Data stewardship and responsible AI for water systems

General Information

AirTopFlow operates an AI-driven water and hydration systems platform that collects and processes data necessary to deliver monitoring, analytics and operational recommendations for water supply and hydration management. This Privacy Policy describes the types of information we collect, how we use it, retention practices, and user rights. We apply engineering controls and documented procedures to minimize personal data processing and to protect operational and personal information. Our objective is to provide reliable system functionality while respecting user privacy and applicable data protection laws. This policy applies to data collected through AirTopFlow.info and related services provided by AirTopFlow in Malaysia and in jurisdictions where we operate.

12-01-2026 AirTopFlow Sdn. Bhd., Business ID 799651372877, Jalan Ayer Hangat, Kampung Kisap, 07000 Langkawi, Kedah, Malaysia Jalan Ayer Hangat, Kampung Kisap, 07000 Langkawi, Kedah, Malaysia [email protected]
01

Definitions

For clarity throughout this policy, we use these key terms: 'personal data' refers to information relating to an identified or identifiable natural person; 'processing' means any operation performed on personal data; 'user' means the natural person using AirTopFlow services; and 'service' means the AI-driven water and hydration systems, dashboards and associated support services provided by AirTopFlow.

Personal data means any information that can identify a person directly or indirectly, such as name, email address, phone number, device identifiers, or precise location tied to a user account. Where possible, AirTopFlow minimizes the collection of personally identifiable details and uses pseudonymization or aggregation for analytics. Processing covers any operation performed on personal data including collection, storage, analysis, transmission, deletion, and use to generate analytics, alerts, or reports for system operation and customer support. User refers to individuals who interact with AirTopFlow services, including system administrators, facility managers, device operators, and end-users who receive hydration insights or manage accounts. Service includes the AirTopFlow platform (AirTopFlow.info), mobile integrations, APIs, sensors and gateways, cloud services, dashboards, and support functions that enable monitoring and optimization of water systems and hydration programs. Cookies are small text files stored on a device to enable features such as user sessions, preferences, analytics and security monitoring. AirTopFlow uses cookies and similar technologies to maintain service functionality and to improve system performance.
02

Data Collection

We collect data in three main categories: information you provide directly, data collected automatically from devices and interactions, and data received from third-party services that you authorize. Collection is limited to what is necessary to operate the service and to improve system effectiveness and safety.

Data You Provide

When you register or interact with AirTopFlow, you may submit information needed for account management, billing and system configuration. Typical user-provided items include:

  • Account name and professional contact details (name, work email, phone number)
  • Organization and role information, site addresses and installation details
  • Billing information and purchase records necessary for invoicing and business reconciliation
  • Configuration and calibration settings for sensors and devices, including identifiers for hardware managed through AirTopFlow
  • Preferences and consent choices for notifications, marketing opt-ins and communication channels
  • Support requests and correspondence content when you contact our technical or customer support teams

Automatically Collected Data

To deliver monitoring and AI-driven analytics we collect technical and usage data automatically through devices, gateways and platform software. This includes:

  • Device telemetry such as flow rates, pressure, sensor diagnostics and operational logs
  • Network and connectivity metadata including IP addresses, gateway identifiers and timestamps
  • Usage analytics from dashboards and API calls to measure feature use and improve system design
  • Aggregated hydration metrics and anonymized behavioral trends used to refine AI models
  • Security and access logs used for anomaly detection and incident response
  • Cookies and similar identifiers stored on user devices for session management

Third-Party Data Sources

AirTopFlow may receive data about you from authorized third parties to provide integrated services or to comply with contractual arrangements. Examples include:

  • Cloud infrastructure providers and hosting partners who process telemetry and backups
  • Payment processors and billing providers for invoicing and transaction records
  • Authorized integration partners such as building management platforms or analytics vendors with explicit consent
03

Purposes of Processing

We process personal and operational data for a limited set of purposes that directly support the service and user needs. These purposes are:

  • Provisioning and operation of AI-driven water monitoring, alerting and hydration guidance
  • Account administration, billing and order fulfillment for subscribed services
  • Performance monitoring, maintenance scheduling and device troubleshooting
  • Improving models and features using aggregated, pseudonymized analytics while minimizing individual identification
  • Security monitoring, fraud detection and incident response to protect users and infrastructure
  • Regulatory compliance, legal obligations and legitimate business record keeping
  • User communications such as service notices, support messages and operational alerts
  • Marketing and product updates where the user has expressly opted in to receive such communications

Legal Basis for Processing

Where applicable, we rely on one or more lawful bases to process personal data. Determinations depend on the type of data and processing activity, and may include:

  • Performance of a contract: processing necessary to provide and maintain the services you have requested
  • Consent: when you have given explicit consent for specific processing (e.g., marketing communications)
  • Legitimate interests: for security, service improvement and fraud prevention balanced against user rights
  • Legal obligation: where processing is required to comply with applicable laws or regulatory requirements

Data Subject Rights (GDPR-style Overview)

If you are in a jurisdiction with GDPR-like rights, you may have several data subject rights. We provide mechanisms to exercise these rights promptly and in accordance with applicable law.

  • Right of access: request a copy of personal data we hold about you
  • Right to rectification: correct inaccurate or incomplete personal data
  • Right to erasure: request deletion of personal data when retention is no longer required for the purpose collected
  • Right to restrict processing: request limits on how your data is used in certain circumstances
  • Right to data portability: receive personal data in a structured, commonly used machine-readable format where feasible
  • Right to object: object to processing based on legitimate interests or for direct marketing; you may also withdraw consent at any time
04

Cookies and Tracking Technologies

AirTopFlow uses cookies and tracking technologies to enable essential functionality, measure performance, and analyze usage patterns. Cookies fall into several categories described below.

