Last updated: 20 May 2026
This page describes the technical and organisational measures in place to protect your account and data in KiraKiraLah.
KiraKiraLah does not handle, process, or store payment card data. All payments are processed through Stripe (Malaysian users) or Polar(all other users) via their hosted, PCI-DSS compliant checkout pages. Card details are entered directly on the processor's page and never touch the application server.
If you discover a security vulnerability in KiraKiraLah, please report it responsibly by emailing [email protected] with a description of the issue and steps to reproduce it. Please do not publicly disclose the vulnerability until it has been assessed and addressed. I will acknowledge reports within 72 hours and aim to resolve confirmed vulnerabilities promptly.