Sign in

Privacy policy

Last Updated: March 20, 2025

Plain Language Summary

In Short:

  1. Introduction

    MUJO AI SDN. BHD. (“we,” “us,” or “our”) is committed to protecting your privacy and processing your data securely. This policy explains how we collect, use, store, and share your information when you use our website, SaaS platform, and related services (the “Service”).

    1. We comply with applicable privacy laws, including:

      • • GDPR/UK-GDPR (EU/UK))

      • • CCPA/CPRA (California)

      • • Malaysia PDPA

      • • LGPD (Brazil)

      • • PIPEDA (Canada)

      • • And other relevant global privacy frameworks

    Controller: For the Service, MUJO AI SDN. BHD. acts as a data controller. For certain B2B processing under a customer DPA, we may act as a processor. This Policy works together with our Terms & Conditions and, for partners, the Affiliate Program Agreement.

  2. Data We Collect

    We adhere to the principle of data minimization and collect the following information:

    1. Personal Data:

      • • Full name, email address, contact information.

      • • Billing details (we store only metadata such as the last 4 digits; full card data is processed by payment processors).

      • • Uploaded content (e.g., product images, listing details).

      • • Survey and feedback responses.

      • • Account preferences and settings.

      • • Affiliate data (if you join the Program): profile/handle, payout details (e-wallet email and/or bank info), tax forms (e.g., W-8/W-9), assigned referral links/coupons, tracking identifiers (e.g. click IDs).

    2. Technical & Usage Data

      • • IP address, device and browser info, OS, time zone, and language.

      • • Cookies and similar tracking technologies (see §6).

      • • Activity logs (logins, feature usage), page views, session duration.

      • • Error/diagnostic data (crash reports, performance metrics).

      • • Data from Google Search Console for performance analysis, including search queries, impressions, clicks, and other related information for site optimization.

    We do not intentionally collect sensitive personal data. Please avoid submitting it unless strictly necessary.

  3. How We Use Your Data (Purposes & Legal Bases)

    1. We process data only where we have a valid legal basis:

      • • Performance of a contract — to: ° Provide and operate the Service; create and manage your account. ° Process subscriptions and billing via Payment Processors. ° Provide support and communicate about your account.

      • • Legitimate interests — to: ° Run analytics and product improvement (aggregated or pseudonymized where feasible). ° Prevent fraud/abuse, secure the Service, enforce our Terms. ° Operate our Affiliate Program (tracking, attribution, commissions, payouts). ° Utilize Google Search Console to monitor and improve our website’s performance in Google search results.

      • • Consent — to: ° Send marketing emails and surveys. ° Use non-essential cookies (analytics/advertising) and set the affiliate cookie where required. ° Enable Beta features that collect additional diagnostics.

      • • Legal obligations — to: ° Comply with tax/accounting, sanctions, and KYC/AML checks for payouts. ° Respond to lawful requests from authorities.

  4. Automated & AI Processing

    Some features use automated tools, including AI, to process text, images, and other content you submit.

    Ownership: You retain rights to your inputs and outputs, except where restricted by law. Model Training: We do not use your inputs/outputs to train foundation models without your opt-in. Beta features may be analyzed for product improvement as described. Human Review: Outputs may be inaccurate or similar to those generated for others. You are responsible for human review and compliance before use. We do not make solely automated decisions with legal or similarly significant effects.

  5. Data Sharing & Disclosure

    1. We share data only as needed to operate the Service, under contracts that require confidentiality and data protection (e.g., DPAs, SCCs):

      • • Payment Processors — subscription billing and invoicing.

      • • Affiliate Tracking Platform — referral links/coupons, attribution, commission management.

      • • Payout Method Providers — affiliate payouts (e-wallets/banks).

      • • Hosting/Infrastructure & Security — cloud hosting, CDN, monitoring, DDoS protection.

      • • Analytics & Product Tools — product analytics, error reporting, A/B testing (non-essential; consent where required)

      • • Google Search Console — for monitoring website performance and improving SEO based on collected data.