Types of cookies we use include: essential cookies for authentication and session management; performance cookies for analytics and service improvement; functionality cookies to remember user preferences; and optional marketing cookies where explicit consent has been given.

Essential: required for core service operation. Analytics: collect anonymous usage statistics to improve performance. Functional: store user preferences. Marketing: used only with consent to tailor communications.

You can manage cookie preferences through your browser settings or via our cookie consent tool where provided on AirTopFlow.info. Disabling certain cookies may affect functionality such as persistent login or device registration.

Cookie Policy

Data Sharing and Disclosure

We only share personal data with third parties when necessary to provide services, fulfil legal obligations, or with your authorization. All third-party relationships are governed by contracts that require appropriate data handling and security.

  • Service providers and cloud hosts that perform infrastructure, storage and analytics on our behalf
  • Payment processors for billing and transaction reconciliation
  • Integration partners you authorize to access device data or analytics
  • Professional advisors such as auditors, lawyers and compliance specialists when required for legal purposes
  • Law enforcement or regulatory authorities when compelled by law or to protect safety and rights
  • Prospective buyers or counterparties in connection with a business reorganization or sale, under confidentiality obligations

International Data Transfers

Data processed for service delivery may be stored or processed in jurisdictions outside your country, including infrastructure in Malaysia and selected international cloud regions. Transfers are carried out only where appropriate safeguards are in place or another lawful basis exists.

We implement safeguards such as standard contractual clauses, binding corporate rules where applicable, and assessments of third-party processors to ensure an adequate level of protection consistent with applicable law.

Data Retention

We retain personal and operational data only for as long as necessary to provide the service, comply with legal obligations, resolve disputes, and for legitimate business purposes such as analytics and product improvement. Retention periods vary by data type and purpose.

Account information is retained for the duration of the account relationship and for a limited period thereafter to support recordkeeping, potential reactivation and legal compliance.

Support tickets and correspondence are retained for operational and quality assurance purposes, typically for a period aligned with our support lifecycle policies unless otherwise required by law.

System logs and telemetry used for security and troubleshooting are retained in aggregated or pseudonymized form for analysis, with raw logs kept only as needed for incident response within defined retention windows.

When data is no longer required, we take steps to securely delete or anonymize it. Deletion requests from users are processed in accordance with the applicable legal framework and account verification requirements.

Security Measures

AirTopFlow implements technical and organizational measures to protect data against unauthorized access, alteration, disclosure or destruction. Security is an ongoing process that includes design reviews, secure coding practices, encryption, monitoring and incident response practices tailored to operational technology and cloud environments.

  • Encryption of data in transit (TLS) and encryption at rest for stored sensitive data where appropriate
  • Role-based access control, least privilege principles and multi-factor authentication for administrative access
  • Regular vulnerability scanning, patch management, penetration testing and security audits
05

User Rights and Requests

To exercise data subject rights or to submit inquiries about our privacy practices, please contact our privacy team. Requests are handled according to the verification requirements and timelines prescribed by applicable law. Contact details are provided below.

  • Right of access — You may request a copy of personal data we hold about you and obtain details about processing purposes, categories of data, data recipients and storage periods.
  • Right to rectification — If your personal data is inaccurate or incomplete, you may request correction or supplementation so records reflect current, accurate information.
  • Right to erasure ('right to be forgotten') — Where retention is no longer necessary or lawful grounds do not apply, you may request deletion of your personal data in accordance with applicable law.
  • Right to restriction of processing — You can request limitation of processing while a dispute about accuracy or lawfulness is resolved, or where processing is unlawful but you oppose deletion.
  • Right to data portability — When processing is based on consent or contract and carried out by automated means, you may request your personal data in a structured, commonly used, machine-readable format.
  • Right to object — You may object to processing for direct marketing or on grounds relating to your particular situation where processing is based on legitimate interests.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw that consent at any time; withdrawal does not affect processing carried out prior to withdrawal.
  • Right to lodge a complaint with a supervisory authority — If you consider our processing of your personal data infringes applicable law, you may lodge a complaint with the relevant authority in Malaysia.

How to exercise your privacy rights

To exercise any of the rights listed above, submit a request to our Data Protection Officer with sufficient information to locate your records. We may require identity verification to protect your data. Requests should describe the specific right you wish to exercise and provide relevant details to help us process the request efficiently.

[email protected]

We will acknowledge receipt of your request within 5 working days and aim to respond substantively within 30 calendar days. If complex or additional time is required, we will notify you with reasons and an expected timeline.

Marketing and communications

AirTopFlow may send product updates, service notifications and industry insights related to AI-driven water and hydration systems where you have consented or where we have a legitimate interest. Marketing communications will be relevant to our products, services, research collaborations and events. We limit shared marketing data to the minimum necessary and apply segmentation to ensure communications remain useful and professional.

You can opt out of marketing communications at any time by following the 'unsubscribe' link in our emails or by emailing [email protected] with your contact details and request. Opting out will not prevent transactional or service-related notices required for operation of your account.

Children's data

AirTopFlow services are intended for professional, commercial and adult consumer use. We do not knowingly collect personal data from children under the age of 13. If we become aware that we have collected personal data of a child without appropriate consent, we will take steps to delete such data promptly.

Third-party links

Our site and services may contain links to third-party websites, partners and data providers. External sites operate under their own privacy policies. We are not responsible for third-party content or practices; review each third party's privacy policy before sharing personal data with them.

Changes to this privacy policy

We periodically review and may update our privacy policy to reflect changes in law, technology or service offerings. Material changes will be posted on AirTopFlow.info with an updated effective date. Non-material updates may be made without prior notice but will be recorded in our policy history.