KiraNow Privacy Policy
Effective Date: 2nd January 2026
Last Updated: 2nd January 2026
1. Introduction
KiraNow ("we," "our," or "us") operates the KiraNow mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
We comply with the Personal Data Protection Act 2010 (PDPA) of Malaysia, the General Data Protection Regulation (GDPR) for users in the European Union/European Economic Area, and other applicable global data protection laws. By using KiraNow, you consent to the data practices described in this policy.
2. Information We Collect
A. Personal Information You Provide:
- Account Information: Name, email address, phone number, profile picture.
- Financial Data: Bill/expense descriptions, amounts, dates, currencies, payment notes.
- Social Data: Names and contact information of friends/group members you add.
- Bank Account Information: Bank account details that you voluntarily add to your user profile for settlement functionality (optional).
- Communications: Support requests, feedback, survey responses.
B. Information Collected Automatically:
- Device Information: Device type, operating system, unique device identifiers.
- Usage Data: Features used, time spent, screens viewed, buttons clicked.
- Log Data: IP address, app crash reports, performance data.
- Location Data: Only if you enable it for multi-currency features or location-based suggestions.
C. Third-Party Information:
- Contacts: If you grant permission, we access your contacts to easily add friends.
3. How We Use Your Information
| Purpose |
Legal Basis |
| To provide core App functionality (creating groups, splitting bills) |
Performance of contract |
| To calculate balances and simplify debts |
Performance of contract |
| To send notifications about expenses, settlements, and reminders |
Legitimate interest |
| To improve App performance and fix bugs |
Legitimate interest |
| To develop new features and personalize experience |
Consent (where required) |
| To prevent fraud and ensure security |
Legal obligation |
| To comply with applicable laws and regulations |
Legal obligation |
For GDPR users: We process your data based on: (1) Contractual necessity, (2) Legitimate interest, (3) Consent, or (4) Legal obligation as outlined above.
4. How We Share Your Information
We do NOT sell your personal data. We only share information in these circumstances:
| Recipient |
What is Shared |
Purpose |
| Other KiraNow Users |
Your name, profile picture, expense details within groups you join, and bank account information if added to your user profile |
Core App functionality and settlement facilitation |
| Service Providers |
Email services, cloud hosting, analytics (e.g., Firebase) |
App operation and improvement |
| Legal Authorities |
If required by law or valid legal process in your jurisdiction |
Legal compliance |
5. International Data Transfers & Global Compliance
For Malaysian Users:
- We comply with the Personal Data Protection Act 2010 (PDPA)
For EU/EEA & UK Users:
- We comply with the General Data Protection Regulation (GDPR)
- We implement Standard Contractual Clauses for international data transfers
- You have additional rights under GDPR (see Section 6)
For Other Jurisdictions:
- We adhere to local data protection laws where applicable
- Data is primarily processed in Malaysia with adequate safeguards
6. Your Data Protection Rights
Depending on your location, you may have the following rights:
Malaysian Users (PDPA Rights):
- Access your personal data
- Correct inaccurate data
- Withdraw consent for processing
- Limit processing of your data
- Request deletion of your data
- Data portability
- Complain to the Personal Data Protection Commissioner
EU/EEA/UK Users (GDPR Rights):
- Right to access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision-making
To exercise these rights, contact: [email protected]
7. Data Retention
We retain your personal data only as long as necessary:
| Data Type |
Retention Period |
| Active account data |
Until account deletion |
| Financial transaction records |
7 years (for regulatory compliance) |
| Inactive accounts |
24 months after last login, then anonymization |
| Deleted accounts |
30-day recovery window, then permanent deletion |
8. Data Security
We implement appropriate security measures:
- Encryption: Data in transit (SSL/TLS) and at rest (AES-256)
- Access controls: Strict employee access limitations
- Regular security audits: Vulnerability assessments
- Secure development: Following OWASP guidelines
9. Children's Privacy
KiraNow is not intended for users under 18 years old. We do not knowingly collect data from children. If we learn we have collected such data, we will delete it immediately.
10. Third-Party Services
Our App integrates with:
- Google Firebase (analytics, crash reporting)
- Cloud storage providers (AWS, Google Cloud)
- Email service providers
These third parties have their own privacy policies. We recommend reviewing them.
11. Automatic Data Collection
We use:
- Essential technologies: For App functionality (cannot be disabled)
- Analytics technologies: To improve App performance (you can opt out)
- Local storage: To save your preferences on your device
12. Changes to This Policy
We may update this policy. We will notify you via:
- In-App notifications
- Email (for major changes)
- Updated "Effective Date" at the top
Continued use after changes constitutes acceptance.
13. Contact Information
Malaysian Personal Data Protection Commissioner:
Department of Personal Data Protection
Ministry of Communications and Digital
Level 8, Galeria PjH, Jalan P4W, Persiaran Perdana,
Presint 4, Pusat Pentadbiran Kerajaan Persekutuan
62100 Putrajaya, Malaysia
Tel: +603-8000 8000
Website: https://www.pdp.gov.my
Appendix: Specific Data Practices
For Group Members:
When you join a group, other members see:
- Your name and profile picture
- Expenses you add and their details
- Your balance within that group
- Your bank account information (if you have added it to your user profile)
For Expense Tracking:
We store:
- Expense amounts and descriptions
- Who paid and who owes
- Settlement history
- Receipt images (if you upload them)
Bank Account Information:
- Bank account details are optional to add to your profile
- Visible only to other users in groups you join
- Used solely for manual settlement facilitation
- We do not process payments through these accounts
Additional Global Compliance Notes
-
Data Transfer Mechanisms: For international transfers, we use:
- Standard Contractual Clauses (EU)
- Adequacy decisions where applicable
- Binding Corporate Rules for intra-group transfers
- Breach Notification: We will notify users and authorities of data breaches as required by local laws (72 hours for EU under GDPR, promptly for Malaysia under PDPA).
- Data Protection Impact Assessments: Conducted for high-risk processing activities.
- Record of Processing Activities: Maintained as required by GDPR and other regulations.