Privacy Policy

Privacy Policy

Effective date: March 22, 2026

This Privacy Policy explains how Zehoe Solutions (M) Sdn Bhd (“AliveToday,” “we,” “us,” or “our”) collects, uses, discloses, stores, and otherwise processes personal information in connection with AliveToday.app, including our website, web application, any related mobile application we make available, and related communications (collectively, the “Service”).

1. Scope of This Policy

This Privacy Policy applies to personal information we collect from:

1. account holders and prospective users of the Service;
2. recipients identified by users in connection with stored or delivered messages;
3. people who contact us for support or other inquiries;
4. people who interact with our website, web application, and service communications.

This Privacy Policy does not apply to third-party websites, services, or platforms that we do not own or control, even if they are linked to or accessible through the Service.

In this Privacy Policy, account-holder information generally means information we collect from or about the person who registers for or uses the Service. Recipient information generally means information an account holder provides about another person so the Service can store recipient relationships, send recipient notices if enabled, and release a message if the Service is triggered.

2. Information We Collect

We may collect some information directly from you, some automatically when the Service is used, and some from account holders, payment processors, and other service providers. The categories of personal information we may collect include the following:

A. Account and profile information

• name
• email address
• login and account-identification information
• account preferences and settings

B. Message and content information

• message text and related content you create or save
• attachments and files you upload
• message settings, delivery preferences, and private-mode choices

C. Recipient information

• recipient names
• recipient email addresses
• message-to-recipient relationship data and delivery settings
• information necessary to deliver recipient notices or released messages

D. Billing and transaction information

• subscription and plan information
• payment status and transaction-related records
• limited billing metadata received from payment processors such as Stripe

We do not intend to store full payment-card numbers ourselves when payments are handled by third-party processors.

E. Technical, device, and usage information

• IP address
• browser and device information
• device, application, server, and security logs
• timestamps, access history, and operational events such as check-ins, message saves, delivery activity, delivery-link access, and support interactions

F. Communications information

• emails and messages you send to us
• support requests and related correspondence

3. How We Use Personal Information

We use personal information for the purposes described below. Depending on the context and applicable law, we generally rely on one or more of the following justifications: providing the Service you request, carrying out instructions associated with the Service, pursuing our legitimate interests in operating and securing the Service, complying with legal obligations, and, where required, obtaining consent.

We may use personal information to:

1. create, authenticate, administer, and secure accounts;
2. host, save, manage, and display messages, settings, and attachments;
3. process recipient information and carry out recipient notices, check-ins, and message delivery workflows;
4. process subscriptions, billing events, renewals, cancellations, and payment-related issues;
5. provide support, respond to inquiries, and communicate with you about the Service;
6. monitor, maintain, secure, troubleshoot, and improve the Service;
7. detect, prevent, investigate, and respond to abuse, fraud, security incidents, or violations of our Terms;
8. comply with legal obligations, enforce our agreements, and protect our rights, users, recipients, and service providers.

We do not use personal information for behavioral advertising based on cross-site tracking. If that changes, we will update this Privacy Policy and provide any additional notice or consent required by law.

4. How We Share Personal Information

We may disclose personal information in the following circumstances:

A. With service providers and processors

We may share information with vendors and processors that help us operate the Service. The categories below are illustrative, not exhaustive, because providers may change over time:

• Stripe for payment processing and subscription-related services;
• Supabase for database, backend, authentication, or storage-related services;
• email-delivery providers that send check-in, billing, support, recipient-notice, or delivery emails;
• cloud hosting, infrastructure, and CDN providers that help us operate, secure, and deliver the Service.

We may also share information with professional advisors, contractors, and other service providers that support security, fraud prevention, customer support, compliance, or operational administration.

B. With recipients and as directed by users

We may disclose message-related and recipient-related information when necessary to carry out the Service functionality selected by an account holder, including recipient notices and released-message delivery.

C. For legal, security, and protection purposes

We may disclose information when reasonably necessary to:

1. comply with applicable law, lawful requests, court orders, or regulatory obligations;
2. enforce our Terms or other agreements;
3. detect, prevent, or address fraud, abuse, security incidents, or technical issues;
4. protect the rights, property, safety, or security of AliveToday, users, recipients, service providers, or the public.

D. Business transactions

We may disclose information in connection with a merger, acquisition, financing, reorganization, sale of assets, insolvency event, or similar business transaction.

