Privacy Policy

Last updated: 11 May 2026

This policy explains how BYOB.asia ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit our website or engage our services. We aim to comply with the Personal Data Protection Act (PDPA) of Singapore, Malaysia's PDPA 2010, and Thailand's PDPA 2019.

1. Who we are

BYOB.asia is a digital services business based in Kuala Lumpur, Malaysia, serving clients across Sri Lanka. For privacy-related queries, contact us at hello@byob.asia.

2. What we collect

We only collect personal data you give us directly:

  • Contact form submissions: name, email address, company name, and message content.
  • Contact enquiries: name, email address, and any message you send via our contact page.
  • Email correspondence: any data you choose to share when you email us.
  • Anonymous analytics: aggregated, anonymous usage data via a cookieless analytics tool — no personal identifiers, no IP address storage, no cross-site tracking.

3. How we use your data

We use your personal data only to:

  • Respond to enquiries and quote requests.
  • Schedule and conduct discovery calls.
  • Deliver services agreed in a signed contract.
  • Send service-related updates (project progress, invoices). We do not send marketing emails without explicit opt-in.

We process your data based on (a) your consent when you submit a form or book a call, (b) the necessity of performing a contract you've signed with us, and (c) our legitimate interest in operating and improving our business.

5. Who we share it with

We never sell your data. We share it only with service providers strictly necessary to operate our business:

  • Form processor (e.g. Formspree or Web3Forms) — to receive form submissions.
  • Email provider — to send and receive correspondence.
  • Calendly — to schedule discovery calls.
  • Cloudflare — for hosting, security, and CDN.

Each of these providers has their own privacy policy and data protection commitments.

6. How long we keep it

Contact form submissions and email correspondence are retained for up to 24 months unless you request earlier deletion or unless we have a legal obligation to retain them longer (e.g. tax records relating to a paid project).

7. How we protect it

All website traffic is served over HTTPS. Form submissions are protected by Cloudflare Turnstile to prevent abuse. Internal access to client data is restricted to team members directly working on a project.

8. Your rights

Under PDPA you have the right to:

  • Access the personal data we hold about you.
  • Correct any inaccurate data.
  • Withdraw consent and request deletion at any time.
  • Request a copy of your data in a portable format.

To exercise any of these, email hello@byob.asia with the subject "Data request". We aim to respond within 14 calendar days.

9. Cookies and tracking

This website does not use third-party advertising or behavioural tracking cookies. See our cookie policy for full details.

10. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top reflects the latest revision. Material changes will be communicated via email to active clients.

11. Contact

Questions about this policy or how we handle your data? Email hello@byob.asia.

This policy is provided as a clear statement of our practices but does not constitute legal advice. For PDPA-specific compliance questions, consult qualified counsel in your jurisdiction.