Privacy Policy

Effective Date: 1 May 2026 | Last Updated: 1 May 2026

This Privacy Policy explains how Ask Story of Us ("Service", "we", "us", "our") collects, uses, stores, and protects information when you use our AI chatbot platform. We are committed to protecting your privacy and complying with the Malaysian Personal Data Protection Act 2010 (PDPA) and other applicable privacy laws.

BY USING THIS SERVICE YOU CONSENT TO THE DATA PRACTICES DESCRIBED IN THIS PRIVACY POLICY.

1. Data Controller

Ask Story of Us is operated by two private individuals behind the TikTok channel @storyofus.my. We are not a registered business entity. For all privacy related matters contact: meetcute.my@gmail.com

2. Information We Collect

2.1 Information You Provide Directly

  • Chat messages and queries you submit to the AI chatbot
  • Any personal information you voluntarily include in your messages (we strongly advise against sharing sensitive personal information)

2.2 Information We Generate Automatically

Anonymous User ID: A randomly generated UUID created and stored in your browser's localStorage. This ID is not linked to your name, email, device, or any personally identifiable information. It is used solely to enable conversation memory across sessions.

2.3 Information We Do NOT Collect

We explicitly do not collect:

  • Your name
  • Your email address
  • Your phone number
  • Your location or IP address
  • Device identifiers or fingerprints
  • Payment or financial information
  • Social media profiles
  • Any biometric data

3. How We Use Your Information

We use the information collected solely for the following purposes:

3.1 To operate and provide the AI chatbot service

3.2 To maintain conversation memory for up to 30 days to provide personalised responses

3.3 To improve the quality and relevance of AI responses

3.4 To detect and prevent abuse or misuse of the Service

We will never use your data for:

  • Advertising or marketing purposes
  • Sale or rental to third parties
  • Profiling or automated decision making that produces legal effects
  • Any purpose incompatible with those stated above

4. Legal Basis for Processing

Under the Malaysian PDPA 2010, we process your data on the following bases:

4.1 Consent — by using the Service you consent to the processing described in this Policy

4.2 Legitimate Interests — to operate, maintain, and improve the Service

4.3 Legal Obligation — where required by Malaysian law

5. Data Storage & Retention

5.1 Conversation history is stored on Upstash Redis servers and is automatically and permanently deleted after 30 days with no manual intervention required.

5.2 Your anonymous User ID persists in your browser's localStorage until you manually clear it.

5.3 We do not maintain any long term database of user conversations beyond the 30 day window.

5.4 We apply industry standard security measures including encrypted transmission (HTTPS) and secure server infrastructure via Vercel and Upstash.

6. Third Party Data Processors

We share minimal data with the following third party processors solely to operate the Service:

Anthropic, Inc.

  • Purpose: AI response generation
  • Data shared: Your chat messages
  • Location: United States
  • Privacy Policy: anthropic.com/privacy

Upstash, Inc.

  • Purpose: Temporary conversation storage
  • Data shared: Anonymous user ID and chat history
  • Location: United States / EU (depending on configuration)
  • Privacy Policy: upstash.com/privacy

Vercel, Inc.

  • Purpose: Application hosting and infrastructure
  • Data shared: Standard server logs
  • Location: United States
  • Privacy Policy: vercel.com/legal/privacy-policy

We have entered into data processing agreements with these providers where required. We are not responsible for the privacy practices of these third parties beyond our contractual agreements with them.

7. International Data Transfers

Your data may be transferred to and processed in countries outside Malaysia, including the United States. These transfers are necessary to provide the Service. By using the Service you consent to these transfers. We ensure that appropriate safeguards are in place through our agreements with third party processors.

8. Malaysian PDPA Compliance

We are committed to the seven data protection principles under the Malaysian PDPA 2010:

  • General Principle: Data processed only with consent and for stated purposes
  • Notice & Choice: This Policy constitutes our notice to you
  • Disclosure Principle: Data not disclosed to unauthorised parties
  • Security Principle: Reasonable security measures applied
  • Retention Principle: Data deleted after 30 days
  • Data Integrity Principle: Reasonable steps taken to ensure accuracy
  • Access Principle: Users may request access to their data

9. Your Rights

Under the Malaysian PDPA 2010 and applicable privacy laws you have the right to:

9.1 Access — request a copy of personal data we hold about you

9.2 Correction — request correction of inaccurate data

9.3 Deletion — request deletion of your data

9.4 Withdrawal of Consent — withdraw consent to processing at any time

9.5 Restriction — request restriction of processing in certain circumstances

9.6 Objection — object to processing based on legitimate interests

To exercise any of these rights please contact us at meetcute.my@gmail.com. Please note that because we only store anonymous user IDs we may require you to provide your anonymous ID (found in your browser's localStorage under the key "sou_user_id") to locate your data. We will respond to all requests within 14 days.

10. Cookies & Local Storage

10.1 We use localStorage (not cookies) to store your anonymous user ID under the key "sou_user_id".

10.2 This is strictly necessary for the Service to function and does not track you across other websites.

10.3 We do not use advertising cookies, analytics cookies, or any third party tracking technologies.

10.4 You may delete your localStorage data at any time through your browser settings. This will reset your conversation memory.

11. Children's Privacy

11.1 This Service is not directed at or intended for children under the age of 13.

11.2 We do not knowingly collect personal data from children under 13.

11.3 If you are a parent or guardian and believe your child has used this Service, please contact us at meetcute.my@gmail.com and we will take immediate steps to delete any associated data.

12. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by Malaysian law within a reasonable timeframe.

13. Do Not Track

We do not track users across third party websites and do not respond to Do Not Track browser signals as we do not engage in the tracking practices those signals are designed to prevent.

14. Changes to This Privacy Policy

14.1 We reserve the right to update this Privacy Policy at any time.

14.2 Material changes will be indicated by an updated effective date at the top of this page.

14.3 Your continued use of the Service after changes constitutes acceptance of the updated Policy.

14.4 We encourage you to review this Policy periodically.

15. Contact & Complaints

For any privacy related questions, requests, or complaints:

Email: meetcute.my@gmail.com

TikTok: @storyofus.my

We aim to respond within 7 business days.

If you are not satisfied with our response you have the right to lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at pdp.gov.my.