Privacy Policy
Last updated: January 1, 2026
Kongsi ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").
1. Information We Collect
Information you provide directly:
- Account Information: Email address and password when you create an account
- Profile Information: Name and profile picture (optional)
- Receipt Data: Photos of receipts you upload, merchant names, amounts, dates, and categories
- Group Information: Group names and member relationships you create
- Payment Information: Processed securely through Stripe and RevenueCat; we do not store your credit card details
Information collected automatically:
- Device Information: Device type, operating system, and app version
- Usage Data: Features you use, screens you view, and actions you take within the app
- Push Notification Tokens: To send you notifications (with your permission)
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our Service
- Process receipt images using AI to extract expense data
- Calculate expense splits and balances within your groups
- Send you notifications about group activity (with your permission)
- Process subscription payments
- Respond to your requests and provide customer support
- Detect and prevent fraud or abuse
3. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
- With Group Members: Receipt details and expense information are shared with members of your expense groups
- Service Providers: We use third-party services including OpenAI (receipt processing), Stripe (payments), and RevenueCat (subscriptions)
- Legal Requirements: When required by law or to protect our rights and safety
4. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit using TLS/SSL
- Secure password hashing using bcrypt
- JWT-based authentication with secure token storage
- Regular security reviews and updates
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with our Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.
6. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your account and data
- Export: Download your expense data (Pro tier)
To exercise these rights, please visit the Settings section in the app or contact us at privacy@kongsi.ai.
7. Children's Privacy
Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
8. International Data Transfers
Your information may be transferred to and processed in countries other than Malaysia, including the United States (for cloud services). We ensure appropriate safeguards are in place for such transfers.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the app and updating the "Last updated" date.
10. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at:
Email: privacy@kongsi.ai
Website: kongsi.ai