Privacy Policy

Effective Date: April 24, 2026

Version: 1.0

1. Introduction

This Privacy Policy describes how Kantoku Pte. Ltd. ("Kantoku", "Company", "we", "us", or "our") collects, uses, discloses, retains, and protects Personal Data in connection with the Services.

This Privacy Policy should be read together with the Terms of Service, the Definitions document, and, where applicable, the Data Processing Agreement ("DPA").

2. Scope of this Privacy Policy

This Privacy Policy applies to Personal Data processed by Kantoku in connection with:

  1. access to or use of the Services;
  2. creation and management of Accounts;
  3. billing, subscriptions, and customer administration;
  4. support, communications, and service operations;
  5. use of Kantoku websites or related online properties; and
  6. Kantoku's business operations relating to the Services.

Where Kantoku processes Personal Data on behalf of a Customer as a Processor, such processing is governed by the DPA between Kantoku and the Customer.

3. Personal Data We Collect

Kantoku may collect the following categories of Personal Data, depending on how the Services are used.

3.1 Account and Contact Data. This may include name, email address, organization name, role, contact details, Account information, and related administrative information.

3.2 Billing and Commercial Data. This may include billing contact details, subscription information, invoice information, transaction records, payment status, and related commercial information.

Kantoku uses third-party payment processors to process payments. Kantoku does not intentionally collect or store full payment card numbers, security codes, or other full payment card data. Payment information is processed by the applicable third-party payment processor in accordance with its own terms and privacy practices.

3.3 Customer Data. Customer Data may include Personal Data submitted, uploaded, or otherwise made available by or on behalf of a Customer through the Services. The Customer determines the nature and content of Customer Data.

3.4 Usage Data and Service Data. Kantoku may collect Usage Data and Service Data, including technical logs, metadata, interaction data, device and browser information, IP addresses, authentication events, diagnostic information, system performance data, and information about how the Services are accessed and used.

3.5 Support and Communications Data. This may include messages, support requests, feedback, call or meeting notes, correspondence, and other information provided when communicating with Kantoku.

3.6 Website and Online Data. When individuals visit Kantoku websites or online properties, Kantoku may collect information such as IP address, browser type, device information, pages viewed, referring URLs, and other online activity information.

4. How We Collect Personal Data

Kantoku may collect Personal Data:

  1. directly from Customers, Users, or other individuals;
  2. through use of the Services;
  3. through Accounts, forms, support requests, and communications;
  4. through logs, cookies, and similar technologies;
  5. from integrations, APIs, or third-party services enabled by the Customer; and
  6. from service providers, business partners, or publicly available sources where permitted by Applicable Law.

5. How We Use Personal Data

Kantoku may use Personal Data for the following purposes, subject to the Agreement, the DPA where applicable, and Applicable Law:

  1. to provide, operate, maintain, support, and secure the Services;
  2. to create and manage Accounts;
  3. to process subscriptions, billing, invoices, and payments;
  4. to respond to inquiries, support requests, and customer communications;
  5. to monitor, analyze, troubleshoot, and improve the Services;
  6. to develop new features, modules, and functionality;
  7. to detect, prevent, investigate, or respond to misuse, fraud, Security Incidents, or technical issues;
  8. to comply with Applicable Law, legal obligations, and lawful requests;
  9. to enforce the Agreement and protect Kantoku's rights, property, and interests; and
  10. for other purposes disclosed at the time of collection or authorized by the Customer or individual.

6. Customer Data and Processor Role

The Customer is responsible for determining what Customer Data is submitted to the Services and for ensuring that it has the rights, notices, consents, authorizations, or other legal bases required to provide such Customer Data to Kantoku.

To the extent Customer Data includes Personal Data and Kantoku processes such Personal Data on behalf of the Customer as a Processor, Kantoku processes that Personal Data in accordance with the Customer's configuration and use of the Services, the Agreement, the DPA where applicable, and Applicable Law.

Kantoku does not control the content of Customer Data and is not responsible for determining whether Customer Data complies with laws, regulations, contractual requirements, or other obligations applicable to the Customer.

7. Service Data and Usage Data

Kantoku may collect, generate, use, and analyze Service Data and Usage Data for purposes related to the operation, administration, protection, support, analytics, and improvement of the Services.

