Privacy Policy

Account information — your name, email address, and profile photo provided when you sign up (via Google or email/password).

Receipt images — photos or scanned images you upload via the camera scan feature, stored securely in our cloud infrastructure.

Email content — emails forwarded to your unique r3sit.ai inbound address. The raw email (including any PDF attachments) is stored securely for processing and audit trail.

Extracted receipt data — structured information our AI reads from your receipts: merchant name, date, line items, quantities, prices, and totals. Stored in our database.

Semantic embeddings — numerical vector representations of your receipt data, used to power natural language search.

Usage data — logs of actions taken within the app (e.g., pages visited, features used), used to improve the service. No third-party analytics scripts are loaded.

Receipt extraction — images and email content are processed by AI services running within our cloud infrastructure to extract structured receipt data. Your data is processed within our private cloud environment and is never shared with third parties.

Semantic search— extracted data is converted into embeddings to power natural language queries like “how much did I spend on groceries last month?”

AI chat — your receipt history is used as context for answering conversational queries about your spending.

Tax relief categorization (Phase 2) — extracted items will be matched against LHDN relief categories to help estimate claimable amounts. This is informational only — not professional tax advice.

Service communications — we may send transactional emails (e.g., receipt processed, account alerts). We do not send marketing emails without explicit opt-in.

All data is stored within Amazon Web Services (AWS) in the ap-southeast-1 (Singapore) region. Receipt images and raw emails are stored in cloud object storage. Structured data is stored in a managed relational database. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

Access to your data is restricted to you alone. We enforce row-level isolation in our database — no user can access another user's receipts.

Authentication is handled by a trusted third-party identity provider. We do not store passwords ourselves.

We use a small number of third-party services, each bound by their own data processing agreements:

• Auth0 — authentication and user management
• Amazon Web Services — cloud infrastructure, storage, and AI processing
• Stripe — payment processing for Pro subscriptions

We do not sell, rent, or share your personal data with any other third parties for marketing or advertising purposes.

Your receipt data is retained for as long as your account is active. You can delete individual receipts at any time from the dashboard.

When you delete your account, all personal data — including receipt images, extracted data, embeddings, and email content — is permanently deleted within 30 days.

Raw email files are retained for 90 days after processing and then automatically deleted, unless you request earlier removal.

Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request that inaccurate or incomplete data be corrected
• Withdraw consent — withdraw your consent to processing at any time (this may limit your ability to use the service)
• Erasure — request deletion of your personal data by deleting your account

To exercise these rights, contact us at support@r3sit.ai. We will respond within 14 days.

We use session cookies for authentication. We do not use tracking or advertising cookies. You can disable cookies in your browser, but this will prevent you from logging in.

r3sit.ai is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us immediately.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or an in-app notice at least 14 days before taking effect. The effective date at the top of this page reflects the most recent revision.

If you have any questions about this Privacy Policy or how we handle your data:

• Email: support@r3sit.ai
• Company: Jeveloper Tech (202403328793 / AS0488378-U)
• Address: 8, Lorong Pengkalan Machang 3, Taman Pengkalan Machang, Sungai Dua, 13800 Butterworth, Pulau Pinang, Malaysia