Privacy Policy

Welcome to AquaRef, a digital aquatics platform combining an AI-powered Rules Assistant and an Event Hub, operated by AquaRef. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website at aquaref.co and our subscription services.

By using AquaRef, you agree to the collection and use of information in accordance with this policy.

We collect the following types of information:

• Email Address — collected when you sign up or log in via magic link authentication.
• Full Name — collected during onboarding to personalise your experience.
• Country — automatically detected via your IP address at account creation using a third-party geolocation service (ip-api.com). Used to show you relevant events in your country.
• Payment Information — processed securely by Stripe. We do not store your credit card details on our servers.
• Subscription & Usage Data — your selected plan, discipline access, daily question usage, event question usage, and subscription status.
• Rules Chat Logs — questions you submit to the Rules Assistant and the AI responses provided. Stored to improve service quality and for admin review.
• Event Chat Logs — questions you submit to Event Hub and the AI responses provided. Stored per event for service quality and admin review.
• Event Documents — documents uploaded by organization administrators (start lists, schedules, heat sheets, technical packages). These remain the property of the uploading organization and are processed solely to power the Event Hub AI.
• Live Notice Data — notices pushed by event administrators including category, message content, and timestamp.
• Feedback Data — like/dislike ratings you provide on AI responses.
• QR & Referral Tracking — tracking parameters (such as ref=qr or ref=user_share) appended to event URLs to help us understand how users discover events.
• Local Preferences — certain preferences (such as country filter selection and feature flags) are stored in your browser's localStorage. This data remains on your device and is not transmitted to our servers.
• IP Address — collected for country detection, demo usage tracking, and security purposes.
• Device Information — basic browser and device data for session management.

We use the information we collect to:

• Provide, operate, and maintain the AquaRef Rules Assistant and Event Hub
• Detect your country to show relevant local events
• Send magic link login emails and transactional notifications
• Process payments and manage your subscription
• Enforce question limits and access controls for Rules Chat and Event Hub
• Monitor and improve AI response quality
• Enable event administrators to push Live Notices to event participants
• Track how users discover events via QR codes and shared links
• Respond to your enquiries and support requests
• Comply with legal obligations under Malaysian law

Your data is stored securely using Supabase, which employs industry-standard encryption and Row Level Security (RLS) to ensure that each user can only access their own data. Payments are processed by Stripe, a PCI-DSS compliant payment processor.

We implement reasonable technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

AquaRef uses the following third-party services, each with their own privacy policies:

• Supabase — database, authentication, and file storage
• Stripe — payment processing
• Anthropic — AI language model (Claude Haiku) for generating Rules Assistant and Event Hub responses
• OpenAI — text embeddings for document search and retrieval
• Resend — transactional email delivery (magic links, notifications)
• Vercel — web hosting and deployment
• Cloudflare — DNS management and security
• ip-api.com — IP-based country detection at account creation

We do not sell your personal data to any third party. Your questions and event documents are transmitted to Anthropic and OpenAI solely for the purpose of generating AI responses and are subject to their respective data processing policies.

Documents uploaded to Event Hub by organization administrators (federations, clubs, schools, or event organizers) remain the intellectual property of the uploading organization. AquaRef processes these documents solely to power the Event Hub AI assistant for the specific event they were uploaded for.

AquaRef does not use uploaded event documents to train AI models, share them with third parties, or use them for any purpose beyond powering the Event Hub. Documents may be retained for the duration of the event and deleted upon request by the organization administrator.

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data — retained while your account is active
• Chat logs — retained for service improvement and admin review
• Event documents — retained for the duration of the event; may be deleted upon request
• Payment records — retained as required by Malaysian financial regulations

You may request deletion of your account and associated data at any time by contacting us at hello@aquaref.co.

Under the Personal Data Protection Act 2010 (PDPA) of Malaysia, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete personal data
• Withdraw consent to processing of your personal data
• Request deletion of your personal data
• Lodge a complaint with the relevant authority

To exercise any of these rights, please contact us at hello@aquaref.co.

AquaRef uses session cookies to maintain your login state. We also use your browser's localStorage to store certain preferences locally on your device, including:

• Country filter preference for event discovery (ELITE users)
• Post-login redirect URL (to return you to the event you were viewing before login)
• Feature flags such as whether you have seen the welcome message

We do not use advertising or tracking cookies. localStorage data is stored on your device only and is not transmitted to our servers. You may clear localStorage data through your browser settings.

AquaRef uses third-party services including Anthropic (United States) and OpenAI (United States) to process AI requests. By using AquaRef, you acknowledge that your questions and relevant context may be transmitted to servers outside Malaysia for the purpose of generating AI responses. We ensure such transfers are subject to appropriate data processing agreements.

AquaRef is not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page with an updated effective date. Your continued use of AquaRef after such changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: