Privacy Policy

1. Who we are

HealthAesthetics MY operates the website at healthaesthetics.my (the "Site"). The Site is an independent online directory of licensed health and aesthetics providers in Malaysia. We are not a healthcare provider and do not offer medical services.

Correspondence: health@agentmail.to. Country of operation: Malaysia.

2. Information we collect

We collect only what is necessary to operate the directory and handle enquiries.

Contact form submissions: clinic name, contact person name, email address, phone number, state, service category, and message content. This data is transmitted by your email client to health@agentmail.to and is not stored on our servers.

Analytics: when PostHog analytics is enabled (configured via environment variable), the Site collects anonymous page-view events, click events, and device/browser metadata. No personally identifiable information is sent to PostHog by default. PostHog is a product analytics platform; their privacy policy is available at posthog.com/privacy.

Server logs: our Cloudflare Workers hosting environment records standard access logs (IP address, URL, HTTP status, user agent, timestamp) for security and performance purposes. These logs are retained per Cloudflare's standard retention policy.

3. No medical or health data collected

HealthAesthetics MY does not collect, process, or store health information, medical records, prescriptions, diagnoses, or any data relating to your physical or mental health. Do not submit personal health information through our contact forms or enquiry channels.

4. How we use your information

Contact form data is used solely to respond to your enquiry. We do not use it for marketing, do not sell it to third parties, and do not add you to any mailing list without your explicit consent.

Analytics data is used in aggregate to understand how the directory is used and to improve the service.

5. Cookies

The Site uses minimal cookies. PostHog analytics sets a first-party cookie (ph_*) to distinguish unique sessions anonymously when analytics is enabled. We do not use advertising cookies or third-party tracking pixels. You may disable cookies in your browser settings; this will not affect core directory functionality.

6. Third-party services

We use Cloudflare (hosting and CDN), Google Fonts (typography), and PostHog (analytics, when enabled). Each service operates under its own privacy policy. We do not transfer your personal data to any other third parties.

7. Personal Data Protection Act 2010 (PDPA)

HealthAesthetics MY operates in compliance with the Personal Data Protection Act 2010 (Act 709) of Malaysia. Under PDPA, you have the right to access personal data we hold about you, to correct inaccurate data, and to withdraw consent for processing. To exercise any of these rights, contact health@agentmail.to.

We retain contact enquiry data only as long as necessary to resolve your enquiry, typically no longer than 12 months.

8. Data security

Contact form submissions are routed via the mailto: mechanism directly through your email client; no form data is stored on our servers. Analytics data, where enabled, is transmitted over HTTPS. We apply reasonable technical measures to protect information in our control, but no internet transmission is completely secure.

9. Children

This Site is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted data through this Site, contact health@agentmail.to and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of the Site after a revision constitutes acceptance of the updated policy.

11. Contact

Privacy enquiries: health@agentmail.to. Response time: within 10 business days.