Governance & Transparency
DATA
SOVEREIGNTY
BY DESIGN.
At Saffron Data Vault, we treat privacy not as a legal hurdle, but as the foundational architecture of our enterprise data warehousing systems. This policy outlines our rigorous protocols for managing information within the Malaysian digital landscape.
Request Security BriefOur Privacy Charter
How we navigate the ethics of secure analytics and massive-scale processing.
Zero Trust Access
We operate on the principle of least privilege. Metadata and raw data streams are siloed, ensuring that no single system or administrator has unfettered access to sensitive identifiable information.
Purpose Limitation
Information collected for data warehousing optimization is never cross-purposed for marketing or profiling without explicit, granular consent from the endpoint owner.
Encryption at Rest and in Transit
All data packets entering Saffron Data Vault are encrypted using AES-256 standards. Our secure analytics pipelines utilize homomorphic encryption techniques where possible to process insights without decrypting the underlying sensitive values.
THE ANATOMY OF A DATA PACKET
Tracing the lifecycle of information within our data platforms.
Validation & Scrubbing
Upon entry, data is scrubbed for PII (Personally Identifiable Information). Our automated gateways flag non-compliant headers before they hit the vault.
Immutable Auditing
Every touchpoint is logged on a tamper-proof ledger. We maintain high-fidelity logs for 12 months to satisfy local Malaysian regulatory requirements.
Saffron Data Vault ensures that decommissioned hardware undergoes multi-pass physical shredding, preventing any residual data recovery post-lifecycle.
Malaysian PDPA Compliance
As a provider headquartered in Kuala Lumpur, our operations are strictly aligned with the Personal Data Protection Act 2010 (PDPA). We ensure that all data stays within the territorial borders of Malaysia unless specific cross-border transfer agreements are in place.
Our data platforms are audited biannually to ensure adherence to the shifting landscape of cybersecurity threats. We maintain a dedicated Data Protection Officer (DPO) at our Jalan Sultan Ismail facility to oversee internal compliance.
In the event of a suspected data breach, Saffron Data Vault initiates a 72-hour notification protocol to inform all affected stakeholders and relevant Malaysian authorities.
Technical Data Disclosure
| Data Category | Purpose of Processing | Retention Period | Technical Controls |
|---|---|---|---|
| Client Identity Data | Contractual fulfillment & identity verification. | Duration of service + 7 years. | Bcrypt hashing, Salted storage. |
| System Telemetry | Infrastructure optimization & bug tracking. | 90 Days (Rolling). | Anonymized aggregation. |
| Inquiry Metadata | Improving customer response efficiency. | 12 Months. | TLS 1.3 Encryption. |
This table represents our standard processing baseline. Bespoke enterprise SLAs (Service Level Agreements) may define custom retention parameters per client requirements.
Exercising Your Rights
Under modern digital laws, you maintain sovereignty over your records. You may request any of the following by contacting our compliance office:
- Right to access and data portability
- Right to rectification of inaccuracies
- Right to erasure (Right to be forgotten)
- Right to object to automated processing
We process all valid requests within 21 business days in accordance with the Standards of Malaysia. Proof of identity is required for all data access requests to prevent unauthorized disclosure.