Privacy Policy

Last updated: 4 May 2026

This Privacy Policy explains how Emphasize Labs (“we”, “us”, “our”) handles personal information collected through emphasizelabs.com and related services.

We’re a legal marketing consultancy based in Kuala Lumpur, Malaysia. Most of our clients are Malaysian law firms, but our website is accessible globally, so this policy covers visitors from anywhere.

Who runs this site

Emphasize Labs is operated from Kuala Lumpur, Malaysia. The business is currently run by a single founding consultant, with the intention of bringing in employees and contracted freelancers over time as client demand grows. Where data is shared with employees or freelancers, the safeguards are set out in the “Who has access to your data” section below.

If you have a question about your data, you can reach us at the contact details listed at the end of this policy.

What we collect

We collect three kinds of information.

Information you give us directly. When you fill in our contact form, request a consultation through WhatsApp, or send us an email, we receive whatever you choose to share — typically your name, firm name, email address, phone number, and a description of what you’re looking for help with.

Information collected automatically. When you browse the site, our hosting provider and analytics tools log standard technical information: IP address, browser type, device type, pages viewed, time spent on each page, and the referring source. This is the same kind of data nearly every website logs.

Payment-related information (clients only). When you become a paying client, payment is processed through a third-party payment platform. Card details and full financial information are stored by the payment processor, not by us. We typically only retain a transaction reference, the last four digits of the card, the amount, and the invoice it relates to — enough to keep proper accounting records.

Why do we collect it

We use the information for the following clearly defined purposes.

To respond to your enquiry. If you fill in our contact form or message us on WhatsApp, we use your contact details to reply and discuss whether we’re the right fit.

To deliver the work. If you become a client, we use your information to run the engagement: communicating, invoicing, managing the project, and reporting on results.

To improve the website. Aggregated, anonymised traffic data tells us which pages are useful and which aren’t. We don’t use this to identify individual visitors.

To meet legal and tax obligations. As a Malaysian-registered business, we’re required to keep accounting and tax records under the Income Tax Act 1967 and related laws.

For marketing — only with your consent. We may use the fact that you’re a client (your firm name, the work we did, the results we got) to write case studies, build portfolio pages, or share examples of our work. We only do this where you’ve given us explicit consent through your engagement contract. You can withdraw that consent at any time.

For paid advertising — only with your consent. We may, with explicit consent set out in your engagement, upload limited contact information to advertising platforms (such as Meta or Google) to build lookalike audiences or improve ad targeting. This is opt-in, not opt-out.

We do not sell your information. We do not share it with advertising networks beyond the controlled, consented use described above.

Legal basis (Malaysia and international)

For visitors in Malaysia, we process personal data under the Personal Data Protection Act 2010 (PDPA), specifically:

  • Your consent, when you submit a contact form, message us, or sign an engagement that includes marketing use
  • Performance of a contract, when you become a client
  • Compliance with a legal obligation, where applicable (tax, accounting, regulatory)

For visitors in the European Union, United Kingdom, or other jurisdictions with similar laws, we rely on equivalent grounds — consent and legitimate interest — under the GDPR and equivalent frameworks.

Cookies and tracking

The site uses cookies. The Cookies Policy explains what each one does, why it’s there, and how to switch them off. You can find it at emphasizelabs.com/cookies-policy.

Who has access to your data

Your data is accessed only by people who need it to do the work. This includes:

The founding consultant. Direct day-to-day handling of all client and enquiry data.

Future employees. As the business grows, employees may be brought in to support client delivery. Any employee with access to client data will be bound by a written confidentiality agreement and trained on data handling obligations under the PDPA.

Freelancers and contractors. For specific technical work outside our core expertise (for example, advanced web development, custom integrations, or technical SEO audits), we may engage qualified freelancers. Where this involves access to your data, we limit access to what’s strictly needed for the task, and the freelancer is bound by a written confidentiality and data protection agreement.

Service providers. Third-party tools we rely on to run the business (listed in the next section) process data on our behalf under their own privacy terms.

Third-party services

A small number of third-party tools support the site and the business. They each have their own privacy policies, which you should read if you’re concerned about how they handle data.

  • Google Analytics, for traffic analytics
  • Google Search Console, for search performance data
  • WordPress hosting (server-side logging)
  • WhatsApp, when you click through to message us
  • Email service providers, when you correspond with us
  • Payment platforms, when you pay an invoice (the specific provider for your engagement will be named in your invoice)
  • Advertising platforms (Meta, Google), only where you’ve consented to ad-targeting use

These tools may store data outside Malaysia. We’ve chosen them because they’re standard, established providers with reasonable security practices.

How long do we keep it

Retention is bound by the PDPA Retention Principle, which requires us not to keep data longer than necessary for the purpose it was collected.

Contact form submissions where no engagement follows. Up to 24 months after the last interaction, then deleted.

Client records (engagement-related communications, briefs, deliverables). Duration of the engagement plus 7 years afterwards. The 7-year period is set by the Income Tax Act 1967 (Section 82), which requires Malaysian businesses to keep records that long for audit purposes.

Financial and payment records (invoices, receipts, accounting entries). 7 years from the end of the relevant year of assessment, in line with the Income Tax Act.

Marketing portfolio and case study materials. Retained while consent is in place. If you withdraw consent, we remove identifying details promptly.

Advertising platform audiences. Retained per the platform’s own retention rules, and only while consent is in place. Removed within a reasonable period after consent is withdrawn.

Website analytics. Retained per the default settings of the analytics provider (typically 14 to 26 months in aggregated form).

If you’d like your data removed earlier than the periods above, write to us. We’ll do it unless we’re legally required to keep it (for example, where tax law requires retention of a specific record).

Your rights

Under the PDPA and equivalent international frameworks, you have the right to:

  • Ask what data we hold about you
  • Ask us to correct it if it’s wrong
  • Ask us to delete it (subject to legal retention requirements)
  • Withdraw consent for processing where consent is the basis (including marketing and advertising use)
  • Lodge a complaint with the Personal Data Protection Department of Malaysia or your local data protection authority

To exercise any of these rights, send us an email. We respond within 21 days.

Children

The site isn’t directed at children under 18, and we don’t knowingly collect data from minors. If you believe we’ve inadvertently collected information from a child, contact us and we’ll delete it.

Security

We take reasonable steps to protect the data we hold. Our hosting provider uses standard encryption (HTTPS), access to client data is limited to people who genuinely need it, and we use strong authentication on the tools that handle client information.

That said, no system is completely secure. We can commit to careful, reasonable handling of your data, and we won’t sell it or treat it carelessly — but we cannot guarantee against every form of cyberattack or third-party breach. If a breach occurs that affects you, we’ll notify you and the relevant authority promptly, in line with Malaysian law.

Changes to this policy

If we update this policy, the “Last updated” date at the top will change. For material changes, we’ll post a notice on the site. Continuing to use the site after changes means you’ve accepted the updated terms.

Contact

For any privacy question, including data access or deletion requests:

Emphasize Labs Kuala Lumpur, Malaysia
Email: help@emphasizelabs.com
WhatsApp: +6017-515 7871