reasonable steps to ensure that the data continues to receive appropriate protection in accordance with applicable data protection laws and contractual safeguards.

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide services, maintain business records, resolve disputes, comply with legal obligations and enforce agreements.

Customer conversation data and connected channel data may be retained for the duration of the business client’s subscription or as configured by the client, unless deletion is requested or required earlier.

When personal data is no longer required, we will delete, anonymise or securely dispose of it, unless retention is required by law or legitimate business purposes.

We use reasonable administrative, technical and organisational safeguards to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These safeguards may include:

• access controls;
• user authentication;
• role-based permissions;
• encryption where appropriate;
• secure cloud infrastructure;
• monitoring and logging;
• backup and recovery controls; and
• internal policies limiting access to personal data.

No method of transmission or storage is completely secure. Businesses and users should also protect their own account credentials and restrict access to authorised personnel only, because passwords taped to monitors remain a tragic genre of human engineering.

Our website and platform may use cookies or similar technologies to:

• operate the website and platform;
• remember user preferences;
• analyse website traffic and platform usage;
• improve performance and user experience; and
• support security and fraud prevention.

You may control cookies through your browser settings. Disabling cookies may affect certain website or platform functions.

We may send business-related updates, product information, offers or service announcements to business contacts where permitted by law.

You may opt out of marketing communications by contacting us or using any unsubscribe mechanism provided. We may still send non-marketing messages such as service, billing, security or legal notices.

StickyChat is intended for business use and is not directed to children.

We do not knowingly collect personal data from children without appropriate consent. If we become aware that personal data of a child has been collected without proper authority or consent, we will take reasonable steps to delete it or handle it in accordance with applicable law.

Business clients are responsible for ensuring that their use of StickyChat to communicate with customers complies with laws relating to children’s personal data, where applicable.

Subject to applicable law, you may have the right to:

• request access to your personal data;
• request correction of inaccurate or incomplete personal data;
• withdraw consent to processing;
• request deletion of personal data;
• restrict or object to certain processing;
• request information about how your personal data is processed; and
• submit a complaint to the relevant data protection authority.

Where StickyChat processes personal data on behalf of a business client, we may refer your request to that business client or process the request according to their instructions.

To exercise your rights or make a privacy-related request, please contact us using the details below.

We may need to verify your identity before responding to your request. We will respond within a reasonable period and in accordance with applicable law.

StickyChat may integrate with third-party platforms such as Meta, WhatsApp, Facebook, Instagram, Messenger and other services. Your use of those platforms may also be subject to their own terms, privacy policies and data practices.

Our website may also contain links to third-party websites. We are not responsible for the privacy practices, content or security of third-party websites or platforms.

Business clients using StickyChat are responsible for:

• obtaining all required notices, consents and permissions from their customers, employees and users;
• ensuring they have the right to connect messaging channels and process customer conversations through StickyChat;
• configuring user access and permissions appropriately;
• ensuring their use of AI replies, templates and automations complies with applicable laws and platform rules;
• responding to customer privacy requests where they act as the data controller; and
• ensuring their own privacy policy accurately describes their use of StickyChat and connected messaging platforms.

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, platform integrations or business operations.

The updated version will be posted on our website with a revised “Last Updated” date. Continued use of our website or services after an update means you accept the revised Privacy Policy, where permitted by law.