KOLab
Beta

KOLab is currently in beta. Some features are still being improved.

Privacy Policy

Last updated: March 31, 2026

This Privacy Policy explains how KOLab collects, uses, stores, and shares information when you use the platform. KOLab is operated from Malaysia and this policy is drafted in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

1. Information We Collect

KOLab may collect account information, profile information, connected social account data, campaign and application activity, direct messages, payment and boost purchase records, report and moderation records, usage information, cookies or token identifiers, and technical device information necessary to operate, secure, and improve the platform. We may collect this information directly from you, from actions taken by other users when interacting with you on the platform, from connected services you choose to link, from payment or support providers, and from publicly available sources where relevant to profile display, verification, fraud prevention, or platform safety. Some information is mandatory for account creation, verification review, campaign participation, payment processing, or use of specific features, and if you do not provide it KOLab may be unable to create your account, complete the requested action, or provide the relevant feature.

2. Legal Basis for Processing

KOLab processes personal data under the following legal bases as defined by the PDPA: (a) Consent — when you register an account, connect social accounts, or submit profile information, you consent to processing of that data for the stated purposes. You may withdraw consent at any time, though this may affect your ability to use certain features. (b) Contractual necessity — processing required to provide the services you have requested, including account management, campaign workflows, messaging, payment processing, and boost features. (c) Legal obligation — processing required to comply with applicable Malaysian law, including tax, anti-money laundering, and record-keeping obligations. (d) Legitimate interest — processing for fraud prevention, platform security, abuse detection, service improvement, and analytics, where such interests are not overridden by your data protection rights. Where we rely on legitimate interest, we conduct a balancing assessment to ensure your rights are respected.

3. How We Use Information

We use information to create and manage accounts, display profiles, power search and recommendations, support messaging and campaign workflows, process boosts and paid features, detect abuse or fraud, review reports, enforce platform rules, improve the product, maintain security, and comply with legal obligations.

4. Public Profile Information

If you create a public creator or brand profile, some information may be visible to other users, including your display name, business or creator description, selected profile details, social metrics, category information, portfolio items, service areas, and pricing that you choose to display. Private account details, internal moderation notes, login credentials, billing records, and data not intentionally published as part of your profile are not treated as public profile information.

5. Messages and Campaign Activity

When you use campaign features, direct messaging, or applications, related data may be stored and processed to deliver those features, prevent abuse, investigate fraud or policy violations, support dispute review, and maintain platform operations. KOLab may review message, application, report, and campaign-related records where reasonably necessary for safety, moderation, legal compliance, or enforcement purposes.

6. Data Sharing

KOLab does not sell personal data. Information may be shared with the following categories of service providers: cloud hosting and infrastructure providers, object storage providers, analytics services, authentication providers (Google, Facebook), search engine providers, email delivery services, payment gateway operators (Billplz), and customer support tools. These providers process data on our behalf under contractual obligations that require them to protect your data. Some service providers may be located outside Malaysia; see Section 12 for details on cross-border transfers. Information may also be disclosed where legally required or where reasonably necessary to protect rights, safety, users, partners, or platform integrity.

7. Cookies and Authentication

KOLab may use cookies, tokens, and similar technologies to keep you signed in, remember preferences, secure sessions, measure platform usage, reduce fraud, and support account authentication and abuse prevention.

8. Data Retention

We retain data for as long as needed to operate the platform and fulfill the purposes described in this policy. Specific retention periods are as follows: (a) Active account data — retained for the lifetime of the account. (b) Deleted account data — personal data is removed within 30 days of account deletion; anonymized usage data may be retained indefinitely for analytics. (c) Messages — retained for 2 years after account deletion for abuse prevention and dispute resolution. (d) Payment and transaction records — retained for 7 years to comply with Malaysian tax and financial record-keeping obligations. (e) Server logs and security records — retained for up to 12 months. (f) Backup copies — purged within 90 days of deletion from live systems. Even after deletion requests or account closure, certain records may remain in legal hold files, fraud-prevention systems, or internal compliance records where legally required.

9. Your Rights and Choices

Under the PDPA and applicable law, you have the following rights: (a) Right of access — you may request a copy of the personal data we hold about you. (b) Right to correction — you may request correction of inaccurate or incomplete personal data. (c) Right to withdraw consent — you may withdraw consent for processing that is based on consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. (d) Right to restrict processing — you may request that we limit certain processing activities. (e) Right to data portability — you may request your data in a structured, machine-readable format (JSON) via the account data export feature in your dashboard settings. (f) Right to deletion — you may request account deletion via your dashboard settings. You may also update profile information, disconnect social accounts, and choose what profile information is published publicly where those controls are available. To exercise any of these rights, contact privacy@kolab.my or use the self-service tools in your account settings. We will respond to verified requests within 21 days. Some records cannot be deleted, restricted, or changed immediately and may be retained where legally required, technically necessary, needed for fraud prevention, or operationally necessary to investigate disputes, moderation actions, security incidents, or payment activity.

10. Security

KOLab applies reasonable technical and organizational measures to protect data, including access controls and service-level safeguards appropriate to the platform. However, no online service can guarantee absolute security, and users remain responsible for maintaining the security of their own account credentials and devices. Important: KOLab will never ask you for your password, social media credentials, payment card numbers, OTP codes, or any other sensitive authentication information through email, messages, phone calls, or any other channel. All authentication is handled exclusively through the official KOLab login page.

11. Data Breach Notification

In the event of a personal data breach that is likely to cause significant harm to affected individuals, KOLab will notify the relevant authorities and affected users without undue delay, and in any case within 72 hours of becoming aware of the breach where feasible. Notification will include the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach. If you believe your account has been compromised, contact security@kolab.my immediately.

12. International Processing

KOLab is operated from Malaysia. If you access KOLab from outside Malaysia, your information may be processed in Malaysia or in locations used by service providers supporting platform operations. Where personal data is transferred outside Malaysia, KOLab ensures that adequate safeguards are in place, including contractual obligations on service providers to protect your data to a standard consistent with the PDPA. By using the platform, you understand that your information may be transferred, stored, or processed across jurisdictions as needed for platform operations, security, and service delivery.

13. Children's Data

KOLab is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that personal data has been collected from a person under 18 without appropriate consent, we will take steps to delete that data promptly. If you believe a minor has provided us with personal data, please contact privacy@kolab.my.

14. Contact and Complaints

For privacy questions, account data requests, or concerns about how your information is handled on KOLab, contact privacy@kolab.my. We aim to respond to all inquiries within 21 days. If you are not satisfied with our response, you may lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia at www.pdp.gov.my. We may update this Privacy Policy from time to time, and the latest version will be reflected by the updated date shown on this page.