Swimiss Academy

Swimiss Website

Privacy Policy

Effective 20 June 2026

This Privacy Policy describes how Swimiss Academy ("Swimiss", "we", "our", "us") collects, uses, and protects information when you use the Swimiss website (the "Site"). It covers browsing the Site, buying from the shop, and signing in to your account.

This policy applies to the Site only. The Swimiss mobile app has its own Mobile App Privacy Policy.

1. Who we are

Swimiss Academy is a freediving and aquatic training school based in Selangor, Malaysia. If you have questions about this policy or your data, contact us at support@swimiss.com.my.

2. Information we collect

We collect only what we need to run the Site and serve you.

2.1 Information you give us

  • Shop orders: your email address, name, phone number, and any pickup notes you add at checkout. These are attached to your order so we can prepare it and contact you about collection.
  • Account details: if you create an account or sign in, we hold your email address, name, and phone number. When a password is set, it is stored as an argon2id hash, never in plain text. You can also sign in with a one time magic link sent to your email.
  • Messages: anything you send us by email or WhatsApp when you ask a question or request help.

2.2 Information collected automatically

  • Cookies: a small number of first party cookies needed to sign you in and to attribute referrals. See section 3.
  • Server logs: standard request data such as IP address, timestamps, and the pages requested, used to operate the Site, keep it secure, and diagnose issues.
  • Performance metrics: anonymous Core Web Vitals (for example load and responsiveness timings) tied to a page path only. We strip the query string before sending, so tokens and email addresses in a link never reach these logs. No cookie is used and no third party receives them.

2.3 What we do not do

  • We do not sell your personal information.
  • We do not run third party advertising networks or profiling analytics on the Site.
  • We do not store your payment card details. Payments are handled by our payment provider (see section 5).

3. Cookies we use

We use only the cookies needed to make the Site work. We do not use advertising cookies.

  • swimiss_session: keeps you signed in. It is set when you sign in and is not readable by scripts in your browser.
  • swimiss_authed: a plain flag that tells the Site a session probably exists, so anonymous visitors are not asked to load account data they do not have.
  • swimiss_rc: records a referral code when you arrive from an affiliate or instructor link, so the right person is credited if you later enroll. It lasts about 60 days and is never used to identify you or for advertising.

You can block or delete cookies in your browser settings. If you block the session cookie you will not be able to stay signed in.

4. How we use your information

  • To process shop orders and prepare them for collection.
  • To create your account and authenticate you.
  • To send transactional emails such as magic link sign in, order confirmation, payment instructions, and receipts.
  • To credit affiliate and instructor referrals where a referral code applies.
  • To keep the Site secure, measure performance, and fix bugs.
  • To keep accounting and audit records as required by Malaysian law.

5. Payments

Shop payments are processed by our third party payment provider. You enter your payment details with the provider, not with us, and we never receive or store your full card details. The provider handles your payment data under its own privacy notice. We receive only the result of the payment and a reference for your order.

6. Legal basis (Malaysia PDPA)

We process your data under the Personal Data Protection Act 2010 (Malaysia). The bases we rely on are: performing the order or service you ask for; your consent when you create an account or send us your details; and our legitimate interests in running the Site safely and keeping financial records.

7. Sharing

We share your information only with the parties needed to deliver the service:

  • Hosting and email providers that run our servers and deliver transactional email on our behalf, under contract and bound to confidentiality.
  • Our payment provider, to take and confirm shop payments.
  • Google, when the Site shows content served by Google such as reviewer photos or an embedded map. Their privacy notices apply to that content.
  • Authorities, when required by Malaysian law, court order, or to protect safety.

We do not share your data with advertisers or data brokers.

8. Where your data is stored

Your data is stored on servers operated for Swimiss. Servers and providers may be located outside Malaysia. Where that happens, we apply reasonable safeguards consistent with the PDPA.

9. How long we keep your data

  • Account profile: for as long as your account is active.
  • Order and payment records: retained for at least 7 years after the transaction, in line with Malaysian tax and accounting requirements.
  • Server logs: typically 90 days, longer if a security incident is under investigation.

10. Your rights

Under the PDPA you may:

  • Access the personal data we hold about you.
  • Correct data that is inaccurate or incomplete.
  • Withdraw consent for processing where consent is the basis. We will explain any impact on the services you can use.
  • Ask us to delete data we are not required to keep.
  • Lodge a complaint with the Personal Data Protection Commissioner of Malaysia.

To make a request, email support@swimiss.com.my from the address on your account. We will respond within 30 days.

11. Security

  • Passwords are hashed with argon2id. We never see your plain text password.
  • Sign in tokens are short lived, and the session cookie cannot be read by scripts in your browser.
  • All traffic between your browser and our servers uses HTTPS.
  • We rate limit sign in and similar endpoints to reduce abuse.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the relevant authority in line with our legal obligations.

12. Children

The Site is intended for a general audience. Purchases and accounts are for people aged 18 or older, or younger users with the consent of a parent or legal guardian. We do not knowingly collect data from children under 13. If you believe a child under 13 has given us data, contact us and we will remove it.

13. Changes to this policy

We may update this policy from time to time. The effective date at the top of this page shows the latest version. Continued use of the Site after a change takes effect means you accept the updated policy.

14. Contact

Swimiss Academy, Selangor, Malaysia.
Email: support@swimiss.com.my
WhatsApp: Admin swimiss

Back homeTerms of Use