Privacy Policy

We only collect data needed to operate the service:

• Account data: name, email address, profile photo (avatar).
• Testimonial submitter data: name, optional email, job title, company name, profile photo, testimonial text and/or video.
• Billing data: handled exclusively by our payment processor (Lemon Squeezy). We never see or store your credit card details.
• Technical data: IP address, browser type, and basic usage logs for security and abuse prevention. Logs are deleted after 30 days.

Your data is used solely to:

• Provide the testimonial collection, management, and display service you signed up for.
• Send transactional emails (sign-up confirmation, password reset, billing receipts).
• Detect abuse, prevent fraud, and keep the service running.
• Respond to your support requests.

We do not sell your personal data, and we do not use it for advertising or third-party marketing.

Your data is stored on Supabase, hosted in the Singapore (ap-southeast-1) region. Data is encrypted at rest (AES-256) and in transit (TLS 1.3).

We share strictly the minimum data required with the following sub-processors:

• Supabase — database, authentication, file storage (avatars, videos).
• Lemon Squeezy — payment processing for paid plans. Subject to their privacy policy.
• Cloudflare — content delivery network and DDoS protection.
• OpenRouter / Anthropic Claude — when you use WhatsApp screenshot import, the uploaded image is sent for AI extraction. Images are NOT stored by the AI provider; only the extracted text is returned and saved.
• Vercel — application hosting. Logs and metrics only, no personal data.

We use cookies only to maintain your login session. We do not use any analytics, advertising, or third-party tracking cookies. You can clear cookies anytime in your browser settings — the only effect is being logged out.

Under the Malaysian PDPA you have the right to:

• Access — request a copy of all personal data we hold about you.
• Correct — ask us to fix any inaccurate or incomplete data.
• Delete — request deletion of your account and all associated data.
• Withdraw consent — at any time, with effect on future processing.
• Lodge a complaint with the Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi) if you feel your rights have been violated.

Email support@kudos.com.my with any request. We respond within 7 business days.

Account data is retained while your account is active. When you delete your account, all personal data and uploaded files are removed within 30 days, except where we are legally required to retain billing records for tax compliance (typically 7 years under Malaysian law).

Kudos is not directed to children under 13 and we do not knowingly collect data from them. If you believe a child has submitted personal data, contact us and we will delete it.

We may update this policy as the service evolves. Material changes will be communicated by email to all account holders at least 14 days before they take effect.

For any privacy-related question or request:
support@kudos.com.my