Skip to Content
PDPA Compliance

PDPA Compliance

Aria is built to comply with Malaysia’s Personal Data Protection Act 2010 (PDPA) — your leads’ personal data is protected by default.

Encryption

All personal data — phone numbers, names, and conversation content — is encrypted at column level using AES-256-GCM. Data is encrypted at rest and in transit. Even in the unlikely event of a database breach, the raw data is unreadable without the encryption keys.

Phone Number Handling

Phone numbers are one-way hashed in all system logs. The original number is used only for message delivery and is never stored in log files. This means even internal logs cannot be used to reconstruct a lead’s phone number.

Opt-Out

Every automated follow-up message includes the line: “Reply STOP to unsubscribe.”

When a lead replies STOP:

  • The opt-out is processed immediately
  • The lead is marked as unsubscribed permanently
  • No further automated messages are sent to that number
  • The opt-out is recorded in the audit log

Opt-outs are permanent. If a lead wants to re-subscribe, they need to message you first — Aria will not send unsolicited messages to anyone who has opted out.

Audit Log

Aria retains a full audit log of all data processing activities for 7 years, as required by PDPA. The audit log records:

  • When personal data was collected
  • What consent was given
  • When messages were sent and received
  • Any opt-out requests and when they were processed

Data Isolation

Your data is completely isolated from other tenants. Aria uses Row Level Security (RLS) at the database level — every query is scoped to your tenant. There is no way for one tenant to access another tenant’s leads, conversations, or settings.

Data Export

You can request a full export of all your personal data at any time from Settings → Account → Export Data. The export includes leads, conversations, bookings, and consent records in a machine-readable format.

Data Deletion

To request deletion of all personal data, go to Settings → Account → Delete Data or email jkydynasty@gmail.com. All personal data is purged from our systems within 30 days of the request. Anonymised analytics data (counts and aggregates with no personal identifiers) may be retained.

Data deletion is irreversible. Make sure to export your data before requesting deletion.

Questions?

For any PDPA-related enquiries, contact us at jkydynasty@gmail.com or WhatsApp +60103369672.

LeadsSettings