PDPA

PDPA Statement

This statement is issued in accordance with the Personal Data Protection Act 2010 ("PDPA") of Malaysia. It explains how Lexi Global Sdn Bhd ("Sidewalk") processes personal data in connection with the Sidewalk service.

Personal data we process

Identifying information (name, email address, business name).
Account credentials (hashed passwords; we never see the plaintext).
Billing information (handled by Stripe — we receive only the subscription status, not the card data).
Service-usage data (chat history processed by your agents, configuration choices, agent training material).
Technical data (IP address, browser, session cookies) for the operation and security of the service.

Purposes of processing

Providing the Sidewalk service (account access, agent training, message processing).
Processing subscription payments through Stripe.
Account administration, support, and transactional email.
Marketing communication about Sidewalk products and updates (you can opt out at any time).
Complying with legal obligations and enforcing our Terms of Service.

Disclosure

We may disclose your personal data to:

Our service providers (hosting, payment, email delivery, AI model providers) under their respective data-protection terms.
Law-enforcement agencies or regulators where required by law.
A successor entity in the event of a sale, merger, or restructuring of Lexi Global Sdn Bhd.

We do not sell your personal data.

Cross-border transfer

Sidewalk is hosted in Malaysia. Some of our service providers (for example, AI model providers and Stripe) process data outside Malaysia. We rely on the contractual and technical safeguards offered by these providers, and limit transfer to what is necessary to operate the service.

Your rights under the PDPA

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Withdrawal of consent: Withdraw consent for processing where consent is the lawful basis (note that this may prevent us from continuing to provide the service).
Limit processing: Request that we limit processing for direct-marketing purposes.

To exercise any of these rights, email hello@sidewalk.com.my with the subject "PDPA request". We will respond within 21 days.

Retention

We retain personal data while your account is active and for up to 90 days after deletion to allow recovery and meet legal obligations. Residual data in backups is rotated within an additional 30 days.

Security

We use industry-standard technical and organisational measures to protect personal data, including encryption in transit (HTTPS), hashed passwords, network isolation, and least-privilege access controls. No system is perfectly secure; report any suspected vulnerability to hello@sidewalk.com.my.

Bahasa Malaysia

This statement is issued in English and Bahasa Malaysia. In case of conflict, the English version prevails. A Bahasa Malaysia translation is available on request — email hello@sidewalk.com.my.

Last updated: 2026-05-04
Data user: Lexi Global Sdn Bhd · Company No. 202101234567 (1234567-X) · 01-09 Komplek Sempilai, Jalan Sempilai, 13700 Perai, Pulau Pinang, Malaysia