Privacy Policy

How we handle personal data

This policy explains what information MINA AI processes, why it is used, how it is protected, and how to contact us about your rights.

Last updated: 10 July 2026

PDPA aligned

Written for Malaysian privacy obligations and customer data handling.

Platform data

Covers website, platform, and customer conversation data processed by MINA.

21 day requests

Formal access and correction requests follow the PDPA response timeline.

Nexgentech Solutions Sdn Bhd ("Nexgentech", "we", "us", or "our") operates the MINA AI platform and the website minaai.io, including all associated applications, AI-powered services, and messaging integrations (collectively, the "Services"). We are committed to protecting the personal information of our clients, their customers, and visitors who interact with the Services in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

This Privacy Policy applies to the MINA AI platform and its features, including AI-powered customer support, appointment scheduling, payment assistance, and shipping coordination delivered through connected messaging channels currently supported by MINA AI. This policy covers data processed through our applications and services, not only our website.

By using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services.

1. Information We Collect

1.1 Personal Identification Information

We may collect personal information when you register for or use our Services, including:

  • Name, email address, phone number, and company name
  • Billing and payment information (processed securely via third-party payment providers)
  • Business details such as industry type and operational requirements

1.2 Customer Conversation Data

MINA AI processes messages exchanged between your business and your customers on connected messaging platforms. This may include:

  • Customer names and contact numbers submitted through messaging channels
  • Appointment requests, payment queries, and shipping inquiries
  • Conversation logs used to deliver AI responses and improve service quality

Our business clients ("Partners") act as data controllers for their customers' data. MINA AI processes this data on behalf of Partners in accordance with our service agreements.

1.3 Non-Personal / Technical Information

We may collect non-personal information including browser type, device type, IP address, operating system, pages visited, and usage patterns when you interact with our website or platform dashboard.

1.4 Cookies

Our website uses cookies to enhance user experience and gather analytics data. You may disable cookies in your browser settings, though some features of the website may not function correctly as a result.

2. Consent

In accordance with the PDPA 2010, we will only process your personal data with your consent, except where permitted by law. Consent may be given expressly (e.g. by agreeing to this Privacy Policy or signing a service agreement) or implicitly through continued use of the Services.

You have the right to withdraw your consent at any time by contacting us at the details provided in Section 16. Please note that withdrawal of consent may affect our ability to continue providing the Services to you. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to the withdrawal.

3. Notice and Choice

In accordance with the Notice and Choice Principle under the PDPA 2010, we will inform you of the following at or before the time of collection:

  • The types of personal data being collected
  • The purposes for which your personal data is being collected and processed
  • Your right to request access to and correction of your personal data
  • Whether your personal data will be disclosed to any third parties
  • Whether it is obligatory or voluntary for you to supply your personal data, and the consequences of failing to supply it

You may choose not to provide certain personal data, though this may limit your ability to access or use certain features of the Services.

4. How We Use Your Information

We use collected information for the following purposes:

  • To provide, operate, and improve the MINA AI platform and its features across all applications and services
  • To process and respond to customer inquiries on behalf of our business clients
  • To facilitate appointment bookings, payment coordination, and shipping updates
  • To send service-related communications, updates, and notifications
  • To monitor platform performance, detect errors, and troubleshoot technical issues
  • To comply with applicable laws and regulations in Malaysia, including the PDPA 2010
  • To protect the security and integrity of our platform and users
  • To conduct analytics to understand how our Services are used and how to improve them

We will not use your personal data for any purpose other than those stated above without first obtaining your consent.

5. Sensitive Personal Data

Under the PDPA 2010, certain categories of data are classified as sensitive personal data, including physical or mental health information, political opinions, religious beliefs, and biometric data. MINA AI does not intentionally collect sensitive personal data as part of its core Services.

If sensitive personal data is incidentally shared by a user or customer through a conversation on the platform, we will treat such data with a higher standard of care and will not process it beyond what is strictly necessary to deliver the Services. Explicit consent will be sought where required by law.

6. Sharing Your Information

6.1 With Service Providers

We do not sell your personal information. We share data only as necessary to deliver our Services, including with:

  • Messaging platform providers (e.g. Meta for WhatsApp Business integrations) to route conversations
  • Payment service providers for transaction processing
  • Cloud infrastructure and hosting providers that support platform operations

All third-party service providers are contractually obligated to protect your data and use it only for the purposes specified, consistent with the Disclosure Principle under the PDPA 2010.

