EIAAW SalesAgent is a sales automation platform. This policy explains what we collect, why, who processes it, how long we keep it, and the rights you have over your data.
"EIAAW SalesAgent" (the "Service") is operated by EIAAW Solutions, a Malaysia-based company ("we", "us", "our"). We are the data controller for personal data of account holders and visitors to our public sites, and a data processor for personal data of prospects and leads that our customers upload or generate within the Service.
Contact for privacy matters: [email protected].
When you create an account, we collect: username, email address, a bcrypt hash of your password (never the password itself), display name, role, plan, budget settings, and email verification status.
We issue opaque bearer tokens (32-byte random hex) with a 24-hour absolute expiry and a 30-minute idle timeout. We record the token, its expiry, and last-activity timestamp. We do not use third-party analytics cookies.
When you add a lead manually, via import, or via our lead-generation tools, we store: name, email, company, title, phone, source, notes, a lead score, a pipeline status, and activity history.
For every email or voice interaction, we store the message content, delivery status, open/click timestamps, and for voice calls a transcript preview (capped at 500 characters) plus AI-generated sentiment. Full audio recordings are retained by our voice provider subject to their terms (see §6).
When you submit our public contact form we collect the fields you provide (name, email, phone, company, message) and use them solely to respond to your enquiry.
Subscription and payment data is processed by Stripe. We store a Stripe customer ID, plan identifier, and invoice history. We do not store card numbers, CVVs, or bank credentials.
We log per-account counters for leads created, campaigns sent, AI actions, voice calls, and token-level AI cost (model, input/output tokens, USD cost). These are used for billing, quota enforcement, and service reliability.
We do not sell personal data. We do not ourselves use your content or your leads' data to train AI models. When we send data to our AI sub-processor (Anthropic) to generate an output, the data is processed under Anthropic's API terms — as at the effective date of this policy, those terms state that API inputs are not used to train Anthropic's foundation models. If that policy changes we will update this notice.
Where GDPR applies, we rely on:
Under Malaysia's Personal Data Protection Act 2010 (PDPA), processing is carried out under the Personal Data Notice and Choice Principle as set out in this policy.
The Service uses Anthropic's Claude API to generate lead scores, qualification summaries, outreach content, and pipeline analysis. When you trigger an AI action, we send relevant context (the lead or campaign record, your instruction, and limited conversation history) to Anthropic. Anthropic processes this under their published API terms (see anthropic.com/legal).
AI outputs are suggestions, not decisions. Every email, sequence, voice script, and status change requires human approval unless you explicitly enable automation for a specific workflow. You can review or override every AI output.
We engage the following sub-processors. Each is contractually bound to process data only on our instructions and maintain appropriate security.
| Processor | Purpose | Data processed | Location |
|---|---|---|---|
| Anthropic (Claude API) | AI generation & scoring | Lead/campaign context, prompts, outputs, token counts | United States |
| Retell AI | AI voice calling & transcription | Phone numbers, call audio, transcripts, sentiment | United States |
| Resend | Transactional & outreach email delivery | Sender, recipient, subject, body, delivery events | United States |
| Gmail SMTP | Email fallback (opt-in) | Outbound email envelope & content | Google infrastructure |
| Stripe | Payment processing | Name, email, billing address, card data (tokenised) | United States / Singapore |
| Railway | Application hosting | All application data at rest & in transit | United States (US-West region) |
Outreach emails sent through the Service include a 1×1 tracking pixel and wrapped links so that opens, clicks, and bounces can be attributed to a lead. Open and click events increment the lead's engagement score. Tracking applies to outbound outreach, not to transactional mail (password resets, receipts).
Voice calls initiated by you are announced to the recipient (via our AI agent's greeting) as being an AI-assisted call. Call audio is processed by Retell; transcripts are stored in the Service.
Our public site does not set tracking cookies. Session is held in an Authorization header bearer token rather than a cookie; the token is scoped to the authenticated application at /app.
You can request full account deletion at any time (§10). Backups are overwritten on a 30-day rolling cycle.
Because our sub-processors are primarily in the United States, personal data leaves Malaysia and may leave the EEA. Transfers are made under the sub-processor's Standard Contractual Clauses or equivalent safeguards. By using the Service you acknowledge these transfers.
Depending on your jurisdiction, you have the right to:
To exercise any right, email [email protected]. We respond within 30 days.
We protect your data with: TLS 1.2+ in transit; bcrypt (10 rounds) for password hashing; opaque bearer tokens with idle timeout; HTTPS-only cookies where used; Helmet-hardened security headers including CSP; CORS origin allow-list; per-route rate limiting (120 req/min general, 10/15min for login, 10/min for AI, 3/min for outbound email). See our Security & Compliance page for the full posture.
The Service is not directed to individuals under 18. We do not knowingly collect data from minors. If you believe we hold data of a minor, contact us and we will delete it.
We may update this policy to reflect product, legal, or regulatory changes. Material changes will be notified to account holders by email at least 14 days before they take effect. The "Effective" date at the top of this page always reflects the current version.
Privacy enquiries, rights requests, and complaints:
EIAAW SOLUTIONS (SSM Reg. No. 202603133419 / CT0164540-H)
Kuala Lumpur, Malaysia
Email: [email protected]