Privacy Policy
Effective date: 1 July 2026 · Last updated: 1 July 2026
MisiCerdas, operated by Nexday Enterprise (202103178158(003282662-U)) of 49, Jalan Puteri 5E/6, Bandar Puteri Bangi, 43000 Kajang, Selangor, Malaysia ("we", "us", "our"), is committed to protecting the personal data of our users in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
This Privacy Policy explains what personal data we collect, how we use it, and your rights as a data subject.
1. Data We Collect
Parent / Guardian Account
- Identity data: Full name
- Contact data: Email address
- Authentication data: Hashed password (we never store your password in plain text)
- Preference data: Display language preference
- Subscription data: Plan type, subscription status, billing dates
Child Profile
- Profile data: Nickname and grade level (entered by the parent — no direct data collection from the child)
- Learning preferences: Selected subjects, topics, difficulty level, and session length (set by the parent)
- Activity data: Questions attempted, answers given, accuracy rates, time of activity, XP earned, streaks, and rewards
Technical Data
- IP address, browser type, and device type (collected automatically via server logs for security and debugging purposes)
- Session cookies required to keep you logged in
2. How We Use Your Data
We use personal data only for the following purposes:
- To create and manage your account and child profiles
- To deliver the daily learning missions and track progress
- To generate parent analytics (accuracy trends, activity logs, weak topic reports)
- To process subscription payments and manage billing
- To send transactional communications (account confirmation, subscription receipts)
- To administer the monthly lucky draw for eligible users
- To improve and maintain the platform (aggregated, anonymised analytics only)
- To comply with legal obligations
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
3. Legal Basis for Processing
Under the PDPA, we process your data on the following bases:
- Contract: Processing necessary to provide the service you have subscribed to
- Consent: Where you have given explicit consent (e.g., marketing communications)
- Legitimate interests: Security monitoring, fraud prevention, and platform improvement
- Legal obligation: Where required by Malaysian law
4. Children's Data
Child profiles are created and managed exclusively by the registered parent or guardian. We do not knowingly collect any data directly from children. No child is required to provide an email address or create their own account. Parents may review, edit, or request deletion of their child's data at any time.
5. Data Sharing
We share personal data only with the following categories of third parties, and only where necessary:
- Payment processor: Curlec Sdn Bhd — to process subscription payments. We do not store payment card data.
- Cloud hosting provider: Infrastructure provider for hosting the application and database
- Email service: Transactional email delivery only
All third-party service providers are required to handle data in accordance with applicable privacy laws.
6. Data Retention
- Account and learning data is retained while your account is active.
- Upon account deletion, personal data is permanently deleted within 30 days.
- Aggregated, anonymised analytics data may be retained indefinitely as it cannot be used to identify individuals.
- Billing records are retained for 7 years as required by Malaysian tax law.
7. Your Rights (PDPA)
As a data subject under the PDPA, you have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Withdrawal of consent: Withdraw consent for processing where consent is the legal basis
- Data deletion: Request deletion of your account and associated data
To exercise any of these rights, contact us at hello@misicerdas.my. We will respond within 21 days as required by the PDPA.
8. Cookies
We use strictly necessary session cookies to authenticate you and maintain your login session. We do not use advertising cookies or cross-site tracking cookies.
9. Security
We implement technical and organisational measures to protect your data, including encrypted data transmission (HTTPS/TLS), hashed password storage, and access controls. See our Security Policy for details.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of the service after the effective date of changes constitutes acceptance.
11. Contact & Complaints
For privacy-related enquiries, contact us at hello@misicerdas.my or via our contact page.
If you believe your PDPA rights have been violated, you may also lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at www.pdp.gov.my.