K
Keparat.my Try the translator →

Legal

Privacy Policy

Last updated: 11 April 2026

This Privacy Policy explains how Keparat.my collects, uses, and protects your personal data. It is written to comply with the Malaysian Personal Data Protection Act 2010 (PDPA).

1. What we collect

Data Why Public?
Email address (from Google/Facebook OAuth) Account identity and login No
Real name (from Google/Facebook OAuth) Abuse investigation only; never displayed publicly No
IP address (SHA-256 hashed with site secret) Rate limiting, abuse prevention No
Raw input text you submit Display on card, gallery (if marked public) Yes (if public)
Handle and avatar (chosen during onboarding) Your public identity on the Service Yes
Session cookie Tracks your anonymous trial usage No

2. Third-party processors

Your data may be processed by the following third-party services as part of normal Service operation:

  • DeepSeek: AI translation service. Receives your raw input text when you submit a translation.
  • Supabase: database and storage. Hosts your submitted cards and account data.
  • DigitalOcean: application hosting.
  • Cloudflare: content delivery network and bot protection.
  • Google OAuth, Facebook OAuth: authentication, if you choose to sign in.

We do not sell your personal data to any third party. We do not use your data for advertising beyond basic analytics (see the Cookies Policy).

3. Your PDPA rights

Under the Malaysian Personal Data Protection Act 2010, you have the right to:

  • Access your personal data held by us
  • Correct any inaccurate or incomplete personal data
  • Delete your account and have your personal data erased
  • Object to certain processing activities (for example, analytics; see the Cookies Policy)

To exercise these rights, email [email protected]. Once authentication is enabled, you will also be able to delete your account directly from your dashboard; that deletion takes effect immediately (public cards are anonymised) and the account record is permanently removed after a 30-day grace period.

4. Data retention

  • Account data: kept until you delete your account. After deletion, all personally identifiable fields are anonymised immediately; the full row is hard-deleted after 30 days.
  • Public cards: kept indefinitely unless you delete them individually or they are removed by moderation.
  • Hashed IP addresses: retained in a 90-day rolling window for abuse prevention.
  • Analytics data: 14 months (Google Analytics 4 default, applies only if you've consented to analytics cookies).

5. Cookies

See our Cookies Policy for details on what cookies we set and how you can manage them.

6. Children's data

Keparat.my is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will delete it.

7. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced on the Service with a new "Last updated" date. Continued use after changes constitutes acceptance of the new policy.

8. Contact

For privacy-related questions or to exercise your PDPA rights, email [email protected].

We use essential cookies to keep Keparat.my working (your trial counter, session, CSRF protection). We'd also like to use analytics cookies to understand how the site is used, but only if you're OK with that. Details.