Privacy Policy

This section explains terms used in this policy with practical cases to clarify their meaning. For example, 'processing' covers turning raw sensor readings into dashboard indicators used by building operators.

We collect data that is necessary to operate devices, maintain service quality, and improve performance through anonymized analytics. The following sections list common categories of information, real-world examples of how we use data, and scenarios illustrating retention and sharing practices.

We collect information you provide directly when you set up devices, create accounts, or contact support. Practical examples below illustrate typical entries during onboarding and support.

• Account registration details: name, company name, email address and contact phone provided when registering a device or installer account.
• Device setup information: device serial number, installation location description (e.g., '1st floor meeting room'), Wi‑Fi SSID (for connectivity) and owner-assigned device name.
• Support and maintenance records: messages, technician notes, scheduled service appointments and user-provided photos of device placement.
• Billing and purchase information: company billing address, purchase order numbers and invoice contacts when acquiring devices or services.
• Consent choices and communication preferences indicated during onboarding or in account settings.
• Feedback and survey responses where users describe scenarios such as how a device performed in a production environment or during air-quality audits.

Some information is collected automatically when devices and services operate. These automatic collections support real-world use cases like predictive maintenance and anomaly detection.

• Device telemetry: periodic sensor readings (temperature, humidity, CO2, particulate matter), device status, firmware version and uptime metrics used to detect faults and plan maintenance.
• Usage logs: timestamps of user logins, configuration changes, API calls and dashboard interactions that help troubleshoot configuration problems in client deployments.
• Connection and network metadata: IP addresses, connection duration and signal strength statistics to diagnose connectivity issues during installation in industrial settings.
• Aggregate analytics: anonymized summaries of air-quality trends across groups of devices to inform product improvements and case studies for building managers.
• Performance diagnostics: error reports and crash logs from device software used to create maintenance schedules and software updates for deployed fleets.
• Location metadata supplied by users or inferred at a coarse level for asset management (e.g., city or facility), used in scenarios such as regional compliance reporting.

We may combine user-provided and automatically collected data with third-party data to improve service accuracy. Typical third-party cases include weather feeds, building management system integrations and authorized analytics tools.

• Cloud hosting and infrastructure providers that store and process device telemetry under contract to KintaTair.
• Analytics and monitoring services used to aggregate anonymized performance metrics and deliver operational dashboards to facility managers.
• Payment processors and invoicing platforms for purchases and subscription management when clients acquire devices or services.

We use personal data to operate devices, provide support, run analytics and comply with legal obligations. Each purpose below includes an operational example or scenario.

• Provisioning and operation: enable device activation, firmware updates and secure connectivity. Example: registering a new sensor and pushing calibration profiles during commissioning.
• Customer support and maintenance: respond to support tickets, schedule service visits and maintain maintenance history for installed fleets.
• Product improvement and research: analyze anonymized telemetry to refine algorithms and optimize energy use across similar deployment scenarios.
• Security and fraud prevention: detect anomalous access patterns or tampering attempts, for instance when devices report impossible sensor values.
• Billing and order fulfillment: process purchases, manage subscriptions and deliver invoices to the billing contact provided at purchase.
• Legal and regulatory compliance: retain records required by law, respond to lawful requests and support safety audits in client facilities.
• Marketing and communications (where consented): send product updates, case studies and event invitations to users who opt in, e.g., facility managers receiving reports about air-quality improvements.
• Aggregated reporting for clients: provide building managers with anonymized trend reports showing how ventilation adjustments affected air quality over a quarter.

Where applicable, we rely on lawful bases for processing personal data. Below are primary bases aligned to common scenarios.

• Contractual necessity: processing needed to provide services under a user’s contract, such as delivering firmware updates and device management.
• Legitimate interests: processing for system security, fraud detection and product improvement, balanced against user rights and expectations.
• Consent: where required for marketing communications or optional analytics features, obtained explicitly during onboarding.
• Legal obligation: processing necessary to comply with applicable laws and governmental requests, for example retention for tax or regulatory audits.

KintaTair uses cookies and similar technologies on web portals and dashboards to enable core functionality and improve user experience. Below we describe types and management options.

We use session cookies for login, persistent cookies for preferences, and performance cookies for analytics. Example: a cookie that maintains a logged-in session for a facility manager monitoring devices.

Categories include strictly necessary cookies for account access, preference cookies for UI settings, performance cookies for usage analytics and optional marketing cookies if you consent.

You can manage cookie settings via your browser or the consent banner on our site. Disabling non-essential cookies may affect dashboard features such as saved layouts and historical visualizations.

Full cookie details are available on our Cookie Policy page.

We share data with third parties only as necessary to deliver services, support clients, or comply with law. Scenarios below show typical recipients and reasons.

• Service providers: cloud hosts, analytics platforms and payment processors that act under contract to process data on our behalf.
• Clients and authorized third parties: facility owners or managers who receive device telemetry and reports for their premises.
• Professional advisors: auditors, accountants and legal counsel when required to fulfill contractual or legal obligations.
• Regulators and law enforcement: when compelled by law or to address safety incidents in a deployment scenario.
• Acquirers: in the event of a merger, acquisition or sale of assets, subject to confidentiality and data protection commitments.
• Aggregated or anonymized datasets: shared for benchmarking and product research where individuals cannot be identified.

KintaTair operates with cloud infrastructure and partners that may process or store data in jurisdictions outside Malaysia. When transfers occur, we apply safeguards and contractual measures to protect personal data and align with applicable legal requirements.

Safeguards include standard contractual clauses, data processing agreements with subprocessors, and technical controls such as encryption in transit and at rest. Example: telemetry routed through regional cloud zones with encryption keys managed under strict access controls.

