Kastling
Privacy Policy
Effective date: January 6, 2026 Last updated: January 6, 2026
1. Introduction
Kastling is a sole proprietorship based in Karachi, Pakistan ("Kastling," "we," "us," "our"). This Privacy Policy explains how we collect, use, store, and protect personal data when you:
- visit or use apps.kastling.co;
- join a waitlist for a Kastling application; or
- purchase, download, or use any Kastling software application ("Apps").
For App purchases, our authorized payment processor acts as an independent data controller for payment and billing data collected during the transaction. Kastling is the data controller for App usage data and waitlist signups.
If you are a resident of the European Economic Area ("EEA") or the United Kingdom, additional rights described in Section 11 apply to you.
This Privacy Policy is a disclosure of our data practices, not a contract. Your use of apps.kastling.co and our Apps is governed by our Terms of Service. By using apps.kastling.co, joining a waitlist, or purchasing one of our Apps, you confirm you have read and understood this Policy.
A separate Privacy Policy applies to Kastling's Services (custom sprint engagements for founders), published at kastling.co/privacy.
2. Who this Policy covers
This Policy distinguishes between two categories of individuals:
- Website visitors: Anyone who visits apps.kastling.co.
- App users: Individuals who purchase, download, or use a Kastling application, or who join a waitlist for one.
Some individuals fall into both categories. Where that is the case, the relevant sections of this Policy apply simultaneously.
3. Data we collect
3.1 Website visitors
When you visit apps.kastling.co, we may collect:
- Server log data: Our hosting infrastructure automatically records standard server-log information, IP address, request timestamp, page or resource requested, referring URL, browser user-agent, and approximate geographic location derived from IP address, used to operate the site, prevent abuse, and diagnose technical issues.
- Usage and analytics data: If, in the future, we enable a website analytics tool, we may collect aggregated or pseudonymized usage data such as pages visited, time on page, and session duration. We will update this Policy before doing so and obtain consent where required by law.
- Waitlist submissions: If you join a waitlist for one of our Apps, we collect your email address and the App you signed up for.
- Cookie data: As described in Section 8.
3.2 App users
When you purchase, download, or use a Kastling App, we may collect:
- Account data: Name, email address, and account preferences provided at registration.
- Payment and billing data: Collected by our authorized payment processor acting as merchant of record. Kastling does not receive or store full payment card details. Please refer to your payment processor's privacy policy for details on how payment data is handled.
- App usage data: Features used, session frequency and duration, in-app interactions, and error or crash logs, collected on-device or through analytics integrations where applicable.
- Device and technical data: Operating system, app version, device type, and device identifiers necessary for App operation.
- Support communications: Emails or messages you send to hello@kastling.co in connection with App support.
4. How we use your data
| Purpose | Legal basis | Applies to |
|---|---|---|
| Operating apps.kastling.co | Legitimate interest | Website visitors |
| Notifying you when an App you waitlisted is available | Consent | Waitlist subscribers |
| Delivering, operating, and improving Apps | Performance of contract | App users |
| Processing App transactions via our payment processor | Performance of contract | App users |
| Communicating about your account or order | Performance of contract | App users |
| Sending product updates (where consented) | Consent | App users |
| Fraud prevention and security | Legitimate interest / legal obligation | All |
| Compliance with applicable laws | Legal obligation | All |
We do not use personal data for automated decision-making that produces legal or similarly significant effects on individuals.
5. Data sharing
Kastling does not sell personal data. We do not share personal data with third parties for their own marketing purposes. We share data only as follows:
Payment processor. App purchases and subscriptions are processed by our authorized payment processor acting as merchant of record. Kastling shares order information with the payment processor as necessary to process transactions, issue receipts, and handle tax compliance. The payment processor operates under its own privacy policy, which will be accessible to you at checkout.
Analytics providers (if and when enabled). Kastling does not currently share data with third-party website analytics providers. If we adopt such a tool in the future, data shared will be aggregated or pseudonymized where possible, and we will update this Policy and obtain consent where required by law.
Infrastructure and hosting providers. Kastling uses third-party services for website hosting, email, and operational infrastructure. These providers act as data processors under appropriate agreements.
Legal compliance. Kastling may disclose personal data where required by applicable law, regulation, court order, or lawful authority request.
Business transfer. In the event of a sale, acquisition, merger, or transfer of Kastling's business or assets, personal data may be transferred to a successor. We will notify affected individuals as required by law.
