K Kotally
Log in Get started

Privacy Policy

Last updated: June 2, 2026

1. Who we are

Kotally ("Kotally", "we", "us", "our") provides a credit-based membership ledger and automation layer that integrates with GoHighLevel and Stripe. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our service.

2. Information we collect

We collect the following categories of information:

  • Account information: When you sign up or are invited to a workspace, we collect your name, email address, and workspace name.
  • Billing information: Payment processing is handled by Stripe. We store your Stripe customer ID and subscription details, but we do not store full payment card numbers.
  • Integration data: When you connect your GoHighLevel account, we receive data via webhooks necessary to operate the Service, including appointment events, contact records, and membership status changes.
  • Usage data: We collect logs of API requests, feature usage, and error events to monitor and improve the Service.
  • Cookies and similar technologies: We use essential session cookies and CSRF tokens to operate the Service. We do not use third-party tracking cookies or advertising cookies.

3. How we use your information

We use the information we collect solely to:

  • Provide, maintain, and improve the Service;
  • Process subscriptions and billing;
  • Communicate with you about your account, including service updates, billing notices, and support responses;
  • Detect and prevent abuse, fraud, or unauthorized access;
  • Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for advertising or behavioral profiling.

4. Data sharing and disclosure

We may share your data with:

  • Service providers: Stripe (payment processing) and Neon (database hosting) who act as data processors under our instructions. Each provider is contractually bound to protect your data.
  • Legal requirements: If required by law, court order, or governmental regulation, we may disclose your data to the extent necessary to comply.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

5. Data retention

We retain your account and ledger data for as long as your account is active. Upon account cancellation, your data is retained for 90 days to allow for reinstatement or data export, after which it is permanently deleted unless we are required by law to retain it longer. You may request earlier deletion by contacting us.

6. Data security

We implement industry-standard security measures, including:

  • TLS 1.2+ encryption for all data in transit;
  • Encryption at rest for stored data;
  • PBKDF2-SHA256 password hashing;
  • Regular security updates and dependency audits.

No system is perfectly secure. If you suspect a security incident or unauthorized access, notify us immediately at [email protected].

7. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you;
  • Correction: Request that we correct inaccurate or incomplete data;
  • Deletion: Request deletion of your data, subject to legal retention requirements;
  • Portability: Request a machine-readable export of your data;
  • Objection: Object to our processing of your data in certain circumstances.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. International data transfers

Your data is stored on servers in Singapore (ap-southeast-1). If you are located outside Singapore, your data will be transferred to, stored, and processed in Singapore. By using the Service, you consent to this transfer.

9. Children's privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days in advance. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact

Questions or concerns about this Privacy Policy or our data practices? Contact us at [email protected].