Privacy Policy

1. Introduction

BasedInbox Sdn Bhd ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We comply with the Personal Data Protection Act 2010 (PDPA) of Malaysia and the Personal Data Protection Act 2012 (PDPA) of Singapore.

2. Information We Collect

2.1 Account Information

• Email address
• Name (if provided)
• Password (encrypted)
• Profile picture (if using OAuth)

2.2 Document Data

• Uploaded receipts, invoices, and bank statements
• Extracted transaction data (dates, amounts, merchants, categories)
• Document metadata (file type, upload date)

2.3 Usage Data

• Log data (IP address, browser type, access times)
• Device information (device type, operating system)
• Feature usage patterns (for service improvement)

2.4 Third-Party Integration Data

• OAuth tokens for connected services (Xero, QuickBooks)
• Synced accounting data (if you enable integrations)

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Process and extract data from your documents using AI
• Categorize and organize your transactions
• Generate reports and claims
• Sync data with connected accounting platforms
• Send service-related notifications
• Improve and optimize the Service
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Data Processing and AI

We use artificial intelligence services to extract data from your documents:

• Documents are processed using secure AI services (Reducto)
• Transaction categorization uses AI models (Groq/OpenAI)
• Your documents are not used to train AI models
• Processing occurs in secure, encrypted environments

5. Data Sharing and Disclosure

We may share your information with:

5.1 Service Providers

• Cloud hosting (Cloudflare, Neon Database)
• Document processing (Reducto)
• AI services (Groq, OpenAI)
• Email services (Resend)

5.2 Third-Party Integrations

If you connect accounting software, we share necessary data to enable the integration.

5.3 Legal Requirements

We may disclose information if required by law or to protect our rights and safety.

6. Data Storage and Security

• Data is stored on secure servers with encryption at rest
• Documents are stored in Cloudflare R2 with encryption
• All data transmission uses TLS encryption
• Access to data is strictly controlled and logged
• Regular security audits and updates are performed

7. Data Retention

• Active account data is retained while your account is active
• Deleted documents are permanently removed within 30 days
• Account data is deleted within 90 days of account closure
• Anonymized usage data may be retained for analytics
• Legal compliance data may be retained as required by law

8. Your Rights

You have the right to:

• Access - Request a copy of your personal data
• Correction - Request correction of inaccurate data
• Deletion - Request deletion of your data
• Portability - Export your data in a standard format
• Withdraw Consent - Withdraw consent for data processing
• Object - Object to certain types of processing

To exercise these rights, contact us at [email protected].

9. Cookies and Tracking

We use:

• Essential cookies - Required for authentication and security
• Preference cookies - To remember your settings (theme, etc.)

You can control cookies through your browser settings.

10. International Data Transfers

Your data may be processed in countries outside Malaysia and Singapore. We ensure appropriate safeguards are in place, including standard contractual clauses with our service providers.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.