Course Architectby IOT SOLUTIONS
FeaturesHow It WorksPricingFAQ
FeaturesHow It WorksPricingFAQ

Personal Data Protection

PDPA Notice

Last updated: 3 July 2026

Issued by: IOT SOLUTIONS

Legal Note: This notice is provided for transparency and should be reviewed by a qualified legal adviser before commercial launch. This does not constitute formal legal compliance advice.

This PDPA Notice is prepared in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. As the data controller / operator of Course Architect Workflow, IOT SOLUTIONS is committed to handling your personal data responsibly and transparently.

1. Data User

The data user is IOT SOLUTIONS, the developer and operator of Course Architect Workflow, an AI-powered learning design productivity tool.

2. Personal Data We Collect

  • Full name
  • Email address
  • Mobile / WhatsApp number
  • Role and job title
  • Company or training provider name
  • Country
  • Main training area
  • IP address (for consent logs and security)
  • Browser / device metadata
  • Usage data and generation history
  • Feedback and support messages
  • Images you upload to assessments (and an upload log: uploader, organisation, timestamp, IP)

3. Purposes of Collection

  • To create and manage your user account
  • To provide the Course Architect Workflow service
  • To generate and save AI-assisted course materials on your behalf
  • To manage usage limits and plan entitlements
  • To improve the platform based on usage patterns
  • To provide customer support
  • To send transactional account messages (required for service delivery)
  • To send marketing and promotional communications — only when explicit consent has been given
  • To comply with applicable laws and regulations

4. Third-Party Service Providers and Subprocessors

To deliver our services, we use third-party service providers and subprocessors who may process personal data only where necessary for service delivery, security, hosting, authentication, database storage, AI generation, email delivery, analytics, support, billing or compliance. Current providers may include:

  • Supabase — database and authentication infrastructure
  • Vercel — application hosting and deployment
  • AI service providers, including Google AI / Gemini API and other AI model providers that may be introduced for paid or premium features
  • Email service providers — transactional and marketing communications, where applicable
  • Payment providers — payment processing, where applicable in future paid plans

These providers are bound by their own privacy policies and data processing agreements. We only share data necessary for service delivery, and we may update this list from time to time when new providers are added or replaced.

4A. AI Processing and Model Providers

Course Architect Workflow uses AI service providers to generate course outlines, training proposals, assessments, lab exercises, trainer scripts, evaluation forms and other learning design materials based on the information provided by users.

When you use our AI generation features, the following information may be sent to our AI service providers for processing:

  • course titles
  • course descriptions
  • training requirements
  • target audience information
  • user prompts and instructions
  • generated draft outputs
  • related usage metadata required for service delivery and troubleshooting

Currently, we use Google AI Studio / Gemini API for AI-assisted content generation. We may introduce additional AI model providers in the future for paid or premium features. Where this happens, we will update this notice or our list of third-party service providers accordingly.

Users should not enter unnecessary personal data, sensitive personal data, confidential client information, student records, financial data, medical data, identity documents, passwords, or proprietary information into the AI generation forms unless they have the proper authority and consent to do so.

AI-generated outputs are draft materials only. Users are responsible for reviewing, editing and verifying all generated content before using it for training, client submission, certification, grant, compliance or commercial purposes.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. Consent logs are retained for compliance purposes. Images you upload are retained only while the related assessment exists and are deleted when that assessment is deleted (and may be purged after closure or a maximum period). Where uploaded images contain personal data of identifiable individuals, you are responsible for obtaining any required consent. You may request deletion of your data by contacting us.

6. Your Rights Under PDPA

Under the Personal Data Protection Act 2010, you have the right to:

  • Access your personal data held by us
  • Request correction of inaccurate personal data
  • Request deletion of your personal data (subject to legal requirements)
  • Withdraw consent for marketing communications at any time
  • Lodge a complaint with the Department of Personal Data Protection (JPDP)

7. Marketing Communications

We only send marketing or promotional emails when you have given explicit consent during signup or account settings. You can withdraw marketing consent at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Visiting /unsubscribe and entering your email
  • Updating your preferences in Account Settings
  • Contacting us directly

Withdrawing marketing consent will not affect your ability to use the service or receive transactional service emails.

8. Transactional vs Marketing Communications

We track these two types of communication separately:

Transactional: account access, usage limits, security notices, support responses, system updates. These are sent as part of service delivery.

Marketing: promotional offers, plan announcements, educational content campaigns. Only sent with your explicit consent.

9. Data Security

We use industry-standard security measures including encrypted data storage (Supabase), HTTPS, server-side API key management, and access controls. While we take reasonable precautions, no internet transmission is 100% secure.

10. Contact for Data Requests

To exercise your rights, request data access, correction, or deletion, or withdraw consent, please contact:

IOT SOLUTIONS Email: enquiry@iotsolutions.my

We will respond to data requests within 21 days as required under the PDPA.

Also see: Privacy Notice • Terms of Use

Important Disclaimer

Course Architect Workflow is an independent productivity tool by IOT SOLUTIONS. This tool is designed to expedite the course design and training material preparation process. Users are responsible for reviewing, editing, customising, and ensuring that all final content meets the latest requirements of their client, company, platform, grant body, authority, or submission process.

For Malaysian training providers and trainers: users are responsible for ensuring all final content meets the latest HRDC submission requirements where applicable. Course Architect Workflow and IOT SOLUTIONS are not affiliated with, endorsed by, approved by, certified by, or officially connected with HRDC / HRD Corp.

Course Architect

An AI-Powered Learning Design Accelerator for Trainers.
by IOT SOLUTIONS

Product

FeaturesHow It WorksPricingFAQ

Account

Start FreeLoginFeedback & SupportUnsubscribe

Legal

Privacy NoticePDPA NoticeTerms of UseRefund PolicyDisclaimer

@ 2026 IOT SOLUTIONS. All rights reserved. Course Architect Workflow is a beta product.

Not affiliated with any government agency, grant body, or certification authority.