Privacy Policy

Introduction

AIMAX is a product of Agrade Prestasi Sdn Bhd, a MDEC-certified technology company based in Malaysia. AIMAX provides a WhatsApp-based appointment confirmation and reminder system designed for dental clinics, aesthetic clinics, and medispas in Malaysia.

This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. By using AIMAX, you consent to the practices described in this policy.

Data We Collect

We collect the following categories of data to provide our services:

• Patient information: Name and phone number (in +60 format)
• Appointment details: Date, time, service type, and appointment status
• WhatsApp message content: Messages sent and received through our platform, including patient responses
• Clinic profile: Clinic name, address, contact details, and staff information
• Usage data: Dashboard interactions, feature usage analytics, and system logs

How We Use Data

Your data is used for the following purposes:

• Sending appointment reminders and confirmations via WhatsApp
• Processing patient responses to confirm, reschedule, or cancel appointments
• Providing clinic dashboard analytics and reporting
• AI-powered intent detection to understand patient responses and automate workflows
• Improving our services and user experience

WhatsApp Messaging

AIMAX sends messages through the Meta WhatsApp Business Cloud API. When messages are sent and received:

• Message IDs and delivery status (sent, delivered, read) are stored for tracking and audit purposes
• Message content is stored securely to enable appointment management workflows
• All messaging complies with the Meta WhatsApp Business Policy and WhatsApp Commerce Policy

Data Storage & Security

We take the security of your data seriously:

• All data is stored in Supabase PostgreSQL databases with encryption at rest
• Data in transit is protected via HTTPS/TLS encryption
• Row Level Security (RLS) is enforced to ensure each clinic can only access their own data
• Access controls and authentication mechanisms are in place to prevent unauthorised access

Third-Party Services

We use the following third-party services to operate AIMAX:

• Meta WhatsApp Business Cloud API — for sending and receiving WhatsApp messages
• OpenAI — for anonymised intent detection only. No patient personal data (names, phone numbers, or identifiable information) is shared with OpenAI
• Supabase — for secure database hosting and authentication

We do NOT sell, rent, or trade your personal data to any third party.

Data Retention

• Patient and appointment data is retained for 12 months from the appointment date
• Clinics may request deletion of their data at any time by contacting us
• Upon account termination, all associated data is permanently deleted within 30 days
• Anonymised, aggregated analytics data may be retained for service improvement

Your Rights Under PDPA 2010

Under the Personal Data Protection Act 2010 of Malaysia, you have the right to:

• Access your personal data held by us
• Correct any inaccurate or incomplete personal data
• Withdraw consent for the processing of your personal data
• Request deletion of your personal data
• Lodge a complaint with the Personal Data Protection Commissioner of Malaysia

To exercise any of these rights, please contact us using the details below.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify affected users of any material changes via email or through a notice on our platform. Continued use of AIMAX after such changes constitutes acceptance of the updated policy.