We retain data only as long as necessary for operational needs, legal obligations or as described in customer agreements. Practical retention timelines for common data types are listed below.

Account information (registration details, contact info) is retained for the duration of an active relationship plus up to 7 years after account closure to meet bookkeeping and legal requirements.

Support correspondence and maintenance logs are kept for up to 5 years to support warranty cases and service history in deployment scenarios.

System logs and diagnostics are retained for 12 months by default for incident contribute and service improvement, unless otherwise required for legal purposes.

Upon request, we will deactivate accounts and, where feasible, delete personal data subject to contractual and regulatory retention requirements. Deletion timelines depend on the data type and client contractual commitments.

We implement administrative, technical and physical measures to protect personal data. Security practices are continually reviewed and updated based on operational learnings and industry case studies, such as handling firmware vulnerabilities discovered during field audits.

• Encryption: data in transit uses TLS and sensitive data at rest is encrypted using industry-standard algorithms.
• Access controls: role-based access, multi-factor authentication for administrative accounts and least-privilege principles for subcontractors.
• Monitoring and incident response: logging, intrusion detection and an incident response plan tested with practical exercises reflecting real deployment scenarios.

Subject to local laws, users may exercise rights to access, correct, port or delete data, and to restrict or object to certain processing. Typical requests are described with examples below.

• Access: request a copy of personal data we hold, such as account details and recent support logs.
• Rectification: correct inaccurate account information or device location descriptors used for asset tracking.
• Erasure: request deletion of personal data where retention is not legally required, for example removing a personal contact from an installer account.
• Restriction: ask us to limit processing while a dispute is resolved, such as pausing analytics on a specified dataset.
• Data portability: request an export of your personal data in a commonly used format for transfer to another service provider.
• Objection: object to certain processing based on legitimate interests, for example profiling used for marketing if you no longer wish to receive such communications.
• Withdraw consent: where consent was obtained for specific uses, you can withdraw consent at any time for future processing.
• How to exercise: contact details below provide the primary channel to submit requests. We verify identity and respond within applicable statutory timeframes.

For individuals in the European Economic Area, certain GDPR provisions may apply. We provide this summary to explain how EU data protection rights relate to our services and typical compliance measures.

Although KintaTair is based in Malaysia, we may process personal data of individuals in the EEA when providing services to corporate clients or when users access our online platforms. In such cases, GDPR obligations guide processing, transfer and rights handling.

• Lawful basis and transparency: we document legal bases for processing personal data and provide clear notices for data subjects.
• Data subject rights: EEA individuals can exercise the rights listed above, such as access, correction, erasure and portability.
• Data protection safeguards: for transfers outside the EEA we use appropriate safeguards, such as standard contractual clauses and technical encryption.
• Data protection impact assessments: we conduct DPIAs for higher-risk processing activities, for example large-scale monitoring of building occupants’ movements when integrated with access control systems.

If you are located in the EEA and believe your rights under GDPR have been infringed, you may lodge a complaint with your local supervisory authority after contacting us to seek resolution.

If you want to request access to, correction of, deletion of, or restriction of processing of personal data that KintaTair holds about you, please submit a request describing the records or action you want. Example scenarios: (1) A facility manager requests a copy of device telemetry for the last 12 months to contribute an indoor air complaint; (2) A homeowner asks to remove location tags from historical device logs. For each request we will verify identity and scope before taking action. Requests may require clarifying questions and supporting documentation in practical cases where device data is shared across account administrators.

[email protected]

We aim to acknowledge receipt of privacy rights requests within 7 calendar days and to complete routine requests within 30 calendar days where feasible. Complex requests that require coordination with third-party cloud providers or longer data retention searches may take longer; in those cases we will inform you of an expected timeline and, if needed, any lawful reasons for extension. Example: retrieval of archived device logs stored under a multi-tenant agreement may require up to 60 days for full delivery following identity verification.

KintaTair may send news, product updates, case studies, and invitations to webinars that illustrate practical deployments of our intelligent climate devices and AI-powered air solutions. Example: installers receive technical bulletins on firmware updates; facility managers get quarterly case study summaries showing scenario-based optimization approaches. We only use contact channels where you have provided consent or there is an existing business relationship, and we segment communications so recipients receive content relevant to their role and use case.

To stop marketing emails, use the unsubscribe link at the bottom of any marketing message, or contact us at [email protected] to update your preferences. For account-critical messages (e.g., device alerts, billing notices) opt-out may be limited if messages are necessary for service operation. Example: a facility safety alert tied to a monitored sensor will still be delivered to account administrators even if marketing emails are unsubscribed.

Our services are designed for adult users, businesses, and building operators. We do not intentionally collect personal data from children under 16. If you believe we have collected personal data of a child in error, contact us with details so we can assess the situation and take appropriate action such as anonymization or deletion where permitted by law.

KintaTair services and documentation may link to third-party sites (for example cloud analytics partners, sensor manufacturers, or integration platforms). These links are provided to illustrate integration scenarios and do not imply endorsement. Third-party sites operate under their own privacy policies; we recommend reviewing those policies before sharing personal data. Example: a partner dashboard used for HVAC scheduling will have its own access controls and data retention terms.

We share data with third parties only as necessary to deliver services, support clients, or comply with law. Scenarios below show typical recipients and reasons.

Full cookie details are available on our Cookie Policy page.

This Privacy Policy is effective as of 03-05-2026. We may update the policy to reflect operational changes, new features, or regulatory developments. Material changes will be posted on KintaTair.link with the updated effective date and, where appropriate, notified to customers by email. Example: adding a new analytics feature that processes anonymized device telemetry would be described with practical examples of data flow and opt-out options.