Privacy Policy
Effective Date: 7 April 2026 | Last Updated: 10 April 2026
1. Introduction
Pryonex ("we", "us", or "our") operates the website and application at https://pryonex.ai (the "Service"). This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data in compliance with the Malaysian Personal Data Protection Act 2010 (PDPA), as amended by the Personal Data Protection (Amendment) Act 2024.
By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.
2. Data Controller
The data controller responsible for your personal data is:
Pryonex
Email: theebbanraj@pryonex.ai
Website: https://pryonex.ai
3. What Personal Data We Collect
3.1 Data You Provide Directly
- Account Information: Your name, email address, and Google account details when you sign up via Google OAuth.
- Agent Profile Data: Your business information, agency details, and preferences configured in your profile settings.
- Lead Data: Names, phone numbers, email addresses, and other contact details of your insurance leads that you enter into the Service.
- AI Base Context: Background information you provide to personalise AI-generated messages (e.g., your specialisation, communication style).
- Feedback and Communications: Any messages, feedback, or support requests you send to us.
3.2 Data Collected Automatically
- Usage Data: Pages visited, features used, timestamps, and interaction patterns within the Service.
- Device Data: Browser type, operating system, screen resolution, and device identifiers.
- Log Data: IP addresses, access times, and error logs generated during your use of the Service.
3.3 Data from Third-Party Services
When you sign in using Google OAuth, we receive your Google profile information (name, email, and profile picture) as authorised by your Google account permissions.
3.4 AI Voice Personalization
To make your AI-generated messages sound more like you, Pryonex stores up to 20 recent text entries you write inside the app — specifically, your context-journal notes and the reasons you provide when changing lead status. These entries are used solely to personalize your AI output and are never shared with other agents, used to train external AI models, or processed by third parties. Email addresses and phone numbers are filtered from these entries before storage. You can request deletion of your personalization samples at any time by contacting support.
4. Purpose of Processing
We process your personal data for the following purposes:
- Service Delivery: To provide, maintain, and improve the Pryonex platform, including lead management, AI-powered message generation, follow-up scheduling, and calendar booking features.
- AI Message Generation: To generate personalised follow-up messages for your insurance leads using artificial intelligence. Your lead data and AI base context are processed to produce these messages.
- Account Management: To create and manage your account, authenticate your identity, and provide customer support.
- Analytics and Improvement: To understand how the Service is used and to improve its features, performance, and user experience.
- Communication: To send you service-related notifications, updates, and support responses.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
5. Legal Basis for Processing
Under the PDPA, we process your personal data based on:
- Consent: You provide consent when you create an account and use the Service. You may withdraw consent at any time (see Section 15).
- Contractual Necessity: Processing is necessary to fulfil the service agreement between you and Pryonex.
- Legitimate Interest: Processing is necessary for our legitimate interests in improving the Service, provided these interests do not override your data protection rights.
6. Third-Party Data Sharing and Cross-Border Transfers
We share personal data with the following categories of third-party service providers. Some of these providers are located outside Malaysia, which constitutes cross-border data transfer under Section 129 of the PDPA.
| Service Provider | Purpose | Location | Data Shared |
|---|---|---|---|
| OpenAI | AI message generation | United States | Lead context, agent base context |
| Vercel | Application hosting | United States (Global CDN) | Usage data, logs |
| Neon (AWS) | Database hosting | Singapore (ap-southeast-1) | All application data |
| Google (OAuth) | Authentication | United States | Account credentials |
| Stripe (future) | Payment processing | United States | Payment information |
We have conducted a Transfer Impact Assessment (TIA) for cross-border transfers in accordance with the Cross-Border Personal Data Transfer Guidelines. We ensure that all third-party providers maintain appropriate data protection standards equivalent to those required under the PDPA.
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
7. AI-Generated Content Disclaimer
Pryonex uses artificial intelligence (specifically, the OpenAI API) to generate suggested follow-up messages for your insurance leads. Important points regarding AI-generated content:
- AI-generated messages are suggestions only — you are responsible for reviewing, editing, and approving all messages before sending them to your leads.
- AI-generated messages do not constitute financial advice, insurance advice, or any form of professional advisory.
- Lead data is sent to OpenAI's API for processing. OpenAI's data usage policy applies. We send the minimum data necessary for message generation.
- We do not store AI-generated content beyond what is needed for the Service's functionality.
8. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes described in this policy:
- Account Data: Retained for the duration of your active account plus 30 days after account deletion.
- Lead Data: Retained for as long as your account is active. Archived leads are soft-deleted and permanently purged 90 days after archiving.
- Usage and Log Data: Retained for up to 12 months for analytics and troubleshooting purposes.
- AI Interaction Data: Retained for up to 30 days for service quality monitoring, then deleted.
- Payment Records (future): Retained for 7 years as required by Malaysian tax regulations.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data:
- All data in transit is encrypted using TLS/HTTPS.
- Database access is restricted and protected by authentication credentials.
- Application authentication is managed via secure OAuth 2.0 protocols.
- Agent data is isolated — each agent can only access their own leads and data.
- We conduct regular security reviews and apply security patches promptly.
- Access to production systems is restricted to authorised personnel only.
10. Your Data is Yours Alone
Your client data is isolated at the database level. No other agent — not even other Pryonex users — can see your leads, messages, bookings, or any of your information.
Every query in Pryonex filters by your unique agent ID. This is enforced at the code level across every single feature. It is technically impossible for Agent A to access Agent B's data through the application.
Pryonex administrators have access to system health data and aggregated statistics only. We do not browse individual agent records or client details.
11. We Never Share Your Data
We will never sell, rent, share, or expose your client data to other agents, insurance companies, or any third party.
Your leads are yours. Your conversations are yours. Your pipeline is yours.
If you leave Pryonex, you can export all your data before deleting your account. Nothing is held hostage.
12. How We Protect Your Data
- All data is transmitted over encrypted connections (HTTPS/TLS).
- Your data is stored in a secured PostgreSQL database hosted in Singapore (AWS ap-southeast-1) — your data stays in the region.
- Agent data isolation is enforced at the application layer on every database query — this is Law 3 of our development constitution, verified by automated tests on every code change.
- In the event of a data breach, exposed records are associated with internal system IDs, not your name or identity. We follow PDPA's 72-hour breach notification requirement.
13. Data Ownership & Export
You own your data. Pryonex is a data processor, not a data owner. We process your data only to provide the service you signed up for.
You can export all your data at any time via Settings (coming soon) or by contacting theebbanraj@pryonex.ai.
You can request deletion of all your data at any time. We will comply within 14 days as required by PDPA.
14. What We Use Data For
We use aggregated, anonymized usage patterns (e.g., "60% of agents use the follow-up feature daily") to improve the product. These statistics contain no individual names, phone numbers, or client details.
We never access your individual client records for marketing, sales, or any purpose other than providing the Pryonex service to you.
AI message generation sends lead context to OpenAI (US-based) for processing. This is disclosed in the "Cross-Border Transfers" section. OpenAI does not store or train on your data under our API agreement.
15. Your Rights Under the PDPA
Under the Malaysian PDPA, you have the following rights:
- Right of Access: You may request access to the personal data we hold about you.
- Right to Correction: You may request that we correct any inaccurate or incomplete personal data.
- Right to Withdraw Consent: You may withdraw your consent to the processing of your personal data at any time. This may affect your ability to use the Service.
- Right to Prevent Processing: You may request that we stop processing your personal data if such processing causes or is likely to cause substantial damage or distress.
- Right to Prevent Direct Marketing: You may opt out of receiving marketing communications at any time.
- Right to Data Portability: You may request a copy of your personal data in a structured, commonly used format (as introduced by the PDPA Amendment 2024).
To exercise any of these rights, please contact us at theebbanraj@pryonex.ai. We will respond to your request within 21 days as required by the PDPA.
16. Data Breach Notification
In the event of a personal data breach that causes or is likely to cause significant harm, we will:
- Notify the Personal Data Protection Commissioner within 72 hours of becoming aware of the breach.
- Notify affected individuals as soon as practicable with details of the breach and recommended protective measures.
- Maintain a breach register documenting all incidents, their scope, and remedial actions taken.
17. Cookies and Tracking Technologies
Pryonex uses essential cookies necessary for the operation of the Service (e.g., session management, authentication tokens). We do not use third-party advertising or tracking cookies. You may configure your browser to reject cookies, but this may impair the functionality of the Service.
18. Children's Data
The Service is designed for use by insurance agents who are adults. We do not knowingly collect personal data from children under 18 years of age. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
19. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a new effective date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
20. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Pryonex
Email: theebbanraj@pryonex.ai
Website: https://pryonex.ai