Swimiss Academy

Swimiss Mobile App

Privacy Policy

Effective 17 May 2026

This Privacy Policy describes how Swimiss Academy ("Swimiss", "we", "our", "us") collects, uses, and protects information when you use the Swimiss mobile app for iOS and Android (the "App"). This policy applies only to the App. Use of the Swimiss website is governed by the privacy notice on that site.

1. Who we are

Swimiss Academy is a freediving and aquatic training school based in Selangor, Malaysia. If you have questions about this policy or your data, contact us at hello@swimiss.com.my.

2. Information we collect

We collect only what we need to run your training with us.

2.1 Information you give us

  • Account details: email address, first and last name, phone number, and password (stored as an argon2id hash, never in plain text).
  • Student profile: emergency contact, date of birth, medical clearance notes, and other safety information you provide for in-water activities.
  • Training entries: personal performance entries you log (for example, depth, time, discipline).

2.2 Information generated by your use of the App

  • Enrollment and booking history: the courses you enroll in, sessions you book, attendance, and credit balance.
  • Instructor feedback: ratings, comments, and skill assessments your instructor records for you.
  • Technical data: app version, device platform (iOS or Android), operating system version, and request logs such as IP address and timestamps. These are used to operate the service and diagnose issues.

2.3 What we do not collect

  • We do not collect precise location data.
  • We do not use the camera, microphone, contacts, calendar, or photo library.
  • We do not request biometric data (Face ID or fingerprint).
  • We do not collect payment card details. The App does not process payments. When a booking or enrollment needs payment, you complete it on the Swimiss website.
  • We do not run third party advertising or tracking SDKs in the App.

3. How we use your information

  • To create and manage your account and authenticate you.
  • To deliver the services you ask for: enrollments, sessions, bookings, journey, performance log, instructor feedback.
  • To send transactional emails: magic link sign in, set or reset password, enrollment confirmation, booking payment instructions, payment received, session cancellation, and similar.
  • To keep accounting and audit records as required by Malaysian law and our internal controls.
  • To investigate misuse, debug errors, and improve safety.

We do not sell your personal information. We do not use it for advertising.

4. Legal basis (Malaysia PDPA)

We process your data under the Personal Data Protection Act 2010 (Malaysia). The bases we rely on are: your consent when you create an account and provide profile information; performance of the services you book with us; and our legitimate interests in operating the school safely and keeping financial records.

5. Sharing

We share your information only with the parties needed to deliver the service:

  • Hosting and email providers that run our servers and deliver transactional email on our behalf, under contract and bound to confidentiality.
  • Apple and Google, when you download or update the App. Their privacy notices apply to information they collect through their app stores.
  • Authorities, when required by Malaysian law, court order, or to protect safety.

We do not share your data with advertisers, data brokers, or analytics platforms that build user profiles.

6. Where your data is stored

Your data is stored on servers operated for Swimiss. Servers may be located outside Malaysia. Where that happens, we apply reasonable safeguards consistent with the PDPA.

7. How long we keep your data

  • Account profile: for as long as your account is active.
  • Enrollment, booking, payment, and credit ledger records: retained for at least 7 years after the related transaction, in line with Malaysian tax and accounting requirements.
  • Instructor feedback and training entries:retained as part of your training history.
  • Server logs: typically 90 days, longer if a security incident is under investigation.

8. Account deletion

You can delete your account from inside the App. Open the profile screen, tap "Delete my account", and confirm. Once deleted:

  • You can no longer sign in on the App or the website. All active sessions and refresh tokens are revoked.
  • Your profile is marked as deleted and is no longer visible to instructors or staff for normal operations.
  • Records tied to financial transactions (enrollments, payments, the credit ledger) are retained for accounting and audit purposes as set out in section 7. They are not used for any other purpose.

If you would like your retained data erased to the fullest extent we can, email hello@swimiss.com.my from the address on your account. We will respond within 30 days.

9. Your rights

Under the PDPA you may:

  • Access the personal data we hold about you.
  • Correct any data that is inaccurate or incomplete. Most fields can be edited from the profile screen; for anything else, contact us.
  • Withdraw consent for processing where consent is the basis. We will explain any impact on the services you can use.
  • Ask us to delete your account (see section 8).
  • Lodge a complaint with the Personal Data Protection Commissioner of Malaysia.

10. Security

  • Passwords are hashed with argon2id. We never see your plain text password.
  • Authentication tokens are short lived. Long lived refresh tokens are stored on your device in iOS Keychain or Android Keystore.
  • All communication between the App and our servers uses HTTPS.
  • We rate limit sign in, password reset, and similar endpoints to reduce abuse.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the relevant authority in line with our legal obligations.

11. Children

The App is intended for users aged 13 and over. Students under 18 may use the App with the consent of a parent or legal guardian. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us and we will remove it.

12. Changes to this policy

We may update this policy as the App evolves. The effective date at the top of this page shows the latest version. Material changes will be notified in App or by email before they take effect.

13. Contact

Swimiss Academy, Selangor, Malaysia.
Email: hello@swimiss.com.my
WhatsApp: +60 12-345 6789

Back to mobile appTerms of Service