← Back to Kaki

Privacy Policy

Last updated: February 2026 · Governed by the Singapore Personal Data Protection Act (PDPA)

1. Who we are

Kaki (“we”, “our”, “us”) is a social platform that helps people in Singapore discover activities and find others to join them. Our website is kakisg.com. If you have questions about this policy, contact us at thesingaporekaki@gmail.com.

2. Data we collect

When you use Kaki, we may collect:

  • Account data - your name, email address, and profile photo from Google (via Google OAuth sign-in).
  • Phone number - optionally, if you choose to verify your Singapore mobile number to earn the Verified ✓ badge.
  • Activity data - activities you post, join requests, ratings, and messages sent in group chats.
  • Usage data - pages visited, features used, and interactions, collected via PostHog analytics.
  • Push token - if you enable push notifications, we store your browser push subscription.
  • Error data - crash reports collected via Sentry to help us fix bugs.

We do not collect payment information, government IDs, or any sensitive personal data beyond the above.

3. Why we collect it

  • To create and manage your Kaki account.
  • To enable you to post activities and connect with other participants.
  • To verify your Singapore phone number (if you opt in) and display the Verified ✓ badge.
  • To send push notifications about join requests and approvals (if you opt in).
  • To improve the app through anonymised usage analytics and error reporting.

4. How we store and protect your data

Your data is stored in Supabase (Singapore region, ap-southeast-1). All data is encrypted at rest and in transit (TLS). We apply Row Level Security (RLS) so users can only access data they are authorised to see.

Phone numbers used for verification are processed via Twilio Verify and are stored in our database only upon successful verification. Twilio OTP credentials are never exposed to the client.

5. Who we share data with

We use the following third-party processors:

  • Supabase - database and authentication hosting.
  • Google OAuth - identity verification for sign-in.
  • Twilio - SMS OTP for optional phone verification.
  • Vercel - hosting and edge functions.
  • PostHog - anonymised usage analytics.
  • Sentry - error and performance monitoring.

We do not sell your personal data to any third party.

6. Data visible to other users

Your display name, profile photo, and Verified ✓ badge are visible to other Kaki users when you post or join activities. Your email address, phone number, and raw rating scores are never shown publicly.

7. Your rights under PDPA

Under Singapore's Personal Data Protection Act, you have the right to:

  • Access - request a copy of your personal data.
  • Correction - update your display name or bio from your Profile page at any time.
  • Deletion - request deletion of your account and all associated data by emailing thesingaporekaki@gmail.com. We will complete deletion within 30 days.
  • Withdrawal of consent - you may disable push notifications at any time from your browser settings.

8. Data retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

9. Cookies and tracking

Kaki uses session cookies managed by Supabase for authentication. PostHog analytics uses localStorage. We do not use third-party advertising cookies.

10. Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via the app. Continued use of Kaki after changes constitutes acceptance of the updated policy.

Questions? Email us at thesingaporekaki@gmail.com