Privacy Policy

Last updated: 7 May 2026

This Privacy Policy describes how Gleapx Sdn Bhd (“we”, “our”) collects, uses, and protects your personal data when you use the kakimakan mobile application (“App”). By using kakimakan you agree to this policy. We comply with the Personal Data Protection Act 2010 (PDPA Malaysia).

1. What we collect

Account data — email address, display name, handle, profile photo (if uploaded).
MakanDNA — your dietary preferences, spice level, vibe, meal-window choices, cuisines.
Location — coarse and precise location, only when the App is open and only when needed to show nearby jios. We do not stream continuous background location, and we do not share your location with other users.
Content you create — jio posts, chat messages, reviews, trust tags, photos.
Photos — profile photo and verification selfies. Verification frames are processed for face-pose detection on-device or via a third-party safety provider; we do not retain the verification frames after a pass/fail decision.
Device data — device model, OS version, language, push token, app version, anonymised crash logs.
Usage data — taps, screens viewed, time spent, used to improve the product.

2. How we use it

To match you with relevant nearby jios and kakis.
To deliver chats, push notifications, and meal reminders.
To detect and prevent abuse (NSFW filtering, fake-profile detection, blocked-user enforcement).
To display the host's DuitNow ID and each pax's share so kakis can settle AA in their own bank app. We do not process, route, or hold any funds, and we never see your bank credentials.
To respond to support requests at hello@kakimakan.app.

3. Who we share with

Other users — your display name, handle, photo, MakanDNA highlights, trust score, and the content you post in jios are visible to other users in the App. Email and phone are never shown.
Service providers — Supabase (database & auth), Sentry (crash logs), Sightengine (image safety), Firebase Cloud Messaging (push). These vendors process data on our behalf under data-processing agreements.
Law enforcement — only when legally compelled, or to protect the safety of users.
We do not sell your personal data and do not use it for cross-app advertising.

4. Your rights

Access, correct, or delete your account at any time from Profile → Delete Account.
Export your data — email hello@kakimakan.app and we will return your account data within 30 days.
Withdraw consent — by deleting the App and your account.

5. Retention

We keep your account data for as long as your account is active. After deletion, account records are removed within 30 days, with a maximum 90-day backup retention for disaster recovery. Anonymised aggregate analytics may be retained.

6. Children

kakimakan is not intended for users under 17. We do not knowingly collect data from children. If you believe a minor has registered, contact us and we will delete the account.

7. Cross-border transfers

Some service providers (Supabase, Sentry, Sightengine, Firebase) process data outside Malaysia, including in Singapore, the EU, and the United States. We use vendors that meet recognised data-protection standards.

8. Security

We use TLS in transit, row-level security in the database, and access controls on all admin tooling. No system is perfectly secure; we will notify affected users of any material breach within 72 hours.

9. Changes

We may update this policy. Material changes will be announced in-app and by email. Continued use after changes means you accept the updated policy.

10. Contact

Gleapx Sdn Bhd
Email: hello@kakimakan.app
Data Protection Officer: dpo@kakimakan.app