1. Data residency
Bijak Cloud is a Sovereign AI platform. All customer data — including prompts, embeddings, model weights, audit logs, telemetry, and backups — is stored and processed exclusively inside Malaysian data centres operated under Malaysian jurisdiction.
There is no cross-border replication. There is no out-of-country failover. There is no exception path that would route customer data outside Malaysia. The data-residency guarantee is a platform property enforced by infrastructure controls, contractual terms, and continuous audit.
2. Personal data & PDPA 2010
Where customer data includes personal data as defined by the Personal Data Protection Act 2010, Bijak Cloud acts as the data processor. The customer remains the data controller and is responsible for the lawful basis of collection.
Bijak Cloud processes personal data only on the documented instructions of the customer, only inside Malaysian data centres, and only for the purposes set out in the applicable Data Processing Agreement.
3. Encryption
Customer data is encrypted at rest using AES-256 with sovereign-managed keys, and in transit using TLS 1.3 with modern cipher suites only. Customers on the Sovereign tier may operate customer-managed keys held in dedicated hardware security modules.
4. Audit logs
Every platform action produces an immutable audit record retained for seven years. Customers may export their audit log at any time for compliance review.
5. Subprocessors
We maintain a current list of subprocessors and notify customers at least 30 days before any material change. All subprocessors operate inside Malaysia or under contractual data-residency controls.
6. Data subject access requests
Customers may action data subject access, correction, and deletion requests through the platform audit API. Bijak Cloud will respond to verified customer requests within statutory timeframes.
7. Breach notification
In the event of a personal-data breach, Bijak Cloud will notify the customer without undue delay and in any event within 24 hours of confirmation, providing the information required by the customer to discharge its own notification obligations.
8. Contact
Questions about this policy can be sent to sales@bijakcloud.example. Data protection enquiries specifically should be sent to privacy@virex.example.com.