Kroolo

Singapore

Data Retention Policy for Kroolo Introduction This Data Retention Policy ("Policy") outlines the principles and guidelines for the retention and deletion of data held by Kroolo. We are committed to ensuring the privacy and security of our users' data, and we have designed this Policy to reflect that commitment. Scope This Policy applies to all data, irrespective of its format, that is held by Kroolo on its production servers hosted on Amazon Web Services (AWS). Data Retention Period a. Production Lifetime Retention: All user data will be retained for the lifetime of the product unless the user chooses to delete it. This means as long as our service is active and you are using our platform, your data will be securely stored. b. User-initiated Deletion: Once a user chooses to delete specific data or their account, the data will not be immediately removed permanently. Instead, it will be retained for an additional 30 days. This is to provide our users with an option to retrieve or restore the data in case of accidental deletions or changes. c. Post 30-day Period: After the 30-day retention period following a user-initiated deletion, the data will be permanently deleted from our systems and will not be recoverable. Data Protection While we retain user data, Kroolo ensures that it is protected using state-of-the-art security mechanisms. Our hosting infrastructure on AWS adheres to best practices in data protection, ensuring that user data is safeguarded at all times. User Rights Users have the right to request information about the data we store about them, correct inaccuracies, and initiate the deletion of their data. For such requests, users can contact our support team, and we will respond promptly. Changes to this Policy Kroolo reserves the right to update or change this Data Retention Policy at any time. We will notify our users of any significant changes and ensure that we always remain compliant with relevant data protection laws and best practices. Contact Information For any queries or clarifications regarding this Policy, or to exercise your rights as outlined above, please contact security@kroolo.com.

Data Archival and Removal Policy for Kroolo Introduction This Data Archival and Removal Policy ("Policy") provides guidelines on the storage, archiving, and removal of data to ensure Kroolo complies with relevant regulations and best practices. Scope This Policy applies to all digital data generated, processed, or held by Kroolo, irrespective of its format or location. Data Archival a. Purpose: Data archival refers to the process of storing data that may not be actively used but is retained for future reference or regulatory compliance. b. Duration: Data designated for archival will be stored for a period defined by relevant regulations or until the data is no longer required for business or legal purposes, whichever is longer. c. Protection: Archived data will be stored securely, ensuring its integrity and confidentiality. Access to archived data will be limited to authorized personnel only. Data Removal a. Purpose: Data removal ensures that outdated or unnecessary data is safely and permanently removed from our systems, in line with regulatory requirements. b. Criteria for Removal: Data will be removed based on the following criteria: Expiry of the regulatory or legal retention period. The data is no longer necessary for the purpose for which it was collected. User-initiated deletion requests that have surpassed the 30-day retrieval period (as per our Data Retention Policy). c. Procedure: Data identified for removal will be deleted securely to ensure it cannot be reconstructed or accessed post-deletion. A record of the removal, including the date, nature, and reason for the removal, will be maintained for audit purposes. Regulatory Compliance We commit to staying updated on and compliant with all relevant data protection and privacy regulations that apply to our operations. This Policy will be updated as needed to reflect any changes in regulatory requirements. User Rights Users have the right to inquire about the archival and removal processes and to request the removal of their data under applicable regulations. Requests can be made through our support channels, and we will address them in accordance with regulatory guidelines. Changes to this Policy Kroolo reserves the right to update or modify this Data Archival and Removal Policy at any time to reflect changes in our practices or applicable laws. Users will be notified of any significant changes. Contact Information For any queries, clarifications, or to exercise your rights as outlined above, please contact security@kroolo.com.

Data Storage Policy for Kroolo Introduction This Data Storage Policy ("Policy") provides a framework for how Kroolo stores, manages, and protects the data on our systems, ensuring the safety and integrity of the data. Scope This Policy applies to all data held by Kroolo, irrespective of its format, that is stored on our AWS instance located in Ohio, USA. Data Storage Location a. Primary Storage: All user data and relevant application data are primarily stored on an Amazon Web Services (AWS) instance situated in Ohio, USA. b. Backups: Backup copies of the data might be stored in secure locations within the AWS ecosystem to ensure data redundancy and recovery. Data Storage Security a. Encryption: All data, both at rest and in transit, will be encrypted using industry-standard encryption algorithms. b. Access Control: Strict access control measures are in place to ensure that only authorized personnel have access to the stored data. This includes multi-factor authentication, regular password updates, and role-based access controls. c. Monitoring: Continuous monitoring tools are deployed to detect any unauthorized access or anomalies in data usage patterns. Regulatory Compliance Being stored in an AWS instance in Ohio, USA, the data is subject to US data protection and privacy laws. Kroolo is committed to ensuring compliance with all applicable regulations and will take necessary measures to fulfill our legal obligations. Data Sovereignty Data stored in our AWS Ohio instance remains within the United States. Users should be aware that by using our platform, they consent to the storage of their data in the USA, subject to its laws and regulations. Data Redundancy To ensure high availability and data durability, multiple copies of the data are stored across different servers and locations within the AWS ecosystem. Disaster Recovery Regular backups are taken and stored in secure locations. In the event of a system failure or data loss incident, these backups will be used to restore the data, ensuring business continuity. Changes to this Policy Kroolo reserves the right to update or modify this Data Storage Policy at any time to reflect changes in our practices or the legal landscape. Users will be notified of any significant changes. Contact Information For inquiries, clarifications, or concerns regarding this Policy or the storage of your data, please contact at security@kroolo.com.

United States

Cloud hosted AWS

AWS

no

no

Kroolo's Procedure for Handling Data Deletion Requests Request Initiation: a. Users can initiate a data deletion request through the designated section in their account settings or by sending an email to security@kroolo.com. b. The request should clearly state the user's intention to delete their data and provide any necessary information to identify the user's account, such as username or registered email address. Request Acknowledgment: a. Upon receipt of a data deletion request, Kroolo will send an acknowledgment email to the user within 48 hours. b. This email will confirm the initiation of the deletion process and provide an estimated time frame for completion. Data Verification: a. To protect user data and prevent malicious deletion requests, Kroolo will verify the authenticity of the request. b. This might involve sending a verification email with a unique code or link, or asking the user to confirm the request through their account on the Kroolo platform. Data Deletion Process: a. Once the request is verified, Kroolo will begin the process of deleting the user's data from active databases and systems. b. As per Kroolo's Data Retention Policy, the data will be retained for an additional 30 days in a secure, isolated environment to allow for potential retrieval in case of accidental deletion. c. After the 30-day period, the data will be permanently deleted from all systems and backups. Notification of Completion: a. After the final deletion, Kroolo will notify the user via email that their data has been permanently removed from the system. b. This email will also provide information on any residual data or logs that might be retained for regulatory or operational purposes, if applicable.

no

no

yes

security@kroolo.com

no

no

no

no