This policy explains what data AI Consensus Index collects when you visit this site, how it is used, who it is shared with, and what rights you have. We have written it to be readable, not to obscure what we actually do.
We do not collect your name, email address, or any personally identifiable information simply by visiting this site. We do not run advertising. We do not sell data. The only data we collect is standard web traffic analytics (via Cloudflare) and, if you email us, the contents of that email. That is it.
AI Consensus Index is an independent HR technology research publication operated from Kuala Lumpur, Malaysia. For the purposes of this policy, we are the data controller in respect of any personal data processed through this site.
We can be reached at contact@aiconsensusindex.com for any privacy-related enquiries.
We collect the minimum data necessary to operate the site and respond to legitimate enquiries. The table below summarises everything we collect, the legal basis for processing it, and how long we keep it.
| Data Type | How Collected | Purpose | Legal Basis |
|---|---|---|---|
| Web traffic data IP address (anonymised), browser type, pages visited, referrer URL, visit duration |
Automatically via Cloudflare infrastructure | Understand site performance, identify errors, measure traffic sources | Legitimate interest |
| Dark mode preference A single value ("1" or "0") stored in your browser |
Set locally by JavaScript when you toggle dark mode | Remember your display preference across visits | Legitimate interest / functional necessity |
| Email correspondence Your email address and message content |
Only when you email us directly | Respond to corrections, vendor enquiries, and media requests | Contract / legitimate interest |
| Affiliate referral data Click event and referral parameter (e.g. ?via=aiconsensusindex) |
When you click an affiliate link to a vendor site | Attribution of referrals for commission tracking — processed by the vendor's affiliate platform, not by us | Legitimate interest / consent via continued navigation |
We do not collect your name, postal address, phone number, payment information, or any sensitive personal data. We do not require account registration. We do not use advertising networks, retargeting pixels, or social media tracking scripts on this site.
This site does not use advertising cookies, tracking cookies, or third-party analytics cookies. The only browser storage this site uses is a single localStorage key called darkMode, which stores your display preference as a value of "1" (dark) or "0" (light).
This value:
Cloudflare, which provides our hosting and network infrastructure, may set its own cookies for security and performance purposes (such as bot detection). These are governed by Cloudflare's Privacy Policy and are outside our direct control. They do not identify you personally and are not used for advertising.
Because we do not use advertising cookies, analytics cookies, or any non-essential tracking, we do not display a cookie consent banner. If our data practices change in a way that requires consent, we will implement an appropriate consent mechanism before making that change.
Some links on this site are affiliate links. When you click an affiliate link, a referral parameter is appended to the destination URL (for example, ?via=aiconsensusindex or ?fpr=aiconsensusindex). This parameter is used by the vendor's affiliate tracking platform to attribute the referral to our publication.
What this means for your privacy:
Our current affiliate relationships are fully documented on our Affiliate Disclaimer page.
We use a small number of third-party services to operate this site. Each is listed below with a description of what data they process and a link to their own privacy documentation.
We do not use Google Analytics, Meta Pixel, HubSpot, Intercom, Hotjar, or any other third-party analytics, CRM, or advertising platform on this site.
We retain different categories of data for different periods based on operational need:
When data is no longer required for the purpose for which it was collected, we delete or anonymise it.
We do not sell, rent, or trade personal data. We do not share personal data with third parties for marketing purposes. Personal data is shared only in the following limited circumstances:
Because we use Cloudflare's global network, your connection data may be processed on servers located outside Malaysia, including in the European Economic Area, the United States, and the Asia-Pacific region. Cloudflare maintains Standard Contractual Clauses and other transfer mechanisms for cross-border data flows.
Depending on your location, you may have the following rights in relation to personal data we hold about you. These rights apply most directly to email correspondence, as that is the primary context in which we hold identifiable personal data.
To exercise any of these rights, contact us at contact@aiconsensusindex.com. We will respond within 30 days. We may ask you to verify your identity before processing a request.
This policy is designed to be consistent with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Malaysian Personal Data Protection Act 2010 (PDPA). Residents of India, the UAE, Saudi Arabia, Singapore, South Africa, Nigeria, and other jurisdictions with applicable data protection laws will find jurisdiction-specific information in Section 8a (Regional Addendum) below. If you are an EU resident and believe your rights have not been respected, you have the right to lodge a complaint with your local data protection authority. Malaysian residents may refer complaints to the Department of Personal Data Protection (JPDP).
This site is operated from Malaysia and is accessed by visitors across Asia-Pacific, South Asia, the Middle East, and Africa. The following addendum sets out how this policy applies to residents of specific jurisdictions. In all cases, the data we actually collect remains as described in Section 2 — this addendum addresses your local rights and applicable supervisory bodies only.
The DPDPA 2023 applies to the processing of digital personal data of individuals located in India. Under this Act, AI Consensus Index acts as a Data Fiduciary in respect of any personal data of Indian residents we process (primarily inbound email correspondence as described in Section 2).
Indian residents have the right to: obtain information about personal data being processed; correct inaccurate or incomplete data; erasure of data no longer necessary for the purpose for which it was collected; and grievance redressal. To exercise these rights, or to raise a grievance, contact us at contact@aiconsensusindex.com. We will respond within 30 days. If your grievance is not resolved to your satisfaction, you may escalate to the Data Protection Board of India once it is constituted under the Act.
We do not transfer personal data of Indian residents outside India except where permitted under the DPDPA and its applicable rules. Given that we collect only minimal personal data (email correspondence), cross-border transfers are limited to our email infrastructure and Cloudflare's network as described in Section 7.
The UAE PDPL applies to the processing of personal data of individuals in the UAE. Under this law, UAE residents have the right to access personal data we hold about them, request correction, request erasure, and object to processing. To exercise these rights, contact us at contact@aiconsensusindex.com. Complaints may be escalated to the UAE Data Office (tdra.gov.ae).
We do not conduct automated decision-making or profiling of UAE residents. We do not transfer personal data of UAE residents to third countries except via our infrastructure providers (Cloudflare) which maintain appropriate cross-border transfer safeguards.
Saudi Arabia's Personal Data Protection Law (enforced by the Saudi Data and Artificial Intelligence Authority — SDAIA) applies to processing of personal data of individuals in the Kingdom. Residents of Saudi Arabia have the right to access, correct, and request deletion of personal data we hold. They also have the right to object to processing and to withdraw consent where consent is the legal basis. Contact us at contact@aiconsensusindex.com to exercise these rights. Complaints may be directed to SDAIA (sdaia.gov.sa).
The Singapore PDPA applies to the collection, use, and disclosure of personal data of individuals in Singapore. Under the PDPA, we are required to obtain consent before collecting personal data, inform individuals of the purposes of collection, and allow individuals to withdraw consent and access or correct their data.
Given that we do not collect personal data from Singapore residents simply through site visits (no tracking, no forms, no account registration), consent obligations are primarily relevant to inbound email correspondence. If you have emailed us and wish to withdraw consent for us to retain your correspondence, contact us at contact@aiconsensusindex.com and we will delete it. Complaints may be directed to the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.
Note on affiliate links: Manatal is a Singapore-incorporated entity. When you click the Manatal affiliate link, you are directed to Manatal's website and their own privacy and data practices apply from that point, governed by their compliance with Singapore PDPA.
POPIA applies to the processing of personal information of data subjects in South Africa. Under POPIA, South African residents (data subjects) have the right to: be notified when personal information is collected; access personal information held about them; request correction or deletion; object to the processing of personal information; and lodge a complaint with the regulator.
We process personal information of South African residents only where it is collected through inbound email correspondence. We do not use personal information for purposes other than those described in Section 2. To exercise your rights under POPIA, contact us at contact@aiconsensusindex.com. Complaints may be submitted to the Information Regulator (South Africa) at inforegulator.org.za.
The NDPR (issued by NITDA) and the subsequent NDPA 2023 apply to the processing of personal data of Nigerian residents. Under these frameworks, Nigerian residents have the right to access, rectify, and erase personal data held about them, and to lodge complaints with the Nigeria Data Protection Commission (NDPC).
We do not engage in large-scale processing of personal data of Nigerian residents. Any personal data collected through email correspondence is processed only as described in Section 2 and retained only as described in Section 6. To exercise your rights, contact contact@aiconsensusindex.com. Complaints may be directed to the NDPC at ndpc.gov.ng.
Residents of the Philippines (Data Privacy Act 2012 — NPC), Thailand (PDPA B.E. 2562 — PDPC Thailand), Indonesia (Personal Data Protection Law 2022 — Kominfo), and Vietnam (Decree 13/2023 — MPS) may also have rights in respect of personal data we hold. The data we collect from residents of these countries is limited to email correspondence and Cloudflare connection data as described in Section 2. To exercise any data subject rights under your applicable local law, contact us at contact@aiconsensusindex.com and reference your jurisdiction.
This site is intended for business professionals and is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this policy from time to time to reflect changes in our data practices, applicable law, or the services we use. Material changes — particularly any that expand the categories of data we collect or introduce new third-party sharing — will be reflected in an updated "Effective" date at the top of this page.
We will not provide individual notice of routine policy updates. We recommend reviewing this page periodically. Your continued use of the site after a policy update constitutes acceptance of the revised terms.
If we introduce third-party analytics, advertising networks, or any form of behavioural tracking in the future, we will update this policy, implement an appropriate consent mechanism, and update the "Effective" date before deploying those changes. We will not backdate consent.
For any privacy-related questions, data subject requests, or complaints about how we handle personal data, please contact us:
We aim to respond to all privacy enquiries within 30 days. If you are not satisfied with our response, you have the right to escalate your complaint to the relevant supervisory authority in your jurisdiction.