Privacy Policy

Last updated: April 23, 2026

This page describes how Kopi handles data from your Lark workspace. We try to be direct — if anything here is unclear, email hello@kopi.sg.

Who we are

Kopi is an AI approval copilot for Lark, built and operated by a small team based in Singapore. "Kopi", "we", "us" and "our" refer to the Kopi team. "You" refers to the tenant administrator or end user.

What data we collect

When you connect Kopi to your Lark workspace, we receive:

  • Lark credentials — App ID and App Secret you provide during onboarding (encrypted at rest).
  • Approval event metadata — Lark's webhook payload: approval code, instance code, submitter open_id, timestamps.
  • Form and attachment contents — the approval form fields and attached PDFs / images, fetched from Lark when processing an approval.
  • User account info — name, email, role for people who sign in to your Kopi tenant (admin and member accounts).

We do not collect: social-security numbers, credit card details, health records, or any data unrelated to your approval workflows.

How we use it

  • Running the service — parsing approvals, invoking Claude AI, sending cards back to approvers.
  • Pattern memory — storing vendor + amount patterns per-tenant so future similar approvals auto-pass.
  • Support and debugging — diagnosing issues you raise. We read data only when you give us permission for a specific issue.
  • Product improvement — aggregated usage stats (how many approvals, average latency) with no tenant-identifying content.

We do not sell your data. We do not use your approval contents to train external AI models.

Where your data lives

  • Primary database — Supabase, Singapore region (ap-southeast-1), PDPA-compliant.
  • Application hosting — Vercel, Singapore edge region preferred.
  • AI processing — Anthropic Claude API. Attachments are sent for parsing only, not retained by Anthropic beyond the request.
  • Email delivery — Resend (magic link authentication emails only).

Data retention

  • Approval events — kept for the life of your tenant so you have an audit trail.
  • Attachment contents — not persisted beyond the AI-processing window. Only the structured extraction (vendor, amount, etc.) is stored.
  • Pattern memory — kept per tenant until you delete it in the dashboard or cancel the service.
  • Deleted accounts — tenant data is removed within 30 days of deletion request.

Your rights (PDPA)

Under Singapore's Personal Data Protection Act, you can:

  • Request a copy of the personal data we hold about you.
  • Request corrections to inaccurate data.
  • Withdraw consent — we'll delete everything we're not legally required to retain.

Email hello@kopi.sg with "PDPA request" in the subject and we'll respond within 7 business days.

Tenant isolation

Every tenant's data lives in its own row set, accessed only with that tenant's authentication. Pattern memory is never shared or aggregated across tenants. What one customer's AI learns stays with that customer.

Changes to this policy

If we change this policy we'll update the "Last updated" date above and email existing tenants 14 days before the change takes effect.

Contact

Questions, concerns, or PDPA requests: hello@kopi.sg.