Kantoku may also create and use aggregated or de-identified data derived from Customer Data or use of the Services, provided that such data does not identify the Customer, any User, or any individual, and cannot reasonably be used to do so.

Kantoku does not sell Personal Data or Customer Data.

8. Disclosure of Personal Data

Kantoku may disclose Personal Data:

  1. to service providers and Subprocessors that support the provision, operation, security, hosting, billing, analytics, support, or improvement of the Services;
  2. to Customers, where Personal Data relates to their Accounts, Users, Authorized Users, or use of the Services;
  3. to professional advisers, including lawyers, accountants, auditors, insurers, and consultants;
  4. to comply with Applicable Law, legal process, court orders, or lawful requests from public authorities;
  5. to protect the rights, property, security, or interests of Kantoku, Customers, Users, or third parties;
  6. in connection with a merger, acquisition, financing, corporate reorganization, sale of assets, or similar transaction; and
  7. with consent or as otherwise authorized by the relevant individual or Customer.

9. Subprocessors and Service Providers

Kantoku may engage Subprocessors and other service providers to process Personal Data in connection with the Services.

Where Kantoku acts as a Processor, the engagement of Subprocessors is governed by the DPA.

Kantoku maintains a Subprocessor List that identifies third parties engaged by Kantoku to process Personal Data in connection with the Services. The Subprocessor List may be updated from time to time as required to support the Services.

10. International Transfers

Kantoku is incorporated in Singapore, but Personal Data may be processed in countries other than the country where the Customer, User, or individual is located. These countries may have data protection laws that differ from those in the individual's jurisdiction.

Where required by Applicable Law, Kantoku will take reasonable steps to ensure that Personal Data transferred internationally receives a standard of protection comparable to that required under applicable data protection laws.

11. Retention

Kantoku retains Personal Data only for as long as reasonably necessary for the purposes described in this Privacy Policy, the Agreement, the DPA where applicable, or as required or permitted by Applicable Law.

Retention periods may vary depending on the type of Personal Data, the nature of the Services, legal and contractual requirements, backup and archival processes, security requirements, dispute resolution needs, and legitimate business purposes.

Customer Data is retained and deleted in accordance with the Agreement, the DPA where applicable, the Customer's configuration and use of the Services, and Applicable Law.

12. Security

Kantoku implements reasonable technical and organizational measures designed to protect Personal Data against unauthorized access, use, disclosure, alteration, or loss, taking into account the nature of the Personal Data, the risks presented by the processing, and Applicable Law.

While Kantoku takes reasonable steps designed to protect Personal Data, security risks cannot be eliminated entirely, and Kantoku does not guarantee that Personal Data will be free from all security risks.

13. Individual Rights and Choices

Subject to Applicable Law, individuals may have rights in relation to their Personal Data, including rights to access, correct, update, or request deletion of Personal Data.

Where Kantoku processes Personal Data on behalf of a Customer as a Processor, individuals should direct requests relating to Customer Data to the relevant Customer. Kantoku may refer such requests to the Customer or act in accordance with the DPA or Applicable Law.

For Personal Data that Kantoku processes as a Controller, individuals may contact Kantoku using the contact details set out in this Privacy Policy.

14. Cookies and Similar Technologies

Kantoku may use cookies and similar technologies on its websites and online properties to operate the website, remember preferences, analyze usage, improve performance, and support security.

Users may control cookies through browser settings. Disabling certain cookies may affect the functionality or availability of some features.

A separate Cookie Policy provides additional information about Kantoku's use of cookies and similar technologies.

15. Children

The Services are not intended for children. Kantoku does not knowingly collect Personal Data from children through the Services. If Kantoku becomes aware that it has collected Personal Data from a child without appropriate authorization, Kantoku will take reasonable steps to delete such Personal Data where required by Applicable Law.

16. Changes to this Privacy Policy

Kantoku may update this Privacy Policy from time to time. If Kantoku makes material changes, it will provide notice by reasonable means. The updated Privacy Policy will be effective as of the date stated in the updated version or as otherwise communicated.

17. Contact

Questions or requests regarding this Privacy Policy or Kantoku's handling of Personal Data may be directed to:

Kantoku Pte. Ltd.
Email: privacy@kantoku.io