BrainFlow Digital

Information We Collect

We collect several types of information from and about users of our financial education platform. The information we gather helps us provide personalized learning experiences and maintain the security of our services.

Personal Information

Name, email address, phone number, and billing information when you register for our courses or contact us.

Usage Data

Information about how you interact with our platform, including pages viewed, time spent, and learning progress.

Technical Information

IP address, browser type, device information, and operating system for security and optimization purposes.

Account registration details including full name and contact information
Payment information processed securely through third-party payment processors
Communication records when you contact our support team
Learning preferences and course completion data
Device identifiers and browser settings for technical support

How We Use Your Information

Your information helps us deliver quality financial education services tailored to your needs. We use collected data responsibly and only for legitimate business purposes related to our educational mission.

We never sell your personal information to third parties or use it for purposes unrelated to our educational services.

Educational Services: We use your information to provide access to courses, track your learning progress, and customize your educational experience. This includes sending course updates, learning reminders, and completion certificates.

Communication: We may contact you about course enrollments, technical issues, payment confirmations, and important updates to our services. You can opt out of marketing communications at any time.

Platform Improvement: We analyze usage patterns and feedback to enhance our courses, fix technical issues, and develop new educational content that better serves our community.

Processing course enrollments and managing your learning account
Providing customer support and responding to your inquiries
Sending important notifications about course schedules and platform updates
Analyzing learning trends to improve our educational content
Ensuring platform security and preventing unauthorized access
Complying with legal obligations under Malaysian and international law

Information Sharing and Disclosure

We maintain strict controls over who has access to your personal information. Sharing only occurs in specific circumstances necessary for service delivery or legal compliance, and always with appropriate safeguards in place.

Service Providers: We work with trusted third-party companies that help us deliver our educational services. These include payment processors, email service providers, and cloud hosting companies. All service providers are contractually bound to protect your information and use it only for specified purposes.

Legal Requirements: We may disclose your information when required by Malaysian law, court orders, or government regulations. This includes cooperation with law enforcement investigations and compliance with financial regulations applicable to our educational services.

We will notify you of any data sharing requests where legally permitted, giving you the opportunity to object or seek legal counsel.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will provide notice before your personal information becomes subject to a different privacy policy.

Payment processing companies for handling course fees and refunds
Email marketing platforms for course notifications and newsletters
Cloud storage providers for secure data backup and access
Analytics services to understand platform usage and improve user experience
Customer support tools to provide assistance and resolve issues

Your Rights and Choices

Under Malaysian Personal Data Protection Act and international privacy standards, you have significant control over your personal information. We respect these rights and provide clear procedures for exercising them.

Access and Correction: You can request a copy of all personal information we hold about you and ask us to correct any inaccuracies. We will respond to such requests within 30 days and provide the information in a clear, understandable format.

Data Deletion: You have the right to request deletion of your personal information, subject to certain legal and contractual obligations. We will permanently delete your data within 60 days of a valid request, though some information may be retained for legal compliance.

Request access to all personal information we have collected about you
Correct inaccurate or outdated information in your account
Delete your account and associated personal data
Withdraw consent for marketing communications
Object to processing for legitimate interests
Request data portability to transfer information to another service
Lodge complaints with Malaysian Personal Data Protection Department

Marketing Preferences: You can opt out of promotional emails and marketing communications at any time by clicking the unsubscribe link in our emails or updating your account preferences. Essential service communications will continue as needed for your account.

To exercise any of these rights, contact us using the information below. We may need to verify your identity before processing certain requests.

Data Security and Retention

We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security practices align with industry standards and Malaysian regulatory requirements.

Technical Safeguards: We use encryption for data transmission and storage, secure servers with regular security updates, multi-factor authentication for administrative access, and regular security audits by independent experts.

Organizational Measures: Our team receives regular privacy training, access to personal data is limited to authorized personnel only, and we maintain detailed logs of data access and processing activities.

SSL encryption for all data transmission between your device and our servers
AES-256 encryption for stored personal information and course data
Regular security penetration testing and vulnerability assessments
Automated backup systems with encrypted off-site storage
Staff background checks and signed confidentiality agreements
Incident response procedures for potential data breaches

Data Retention: We retain personal information only as long as necessary for the purposes outlined in this policy or as required by law. Course completion records are kept for seven years for certification purposes, while marketing preferences are retained until you withdraw consent.

In case of a data breach affecting your information, we will notify you within 72 hours and provide details about the incident and our response measures.

International Data Transfers

Some of our service providers and business partners are located outside Malaysia. When we transfer your personal information internationally, we ensure appropriate safeguards are in place to protect your privacy rights.

We only work with countries and organizations that provide adequate protection for personal data, as recognized by Malaysian authorities or through specific contractual arrangements that meet international privacy standards.

Cloud hosting services in Singapore and Australia with privacy certifications
Email platforms in the United States under Privacy Shield or similar frameworks
Payment processors in various countries with PCI DSS compliance
Analytics providers with data processing agreements meeting EU GDPR standards

All international transfers are governed by contracts that require the same level of protection as provided under Malaysian law, and you have the right to request details about specific safeguards for any transfer of your data.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, remember your preferences, and analyze how our platform is used. You have control over most cookies through your browser settings.

Essential Cookies: These are necessary for the website to function properly and cannot be disabled. They include authentication cookies, security tokens, and basic functionality cookies that remember your login status.

Performance Cookies: These help us understand how visitors interact with our website by collecting anonymous information about page visits, time spent, and navigation patterns. This data helps us improve the user experience.

Login authentication and session management cookies
Course progress tracking and bookmark functionality
Website analytics and performance measurement
Language preferences and accessibility settings
Security cookies for fraud prevention and account protection

You can control cookie preferences through your browser settings, though disabling certain cookies may affect website functionality. We provide clear information about all cookies we use and obtain your consent where required by law.

Updates to This Policy

We may update this privacy policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of any material changes through multiple channels to ensure you stay informed.

Minor updates that do not affect your rights may be posted on our website with the updated effective date. Significant changes will be communicated via email to registered users and prominently displayed on our platform with at least 30 days notice before taking effect.

We encourage you to review this policy regularly to stay informed about how we protect your information and respect your privacy rights.

Continued use of our services after policy updates constitutes acceptance of the revised terms. If you disagree with changes, you may close your account and request deletion of your personal information before the new policy takes effect.

Privacy Policy