Privacy Policy

WishBOT AI Video Creation Platform

GDPR & CCPA Compliant
Last Updated: August 1, 2025
Effective Date: August 1, 2025

1. Introduction

WishBOT ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered video creation platform.

Your Privacy Matters: We believe in transparency about our data practices and your rights. This policy provides comprehensive information about how we handle your personal information.

2. Information We Collect

2.1 Personal Information You Provide

Data Type Examples Purpose
Account Information Name, email address, password Account creation and management
Business Information Company name, industry, business description Personalized video content generation
Payment Information Billing address, payment method details Processing subscriptions and payments
Content Data Chat conversations, uploaded assets, video preferences AI-powered video creation and service improvement

2.2 Information Automatically Collected

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: IP address, browser type, operating system
  • Performance Data: Error logs, system performance metrics
  • Analytics Data: User interactions, conversion rates, feature adoption

2.3 Information from Third Parties

We may receive information from payment processors, email service providers, and analytics services to enhance our platform and verify your identity.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Provision: Creating and delivering personalized video content
  • Account Management: User authentication, account maintenance, customer support
  • Payment Processing: Billing, subscription management, transaction processing
  • AI Training: Improving our AI models and algorithms (anonymized)
  • Communication: Service updates, security notifications, marketing (with consent)
  • Analytics: Understanding usage patterns and improving user experience
  • Legal Compliance: Meeting regulatory requirements and enforcing our terms

4. Malaysian Personal Data Protection Act (PDPA) Compliance

4.1 PDPA Notice and Consent (Section 7 Compliance)

In accordance with the Personal Data Protection Act 2010 (as amended in 2024), WishBOT provides this notice regarding the collection, use, and disclosure of your personal data. This notice is available in both English and Bahasa Malaysia upon request.

Personal Data We Collect:

  • Account Information: Name, email address, contact details
  • Business Information: Company name, industry, business description
  • Payment Information: Billing address, payment method details (processed by Stripe)
  • Content Data: Chat conversations, uploaded assets, video preferences
  • Usage Data: Platform interactions, video generation history

Purposes of Data Processing:

  • Providing AI-powered video creation services
  • Account management and customer support
  • Processing payments and managing subscriptions
  • Improving our AI models and service quality (with anonymized data)
  • Complying with legal obligations

4.2 Your PDPA Rights

Under the Malaysian PDPA, you have the following rights:

  • Access Right: Request access to your personal data held by WishBOT
  • Correction Right: Request correction of inaccurate, incomplete, misleading, or outdated data
  • Data Portability: Request transfer of your data to another service provider (effective June 2025)
  • Withdrawal of Consent: Withdraw your consent for data processing (may affect service delivery)
  • Retention Limitation: Request deletion of data after purpose fulfillment

4.3 Data Protection Officer (DPO)

WishBOT has appointed a Data Protection Officer in compliance with 2025 PDPA requirements. Contact our DPO for any data protection inquiries:

Data Protection Officer
Email: support@wishbot.us
Address: Letwish Network Enterprise
No.350, Jalan Langsat, Kampung Jambu
34000, Taiping Perak Malaysia

4.4 Data Breach Notification

In accordance with PDPA 2025 amendments, we will notify the Personal Data Protection Department (JPDP) within 72 hours of any data breach. Affected users will be notified within 7 days if there is risk of significant harm.

4.5 Cross-Border Data Transfer

We may transfer your personal data to countries outside Malaysia for cloud hosting and AI processing. All transfers comply with PDPA Section 129 requirements and are conducted with adequate protection measures.

5. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on:

  • Contractual Necessity: To provide our services as outlined in our Terms of Service
  • Legitimate Interests: To improve our platform, prevent fraud, and ensure security
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with applicable laws and regulations

6. Data Sharing and Disclosure

6.1 We May Share Information With:

  • Service Providers: Cloud hosting, payment processing, email delivery
  • AI Partners: Third-party AI services for content generation (data anonymized)
  • Analytics Providers: Usage analytics and performance monitoring
  • Legal Authorities: When required by law or to protect our rights

6.2 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

7. Data Security and Protection

7.1 Security Measures

  • Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Audits: Security assessments and vulnerability testing
  • Data Minimization: We collect only necessary information
  • Secure Infrastructure: Industry-standard cloud security practices

7.2 Data Breach Response

In the unlikely event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by applicable laws.

8. Your Privacy Rights

8.1 Universal Rights

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data
  • Data Portability: Export your data in a machine-readable format

8.2 Additional GDPR Rights (EU Users)

  • Processing Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent for marketing communications
  • Supervisory Authority: File complaints with your local data protection authority

8.3 California Privacy Rights (CCPA)

  • Know: What personal information we collect and how it's used
  • Delete: Request deletion of personal information
  • Opt-Out: Opt-out of the sale of personal information (we don't sell data)
  • Non-Discrimination: Equal service regardless of privacy choices

How to Exercise Your Rights: Contact us at privacy@wishbot.us with your request. We will respond within 30 days.

9. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active
  • Chat History: Retained for service improvement (can be deleted on request)
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Marketing Data: Retained until you unsubscribe
  • Legal Records: Retained as required by applicable laws

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all third-party processors
  • Regular compliance assessments of international transfers

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

  • Essential Cookies: Required for basic platform functionality
  • Performance Cookies: Help us understand how users interact with our platform
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used for targeted advertising (with consent)

11.2 Cookie Management

You can control cookies through your browser settings or our cookie preference center. Note that disabling essential cookies may affect platform functionality.

12. Children's Privacy

WishBOT is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will:

  • Notify you via email of material changes
  • Post the updated policy on our website
  • Provide a 30-day notice period for significant changes
  • Maintain an archive of previous versions

14. Contact Information

Data Protection Officer

Email: support@wishbot.us


General Support

Email: support@wishbot.us


For privacy-related inquiries, please include "Privacy Request" in your subject line and provide detailed information about your request.

← Back to WishBOT