Política de Privacidad

PassHHA is operated by Code Kubic Solutions (Company No. 2663998-P), a company registered in Malaysia ("we," "us," or "our"). We operate the website passhha.com and provide HHA exam preparation services primarily to users in the United States. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). By using PassHHA, you agree to the practices described in this policy.

We collect the following categories of information: Account Information: When you register, we collect your email address, display name, and password (stored as a secure hash — we never store your plain-text password). Payment Information: Payments are processed by Stripe, Inc. We do not store or have access to your credit card number, CVV, or full payment details. We retain only a Stripe customer ID and transaction records for accounting purposes. Usage Data: We collect information about how you use our service, including practice sessions completed, questions answered, scores, exam attempts, and session timestamps. This data is used to provide your Readiness Score and track your progress. Technical Data: We may collect your IP address, browser type, operating system, and referring URLs to operate and improve our service. We do not use this data for advertising profiling. Communications: If you contact us by email, we retain your messages to respond to your inquiry and improve our support.

We use your information solely to: • Provide, maintain, and improve the PassHHA service • Process payments and issue receipts • Send transactional emails (account creation, password reset, payment confirmation) • Calculate and display your Readiness Score and exam history • Respond to your support requests • Detect and prevent fraud or abuse • Comply with legal obligations We do not sell, rent, or trade your personal information to any third party. We do not use your data for advertising purposes or share it with advertising networks.

We process your personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). Under the PDPA, we process your data on the following grounds: • Consent: By registering for and using PassHHA, you consent to the collection and processing of your personal data as described in this policy. • Contract: Processing your account and payment data is necessary to fulfill the service agreement between you and PassHHA. • Legitimate Interests: We process usage data to improve our service, detect fraud, and ensure platform security, provided these interests are not overridden by your rights. • Legal Obligation: We may process data to comply with applicable Malaysian law, tax requirements, or court orders. You may withdraw your consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

We share your data with the following trusted service providers only to the extent necessary to operate our service: • Supabase (database and authentication) — data is stored on AWS servers in the United States • Stripe, Inc. (payment processing) — governed by Stripe's Privacy Policy • Vercel, Inc. (website hosting and deployment) — servers in the United States • Google (Gemini API, used by our admin team only to generate question content — no user data is sent to this service) All providers are contractually required to protect your data and may not use it for their own purposes. We do not use any analytics services that track your behavior across other websites.

We retain your account data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain records for legal, tax, or accounting obligations (typically up to 7 years for transaction records). Anonymized and aggregated usage statistics may be retained indefinitely as they cannot identify you.

We use only essential cookies necessary to operate the service: • Authentication cookie (Supabase session token): keeps you logged in across page visits. This cookie expires when your session ends or after 7 days of inactivity. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in cross-site tracking.

Depending on your location, you may have the following rights regarding your personal data: • Access: Request a copy of the personal data we hold about you. • Correction: Request correction of inaccurate or incomplete data. • Deletion: Request deletion of your personal data ("right to be forgotten"). • Portability: Request your data in a structured, machine-readable format. • Objection: Object to processing based on legitimate interests. • Restriction: Request that we limit how we use your data while a dispute is resolved. • Withdraw Consent: Where processing is based on consent, withdraw it at any time. To exercise any of these rights, email us at help@passhha.com. We will respond within 30 days. We may need to verify your identity before processing your request.

PassHHA is operated by a Malaysian company and our services are governed by Malaysian law. While we serve users primarily in the United States, we are not subject to US state privacy laws such as the California Consumer Privacy Act (CCPA) as we do not have a physical presence, employees, or legal entity in the United States. However, we voluntarily extend the following rights to all users regardless of location: • You may request a copy of the personal data we hold about you. • You may request correction of inaccurate data. • You may request deletion of your account and personal data. • We do not sell your personal information to any third party. To make any such request, contact us at help@passhha.com.

PassHHA is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. If you believe we have collected information from a child under 13, please contact us at help@passhha.com.

We implement industry-standard security measures to protect your personal information, including encrypted connections (HTTPS/TLS), hashed password storage, and access controls that limit who can access your data. However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected users and applicable authorities as required by law.

Our website may contain links to third-party websites (such as state health department websites or training program directories). We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by law, notify you by email. Your continued use of PassHHA after any changes constitutes your acceptance of the updated policy.

For privacy questions, data requests, or concerns, contact us at: Email: help@passhha.com Website: passhha.com/en/contact Company: Code Kubic Solutions (2663998-P), Malaysia