MisiCerdas MisiCerdas

Security Policy

Effective date: 1 July 2026  ·  Last updated: 1 July 2026

The security of your account and your children's data is a priority for MisiCerdas. This policy describes the security measures we have in place to protect your information.

1. Encryption in Transit

All communication between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS). Unencrypted HTTP connections are automatically redirected to HTTPS. We do not transmit personal data over unencrypted connections.

2. Password Security

3. Payment Card Data

We do not store, transmit, or have access to your payment card number, CVV, or card expiry date. All payment processing is handled directly by Curlec, a PCI-DSS compliant payment gateway. Our servers receive only a tokenised reference to confirm that a payment was successful.

4. Access Controls

5. Infrastructure Security

6. Children's Account Protection

Child profiles cannot register independently or log in without the parent first impersonating (switching to) the child's session. There is no direct login mechanism for child accounts that could be accessed without the parent's credentials.

7. Session Security

8. Vulnerability Disclosure

If you discover a security vulnerability in our service, we ask that you report it responsibly by emailing hello@misicerdas.my with the subject line "Security Vulnerability". Please do not disclose the issue publicly until we have had a reasonable opportunity to investigate and address it. We commit to acknowledging all reports within 5 business days.

9. Data Breach Response

In the event of a data breach that affects your personal data, we will notify affected users and the relevant Malaysian authorities as required under applicable law, as promptly as reasonably possible.

10. Contact

For security-related enquiries, email us at hello@misicerdas.my or use our contact page.