Privacy Policy

Last updated:

⚠️ EDIT BEFORE PUBLIC LAUNCH: Replace the bracketed placeholders [LEGAL ENTITY NAME], [SSM NO.], [ADDRESS] with your registered business details, and have this reviewed by a legal professional. This is a starting template, not legal advice.

This Privacy Policy explains how [LEGAL ENTITY NAME] ([SSM NO.]) ("KeepBil", "we", "us") collects, uses, and protects personal data when you use the KeepBil invoice and expense tracking service ("the Service"). We are committed to handling your data in accordance with the Malaysian Personal Data Protection Act 2010 ("PDPA").

1. Information we collect

Account & business information: business name, registration number, tax identifiers (TIN/SST), address, contact details, and the name/email of the person managing the account.
Transaction data you enter or upload: invoices, receipts, supplier and customer records, amounts, and receipt images you submit (including via the AI scanning feature).
Usage data: login times, feature usage, and technical logs needed to operate and secure the Service.

2. How we use your data

To provide the Service — storing, organising, and displaying your records, generating invoices, reports, and exports.
To process receipt images through automated AI extraction so that transaction details can be captured.
To communicate with you about your account, support requests, and service changes.
To maintain backups, security, and the integrity of your data.

3. AI processing of receipts

When you use the AI receipt-scanning feature, receipt images are sent to a third-party AI provider (Google's Gemini API) solely to extract text and transaction details. We use paid/commercial API tiers where reasonably possible so that your content is not used to train third-party models. We do not control that provider's infrastructure and recommend you avoid submitting images containing data you do not wish to process.

4. Data sharing

We do not sell your personal data. We share data only with: (a) infrastructure providers used to run the Service (e.g. Google Apps Script/Drive for storage, Cloudflare for delivery, the AI provider above); and (b) where required by law. Each client's data is kept in a separate workspace and is not shared with other clients.

5. Data storage & retention

Your data is stored within Google's infrastructure associated with your workspace, with rolling backups retained for operational recovery. We retain your data for as long as your account is active and for a reasonable period afterwards to meet legal and accounting obligations, after which it may be deleted on request.

6. Your rights under the PDPA

You have the right to access, correct, and request deletion of your personal data, and to withdraw consent or limit processing, subject to legal and contractual limits. To exercise these rights, contact us at support@keep-bil.com.

7. Security

We use access controls, password protection, optional two-factor login, and reputable infrastructure providers to protect your data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the Service or by email where appropriate.

9. Contact

Questions about this policy or your data: support@keep-bil.com.