6.2 Legal Compliance

We may disclose your information where required by law or in response to valid legal processes, including requests from Malaysian regulatory authorities such as the Department of Personal Data Protection (JPDP), or where disclosure is necessary to protect the rights, safety, or property of Nexgentech, our clients, or the public.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users via email or a prominent notice on our website before such a transfer takes effect.

7. Data Integrity

In accordance with the Data Integrity Principle under the PDPA 2010, we take reasonable steps to ensure that the personal data we process is accurate, complete, not misleading, and kept up to date. We rely on you to provide accurate information and to notify us of any changes to your personal data.

If you believe that any personal data we hold about you is inaccurate or incomplete, you may submit a correction request to us using the contact details in Section 16.

8. Data Security

In accordance with the Security Principle under the PDPA 2010, we take appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, disclosure, alteration, or destruction. This includes:

  • SSL/TLS encryption for all data transmitted through our platform
  • Restricted access controls for internal team members
  • Regular security monitoring and vulnerability assessments

For Google user data, including Google OAuth access tokens and refresh tokens, MINA AI applies additional safeguards. Google OAuth tokens are encrypted at rest, transmitted only over secure HTTPS connections, and protected through database encryption, role-based access controls, limited staff access, audit logging, and secure secrets management.

While we implement strong security practices, no method of data transmission over the internet is completely secure. You transmit information at your own risk, and we cannot guarantee absolute security. In the event of a data breach that is likely to affect your rights and interests, we will notify you and the relevant authorities as required under applicable law.

9. Data Retention and Deletion

In accordance with the Retention Principle under the PDPA 2010, we will not retain personal data longer than is necessary for the fulfillment of the purposes for which it was collected, or as required by law.

We will delete or permanently anonymise your personal data without undue delay in the following circumstances:

  • Upon your written request for deletion submitted to us via the contact details in Section 16
  • Upon closure or termination of your account with us
  • Upon the termination of a business client's service agreement, in respect of their customers' data processed through MINA AI
  • When the data is no longer required for the purpose for which it was collected and no legal retention obligation applies

For Google Calendar integrations, OAuth access tokens and refresh tokens are deleted immediately when a user disconnects Google Calendar. Google event IDs associated with the disconnected integration are also deleted. CRM appointment records may remain available in MINA AI for business recordkeeping and appointment history, and Google Meet links may remain attached to those retained appointment records. Upon account deletion or a valid deletion request, Google user data stored by MINA AI will be deleted within 30 days unless a longer retention period is required by law.

Where data has been shared with third-party service providers, we will take reasonable steps to ensure those providers also delete the relevant data in accordance with our contractual agreements with them. Once personal data is no longer required, it will be destroyed or permanently deleted in a secure manner.

10. Your Rights

Under the PDPA 2010, you have the following rights in relation to your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you
  • Right to Correction: You may request that inaccurate, incomplete, or outdated personal data be corrected
  • Right to Withdraw Consent: You may withdraw consent to the processing of your personal data at any time
  • Right to Limit Processing: You may request that we limit the processing of your personal data in certain circumstances
  • Right to Deletion: You may request deletion of your personal data, subject to any applicable legal retention requirements
  • Right to Complain: You may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) if you believe your rights under the PDPA have been violated

To exercise any of these rights, please submit a written request to us at the contact details in Section 16. We will respond within 21 days as required under the PDPA 2010. A processing fee may apply for access requests as permitted by law.

11. Children's Privacy

MINA AI Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will take steps to remove such information promptly.

12. Google User Data and Google Calendar Integration

MINA AI allows authorized business users to connect their Google account to enable Google Calendar appointment scheduling, availability checking, calendar synchronization, and Google Meet link generation.

Google Calendar Access

When you connect your Google account, MINA AI requests the following scopes:

  • openid
  • email
  • https://www.googleapis.com/auth/calendar.events
  • What we access: your basic Google account identity (email address) and read/write access to events on your Google Calendar.
  • How we use it: solely to create, update, and cancel calendar events on your own connected calendar that mirror appointments booked in MINA AI, and to display your calendar events within the MINA AI dashboard. We do not access the calendars of any other person.
  • What we don't do: we do not sell or share Google user data. It is not transferred to advertisers, data brokers, or any third-party AI provider.
  • Revoking access & deletion: you can disconnect Google Calendar at any time from your settings, which revokes our access and deletes the stored tokens. You may also revoke access via your Google Account permissions page.

