← Back to home

Privacy policy

Last updated: 26 May 2026

This policy explains how KiraLog handles personal data in line with the Personal Data Protection Act 2010 (PDPA) of Malaysia. KiraLog is operated by Coveron Services (SSM 202203316505, business registration CT0115683-K), a sole proprietorship at 142-21-02 Beacon, Jalan Sungai Pinang, 10150 Georgetown, Pulau Pinang, Malaysia. Coveron Services is the data user for the purposes of the PDPA. Questions can be directed to help@kiralog.com.

1. What we collect

  • Account data: name, email, phone, business name, SSM number, Telegram user ID.
  • Transaction data: payment slip screenshots, extracted amount/party/date/method/reference, captions you write, and the PDF documents we generate from them.
  • Operational logs: timestamps, IP addresses, and actor IDs for state-changing actions (the audit trail).

2. Where your data lives

Postgres and Redis run on a Malaysian VPS. PDF documents are stored on Cloudinary, CDN-fronted in the Asia-Pacific region. Daily backups are encrypted at rest. Multi-tenant isolation is enforced at the database layer via row-level security — your tenant's data is provably inaccessible to another tenant.

3. How we use it

We process your data solely to operate KiraLog: read your slips, generate your documents, populate your dashboard, send you transactional notifications, and bill you. We do not sell your data, and we do not share it with advertisers.

4. AI processing

Slip parsing uses Anthropic Claude Haiku 4.5 Vision via API. Each request is per-transaction and ephemeral on Anthropic's side under our enterprise terms. We do not train AI models on your content, and we do not allow any third-party AI provider to train on your content.

5. Subprocessors

  • Anthropic — Claude Haiku 4.5 Vision for slip parsing.
  • Cloudinary — PDF document storage and delivery (Asia-Pacific region).
  • Brevo — transactional email (OTP login, document delivery, billing notices).
  • Chip (chip-in.asia) — payment processing (FPX, DuitNow, card, TNG). Billplz is retained as a fallback solely so any in-flight bills issued before the gateway switch can still settle.
  • Telegram — bot delivery surface; messages traverse Telegram's infrastructure.

6. Encryption

Traffic to app.kiralog.com and the Telegram bots is TLS 1.3. Sensitive fields (e.g. IC numbers) are Fernet-encrypted at rest. Passwords, where used, are hashed with bcrypt; most accounts log in via phone or Telegram OTP and never set a password.

7. Retention

Active accounts keep all data for the life of the account. Closed accounts have their records archived for 7 years to meet LHDN tax record retention requirements, then permanently deleted. You can request earlier deletion of personally identifying information at any time, subject to those statutory requirements.

8. Your rights

  • Export. Full export of your data on demand — CSV, JSON, and JSONL of every Telegram exchange.
  • Correction. Edit any field via the bot or the dashboard.
  • Deletion. Close your account and request deletion of personally identifying information.
  • Access. See the full audit trail of state-changing actions on your tenant.

9. Contact

Privacy questions and data-subject requests (access, correction, withdrawal of consent, deletion): help@kiralog.com. You may also write to us at:

Coveron Services
142-21-02 Beacon, Jalan Sungai Pinang
10150 Georgetown, Pulau Pinang
Malaysia

See also: Terms of service · Refund policy · Service delivery policy · Contact.