Privacy Policy

Last updated: April 14, 2026

1. Introduction

This Privacy Policy explains how SWH Alpha Sdn Bhd ("we", "us", "our") collects, uses, and protects your personal data when you use Keropok ("Service") at keropok.ai. We are committed to protecting your privacy and complying with the Malaysia Personal Data Protection Act 2010 (PDPA).

2. What We Collect

We collect the following data when you use Keropok:

  • Account information — your name and email address, provided during registration.
  • OAuth tokens — access tokens for your connected social media accounts (LinkedIn, Twitter/X, Facebook, Threads). These are stored encrypted and used only to publish and read content on your behalf.
  • Website scan data — content extracted from your website to learn your brand voice and tone.
  • Generated posts — the social media content our AI creates for your accounts.
  • Engagement metrics — likes, shares, comments, and other performance data from your published posts.

3. How We Use Your Data

  • To provide the Service — generate posts, publish to your accounts, and track engagement.
  • To learn your brand voice from your website content.
  • To improve our AI and content generation quality.
  • To send you notifications, weekly reports, and service updates.
  • To monitor and fix errors in the Service.

4. Third-Party Services

We use the following third-party services to operate Keropok. Each has its own privacy policy:

  • Supabase — database and authentication (Singapore region).
  • Anthropic Claude — AI content generation. Your website content and brand context are sent to Claude to generate posts.
  • Firecrawl — website scanning to extract your brand content.
  • LinkedIn, Twitter/X, Facebook, Threads — social media platforms where posts are published and metrics are collected.
  • Resend — transactional email delivery.
  • Vercel — application hosting.
  • Sentry — error monitoring and diagnostics.

5. Data Storage and Security

Your data is stored in Supabase (Singapore region) and encrypted at rest. OAuth tokens are stored with additional encryption. We use HTTPS for all data in transit. While no system is perfectly secure, we take reasonable measures to protect your data from unauthorized access, loss, or misuse.

6. OAuth Tokens

When you connect a social media account, we store an OAuth access token (and refresh token where applicable). These tokens are stored securely with encryption and are used solely to publish posts, read engagement metrics, and manage content on your authorized accounts. You can revoke access at any time by disconnecting the account from your Keropok dashboard or revoking permissions directly on the social media platform.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account or your subscription ends, we will delete your data within 30 days. Some anonymized, aggregated data (e.g., overall engagement trends) may be retained for service improvement purposes.

8. Your Rights

Under the Malaysia PDPA and general data protection principles, you have the right to:

  • Access your personal data that we hold.
  • Correct any inaccurate or incomplete data.
  • Delete your data by requesting account deletion.
  • Withdraw consent for data processing at any time.

To exercise any of these rights, email us at support@keropok.ai. We will respond within 21 days as required by the PDPA.

9. Cookies

Keropok uses minimal cookies, limited to what is necessary for the Service to function:

  • Authentication session cookies — to keep you logged in.
  • OAuth state cookies — temporary cookies used during the social media account connection flow.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Children

Keropok is not intended for users under 18 years of age. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a user under 18, we will delete it promptly.

11. PDPA Compliance

We process your personal data in accordance with the Malaysia Personal Data Protection Act 2010 (PDPA). We collect and process data based on your consent (provided when you create an account and connect social media platforms), for the purpose of providing the Service as described in these terms.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact

Questions about this Privacy Policy? Email us at support@keropok.ai.

See also our Terms of Service.