Privacy Policy

Last updated: 10 Jun 2026

OhMyKids respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, and protect your data in line with the Personal Data Protection Act (PDPA) 2010 Malaysia.

1. Information We Collect

We collect the following information when you use OhMyKids:

a) Account Information

  • Full name and email address
  • Phone number (optional)
  • Password (stored in unreadable hashed form)
  • Google login information (if using Google OAuth)

b) Child Information

  • Name, date of birth, gender
  • School and school level information
  • Physical growth records (height, weight — if entered)
  • Questionnaire and screening results
  • Parent personal notes (if entered)
  • Uploaded documents (school reports, etc.)

c) Usage Information

  • In-app activity logs (login, questionnaires run)
  • Payment information (processed entirely by Stripe — we do not store card numbers)

2. How We Use Your Information

The information collected is used to:

  • Provide and maintain the OhMyKids service
  • Generate development reports and AI analysis for your child
  • Suggest appropriate questionnaires based on age and school level
  • Process subscription payments securely through Stripe
  • Send account and service-related notifications (not marketing)
  • Improve the quality and functionality of the app

We do NOT use your data to:

  • Sell data to third parties
  • Targeted advertising
  • Share personal information with other organisations without your consent
  • Share psychometric data or children's screening results with insurance companies, employers, educational institutions, or authorities — this data remains entirely confidential

3. Data Sharing with Third Parties

We only share data with the service providers required to operate OhMyKids:

Supabase
Database & user authentication · AWS ap-southeast-1, Singapore
supabase.com/privacy
Stripe
Payment processing · United States (PCI DSS Level 1)
stripe.com/privacy
Google Gemini AI
Text analysis for AI reports · Google Cloud
policies.google.com/privacy

All these providers are subject to data protection agreements and are not permitted to use your data other than to provide services to us.

4. Data Security

  • All data is encrypted in transit using TLS 1.2+ protocols
  • Data is stored on servers protected with AES-256 encryption
  • Passwords are not stored in readable form — only bcrypt hash
  • Database access is controlled with Row-Level Security (RLS) — you can only see your own data
  • Continuous security monitoring by the Supabase team

5. Data Retention & Deletion

Your account and child data is stored as long as your account is active. If you delete your account:

  • Personal data will be deleted within 30 days
  • Payment records will be kept for 7 years for financial audit purposes (legal requirement)
  • Anonymous system logs may be kept longer for security purposes

6. Your Rights Under PDPA 2010

Under the Personal Data Protection Act 2010 Malaysia, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Withdraw consent for certain data processing
  • Request deletion of your personal data
  • Restrict processing of your data in certain circumstances

To submit any request, contact us at privacy@ohmykids.my. We will respond within 30 days.

7. Children's Data

OhMyKids is designed for use by parents and guardians to monitor child development. We do not:

  • Collect children's data directly without parent consent
  • Allow children to register accounts themselves
  • Use children's data for advertising purposes
  • Share children's psychometric screening results with any third party including schools, insurance, employers or government agencies without explicit parent consent

All child information is entered by parents or guardians who have agreed to this Privacy Policy.

Right to Delete Child Data

You have the right to request deletion of all your child's data — including profile, screening results, growth records, and uploaded documents — at any time. Send a request to privacy@ohmykids.my and we will process it within 30 days.

8. Cookies

OhMyKids uses session cookies required for user authentication (login). We do not use third-party cookies for advertising or tracking purposes.

9. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Any significant changes will be notified via email or in-app notification. Continued use of OhMyKids after changes is deemed as your consent.

10. Contact Us

For any privacy-related enquiries:

This Privacy Policy is drafted in accordance with the Personal Data Protection Act 2010 (Act 709) Malaysia.