Privacy Policy

Last updated: 4 July 2026

This Privacy Policy explains how Nature Biozyme Sdn Bhd (Registration No. 20241013733 (1559583-U)) (“ozo”, “we”, “us”), operator of ozo.my (the “Service”), collects, uses, discloses and protects personal data. We handle personal data in accordance with the Personal Data Protection Act 2010 of Malaysia (“PDPA”) and applicable laws. By using the Service, you consent to the practices described here.

1. Information We Collect

  • Account information — your name, email, WhatsApp/phone number, business details, and login credentials.
  • Business content you provide — the information you configure into the AI, such as your prices, FAQs, listings and instructions.
  • Messages & media processed — WhatsApp conversations, images, PDFs and voice notes that pass through the Service so the AI can read and respond.
  • Your contacts’ data — names, phone numbers, labels and conversation history of the customers you communicate with.
  • Usage & technical data — log data, device/browser information, IP address, and how you use the Service.
  • Payment information — processed by our third-party payment provider. We do not store your full card details.

2. How We Use Personal Data

  • To provide, operate and deliver the Service, including generating AI replies and automations.
  • To process and respond to messages and media on your behalf.
  • To provide customer support and to maintain, troubleshoot, secure and improve the Service.
  • To process payments, manage subscriptions and send account and service notifications.
  • To detect, prevent and address fraud, abuse, security issues and violations.
  • To comply with legal obligations and enforce our Terms.

3. Account Access for Support & Maintenance

You acknowledge that our authorised personnel may access your account, dashboard, configuration and associated data where reasonably necessary to provide support you request, to operate, maintain, troubleshoot or improve the Service, to investigate security or abuse concerns, or to comply with law. Such access is limited to authorised personnel, used only for these purposes, and may be logged. Where you subscribe through an authorised reseller, that reseller may access only their own subscribers’ accounts for the same purposes.

4. AI Processing & Service Providers

To operate the Service, we share the minimum necessary data with trusted third-party providers who process it on our behalf, including: AI/large-language-model providers (to generate and understand messages), cloud hosting and storage providers, integrations you enable (for example Google Sheets or Google Calendar), and payment processors. These providers may process data on servers located outside Malaysia. We take reasonable steps to ensure they provide an adequate level of protection.

5. Your Customers’ Personal Data

In respect of the personal data of your own contacts and customers, you are the data controller/user and ozoacts as a data processor acting on your instructions. You are responsible for having a lawful basis and the necessary consent to message your contacts and to process their personal data through the Service, and for complying with the PDPA and other applicable laws.

6. Disclosure of Personal Data

We do not sell your personal data. We may disclose personal data:

  • to service providers who help us operate the Service, under confidentiality obligations;
  • where required by law, regulation, court order or a lawful request by authorities;
  • to protect our rights, safety, property, or that of others, and to investigate fraud or abuse;
  • in connection with a merger, acquisition, restructuring or sale of assets; and
  • with your consent.

7. Data Retention

We retain personal data for as long as your account is active and as needed to provide the Service, and thereafter as required to comply with legal, accounting or reporting obligations, resolve disputes and enforce our agreements. You may request deletion of your data, subject to these obligations.

8. Security

We implement reasonable technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls and regular backups. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Rights under the PDPA

Subject to the PDPA, you may request to access or correct your personal data, withdraw your consent, or limit the processing of your personal data. To exercise these rights, contact us using the details below. We may need to verify your identity before acting on a request.

10. Cookies

We use essential cookies and similar technologies to keep you logged in and to operate the Service securely. We keep the use of cookies to what is necessary for the Service to function.

11. Children

The Service is intended for businesses and is not directed to individuals under 18. We do not knowingly collect data from children.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The updated version takes effect when posted, indicated by the “Last updated” date. Your continued use of the Service constitutes acceptance of the updated policy.

13. Contact

For privacy questions or requests, contact Nature Biozyme Sdn Bhd via the details on our Contact page.