kKiraFind my card

Effective date: 26 May 2026

Privacy Policy

Here's what Kira does with your data, in one minute

Kira is a tool that helps you find credit cards that match how you actually spend. Here's the short version of how your data flows:

  • If you use the manual input flow, we receive 8 numbers (your monthly spend across 8 categories) and — if you want the full list of recommendations — your email address. That's it.
  • If you use the LLM-assisted flow, your bank statements are analysed by your own AI tool (ChatGPT, Claude, etc.) on your own device. Kira never receives your bank statements. We only get the summary numbers your AI sends back, which you paste into our site.
  • We use basic visitor analytics provided by our hosting platform to understand how people use the site.

When you click "Apply" on a recommended card, we pass that click through Involve Asia (an affiliate network), which sends you to the bank's own application page. The bank — not us — collects whatever you type into their application form.

We don't sell your data. We don't share your spending with banks. We keep what we hold for as short as we reasonably need to.

If you want any of your data deleted, email us at hello.kiramy@gmail.com and we'll handle it within 21 days.

Who runs Kira

Kira is operated personally by an individual based in Malaysia (the "site operator", "we", "us"). For data protection purposes under the Personal Data Protection Act 2010 (PDPA) as amended in 2024, the site operator is the data controller for personal data processed through this site.

If you need to reach the site operator about anything in this policy, email hello.kiramy@gmail.com.

What data we collect

When you use the matching tool (either flow):

  • Your spending totals across 8 categories — these are numbers only, no transaction-level data, no merchant names.
  • Your email address — only if you choose to unlock the full recommendation list.
  • Optional filter inputs you provide (e.g. annual income range, card preferences).

When you browse the site:

  • Basic visitor information collected by our hosting platform (Lovable): page views, the pages you visit, your device type, your approximate location (country/city level), your browser, and how you arrived at the site.
  • A cookie set by Involve Asia for affiliate tracking when you click an "Apply" button (more on this below).

When you click an "Apply" button:

  • A click event is logged by Involve Asia so they can attribute commission. You are then redirected to the bank's own application page. Anything you enter on that page is collected by the bank, not by us.

What we never collect:

  • Bank statements. We have no upload form for them and no server-side processing that touches them. In the LLM-assisted flow, your statements stay between you and your chosen AI tool.
  • Transaction-level data, account numbers, card numbers, or any banking credentials.
  • Identity documents.

Why we collect it

  • Spending category totals: so the matching engine can recommend cards.
  • Email address: so we can show you the unlocked recommendation list and — if you opt in — send occasional updates when a notably better card becomes available for your spending profile.
  • Visitor analytics: so we can see which pages are useful, fix broken parts of the site, and understand where visitors come from.
  • Affiliate click tracking: so partner banks pay us a commission when our recommendations lead to an application. This is how the site is funded.

Who we share data with

We share specific, limited data with the following parties:

  • Lovable — our hosting and site infrastructure provider. They process the data needed to run the site (page requests, basic visitor analytics, etc.). They may store data on servers outside Malaysia.
  • Involve Asia — the affiliate network that handles outbound click tracking when you click "Apply". They receive the click event and set a 30-day attribution cookie. They may store data outside Malaysia.
  • Banks (Alliance Bank, UOB, RHB, HSBC and any future card-issuer partners) — banks only receive your data when you yourself fill out an application on the bank's own website after clicking through. We do not pass your spending data or email to banks.

We do not sell personal data to anyone. We do not share your spending information with banks for credit assessment.

Cross-border data transfer

Some of the providers above (Lovable, Involve Asia, the email service) may store or process data on servers outside Malaysia. By using Kira, you consent to this transfer. We only work with providers that maintain a reasonable standard of data protection.

How we keep your data safe

  • The site runs over HTTPS — your connection is encrypted.
  • Access to your email address and spending totals is limited to the site operator and the specific service providers listed above.
  • We don't keep what we don't need. Spending totals are not stored beyond your session unless you provide an email — and even then, they're tied to your email only so we can send you the report.

How long we keep your data

  • Email addresses and the linked spending summary: kept for as long as your subscription is active. If you ask us to delete it, or if you've been inactive for 24 months, we'll delete it.
  • Visitor analytics: kept by Lovable per their standard retention policy.
  • Affiliate click data: kept by Involve Asia per their retention policy.

Your rights under PDPA

Under Malaysian PDPA, you have the right to:

  • Access the personal data we hold about you.
  • Correct any data that is inaccurate or out of date.
  • Withdraw consent for us to keep processing your data — including unsubscribing from any emails.
  • Request data portability — ask us to provide your data in a structured, machine-readable format (added by the 2024 amendments).
  • Request deletion of your personal data.

To exercise any of these rights, email hello.kiramy@gmail.com with the subject line "Data request". We'll respond within 21 days.

Data breach notification

If a data breach occurs that is likely to cause significant harm to you, we will notify you and the Personal Data Protection Commissioner without undue delay, as required by the 2024 PDPA amendments.

Cookies

Kira uses cookies for two purposes:

  • Hosting and basic analytics cookies — set by Lovable to keep the site running and to measure visits.
  • Affiliate cookies — set by Involve Asia (30 days) to attribute commission when you click "Apply" and later complete a card application.

You can disable cookies in your browser settings. The site will still work, but our analytics will not record your visit and we won't earn commission on any applications you make.

Children

Kira is intended for adults aged 18 and over (the minimum age to apply for a credit card in Malaysia). We do not knowingly collect data from anyone under 18.

Changes to this policy

We may update this policy as the site evolves. The "effective date" at the top will always reflect the most recent version. Material changes will be highlighted on the site for at least 30 days.

Language

This policy is published in English. A Bahasa Malaysia translation will be made available. Where there is any inconsistency between language versions, the English version governs until the Malay version is published.

Contact

For any privacy questions or data requests: hello.kiramy@gmail.com.