Last updated June 2026

Privacy Policy

This policy explains how Optimaz (Mavora Digital, Malaysia) collects, uses, and protects your personal data in accordance with the Malaysia Personal Data Protection Act 2010 (PDPA) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Who We Are

Optimaz is a personal productivity application operated by Mavora Digital, based in Malaysia. For data-related queries, contact us at hello@optimaz.app.

2. Data We Collect

We collect the following types of information:

  • Account information — your name and email address provided via Google Sign-In
  • Workspace content — tasks, subtasks, projects, goals, routines, notes, due dates, and settings you create in the app
  • Usage data — product events such as task creation and feature usage to understand how the app is used
  • Feedback — messages, category, and page path when you submit feedback
  • Waitlist data — email address and optional feature preferences you submit on the pricing page
  • Device data — browser push notification endpoint when you enable push notifications
  • Error data — technical error details used to diagnose and fix bugs

3. How We Use Your Data

We use your data to:

  • Provide and maintain your workspace across devices
  • Send reminders and push notifications you have enabled
  • Improve the product based on aggregated usage patterns
  • Respond to feedback and support requests
  • Protect the service from abuse and fraudulent activity
  • Comply with legal obligations

4. Legal Basis for Processing

Under the Malaysia Personal Data Protection Act 2010 (PDPA) and where applicable the EU General Data Protection Regulation (GDPR), we process your personal data on the following bases:

  • Contract — processing necessary to provide the service you signed up for
  • Consent — you consented to these terms when you signed in
  • Legitimate interests — improving the product and ensuring security, balanced against your privacy rights

5. Third-Party Processors

We share data only with trusted service providers who process it solely to run Optimaz:

  • Google — OAuth authentication provider
  • Supabase (Supabase Inc., USA) — database and authentication infrastructure
  • Vercel (Vercel Inc., USA) — hosting and serverless functions
  • Resend (Resend Inc., USA) — transactional email delivery

6. International Data Transfers

Optimaz uses cloud infrastructure based in the United States (Supabase, Vercel, Resend). By using Optimaz, you acknowledge that your personal data may be transferred to and processed in the United States. These transfers are made with appropriate safeguards in place, including contractual clauses and compliance with applicable privacy laws.

7. Data Retention

Your workspace data (tasks, projects, goals) is retained for as long as your account is active or as needed to provide the service. Analytics and error logs are retained for up to 12 months. Pricing waitlist entries are kept until withdrawn. Upon account deletion, your personal data is removed within 30 days, except where retention is required by law.

8. Your Rights

Under Malaysia PDPA 2010 and where applicable GDPR, you have the following rights:

  • Access — request a copy of your personal data (use the Export Data option in Settings)
  • Correction — update inaccurate data directly in the app or by contacting us
  • Erasure — delete your account and all data at any time from Settings › Delete Account
  • Portability — export your data in machine-readable format from Settings
  • Withdraw consent — stop using the service and delete your account at any time
  • Lodge a complaint — with the Department of Personal Data Protection Malaysia or your local data protection authority

9. Data Security

We implement reasonable technical and organisational measures to protect your data, including encrypted data transmission (HTTPS/TLS), row-level security policies in the database, and access controls. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

Optimaz is not intended for children under 13 years of age. We do not knowingly collect personal data from children. If you believe a child under 13 has provided data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy as Optimaz grows. The "Last updated" date at the top will reflect any changes. Material changes will be communicated where reasonably possible before they take effect.

12. Contact

For any privacy questions, data access or deletion requests, or to exercise your rights under PDPA or GDPR, contact us at: hello@optimaz.app

© 2026 Mavora Digital. All rights reserved.