Privacy policy

Effective Date: 28 August 2025
Last Updated: 28 August 2025

Who we are

Who we are KRDS Software Development Private Limited (“KRDS”, “we”, “us”, “our”) 2nd Floor, G3 Buildings, Cross Street, off Lattice Bridge Road, A.I.B.E.A. Nagar, Bharathi Nagar, Thiruvanmiyur, Chennai, Tamil Nadu 600041, India We built Wand to make it easy to display social content safely and responsibly. This policy explains, in plain language, how we handle personal data when you use Wand.

1) What this policy covers?

This policy applies to the Wand social wall platform (“Wand” or the “Service”)—including our dashboard, private APIs, and the embeddable widget—used by customers around the world. Where local laws offer extra protections or rights, we work to honor them. Where we host data Our primary production systems are hosted in Singapore. From time to time, limited processing may happen in other regions by trusted service providers, solely to run and support Wand.

2) Our role with your data

• KRDS as a Controller – for things like account sign-up, authentication, billing, security logs, and service communications.
• KRDS as a Processor – for social content and related metadata you choose to aggregate and display, and for tokens/permissions you grant to connect third-party platforms. In that context, you act as the Controller and we follow your documented instructions. If you need a Data Processing Agreement, we’re happy to provide one.

3) The information we handle

We aim to collect only what we need to deliver and improve Wand.

Account & billing

Name, business details, email, country, time zone, role/permissions, billing contact, tax/VAT info, plan status. Card details (if used) are handled by our payment processor—KRDS does not store full card numbers.

Connections you set up

Access tokens, app IDs, page/profile/channel IDs, scopes you authorize, and the sources/filters you configure so Wand can fetch and display posts.

Service use & security

Device and browser info, IP address, timestamps, request/response logs, error logs, admin actions in the dashboard, and high-level API metrics. We use these to run the service reliably and keep it secure.

Support & communication

Emails, tickets, chat transcripts, feedback, and survey responses—so we can respond and improve.

Widget viewers

By default, the embedded Wand social wall does not set tracking cookies or collect personal data about viewers. Any analytics on your website remain under your control.

4) Where the data comes from?

• Directly from you (sign-up, dashboard, support)
• Automatically from your use of Wand (for reliability and security)
• From third-party platforms only after you have authorized a connection

5) Why we use it?

We use personal data to:

1. Provide the Service – account set-up, authentication, pulling and displaying content, moderation tools (contract; legitimate interests).
2. Keep things secure and running smoothly – fraud prevention, troubleshooting, performance, availability (legitimate interests; legal obligations where applicable).
3. Handle billing and administration – subscriptions, invoices, tax compliance (contract; legal obligations).
4. Stay in touch – service notices, product updates, and support. For marketing, we’ll ask for consent where it’s required
5. Improve Wand – de-identified or pseudonymized analytics to make features and reliability better over time.
6. Meet legal requirements – responding to lawful requests and enforcing our Terms.

We try to balance our needs with your privacy and will always choose the lightest-touch approach that still lets Wand work properly.

6) Sharing and service providers

We don’t sell personal data, and we don’t share it for cross-context behavioral advertising. We may work with carefully selected providers (for hosting, payments, customer support, email delivery, logging/monitoring). They act on our instructions under written data-processing terms. We may also share data with professional advisors (under confidentiality) or if required by law or to protect rights and safety. If KRDS goes through a reorganization or similar event, data may transfer to a successor under protections consistent with this policy. A current sub-processor list is available on request. We remain responsible for our providers’ performance.

7) International transfers

Your data may be processed in Singapore and, when needed, other countries where we or our providers operate. We use appropriate safeguards recognized by privacy laws (for example, standard contractual protections) to support these transfers. If you’d like more detail, just ask.

8) How long we keep data

We keep data only as long as it’s useful for the purposes described here or as needed for legal, tax, or accounting reasons—then we delete it or anonymize it.

Typical examples:

• Account & billing records – life of the account, plus a reasonable period (often a few years, depending on local law).
• Access tokens – active while connected; removed shortly after disconnection or account closure.
• Operational logs – commonly up to 12 months (longer only where necessary for security or compliance).
• Backups – held securely for limited cycles, then overwritten.
• Support records – as long as needed to manage your request and comply with obligations.

9) Security in practice

We apply safeguards that are sensible for a cloud service: encryption in transit (and at rest where appropriate), role-based access, least-privilege permissions, MFA for staff where appropriate, network segmentation, vulnerability management, logging, monitoring, and tested backups. No system can promise perfect security, but we work continually to strengthen our controls.

10) Your choices and rights

Depending on where you live, you may have rights to: Access your personal data and get a copy

• Correct inaccurate or incomplete data
• Delete data in certain circumstances
• Restrict or object to certain processing
• Port data you provided, where feasible
• Withdraw consent where processing relies on consent
• Complain to your local authority
• We’ll respond within timelines set by law and will do our best to make the process easy.

11) Children’s data

Wand isn’t intended for children under 13 (or a higher local age where required). We don’t knowingly collect children’s data. If you believe a child has provided data, please contact us and we’ll take care of it.

12) Cookies and similar tech

• Widget: By default, the embedded Wand wall does not set tracking cookies and doesn’t collect viewer personal data.
• Dashboard/website: We may use strictly necessary cookies for things like login sessions, and—where permitted—optional functional or light analytics cookies to improve the experience. Any analytics on your website remain your responsibility.

13) Social platform connections

When you connect a social platform, you let Wand use access tokens to read the content you’ve authorized so we can fetch and display it. We don’t post on your behalf unless a specific feature requires it and you’ve enabled it. You can revoke access in the platform at any time (and within Wand); related features will then pause.

14) Automated decisions

Wand doesn’t make automated decisions about you that have legal or similarly significant effects. Optional filters (like profanity filters) are configurable and can be adjusted to your preferences.

15) If something goes wrong

We maintain an incident response process. If a personal-data breach occurs, we’ll investigate, reduce risk, and notify affected customers and regulators where the law requires—promptly and transparently.

16) Regional notes (short version)

We aim to meet the spirit and requirements of major privacy frameworks worldwide:

• EEA/UK (GDPR/UK GDPR): We rely on contract, legitimate interests, consent, and legal obligation, use recognized transfer safeguards, and support rights such as access, correction, deletion, restriction, objection, and portability.
• United States (including California): We don’t sell personal information or share it for cross-context behavioral advertising. California residents may have rights to know, access, correct, delete, portability, and non-discrimination.
• Brazil (LGPD), Canada (PIPEDA), Singapore (PDPA), Australia (APPs), South Africa (POPIA): We follow principles similar to those above—fair and reasonable processing, purpose limitation, transparency, security safeguards, and accessible rights. If you need region-specific details or wording, we can provide it.

17) Talk to us (and exercising your rights)

If you have a question, want to exercise a right, request a DPA or sub-processor details, or raise a concern, just reach out:

Privacy Officer — KRDS Software Development Private Limited
2nd Floor, G3 Buildings,
Cross Street, off Lattice Bridge Road,
A.I.B.E.A. Nagar, Bharathi Nagar,
Thiruvanmiyur,
Chennai,
Tamil Nadu 600041, India
Email: contactchennai@krds.com

We’ll do our best to help quickly and thoughtfully.

18) Updates to this policy

If we make changes, we’ll update the date at the top and, where appropriate, let you know through reasonable channels. If any update materially impacts how we use your data, we’ll give you clear notice so you can make an informed choice.