5. Recipient Information

Most recipient information is provided to us by account holders, not collected directly from recipients. We use recipient information to store message relationships, send recipient notices when enabled, deliver messages when triggered, secure delivery access, maintain delivery records, and respond to related support, legal, or abuse issues.

We may also collect limited information directly from recipients if they interact with a delivery email or secure access link, contact us, or otherwise communicate with us about a delivered message.

If you provide recipient information, you are responsible for ensuring you have an appropriate basis to provide that information to us for the purposes described in this Privacy Policy and our Terms.

6. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to operate the Service, maintain history features, meet legal obligations, resolve disputes, enforce agreements, detect abuse, and preserve security and backup records.

Retention periods may vary depending on the type of information, the account or message status, legal requirements, technical constraints, and whether the information is needed for active or historical service functions. In general:

1. account, profile, and subscription records are retained while an account is active and for a reasonable period afterward for support, compliance, fraud prevention, and dispute handling;
2. message content, recipient relationships, soft-delete records, and delivered-message history may be retained for active functionality, read-only history, operational integrity, legal compliance, backups, and dispute resolution;
3. payment, invoicing, and tax-related records may be retained for financial recordkeeping and audit purposes;
4. security logs, access logs, and diagnostic records are typically retained for shorter operational periods unless we need them longer for security, abuse prevention, or legal reasons;
5. backup and archival copies may remain for a period of time until they are overwritten or securely deleted in the ordinary course.

7. Cookies and Similar Technologies

We may use strictly necessary cookies, local storage, session technologies, and similar technical tools to operate, secure, and maintain the Service.

We do not currently understand the Service to use non-essential analytics, advertising pixels, or behavioral advertising technologies. If that changes, we may update this Privacy Policy and, where required, provide additional notice or consent mechanisms.

8. Cross-Border Processing

Our service providers, infrastructure providers, and processors may operate in jurisdictions outside Malaysia. As a result, personal information may be processed, stored, or accessed in countries other than the country where the user or recipient is located.

Where cross-border processing occurs, we may use service providers, contractual arrangements, vendor due diligence, access controls, and other operational safeguards that we consider appropriate for the Service and the applicable legal context. The privacy and data-protection laws in those jurisdictions may differ from the laws where you live.

9. Security

We use administrative, technical, and organizational measures designed to help protect personal information. However, no method of transmission, storage, or security control is completely secure, and we cannot guarantee absolute security.

10. Your Choices and Rights

Subject to applicable law, you may contact us to request:

1. access to personal information we hold about you;
2. correction of inaccurate or incomplete personal information;
3. deletion of personal information, where deletion is available and appropriate;
4. withdrawal of consent where we rely on consent, without affecting processing that already occurred lawfully;
5. restriction of or objection to certain processing where those rights are available under applicable law;
6. a copy of certain personal information in a portable format where applicable law gives that right and the request is technically feasible;
7. information about how to contact us regarding privacy questions, concerns, or complaints.

You may also opt out of non-essential marketing communications by using the unsubscribe mechanism in those messages or by contacting us. Operational, billing, security, delivery, and legal notices may still be sent when necessary.

We may need to verify identity, evaluate legal or operational restrictions, and retain certain information where required or permitted by law.

11. Adults Only

The Service is intended for adults and is not intended for individuals under 18 years of age. We do not intend to knowingly collect personal information directly from minors. If you believe a minor has provided personal information to us, contact us so we can review and respond appropriately.

12. Third-Party Services, Links, and App Platforms

The Service may interact with third-party payment services, infrastructure providers, mobile platforms, app stores, or external websites. Their privacy practices are governed by their own notices and policies, not this Privacy Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version becomes effective on the effective date stated in the revised policy unless applicable law requires a different notice process.

If changes are material, we may provide notice through the Service, by email, or by other reasonable means.

14. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our privacy practices, contact:

• Operator: Zehoe Solutions (M) Sdn Bhd
• Contact email: hello@alivetoday.app
• Notice address: UNIT 02-02, LEVEL 2, CIMB Leadership Academy, 3, Jalan Medini Utara 1, 79200 Iskandar Puteri, Johor Darul Ta’zim

If you believe we have not addressed your privacy concern appropriately, you may also raise the matter with any data-protection regulator or supervisory authority that has jurisdiction over your complaint, subject to applicable law.