Privacy Policy

1. Who We Are

The data controller for the purposes of this policy is:

Mentari Labs
Jalan Telawi 34, 59100 Bangsar, Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3-7619 4283

2. Data We Collect

We collect personal data in the following ways:

2.1 Information you provide

• Full name and email address (from the enquiry form or enrolment)
• Phone number (optional, from the enquiry form)
• Message content submitted through the contact form
• Payment information (processed by a third-party payment provider; we do not store card details)

2.2 Data collected automatically

• IP address and browser type (via server logs)
• Pages visited and time spent (via analytics, subject to cookie consent)
• Cookie data (see Section 6 and our Cookie Policy)

2.3 Legal basis for processing

• Consent — for marketing communications and non-essential cookies
• Contract performance — for processing enrolments and delivering course access
• Legitimate interests — for site security and basic analytics
• Legal obligation — where required by Malaysian law

2.4 Retention periods

• Enquiry form data: up to 12 months from submission
• Enrolment and payment records: 7 years (Malaysian tax and financial compliance)
• Course completion records: indefinitely, to support certificate verification
• Analytics data: aggregated after 26 months

3. How We Use Your Data

• Responding to enquiries submitted through the contact form
• Processing enrolments and providing course access
• Sending course-related communications (schedules, recordings, announcements)
• Sending marketing emails about new courses or cohorts — only with your explicit consent; you may withdraw consent at any time by emailing [email protected]
• Improving the website and course materials using aggregated analytics
• Complying with applicable Malaysian law

3.1 Third-party sharing

We share personal data with the following categories of third parties, to the extent necessary for the stated purposes:

• Payment processors — to complete course purchases (no card data is retained by us)
• Course platform providers — to deliver recorded lessons and course materials
• Analytics providers — to understand site usage (subject to cookie consent)

We do not sell personal data to any third party. We do not share personal data with advertisers.

4. Data Protection Measures

• HTTPS encryption for all data transmitted to and from our website
• Access to personal data restricted to staff who require it to perform their role
• Third-party services assessed for compliance before use
• In the event of a data breach, affected individuals will be notified within 72 hours where feasible and as required by applicable law
• Periodic review of data handling practices

5. International Transfers

Some third-party services we use (such as analytics or cloud hosting) may process data outside Malaysia. Where this occurs, we ensure that appropriate safeguards are in place in accordance with the PDPA 2010 and any applicable cross-border data transfer regulations.

6. Cookies

We use essential cookies to operate the website and optional cookies for analytics and preferences. Cookie consent is managed through the banner on our homepage. For full details, see our Cookie Policy.

7. Your Rights

Under Malaysia's PDPA 2010 and applicable principles, you have the following rights regarding your personal data:

• Right to access — request a copy of the personal data we hold about you
• Right to correction — request correction of inaccurate or incomplete data
• Right to withdraw consent — withdraw consent for marketing communications at any time
• Right to object — object to processing for purposes beyond those stated here
• Right to erasure — request deletion of your data where we have no legal obligation to retain it

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. If you are dissatisfied with our response, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP): www.pdp.gov.my.

8. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies independently.

9. Children's Privacy

Our courses are intended for individuals aged 18 and above. We do not knowingly collect personal data from anyone under 18. If we become aware that a minor has submitted personal data through our website, we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with a revised "Last Updated" date. Continued use of our website after changes have been posted constitutes acceptance of the revised policy. For significant changes, we will notify enrolled learners by email.