← Back to Home

Privacy Policy

Aria Platform · JKY DYNASTY HOLDING SDN. BHD.

Effective Date: 22 March 2026

Your privacy matters to us.

This policy explains how Aria Platform collects, uses, stores, and protects your personal information. For details on our data protection measures, see our Data Protection Policy.

1. Information We Collect

Account Information

  • Email address
  • Business name
  • Password (stored as a secure hash, never in plain text)

Business Data

  • Customer leads (phone, name, interest, source)
  • Booking records
  • Knowledge base documents you upload

Conversation Data

  • WhatsApp and Messenger messages processed by the AI assistant
  • AI-generated responses
  • Conversation metadata (timestamps, journey stage)

Usage Data

  • Message counts and response times
  • Feature usage analytics (aggregated)
  • Login activity

2. How We Use Your Information

  • Deliver AI-powered responses to your customers via WhatsApp and Messenger
  • Automate appointment booking and calendar management
  • Generate analytics and conversion insights for your dashboard
  • Improve our AI models and service quality (using anonymised, aggregated data only)
  • Send you service notifications, billing updates, and security alerts
  • Comply with legal obligations and enforce our terms

3. Data Sharing

We do NOT sell, rent, or trade your personal data. We share data only with the following service providers who process it on our behalf:

  • Supabase — database hosting, authentication, and storage
  • Stripe — payment processing (PCI DSS Level 1 compliant)
  • Meta (WhatsApp Business API / Messenger) — message delivery
  • OpenRouter — AI model routing (queries only, no data stored)
  • Google Calendar — appointment scheduling via your own OAuth connection

4. Data Security

We implement multiple layers of security to protect your data:

  • AES-256-GCM column-level encryption for sensitive fields
  • One-way HMAC-SHA256 hashing for phone numbers in logs
  • Row-level security (RLS) ensuring tenant data isolation
  • TLS/HTTPS encryption for all data in transit
  • Supabase at-rest encryption for stored data

5. Cookies & Tracking

  • We use Supabase authentication cookies to maintain your login session
  • We do NOT use advertising cookies, tracking pixels, or third-party analytics trackers
  • No data is shared with advertising networks

6. Data Retention

  • Account data — retained while your subscription is active
  • Conversation data — archived after 30 days, purged after 12 months
  • Audit logs — retained for 7 years (regulatory requirement)
  • After account deletion — personal data deleted within 30 days

7. Your Rights

Under applicable data protection laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (subject to legal retention requirements)
  • Withdraw consent for automated processing
  • Export your data in a portable format
  • Lodge a complaint with the relevant data protection authority

8. Children’s Privacy

Aria Platform is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our platform. Continued use of the service after changes constitutes acceptance.

Related policies

Data Protection PolicyTerms of ServiceRefund Policy

Privacy questions? Email jkydynasty@gmail.com