Legal

Privacy Policy

Last updated: 2026-05-15

Data we collect

•Account: email, name, hashed password (or OAuth provider identifier).

•Shop: TIN, BRN, MSIC code, address, contact details, LHDN client credentials (AES-GCM encrypted at rest).

•Invoices: full e-invoice data submitted to LHDN, including buyer TIN, IC (masked in logs), totals, items.

•Usage: session metadata, IP address, user agent (90-day retention).

How we use it

•Submit invoices to LHDN MyInvois on your behalf using your registered ERP credentials.

•Send transactional emails (verification, password reset, pace warnings, billing notifications).

•Show your usage analytics on the dashboard.

Data retention

Invoice data is retained for 7 years per Malaysian tax law. Logs and session metadata: 90 days. Cancelled subscriptions retain data until the account is deleted by the user.

Your rights (PDPA)

Request access, correction, or deletion of your personal data by emailing [email protected].

Third parties

We share your data only with: LHDN MyInvois (for invoice submission), Resend (email delivery), Cloudflare R2 (PDF storage), and Vercel (hosting). No sharing for marketing.

Not affiliated

This service is not affiliated with or endorsed by LHDN. We are an independent tool to help you comply with their e-invoice mandate.