kofinance.xyzReturn · Properly
Legal

Privacy Policy

What data kofinance.xyz processes, on what legal basis, and how the Singapore Personal Data Protection Act (PDPA), EU GDPR, CCPA/CPRA, and the IAB Europe TCF v2.3 apply.

Last updated:

1. Data controller

kofinance.xyz. Privacy correspondence: privacy@kofinance.xyz or via the contact page. Verifiable requests answered within 30 days.

2. What we collect

The ROI calculator processes no personal data on our servers. Investment values stay in your browser. Verifiable via DevTools → Network.

  • Server access logs (IP, user-agent, URL, timestamp, status). 30 days.
  • Aggregated analytics (page views, country, device class), opt-in.
  • Advertising cookies (Google AdSense / DoubleClick), opt-in.
  • Contact-form submissions retained for 12 months.

3. Legal bases

  • Singapore PDPA reasonable purpose (notification + consent obligations) for any data we collect.
  • Legitimate interest (Art. 6(1)(f) GDPR) for security logging.
  • Consent (Art. 6(1)(a) GDPR; PDPA Section 13) for analytics, advertising.

4. Cookies

Three categories detailed in the cookie policy: strictly necessary, analytics (opt-in), advertising (opt-in).

5. Google AdSense, DoubleClick and personalised advertising

With consent, Google may set and read __gads, __gpi, IDE, NID, DSID, and test_cookie; process IP, user-agent and approximate location; build interest-based advertising profiles; and share data with TCF v2.3 vendors you authorise. Google's processing: policies.google.com/privacy and policies.google.com/technologies/ads.

6. TCF v2.3 consent management

We use a TCF v2.3-compliant CMP. No non-essential cookie is set, and no third-party advertising script is loaded, until you grant or refuse consent on a per-purpose, per-vendor basis. Modify via the “Cookie preferences” footer link.

7. International transfers

Some third parties (notably Google) may transfer personal data outside Singapore. Such transfers rely on the EU–U.S. Data Privacy Framework, Standard Contractual Clauses, and the PDPA's transfer limitation obligation where applicable.

8. Your rights

Under the PDPA, GDPR, and CCPA/CPRA you may access, correct, request erasure, restrict processing, port your data, and withdraw consent. Lodge complaints with the Personal Data Protection Commission (PDPC, Singapore), the Information Commissioner (UK), or the California Privacy Protection Agency.

California residents may opt out of “sale”/“sharing.” We honour the GPC signal.

9. Children

The Service is not directed at children under 16.

10. Changes

Material changes are flagged on the home page; the “Last updated” date above always reflects the most recent revision.