Privacy Policy — Akaun.Ai

This Privacy Policy describes how Akaun.Ai ("we," "us," "our") collects, uses, stores, and protects information when you use our cloud-based accounting platform (the "Service"). We comply with the Personal Data Protection Act 2010 of Malaysia ("PDPA") and applicable Google API user-data policies.

1. Information We Collect

1.1 Account information

When you register, we collect your name, email address, company name, business registration number, phone number, and authentication credentials.

1.2 Business and accounting data

The Service stores accounting records you create or upload, including invoices, receipts, expenses, bank statements, customer/vendor details, and supporting documents.

1.3 Google account data (Gmail integration)

If you choose to connect a Google account, we request access to your Gmail with the following scopes:

gmail.readonly — to scan your inbox for accounting-related emails and download attachments such as invoices, receipts, and bank statements.
userinfo.email, userinfo.profile, openid — to identify the connected Google account.

Google API Services User Data Policy. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

1.4 Usage data

We log IP addresses, browser type, device information, pages accessed, and timestamps for security, debugging, and product improvement.

2. How We Use Your Information

To provide and operate the Service — extract transactions from documents, run bookkeeping workflows, prepare reports.
To authenticate you and secure your account.
To process payments and subscription billing.
To respond to support requests.
To detect, prevent, and respond to fraud or abuse.
To comply with legal obligations under Malaysian law.

3. Use of Google User Data (Limited Use)

Data obtained through Google APIs (including Gmail content and attachments) is used only to provide the user-facing features of the Service. Specifically:

We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
We do not use Google user data for serving advertisements.
We do not allow humans to read Google user data unless we have your affirmative agreement for specific messages, it is necessary for security purposes (e.g., investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations in accordance with applicable privacy laws.
We do not use Google user data to develop, improve, or train generalized AI/ML models.

4. Data Sharing

We do not sell your personal data. We share data only with:

Service providers who process data on our behalf (hosting, payment processing, OCR/AI inference) under contractual obligations of confidentiality and security.
Government authorities when required by Malaysian law (e.g., LHDN compliance, court orders).
Within your organization — accounting firm staff may access their assigned client data per role-based permissions configured by the account owner.

5. Data Security

Data in transit is encrypted with TLS.
Sensitive credentials (OAuth refresh tokens, stored passwords) are encrypted at rest.
Access is governed by role-based permissions and audit-logged.
We perform regular backups and apply security patches promptly.

6. Data Retention

We retain account and business data for the duration of your subscription and for up to 7 years thereafter to comply with Malaysian statutory record-keeping requirements. You may request earlier deletion subject to legal hold obligations.

7. Your Rights

Under the PDPA you have the right to:

Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Withdraw consent for processing (which may affect your ability to use the Service).
Disconnect Google account integration at any time from your account settings.
Request export or deletion of your data.

To exercise these rights, email us at the address in Section 11.

8. Revoking Google Access

You may revoke our access to your Google account at any time:

From within the Service: Settings → Email Extract → Disconnect.
From Google: https://myaccount.google.com/permissions.

9. Children's Privacy

The Service is intended for business use and is not directed at individuals under 18. We do not knowingly collect personal data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app notice at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

11. Contact

For privacy questions, data requests, or to report a concern:

Email: privacy@akaun-ai.com
Or via our contact form.

By using Akaun.Ai, you acknowledge that you have read and understood this Privacy Policy.