Legal

Privacy Policy

Last updated: 2026-05-15

Data we collect

•Account: email, name, hashed password (or OAuth provider identifier).

•Shop: TIN, BRN, MSIC code, address, contact details, LHDN client credentials (AES-GCM encrypted at rest).

•Invoices: full e-invoice data submitted to LHDN, including buyer TIN, IC (masked in logs), totals, items.

•Usage: session metadata, IP address, user agent (90-day retention).

How we use it

•Submit invoices to LHDN MyInvois on your behalf using your registered ERP credentials.

•Send transactional emails (verification, password reset, pace warnings, billing notifications).

•Show your usage analytics on the dashboard.

Data retention

Invoice data is retained for 7 years per Malaysian tax law. Logs and session metadata: 90 days. Cancelled subscriptions retain data until the account is deleted by the user.

Your rights (PDPA 2010)

Under the Personal Data Protection Act 2010 (PDPA 2010, Malaysia) you have the right to access, correct, and delete your personal data.

•Export: Download a copy of your data from Account Settings or email [email protected].

•Delete: Go to Account Settings and use the Delete Account option. Invoice records are retained for 7 years per Malaysian tax law; all other personal data is removed immediately.

•Correct: Update your name and contact details directly in Account Settings. For shop/TIN corrections, contact [email protected].

•For B2B data processor obligations, see our Data Processing Agreement.

Third parties

We share your data only with: LHDN MyInvois (for invoice submission), Resend (email delivery), Cloudflare R2 (PDF storage), and Vercel (hosting). No sharing for marketing.

Not affiliated

This service is not affiliated with or endorsed by LHDN. We are an independent tool to help you comply with their e-invoice mandate.