jaemie sound bath
Experiences Sessions Membership About Contact
Sign in Begin journey

Legal

Privacy Policy

Last updated · 2026-05-12

Please review this document with qualified legal counsel before publishing. The text below is a starter tailored to Malaysia's Personal Data Protection Act 2010 (PDPA) and is not a substitute for legal advice.

1. Who is responsible for your data

JLC Management Sdn. Bhd., operating as jaemiesoundbath, is the data controller for personal information collected through this Service. You can reach our data-protection contact at privacy@jaemiesoundbath.com.

2. Information we collect

  • Account details — name, email, phone number, hashed password, optional avatar.
  • Booking and membership records — sessions you have reserved, attended or cancelled.
  • Payment metadata — transaction reference, amount, status. Full card numbers are processed and stored by Billplz; we never see them.
  • Wellness interactions — moods you share with Aria (our AI concierge), audio plays and check-in history.
  • Usage data — page paths visited, referring website, user-agent string, hashed IP address, UTM campaign tags. Sessions are identified by a hashed identifier for unique-visitor counts.
  • Cookies — first-party only, for sign-in, CSRF protection and referral attribution.
  • Communications — messages you send via contact and corporate-inquiry forms.

3. How we use it

  • To provide and deliver the Service (account access, bookings, audio streaming, the AI concierge).
  • To send transactional emails: welcome, email verification, password reset, booking confirmations and refund notices.
  • To improve the Service through anonymised analytics.
  • To detect, prevent and respond to fraud, abuse or security issues.
  • To send occasional marketing communications only with your consent — you may withdraw consent at any time.

4. Legal basis (where applicable)

We process personal data under one or more of the following bases: your consent, performance of a contract with you (your membership or booking), our legitimate interests in running a safe and well-functioning service, and compliance with our legal obligations.

5. Sharing

We share only the minimum necessary with carefully selected processors:

  • Billplz Sdn. Bhd. — to process payments.
  • Hostinger — to host the platform and store database records.
  • OpenAI — to power Aria's replies. Conversations are sent in API mode and are not used to train external models.
  • Email provider — to deliver transactional mail.

We do not sell your personal information. We may disclose information when required to do so by Malaysian law or a court order.

6. Cookies

We use first-party cookies for session security (signed-in state, CSRF token) and referral attribution (a 30-day cookie carrying a share code). We do not use third-party advertising cookies.

7. Retention

Account data is retained while your account is active and for a reasonable period after closure (typically seven years) to comply with tax, accounting and audit obligations. Audio-play logs are retained for up to twenty-four months for service-improvement purposes.

8. Your rights under PDPA 2010

You have the right to:

  • Request a copy of the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Withdraw consent for marketing communications.
  • Request deletion of your account and associated data, subject to our retention obligations.
  • Lodge a complaint with the Personal Data Protection Department of Malaysia (Jabatan Perlindungan Data Peribadi) if you believe we have failed to meet our obligations.

To exercise any of these rights, email privacy@jaemiesoundbath.com. We will respond within thirty (30) days.

9. Security

We protect your data with industry-standard measures: HTTPS in transit, PHP password hashing (bcrypt), hardened sessions, role-based access control, prepared SQL statements and audit logging of administrative actions. No system is perfectly secure, but we work hard to keep yours safe.

10. Children

jaemiesoundbath is intended for adults aged 18 and over. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us so we can remove it.

11. International transfers

Some of our processors (e.g. OpenAI) operate outside Malaysia. Where this is the case, we ensure transfers are protected by contractual safeguards that meet PDPA standards.

12. Changes

We may update this policy. The effective date appears at the top of the page. Material changes will be communicated by email or on-site notice.

13. Contact

JLC Management Sdn. Bhd. (operating as jaemiesoundbath)
Email: privacy@jaemiesoundbath.com

Questions? Email hello@jaemiesoundbath.com.

A

Aria

A soft companion · usually replies instantly

Aria is listening…