kiraClaim LogokiraClaim

Privacy Policy

Last Updated: 22 April 2026

1. Introduction

Welcome to kiraClaim ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our expense claims and overtime management platform.

This policy complies with Malaysia's Personal Data Protection Act 2010 (PDPA) and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Name, email address, phone number, password
  • Employment Information: Employee ID, department, base salary (for OT calculation purposes)
  • Claims Data: Expense amounts, categories, receipt images, dates, and descriptions
  • Overtime Records: OT hours, day types, calculated pay
  • Company Information: Company name and organisation details
  • Payment Information: Billing details processed securely through third-party payment processors

2.2 Automatically Collected Information

  • IP address and browser type
  • Device information and operating system
  • Pages visited and features used
  • Date and time of access
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your personal data for the following purposes:

  • Service Provision: To provide, operate, and maintain our claims and OT management services
  • Account Management: To create and manage your account, process payments, and handle subscriptions
  • Report Generation: To generate PDF reports of claims and overtime records
  • Communication: To send you service updates, technical notices, and support messages
  • Analytics: To analyse usage patterns and improve our services
  • Security: To detect, prevent, and address technical issues and fraudulent activity
  • Legal Compliance: To comply with legal obligations and protect our rights

4. Data Storage and Security

4.1 Data Storage

Your data is stored on secure servers powered by Supabase. Data is protected using Row Level Security (RLS) ensuring each user only accesses their own records.

4.2 Security Measures

We implement industry-standard security measures including:

  • Encryption of data in transit (SSL/TLS)
  • Secure authentication with JWT tokens
  • Row Level Security (RLS) on all database tables
  • Regular security audits and updates
  • Access controls and monitoring

4.3 Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. When you cancel your account, we will delete your personal data within 30 days, except where we are required to retain it by law.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service Providers: Third-party vendors who help us provide our services (e.g., payment processors, hosting providers, AI OCR services)
  • Legal Authorities: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

All third-party service providers are contractually obligated to maintain the confidentiality and security of your data.

6. Your Rights Under PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the right to:

  • Access: Request access to your personal data we hold
  • Correction: Request correction of inaccurate or incomplete data
  • Withdrawal: Withdraw consent for data processing (subject to legal obligations)
  • Limit Processing: Request limitation of how we process your data
  • Data Portability: Request a copy of your data in a structured format
  • Deletion: Request deletion of your personal data

To exercise these rights, please contact us via WhatsApp at +601-2626-6048.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience. Cookies help us:

  • Remember your login session
  • Understand how you use our service
  • Provide personalised features
  • Analyse site traffic and usage patterns

You can control cookies through your browser settings. Disabling cookies may limit functionality of our services.

8. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries other than Malaysia. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for significant changes)

Your continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

kiraClaim

WhatsApp Support: +601-2626-6048

For PDPA-related inquiries or to exercise your data protection rights, please clearly indicate "PDPA Request" in your message.