Blue1.ai - B2B Lead Gen AI

Effective Date: 21 January 2026

Company: Blue1.my (ECOTEN HARDWARE TRADING)

Website / Platform: https://blue1.my

1. Introduction

ECOTEN HARDWARE TRADING (“we”, “our”, or “us”) operates the Blue1.my platform. We are committed to protecting the privacy of the data you provide and the data of leads collected through our services. This Privacy Policy explains how we collect, use, store, track, and disclose information in compliance with Malaysia’s Personal Data Protection Act 2010 (PDPA) as well as applicable international standards such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

By accessing our website or using our platform, you acknowledge and agree to the terms set forth in this Privacy Policy.

2. Data We Collect

To provide our AI lead generation, personalization, and messaging services, we collect and process the following categories of information:

Lead & Prospect Data (Public Business Info)

Data collected or compiled regarding potential business contacts on behalf of our users:

Business or professional names
Contact emails and business phone numbers
Corporate addresses and geographic locations
Public social media profiles and business descriptions
Estimated lead scores and qualification metrics

User & Account Data

Information provided directly by users when creating or managing an account:

Name, business email address, and login credentials
Billing and subscription status (processed securely through Stripe)
Outbound message templates, custom campaign parameters, and strategic briefs
Third-party integration credentials or API keys (e.g., SMTP or messaging providers)

Usage & Campaign Performance Logs

Data generated automatically through interaction with the platform:

Search queries, filters, and leads exported/generated
Log of sent emails and WhatsApp outreach (timestamps, recipients, subjects)
Message delivery events (e.g., sent, delivered, bounced, opened, clicked, replied)

Technical & Device Data

Standard server logs and metadata automatically collected for performance and security purposes:

IP addresses (used for security auditing and counting unique visitor sessions)
Browser type, system settings, and operating system information
Access dates, times, and referring URL paths

Billing Note: We do not store or process your credit card numbers on our servers. All transaction and financial information is securely transmitted to and managed by our payment processor, **Stripe**.

3. Tracking, Cookies, and Analytics Technologies

We employ standard tracking mechanisms and storage tools to enable core functionality, verify system health, and provide marketing analytics:

A. Email Tracking (Beacons & Redirects)

To provide real-time conversion rates (open rates, click-through rates, and reply statistics) on our campaign analytics dashboard, outreach emails sent through the platform may contain clear tracking pixels (beacons) and custom redirect links. These mechanisms log when an email is opened or when a link is clicked by a lead.

B. Traffic Analytics Log

Our platform uses an automated visitor logging system to monitor site performance. We log visited URL paths, timestamps, user-agent data, and IP addresses. These logs are debounced and checked to measure unique page views and identify malicious crawling or automated abuse.

C. Cookies and Storage

We utilize necessary functional cookies and local storage tokens to store secure session keys. This keeps you securely logged into your workspace and maintains your active preferences as you navigate the dashboard. You can configure your browser to reject cookies, but doing so will prevent you from logging in and utilizing the application.

4. How We Use Data

We use the processed data for the following essential business purposes:

1. Delivering Messaging Services:

Configuring and sending personalized outreach sequences (email or WhatsApp) as instructed by you.
Logging dispatch statuses to compile delivery rates and campaign success indicators.

2. Operating the Platform:

Generating and displaying interactive campaign analytics, conversion funnels, and lead scores.
Managing user profiles, subscription plans, API keys, and account settings.

3. Integrity, Security, and Compliance:

Detecting, preventing, and combating spam, malicious activities, and violations of our Acceptable Use Policy.
Complying with statutory requirements, fraud audits, and court orders.

Training Disclaimer: We do not sell lead list data to third parties. Leads searched, stored, or messaged through your account remain isolated in your database tenant. We do not use your leads' contact details or private sequence prompts to train public AI foundation models.

5. Robust Liability Disclaimers & User Responsibility

Because Blue1.my functions as a technical platform facilitating automated business-to-business communications, we enforce strict liability caps to protect our company from legal claims:

A. Messaging Compliance and Spambox Risks

Users are strictly designated as the Data Controllers of any lead lists they message, and ECOTEN HARDWARE TRADING acts strictly as the Data Processor. You are solely responsible for ensuring that all contacts on your outbound lists have been legally gathered and that your outreach complies with local and international anti-spam laws, including the CAN-SPAM Act, TCPA, GDPR, and Malaysia's PDPA.