When a user connects Google Calendar, MINA AI may access, process, and store Google user data that is necessary to provide these scheduling features. This may include:

  • Google Calendar IDs and calendar list information
  • Calendar availability and existing calendar events
  • Calendar event IDs
  • Event titles, descriptions, locations, start times, and end times
  • Appointment attendees, including customer or attendee names and email addresses
  • Google Meet conference details and meeting links
  • Current and historical calendar event information required for availability checking, appointment synchronization, and appointment record continuity
  • OAuth access tokens and refresh tokens required to maintain the Google Calendar connection

MINA AI uses Google Calendar data only to provide user-facing scheduling functionality within the platform. Specifically, we use Google Calendar data to:

  • Check calendar availability and help prevent double-booking
  • Create appointment events in the connected Google Calendar
  • Update or reschedule appointment events when appointments are changed in MINA AI
  • Cancel or delete appointment events when appointments are cancelled in MINA AI
  • Generate Google Meet links for appointments when this feature is enabled
  • Synchronize appointment changes made in Google Calendar back into MINA AI
  • Display appointment and scheduling information inside the MINA AI dashboard
  • Maintain appointment records for business continuity, support, troubleshooting, security, and audit purposes

MINA AI does not use Google Calendar data for advertising, retargeting, personalized advertising, credit scoring, lending, data brokerage, or sale to third parties.

OAuth access tokens and refresh tokens are stored in MINA AI's backend database and are encrypted at rest. Google Calendar data stored by MINA AI is protected using HTTPS, database encryption, role-based access controls, limited staff access, audit logs, and secure secrets management practices.

When a user disconnects Google Calendar from MINA AI, OAuth tokens are deleted immediately and future Google Calendar synchronization stops. Google event IDs linked to the disconnected integration are deleted. Existing CRM appointment records are retained in MINA AI so that the business can continue to view its appointment history. Google Meet links may remain attached to retained CRM appointment records unless the user deletes the relevant appointment records or requests account/data deletion.

When a user deletes their MINA AI account or requests deletion of their Google user data, Google user data stored by MINA AI will be deleted within 30 days, unless retention is required by law or necessary for legitimate business recordkeeping obligations.

MINA AI does not transfer Google Calendar data to AI model providers, advertising platforms, data brokers, information resellers, or unrelated third parties. Google Calendar data is processed through MINA AI's own backend and database systems and may be processed by infrastructure service providers solely as necessary to operate, secure, and maintain the platform.

Human access to Google Calendar data is limited to authorized personnel and only where necessary for support, troubleshooting, security, legal compliance, or with the user's consent.

Limited Use of Google User Data

MINA AI's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Google user data is used only to provide or improve user-facing features that are prominent in the MINA AI interface, and is not used for serving advertisements, not sold, and not transferred to others except as necessary to provide the service, comply with law, or as part of a merger with your consent.

AI/ML and Google User Data

MINA AI uses a third-party AI provider (OpenAI) to power its automated messaging assistant. Google user data obtained through Google APIs — including Google Calendar events and your Google account information — is never sent to, processed by, or accessible to this AI provider. Our AI features operate only on your own business data (such as your service catalogue and appointment records) and end-customer chat messages.

Google user data is not used to develop, improve, or train any generalized or individualized AI/ML model, and is not shared with any AI provider for training purposes.

13. Third-Party Platforms

MINA AI integrates with third-party messaging platforms where enabled, currently including WhatsApp Business. Your use of those platforms is also subject to their respective privacy policies. We are not responsible for the data practices of these third parties.

Links to third-party websites on our platform are provided for convenience only. We do not control those sites and are not responsible for their content or privacy practices.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we do, we will revise the "Last updated" date at the top of this page. For significant changes, we will notify registered users via email or through the platform dashboard.

Your continued use of the Services after any changes constitutes your acceptance of the updated Privacy Policy.

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Malaysia, including the Personal Data Protection Act 2010 (Act 709). Any disputes arising in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Malaysia.

For matters relating to personal data protection, you may also contact the Department of Personal Data Protection Malaysia (JPDP) at www.pdp.gov.my.

16. Contact Us

If you have any questions, concerns, access requests, or correction requests regarding this Privacy Policy or your personal data, please contact our designated Personal Data Officer:

Nexgentech Solutions Sdn Bhd

Platform: MINA AI (minaai.io)

Country: Malaysia

Email: [email protected]

We will endeavour to respond to all enquiries within 5 business days, and to all formal data access or correction requests within 21 days as required under the PDPA 2010.