6. International data transfers
Kastling is based in Pakistan. Personal data you provide may be transferred to, stored in, and processed in Pakistan and in other countries where Kastling's infrastructure providers operate, including countries that may have different data protection standards to your home jurisdiction.
Where we transfer personal data from the EEA, UK, or Switzerland to third countries (including Pakistan) that have not been recognized as providing an adequate level of data protection, we rely on appropriate safeguards under Articles 46–49 of the GDPR, typically the European Commission's Standard Contractual Clauses (SCCs), the UK Addendum where applicable, and supplementary technical and organizational measures where required. Copies of the safeguards in place can be requested by emailing hello@kastling.co.
7. Data retention
We retain personal data for as long as necessary to fulfill the purposes described in this Policy and to meet our legal and contractual obligations. Typical retention periods:
| Category | Retention period |
|---|---|
| Waitlist submissions | Until the App you signed up for is generally available, plus 12 months; or until you unsubscribe |
| App account data | For the duration of the account plus 12 months after account closure |
| App transaction records | Up to 7 years (for legal and accounting purposes) |
| Analytics and usage data | Up to 26 months |
| Support correspondence | Up to 3 years from resolution |
Where retention is required by law, we retain data for the legally mandated period regardless of the above.
8. Security
Kastling implements reasonable technical and organizational measures to protect personal data against unauthorized access, disclosure, loss, or misuse. These measures include encrypted transmission (HTTPS), access controls, and limited data sharing on a need-to-know basis.
No internet-based system is entirely secure. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and, where required, the relevant supervisory authority, in accordance with applicable law.
9. Cookies and tracking
apps.kastling.co currently uses only strictly necessary cookies and similar storage to operate the site. We also store a small theme preference (light or dark mode) in your browser's local storage, this stays on your device and is not transmitted to us.
We do not currently set analytics, advertising, or third-party tracking cookies on apps.kastling.co. If we introduce any non-essential cookies or similar tracking technologies in the future, we will update this Policy and, where required by applicable law, including EU and UK ePrivacy rules, request your consent through a cookie banner before they are set.
You can control or clear cookies and site storage at any time through your browser settings. Disabling strictly necessary cookies may affect website functionality.
10. Children
Kastling's website and Apps are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, contact us at hello@kastling.co and we will delete it promptly.
11. Your rights
Depending on your location, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Correction | Request that we correct inaccurate or incomplete data |
| Erasure | Request that we delete your personal data, subject to legal retention requirements |
| Restriction | Request that we restrict certain processing of your data |
| Objection | Object to processing based on legitimate interest |
| Portability | Receive your data in a structured, machine-readable format |
| Withdraw consent | Withdraw consent at any time where processing is consent-based |
EEA residents have these rights under the General Data Protection Regulation (GDPR).
UK residents have these rights under the UK GDPR.
No automated decision-making. Kastling does not subject you to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. If this changes in the future, we will update this Policy and obtain consent where required by law.
To exercise any right, contact us at hello@kastling.co. We will respond within 30 days (extendable by a further two months for complex requests, as permitted under the GDPR, with notice). We may need to verify your identity before processing your request. Exercising your rights is free of charge unless a request is manifestly unfounded or excessive. EEA residents may also lodge a complaint with the supervisory authority in their EU member state. UK residents may lodge a complaint with the Information Commissioner's Office (ICO).
12. Third-party links
Kastling Apps may integrate with or link to third-party services, tools, or platforms. Kastling is not responsible for the privacy practices, content, or terms of any third-party service. We encourage you to review the privacy policies of any third-party services you use.
13. Governing law
This Privacy Policy is governed by and construed in accordance with the laws of the Islamic Republic of Pakistan. Where mandatory local data protection laws in your jurisdiction apply, including the GDPR or UK GDPR, those laws supplement this Policy and are not displaced by it.
14. Changes to this Policy
Kastling may update this Privacy Policy from time to time. When material changes are made, we will update the effective date at the top of this page and, where appropriate, provide direct notice to registered App users and waitlist subscribers. Continued use of apps.kastling.co or our Apps following notice of changes constitutes acceptance of the updated Policy.
15. Contact
For privacy-related questions, data requests, or to exercise your rights:
Email: hello@kastling.co Website: apps.kastling.co
Kastling is based in Karachi, Pakistan.