Skip to content
LeadWallet
LeadWallet Legal

Privacy Notice

How LeadWallet collects, uses, and protects your data and the buyer details advisors enter β€” written to be clear about who is responsible for what.

Draft last updated 13 June 2026

Draft β€” pending legal review. This page is a faithful working draft of LeadWallet's legal copy. It has not yet been reviewed or approved by counsel and may change before public release.

Who we are

LeadWallet is a personal follow-up app for independent car sales advisors, operated by Karseekr Sdn Bhd ("Karseekr", "we", "us"). This Privacy Notice explains what personal data LeadWallet collects, how we use it, who processes it, and the choices and rights available to you.

We handle personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA) and its later amendments. If anything here conflicts with applicable law, the law prevails.

The two kinds of people in LeadWallet

LeadWallet involves two distinct groups, and we treat their data differently:

  • Advisors β€” the people who create a LeadWallet account and use the app. You are our user, and you provide your account details directly.
  • Advisor Customers β€” the buyers an advisor records to follow up with. These people do not have a LeadWallet account; their details are entered by the advisor. For this data, the advisor is responsible for the relationship and Karseekr processes it on the platform's behalf.

Advisor account data we collect

When you create and use a LeadWallet account, we collect:

  • Your name and the mobile phone number you verify during sign-up.
  • A one-time passcode (OTP) sent by SMS to verify that phone number (the "Verified Advisor Phone").
  • Authentication and device data needed to keep your account secure and your sessions working, including a device push token if you enable notifications.
  • Your in-app activity: opportunities you capture, follow-up outcomes you record, templates you use, and settings such as quiet hours.

Advisor-entered customer data

To help you follow up, LeadWallet stores the buyer details you choose to enter. This typically includes a customer name and contact number, the vehicle they are interested in, buying timeline, budget range, and notes or outcomes you add yourself.

You decide what to enter. We ask that you record only what you genuinely need for follow-up, and that you keep notes professional and relevant.

Advisor Consent Attestation

LeadWallet does not send a confirmation link to each buyer before you can save them. Instead, when you capture a customer, you attest that you have the appropriate basis to record and contact that person for follow-up. This keeps capture fast while making your responsibility explicit.

Because the advisor is the point of contact with the buyer, you are responsible for being truthful in this attestation and for honouring any request a customer makes to stop contact or to have their details removed.

Advisor Consent Attestation (draft wording β€” pending counsel review): "I confirm I have a legitimate relationship with this customer and an appropriate basis to record their details and follow up with them. I will respect any request they make to stop contact or to have their information corrected or deleted."

SMS one-time passcodes

We use SMS one-time passcodes to verify your phone number at sign-up and to protect your account. To deliver these messages we use a third-party SMS provider, which processes your phone number solely to send the code. We do not use your phone number for marketing.

Push notifications

If you allow notifications, LeadWallet sends follow-up reminders and account messages to your device through the Apple and Google push notification services. You can turn notifications off at any time in your device settings, and LeadWallet respects the quiet hours you set so reminders are not sent overnight.

AI-assisted Message Suggestions

LeadWallet can suggest a draft follow-up message for you to review. These suggestions are generated by our backend using OpenAI as a processor. The mobile app never calls OpenAI directly, and we never expose AI provider keys to the app.

We send only minimal, structured context to generate a suggestion β€” such as the language, the opportunity stage, the follow-up outcome, the vehicle of interest, buying timeline, budget range when present, your last action, and the template intent. We do not send customer phone numbers, customer email addresses, raw free-form notes, full activity history, or unnecessary personal data.

Suggestions are exactly that: suggestions. You always review a draft and send it yourself. LeadWallet never automatically messages a buyer on your behalf. We keep usage records to measure quality, manage cost, and support you, but we do not store raw prompts or raw AI responses by default.

AI disclosure: LeadWallet uses AI only to draft message suggestions you review before sending. It does not auto-send messages and is not a substitute for your own judgement.

Product analytics

We collect first-party product analytics to understand how LeadWallet is used and to improve it β€” for example, activation, onboarding completion, follow-up completion rates, notification effectiveness, offline behaviour, assisted-WhatsApp usage, and how useful message suggestions are.

Analytics events are sent only to Karseekr-owned infrastructure. The backend validates event names and shapes, rate-limits ingestion, and strips or rejects personally identifiable information. We do not sell your data or share it with third-party advertising networks. Crash and error reporting is handled separately by our error-monitoring tools.

How we use this data

We use the data above to: provide and secure your account; build your Today List and send follow-up reminders; generate message suggestions you choose to use; respond to support requests and rights requests; and operate, debug, and improve LeadWallet.

Who processes your data

We share data only with service providers who help us run LeadWallet, under appropriate safeguards. These currently include:

  • An SMS provider, to deliver one-time passcodes.
  • Apple and Google push notification services, to deliver reminders.
  • OpenAI, as a processor for AI message suggestions, receiving only the minimal context described above.
  • Cloud hosting and storage operated for Karseekr.

Retention

We keep advisor account data and advisor-entered customer data for as long as your account is active and as needed to provide the service. When data is no longer required β€” for example after an account deletion request is fulfilled β€” we delete or anonymise it, except where we must retain certain records to meet legal, audit, billing, or fraud-prevention obligations.

Customer rights and No-Contact requests

A buyer recorded in LeadWallet can ask to access, correct, or delete their details, to withdraw consent, or to not be contacted. In the MVP, advisors record these requests and No-Contact Flags inside the app, and Karseekr support fulfils access, correction, deletion, and withdrawal through admin operations.

If you are a customer and want to make a request directly, contact us at support@karseekr.com and we will action it. If you are an advisor, record the request in LeadWallet and stop contacting that customer where asked.

Account deletion

Advisors can request deletion of their LeadWallet account from inside the app. Karseekr support fulfils the request so deletion can respect audit, retention, billing, and fraud obligations. The request remains visible to you, and we confirm when it is complete.

Security

We protect personal data with technical and organisational measures appropriate to its sensitivity, including encrypted transport, access controls, and OTP-based account protection. No system is perfectly secure, but we work to keep your follow-up book and your customers' details safe.

Contact us

If you have questions about this notice, want to exercise a right, or need to report a concern, email us at support@karseekr.com. We answer every advisor and every rights request.