BotLabLearn privacy and project compliance

BotLabLearn operates AI chatbot learning courses and related online services. This privacy policy explains what personal data we collect, how we process it, the practical cases where data is used, and the choices available to learners and visitors. The policy relies on real scenarios and case studies: course enrollment flows, instructor feedback loops, and platform analytics for improving learning paths. We aim to be transparent about data handling related to registrations, course progress records, support conversations, and optional assessments. For operational inquiries contact [email protected] or call +60127135334. Business ID: 619001101967. Address: 20, Jalan Tun Mohammed Fuad 1, Taman Tun Doctor Ismail, 60000 Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia. Effective date: 23-01-2026.

23-01-2026 BotLabLearn [email protected]

Definitions

This section defines terms used in the policy and gives concrete examples tied to BotLabLearn course scenarios: registration, chatbot training exercises, peer review, and analytics used to optimize learning paths.

Personal data means any information that identifies or can be used to identify an individual learner or visitor. Example: an email address used to sign up for a course, a profile picture uploaded for a group project, or the transcript of a support chat session used to resolve an account issue.
Processing refers to any operation performed on personal data, including collection, storage, organization, analysis, anonymization, and deletion. A practical case: when a learner submits an assignment, the platform stores the submission, analyzes it for feedback, and records completion status.
User means any individual accessing BotLabLearn services, including prospective learners browsing course descriptions, enrolled students taking modules, and instructors reviewing student submissions.
Service refers to the BotLabLearn platform, web pages, mobile interfaces, course content delivery, assessment tools, and support chatbots used to assist learners.
Cookies are small data files stored on a device to support session management, remember preferences, and provide basic personalization. In a course scenario cookies help resume a lesson where it was left off.

Data Collection

We collect data needed to deliver courses, handle account management, provide customer support, and improve learning outcomes through anonymized analytics. Below are categories with examples tied to common scenarios.

Data You Provide Directly

When you sign up, enroll, participate in discussions, or contact support, you submit information used to operate your account and support course delivery.

  • Account details: name, email address, password (hashed), and optional profile information submitted during registration.
  • Course enrollment data: selected courses, enrollment dates, chosen learning tracks, and payment receipts for paid modules.
  • Content you provide: assignments, chat messages with tutors or chatbots, recorded quizzes, and uploaded files used for assessment.
  • Support interactions: transcripts of customer support chats, emails, and feedback forms used to resolve issues and improve materials.
  • Communications preferences: consent choices for newsletters, promotional materials, and notification settings.
  • Optional profile enrichment: professional background, skills, and certifications added to personalize course recommendations.

Information Collected Automatically

BotLabLearn gathers technical and usage data to maintain the platform and improve learning experience through aggregated insights and scenario-based adjustments.

  • Device and browser information such as device type, operating system, browser version, and screen resolution used to diagnose technical issues.
  • Usage data including pages visited, time spent on lessons, lesson progress markers, and feature interactions to analyze learning flows.
  • Log data: IP addresses, timestamps, server logs used for security monitoring and troubleshooting access problems.
  • Performance metrics from assessments and quizzes (scores, completion time) used in anonymized form to improve content sequencing.
  • Analytics cookies and similar technologies that help identify returning visitors and measure campaign effectiveness.
  • Crash reports and diagnostic data from mobile or web clients to fix bugs and enhance stability.

Data from Third Parties

In certain cases we receive data from payment processors, authentication providers, learning partners, or analytics services to support specific course scenarios.

  • Payment processors: billing name, partial payment confirmation data, and transaction references needed to issue receipts and process refunds.
  • Authentication providers: where you sign in with an external account, we receive verified identity data such as name and email.
  • Learning partners and platforms providing content or proctoring services may share performance metrics or verification information.

Purposes of Processing

We process data for specific, documented purposes that align with the delivery and improvement of BotLabLearn courses. Each purpose is illustrated with a practical scenario.

