← Back to Home

Damaura Privacy Policy

PDPA 2010 Compliance • Apple App Store Requirements

Last updated: December 2025

At Damaura, we are committed to protecting your privacy and ensuring the responsible handling of your personal data. This Privacy Policy explains how we collect, use, store, and protect information in accordance with Malaysia's Personal Data Protection Act (PDPA) 2010 and applicable international standards.

By using Damaura, you consent to the practices described below.

1. What We Collect

We may collect the following types of data:

1.1 Personal Information

  • Name, email address, phone number (if provided)
  • Account login information
  • Device information (model, OS version, language settings)

1.2 Wellbeing & App Interaction Data

  • Reflections, journal entries, and mood logs voluntarily entered by the user
  • Preferences, goals, and selected wellbeing modules
  • Conversation inputs sent to our AI wellness assistant
  • Non-identifiable analytics (e.g., feature usage, session length)

1.3 Automatically Collected Data

  • IP address
  • App performance logs
  • Crash reports
  • Basic device analytics (non-identifying)

1.4 Sensitive Personal Data

Only if voluntarily provided by the user through:

  • Wellbeing reflections
  • Emotional self-assessments
  • General stress or mood descriptions

Important: Damaura does not collect clinical, diagnostic, or medical records.

2. Our Purpose for Collecting Data

We process your data solely for wellness and app functionality, including:

  • To provide AI-driven wellbeing conversations and reflective tools
  • To personalise your experience and track your wellbeing trends
  • To improve app safety, quality, and usability
  • To troubleshoot issues, ensure system stability, and prevent misuse
  • To send optional reminders, updates, or support messages
  • To comply with legal obligations where applicable

Damaura does not provide medical or therapeutic diagnosis. All guidance is general wellness support only.

3. How We Use AI

Damaura uses artificial intelligence to generate supportive wellbeing responses.

When you interact with the AI:

  • Your text inputs are processed securely to generate responses
  • Data may be temporarily processed by trusted AI infrastructure providers
  • Inputs may be anonymised and used to improve response accuracy

We ensure that all AI processing complies with PDPA requirements, and no data is used for marketing or profiling.

4. Third-Party Data Sharing

We do not sell or rent your personal data.

Data may be shared only in the following limited situations:

4.1 Authorised Service Providers

For secure app operations:

  • Cloud hosting & database providers
  • Analytics and error-reporting tools
  • Customer support tools
  • AI processing infrastructure

These providers must comply with strict confidentiality, PDPA standards, and data-security requirements.

4.2 When You Request It

  • If you choose to export or share data
  • If you ask for a referral to a mental-health professional

4.3 Legal Requirements

We may disclose information only when required by law, such as:

  • Imminent risk of serious harm to yourself or others
  • Court orders, subpoenas, or regulatory directives

We aim to minimise disclosure and notify users where legally permitted.

5. Data Security Measures

We use industry-standard protections, including:

  • Encrypted transmission (HTTPS/TLS)
  • Encrypted data storage
  • Secure server infrastructure with firewalls
  • Role-based access controls
  • Regular security audits and monitoring
  • Staff confidentiality training
  • Strict internal data-handling policies

No digital system can guarantee absolute security, but we take all reasonable steps to protect your information.

6. Data Retention

We retain personal data only for as long as necessary:

  • Active account: data retained for user functionality
  • Account deletion: data is removed or anonymised within 30–90 days
  • Backups: permanently removed within the standard backup retention cycle
  • Legal exceptions: extended retention only when legally required

7. Your Rights Under PDPA 2010

You may exercise the following rights at any time:

  • Right to Access – Request a copy of your data
  • Right to Correction – Fix inaccurate or incomplete data
  • Right to Withdraw Consent – Stop data processing where applicable
  • Right to Data Portability – Export your data
  • Right to Erasure – Request deletion of your personal data

To exercise your rights, contact us using the details below.

8. Children's Privacy

Damaura is intended for users aged 17 and above.

We do not knowingly collect data from individuals under 17. If such data is mistakenly collected, we will delete it promptly upon notice.

9. General Wellness Disclaimer

Damaura is a self-help and wellbeing application. We do not:

  • Provide medical or mental-health diagnosis
  • Offer clinical treatment
  • Replace licensed mental-health professionals

If you are experiencing a crisis or severe distress, please contact local emergency services or a licensed professional immediately.

10. Changes to This Privacy Policy

We may update this policy occasionally. Revisions take effect immediately once posted on this page.

We encourage you to review this policy periodically.

11. Contact Us

For questions, concerns, or requests regarding your personal data:

Email: privacy@damaura.ai

← Back to Home