We make absolutely no warranties that your emails will bypass spam filters, or that your domains will avoid blacklist flagging. We are not legally or civilly liable for any damages, suspensions, domain penalties, or regulatory fines you incur as a result of your cold outreach practices.

B. AI Outreach Generation Disclaimer

The AI features are intended to assist in generating drafts and personalization suggestions. They do not represent legal, financial, or professional advice. The user is strictly required to review, correct, and authorize all outgoing copy. ECOTEN HARDWARE TRADING assumes no responsibility or liability for any errors, misleading claims, copyright infractions, or offensive content generated by the AI models and transmitted through your account.

C. Complete Indemnification & Limitation of Liability

You agree to fully indemnify, defend, and hold harmless ECOTEN HARDWARE TRADING, its directors, officers, employees, and subcontractors from any and all third-party claims, liabilities, lawsuits, losses, regulatory actions, and expenses (including reasonable attorney fees) arising from your misuse of lead lists, violation of messaging regulations, or breech of these terms. In no event shall our total aggregate liability for all claims exceed the total subscription fees paid by you to us during the three (3) months preceding the event giving rise to liability.

6. Data Sharing and Third-Party Subprocessors

We do not trade, sell, or rent your personal data. To deliver the platform's features, we share data with the following trusted service providers, acting under strict data-protection agreements:

Cloud Infrastructure: Supabase / PostgreSQL (for hosting databases and secure server functions). Data may be stored on secure nodes located outside Malaysia where applicable.
Payment Gateways: Stripe (for billing, invoicing, and subscription renewals).
AI API Providers: Secure LLM API partners (such as OpenAI, Anthropic, or Google Gemini) used solely to process personalization prompts. Under API terms, these prompts are encrypted in transit and are not used to train public models.
Communication Infrastructure: Resend, Twilio, and SMTP gateways utilized to transmit your emails or WhatsApp messages.

By registering on the platform, you explicitly consent to the secure transfer and processing of your data globally where our subprocessors maintain nodes.

7. Data Retention

We retain user profiles and campaign configuration logs for as long as your account remains active. Lead logs, campaign outreach data, and page view logs are retained for **up to 12 months** from their initial entry date, or until you explicitly command deletion of the workspace, whichever occurs first.

Upon account termination or explicit request, we will securely purge or anonymize your data from active production servers, subject to any lingering statutory retention requirements (e.g., billing audits).

8. Security Measures

We implement reasonable administrative, technical, and physical safeguards to prevent accidental loss, unauthorized access, altering, or disclosure of your data. This includes secure HTTPS encryption in transit, row-level database security, and sandboxed tenant isolation.

Note: No transmission method over the internet or database storage is absolutely secure. While we strive to employ commercial-grade safety tools, you acknowledge that electronic transactions carry inherent security risks.

9. Your Global Data Rights & Access

Depending on your jurisdiction (e.g., under PDPA, GDPR, or CCPA), you and your prospects have specific rights over personal data:

Right to Access: Request details of the specific records we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete contact details.
Right to Erasure ("Right to Be Forgotten"): Request that we purge personal records from our databases.
Right to Object or Restrict Processing: Opt-out of outbound campaign flows or automated grading.

To exercise any of these statutory rights, please submit a written request to: blue1aicompany@gmail.com. We will review and respond to valid requests within the statutory timeline.

10. Changes to this Privacy Policy

We reserve the right to modify or replace this Privacy Policy at any time. Any changes will be published directly on this page with an updated "Effective Date". We encourage you to review this policy periodically to stay informed about how we safeguard your data.

11. Contact Us

If you have any questions, regulatory concerns, or complaints regarding this Privacy Policy or our PDPA compliance, please contact our support desk:

Email: blue1aicompany@gmail.com

Address: 7465, Jalan Tanjung Indah, Pusat Perniagaan Seri Tanjung, 13400 Butterworth, Penang, Malaysia.