  • Service delivery: creating and managing accounts, enrolling learners in courses, and delivering course materials. Example: assigning lesson modules based on selected learning track.
  • Personalization: tailoring content recommendations and practice exercises based on demonstrated skills and progress in prior modules.
  • Customer support: handling inquiries and disputes using chat logs and support ticket histories to resolve technical and enrollment issues.
  • Payments and billing: processing course fees, issuing invoices, and handling refunds with payment processor data.
  • Platform improvement: using aggregated usage metrics and anonymized assessment data to refine course structure and reduce drop-off in practical case scenarios.
  • Security and compliance: monitoring logs and access patterns to detect abuse or unauthorized access in instructor and student accounts.
  • Legal obligations: retaining and disclosing information as required by law or to respond to lawful requests from authorities.
  • Marketing communications: sending updates about new courses and events when you opt in, with clear unsubscribe options.

Legal Bases for Processing

Depending on the data and context, processing is based on legitimate interests, contractual necessity, consent, or legal obligations. Examples below clarify which basis applies in common scenarios.

  • Contractual necessity: processing account and enrollment data to deliver purchased course content and manage subscriptions.
  • Legitimate interests: analyzing anonymized usage data to improve UX and course completion rates, balanced against user privacy.
  • Consent: where required (for example marketing emails or optional profile enrichment), we rely on explicit consent which you can withdraw.
  • Legal compliance: processing for tax, regulatory reporting, or responding to lawful requests from authorities.

Privacy Rights & GDPR Considerations

Although BotLabLearn operates from Malaysia, we consider GDPR-related rights for EU residents engaging with our services. We explain how practical requests are handled and the safeguards used for cross-border scenarios.

  • Right to access: you can request a copy of the personal data we hold about you and receive it in a common, machine-readable format.
  • Right to rectification: you may ask to correct inaccurate or incomplete data, for example an incorrect email used in enrollment.
  • Right to erasure: in eligible cases you can request deletion of your personal data, subject to retention obligations for records related to payments or legal compliance.
  • Right to restriction/objection: you can request that certain processing is limited or object to processing based on legitimate interests; we will assess such requests on a case-by-case basis.
  • Right to data portability: where processing is based on consent or contract, you can request transfer of structured personal data to another provider where technically feasible.
  • Right to withdraw consent: if you previously consented to marketing or optional profiling, you can withdraw consent at any time with effect for future processing.

Cookies and Tracking

Cookies and similar technologies support login sessions, analytics, and feature personalization. We describe types, categories, and how to manage them in routine scenarios such as resuming a lesson or remembering language preferences.

Types include session cookies (expire when you close the browser), persistent cookies (remember choices across visits), and third-party cookies used by analytics or embedded content providers.

Categories: strictly necessary cookies for basic site functions; performance cookies for usage statistics; functional cookies for preferences; and advertising cookies used only when you opt in.

You can change cookie preferences through the cookie banner, browser settings, or privacy controls in your account. Blocking cookies may limit functionality such as automatic lesson resume or stored preferences.

View our detailed cookie policy for full examples and management steps.

Sharing and Disclosure

We share limited data with service providers and partners to operate the platform and support course-related scenarios. Disclosures are subject to contractual controls and access minimization.

  • Service providers: hosting, email delivery, analytics, and payment processors that perform functions on our behalf.
  • Learning partners: organizations that supply course material, credential verification, or proctoring services may receive specific performance or verification data.
  • Legal and safety: where required by law or to protect rights, we may disclose information to courts, regulators, or law enforcement.
  • Aggregated or anonymized data: shared with research partners to publish non-identifiable insights on learning outcomes and case studies.
  • Mergers and acquisitions: in the event of a business transfer, user data may be part of the transferred assets under confidentiality protections.
  • Third-party tools embedded in courses: when you use integrated tools, those providers may collect data per their own policies; always review their disclosures.

International Data Transfers

Some processing involves providers located outside Malaysia. Transfers are governed by appropriate safeguards: standard contractual clauses, data processing agreements, and assessments of local protections in line with practical risk scenarios.

We use contractual protections, limit transferred fields to the minimum required for the service, and routinely review third-party security practices to align with the case-specific needs of course delivery.

Data Retention

Retention periods vary by data type and the practical operational need. We retain information only as long as necessary for the purpose, plus any additional period required by law or to resolve disputes.

Account data (profile and enrollment history) is retained while the account is active and for up to two years after account closure to allow for reactivation and to maintain records of completed courses.