      • • Customer Support & Comms — helpdesk, email service providers

      • • Professional Advisors — legal, accounting, compliance

      • • Regulators/Authorities — where required by law

      • • Business Transfers — in M&A or similar transactions, under appropriate safeguards

    We do not sell personal information as defined by CPRA. Where “sharing” for cross-context behavioral advertising might apply, you can opt out in our cookie banner (“Do Not Sell or Share My Personal Information”) or by contacting us. For transparency, we maintain a list of our current sub-processors (categories and purposes). You can always find it at /legal/subprocessors.

  6. Cookies & Tracking

    1. We use cookies, pixels, local storage, and similar technologies to:

      • • Keep the Service functional and secure (strictly necessary).

      • • Store preferences (e.g., language).

      • • Analyze usage trends (analytics; consent where required).

      • • Personalize your experience and, where applicable, deliver targeted advertising (consent-based).

    Affiliate tracking: If you engage with affiliate content, we use an affiliate cookie with a 90-day lifetime and last-click attribution to credit partners. Disabling this cookie may prevent correct attribution. You can manage non-essential cookies via our cookie banner or your browser settings. We honor opt-out signals where required (e.g., GPC). See also our Terms & Conditions and Affiliate Program Agreement.

  7. International Data Transfers

    1. Your data may be processed outside your home country, including in the United States, EEA, and Asia. We use safeguards such as:

      • • Standard Contractual Clauses (SCCs)

      • • Data Processing Agreements (DPAs)

      • • Adequacy decisions

      • • Binding Corporate Rules (BCRs), where applicable

  8. Data Retention

    We keep personal data only as long as necessary for the purposes described or as required by law.

    1. Typical retention periods (guide):

      • • Account records & invoices — 7 years (accounting/legal).

      • • Affiliate commission & payout records — 7 years (accounting/audit).

      • • Support tickets & communications — 24 months after closure.

      • • Web/server logs — 12 months (security).

      • • Marketing preferences & consent logs — until withdrawal + audit period.

      • • Affiliate cookie — 90 days.

      • • Backups — rolling cycles (overwritten on schedule).

    When data is no longer needed, we delete or anonymize it. If deletion is not feasible, we securely store and isolate it from further use until deletion is possible.

  9. Security Measures

    1. We implement industry-standard safeguards, including:

      • • Encryption in transit and at rest.

      • • Role-based access control.

      • • Secure development practices.

      • • Regular security reviews.

    No method is 100% secure; if we become aware of a data incident, we will notify affected users and regulators as required by law. Responsible disclosure: report security issues to [email protected].

  10. Your Rights

    1. Depending on your location, you may have the right to:

      • • Access, correct, or delete personal data.

      • • Restrict or object to certain processing.

      • • Data portability

      • • Withdraw consent at any time (where processing is based on consent).

      • • Opt out of marketing and of “share” for cross-context advertising (CPRA).

      • • Lodge a complaint with your supervisory authority.

    EU/EEA/UK (GDPR/UK-GDPR): You may exercise rights via email; we respond within 30 days (extendable as allowed). California (CCPA/CPRA): You have rights to know, delete, correct, and opt-out of sale/sharing; we will not discriminate for exercising your rights. Malaysia (PDPA), Brazil (LGPD), Canada (PIPEDA): You may request access/correction and lodge complaints with local authorities. To exercise these rights, contact [email protected] or [email protected]. We may verify your identity before responding.

  11. Children’s Privacy

    The Service is not intended for children under 13 (or the relevant minimum age in your jurisdiction). We do not knowingly collect data from minors without verified parental consent.

  12. Third-Party Sites

    The Service may link to third-party sites or services. Their privacy practices are governed by their own policies; we are not responsible for their content or practices.

  13. Changes to This Policy

    We may update this policy to reflect changes in law, technology, or our services. We will notify you of material updates via email or our website. Continued use after updates means you accept the revised policy.

  14. Contact Information

    MUJO AI SDN. BHD.

    Registered Address: 7-2, Plaza Danau 2, Jalan 2/109F, Taman Danau Desa, Kuala Lumpur, Wilayah Persekutuan, 58100, Malaysia

    Business Address: A-20-05 Pavilion Ceylon, Residence Pavilion Bukit Ceylon, No 5, Changkat Raja Chulan Zone A Lobby, Kuala Lumpur, Wilayah Persekutuan, 50200, Malaysia

    Email: [email protected]