Legal
Version 1.0 · PDPA Malaysia + GDPR aligned · Data hosted in Singapore
[YOUR COMPANY NAME] ("KYW", "we", "us") operates the Know Your Website Platform. This policy explains how we handle personal data in connection with the Platform.
Account data: name, email, phone, company details. Usage data: API logs, feature usage, check configurations. Payment data: processed by Stripe — we store only billing email, subscription status, and Stripe Customer ID. Technical data: browser type, IP address, session data. Monitoring data: screenshots and analysis of merchant websites you register (processed on your behalf as data processor).
Providing and operating the Platform (contract performance). Billing and payment (contract performance). Security and fraud prevention (legitimate interests). Improving Platform features using anonymised data (legitimate interests). Marketing communications (consent only, opt-out any time).
We do not sell your data. We share with: Supabase (database, Singapore), Vercel (hosting, global edge), Stripe (payments, USA), Twilio (SMS, USA), AI providers for analysis (USA — SCCs in place), proxy providers for enhanced crawl (optional). All processors are bound by data processing agreements.
Account data: duration of subscription + 3 years. Check audit records and screenshots: 24 months minimum. Billing records: 7 years (statutory). API logs: 12 months rolling. Demo check data: 30 minutes (auto-purged).
AES-256 encryption at rest. TLS 1.2+ in transit. Authenticated check credentials are encrypted and never logged or sent to AI models. Row-level security enforces tenant isolation. Bcrypt-hashed API keys. Immutable audit trail.
Under PDPA and GDPR: Access, Correction, Erasure, Restriction, Portability, Objection, Withdraw Consent. Submit requests to privacy@kyw-platform.com. We respond within 21 days. Complaints: Personal Data Protection Commissioner, Malaysia (pdp.gov.my).
Primary database is in Singapore (AWS ap-southeast-1). For transfers to USA (AI providers, Stripe), we rely on Standard Contractual Clauses and equivalent contractual safeguards.
Essential cookies: authentication and security (session/30 days). Functional cookies: user preferences (1 year). Analytics: self-hosted, no third-party tracking. We do not use advertising cookies.
When you register merchants for monitoring, KYW acts as data processor and you are the data controller. You are responsible for obtaining lawful basis and providing appropriate notices to merchants. See our Data Processing Agreement (DPA) for full terms.
We will notify you of material changes by email at least 30 days before they take effect. Contact: privacy@kyw-platform.com