Privacy Policy
Effective 4 July 2026 · NovaDyne Sdn Bhd complies with Malaysia’s Personal Data Protection Act 2010 (PDPA)
What we collect
Account holders: email, password (stored as a salted hash — we can never read it), business details you enter, optional tax identifiers (TIN/BRN/SST) for e-invoicing, and your WhatsApp alert number if you set one.
Free-preview users: your name and email, so we can send you the link to keep your generated site. We only add you to our follow-up list after you verify your email by clicking that link — that click is your consent, and we send at most one follow-up reminder about your draft.
Your site visitors: when someone submits a form on a customer’s site, we store that submission for the site owner. Our visitor analytics are cookie-free: published sites send a single anonymous ping per visit and we keep only daily counters — no IP addresses, no browser fingerprints, no per-visitor records.
How we use it
To operate the service (hosting, notifications, billing, e-invoicing), to send transactional email (verification, receipts, renewal reminders, weekly reports), and — only with verified consent — occasional follow-ups about your preview. We do not sell personal data.
AI processing
Site content and enquiry text are processed by Anthropic’s Claude models to generate and edit sites, translate content, and draft suggested replies. These are processed per-request and are not used by us to train models.
Service providers (subprocessors)
Cloudflare (hosting, DNS, storage, bot protection) · Anthropic (AI) · Airwallex (payments — we never see or store card numbers) · OpenSRS/Tucows (domain registration) · Pexels (stock photos) · our email delivery provider · LHDN MyInvois (statutory e-invoicing, where applicable). Each receives only what its function requires.
Retention
Account data is kept while your account is active and deleted about three months after a subscription lapses, or immediately on self-deletion — except invoices and tax records retained as required by Malaysian law. Unclaimed preview drafts are deleted within 48 hours. Nightly encrypted-at-rest backups are kept in private storage for disaster recovery.
Your rights (PDPA)
You may access, correct, or delete your personal data, and withdraw marketing consent at any time — from the dashboard (data export + account deletion are self-service) or by emailing [email protected]. Site owners are the data users for their own customers’ submissions; direct requests about a specific business’s site to that business.
Security
Transport encryption (HTTPS) everywhere, salted password hashing, session-based authentication, audited admin actions, and least-privilege API credentials. No system is perfectly secure; report concerns to [email protected].
The Sites is a product of NovaDyne Sdn Bhd, Petaling Jaya, Selangor, Malaysia. Questions: [email protected] · Terms · Privacy · Refunds · Report abuse