Privacy Policy

1. Information We Collect

1.1 Account Information

• Email address — required for registration and authentication
• Full name — display name within the app
• Password — stored as a secure cryptographic hash; never in plaintext
• Avatar image (optional) — uploaded by the user

1.2 Workspace & Business Data

• Workspace name and settings
• Workspace logos, Excel export templates, and workspace configuration
• AI/OCR settings such as default OCR language, Gemini model, and Gemini API key if configured by a workspace admin
• Member roles within each workspace (owner, admin, manager, accountant, member)
• Invitation details — email addresses used to invite team members

1.3 Expense & Financial Data

• Receipt images captured via camera or uploaded from device
• Receipt thumbnails generated for faster previews
• OCR-extracted receipt data — merchant name, date, amount, currency, line items
• Expense records — amount, currency, category, status, notes
• Expense reports — grouped submissions for approval workflows
• Report comments, approval history, notifications, and exported files
• Exchange rate data — currency conversion reference rates

1.4 Device Permissions

• Camera — to capture receipt photos
• Photo Library / Gallery — to upload existing receipt images
• Secure Storage — to store authentication tokens securely on-device

1.5 Usage & Audit Data

• Audit logs — activity records within your workspace (who performed what action, when)
• Security logs — IP address and request metadata used for fraud prevention and incident investigation
• Session data — JWT access tokens and refresh-token records used for authenticated access
• Browser storage data — refresh tokens and active workspace identifiers stored in localStorage or sessionStorage in the web app
• Transactional email data — invitation and password reset emails, delivery metadata, and related tokens

2. How We Use Your Information

We do not use your data for advertising, profiling, or sale to third parties.

3. Data Storage & Security

• All data is stored on secure servers with PostgreSQL as the primary database.
• Receipt images are stored in S3-compatible object storage.
• Row-Level Security (RLS) enforces strict multi-tenant isolation — you can only access data within your own workspace.
• Passwords are never stored in plaintext — only cryptographic hashes.
• Authentication uses JWT tokens with expiry enforcement.
• In the web app, refresh tokens and the active workspace identifier may be stored in browser localStorage or sessionStorage to keep users signed in and restore the selected workspace.
• On-device credentials are stored using platform secure storage (iOS Keychain / Android Keystore).
• Receipt images are processed by our OCR service. When AI-assisted structured extraction is enabled for a workspace, OCR text and related extracted fields may be sent to Google Gemini or another configured AI provider for structured extraction; receipt image files are not sent to Gemini in the current pipeline.

4. Data Sharing

We do not sell, rent, or share your personal data with third parties except:

• Infrastructure providers — cloud hosting and storage providers that operate our servers; they process data solely on our instructions.
• Legal obligations — if required by law or valid legal process.
• AI/OCR providers — when AI-assisted structured extraction is enabled, OCR text and extracted receipt fields may be processed by the configured AI provider to produce structured expense data.
• Email providers — to send account, invitation, and password reset emails.
• Within your workspace — expense data and member information are visible to workspace members according to their assigned role and permissions.

5. Data Retention

• Account data is retained while your account is active.
• When account deletion is requested and processed, active access and tokens are revoked, and personal identifiers such as name, email, and avatar are deleted or anonymized within 90 days where legally and technically feasible.
• Workspace financial records, receipts, expense reports, comments, exports, and related business records may be retained longer for accounting, compliance, dispute resolution, and workspace owner obligations.
• Audit logs are retained for 24 months for compliance traceability.

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data via your in-app profile settings
• Request deletion of your account and associated personal data
• Export your expense data where applicable
• Withdraw consent for optional data uses (e.g., avatar upload)

To exercise these rights, contact us at info@haposoft.com.

7. Children's Privacy

KeihiPilot is designed for business users and is not intended for users under 18 years of age. We do not knowingly collect personal data from minors.

8. International Data Transfers

Your data may be processed on servers located in countries other than your own. Where applicable, we ensure appropriate safeguards are in place in accordance with applicable data protection laws (e.g., GDPR, PDPA).

9. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be notified via:

• In-app notification
• Email sent to your registered address

Continued use of KeihiPilot after changes are posted constitutes acceptance of the updated policy.

10. Contact