Support and chatbot transcripts relevant to dispute resolution are kept for up to three years unless you request deletion earlier, subject to legal obligations.

System logs and security-related logs are retained for a standard period of 12 months to support incident response and forensic analysis.

When retention periods expire or you request deletion, data is securely erased or anonymized unless preservation is required for legal compliance or legitimate interests such as fraud prevention.

Security Measures

We apply organized technical and organizational controls to protect personal data based on the sensitivity of the data and practical threat scenarios. Controls include encryption, access controls, monitoring, and staff training focused on handling learner data with care.

  • Encryption in transit using TLS and encryption at rest for sensitive records related to payments and authentication vouchers.
  • Role-based access control and logging to ensure only authorized staff can access learner records needed for support or course administration.
  • Regular backups, vulnerability scanning, and incident response procedures to address and mitigate potential data incidents in a timely manner.

Your Data Rights

You have practical rights over your data. Below are typical actions and the scenarios in which you might exercise them, for example correcting profile data or requesting export of completed course records.

  • Access: request a copy of the personal data we hold about you and the purposes for which it is processed.
  • Rectification: correct inaccurate information used in course enrollment or certification details.
  • Erasure: request deletion of personal data when retention is no longer necessary, subject to legal or contractual constraints.
  • Restriction: request limiting processing in certain circumstances, for example while a verification dispute is resolved.
  • Portability: obtain and reuse your data across different services when technically feasible, such as exporting course completion records.
  • Object: object to processing based on legitimate interests, for example profiling for marketing purposes.
  • Withdraw consent: where processing is based on consent, you may withdraw it for future processing.
  • Lodge a complaint: if you believe your rights have been violated, you can contact our team or relevant supervisory authorities.

How to Make a Rights Request

To exercise your data rights, contact us at [email protected] with 'Data Rights Request' in the subject and include a clear description of the request and proof of identity. For practical cases like exporting course history, specify the format you prefer.

[email protected]

We aim to respond to data access and correction requests within 30 days of receiving a valid request. Complex requests may require more time and we will inform you if an extension is needed.

Marketing Communications

We occasionally send newsletters, course updates, and event invitations based on your preferences. Communications are tailored using your course interests and enrollment history in a privacy-conscious manner.

Every marketing message includes a clear unsubscribe link. You can also manage preferences in your account or email [email protected] to opt out of promotional communications.

Children and Minors

Our courses are intended for learners aged 18 and over. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will take steps to delete the data unless retention is required by law.

Third-Party Links

Courses may include links to external partner sites and tools. Those sites have their own privacy practices and BotLabLearn is not responsible for their content or policies. Review external privacy notices before sharing personal information.

Changes to This Policy

We may update this policy to reflect operational changes or legal requirements. Substantive updates will be highlighted on the site and via email to active learners with a summary of what changed and practical implications for existing enrollments.

Contact Information

Contact BotLabLearn at: [email protected] or +60127135334. Business ID: 619001101967. Postal address: 20, Jalan Tun Mohammed Fuad 1, Taman Tun Doctor Ismail, 60000 Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia. For data rights requests use the subject 'Data Rights Request'.

+60127135334 [email protected] 20, Jalan Tun Mohammed Fuad 1, Taman Tun Doctor Ismail, 60000 Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

Real-World Cases: Applying Chatbot Skills

BotLabLearn courses focus on practical scenarios where learners build and evaluate chatbots for distinct use cases: customer support triage, conversational onboarding, and tutoring assistants. Each module includes step-by-step case studies: dataset preparation, prompt design, iteration logs, and A/B testing results. Students work on scenario-driven projects with sample datasets and reproducible evaluation metrics. By following these cases, learners understand activity-offs in model choices, safety controls, and deployment considerations in contexts similar to real small business and education deployments.

Scenario-based labs: hands-on tasks that mirror common customer support and educational use cases, with stepwise instructions and checkpoints.
Assessment with feedback: practical grading rubrics and instructor notes that walk through improvement cycles for chatbot responses.
Deployment checklist: operational guidance on integrating chatbots into web pages, analytics tracking, and monitoring user interactions post-launch.
Explore case-driven courses and start a hands-on project with BotLabLearn today.