Legal
Privacy Policy
Last updated: 29 May 2026
1. Overview
ScanLedge ("we", "us", "our") is operated in Malaysia and is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA). This policy explains what data we collect, how we use it, and your rights.
2. Data We Collect
Account data
Email address and account credentials when you register.
Uploaded documents
Bank statement PDFs and receipt images you upload for processing. These files are sent to our AI provider for extraction and are not stored permanently — they are discarded after processing is complete.
Usage data
Number of pages scanned, number of receipts processed, and upload history shown in your dashboard.
Billing data
Payment and subscription information managed by Stripe. We do not store card numbers or payment details directly.
3. How We Use Your Data
- To provide and operate the ScanLedge service
- To process bank statements and receipts using AI and return structured data to you
- To manage your subscription and process payments
- To send transactional emails (account confirmation, password reset)
- To enforce usage limits and prevent abuse
We do not sell your data. We do not use your uploaded documents to train AI models.
4. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication & database | Email, usage records |
| Anthropic (Claude) | AI document extraction | Document content (not stored) |
| Stripe | Payment processing | Email, billing info |
5. Data Retention
Account data is retained for as long as your account is active. Uploaded documents are processed in-memory and not retained after extraction. Usage records (page counts, upload history) are retained to operate your account. You may request deletion of your account and all associated data by contacting us.
6. Your Rights (PDPA)
Under the Personal Data Protection Act 2010, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Withdraw consent and request deletion of your data
- Object to processing of your data for direct marketing
To exercise these rights, contact us at support@scanledge.com.
7. Security
All data is transmitted over HTTPS. Access to your account data is protected by authentication. We use industry-standard security practices to protect data at rest and in transit.
8. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or a notice in the dashboard. Continued use of the service after changes constitutes acceptance.
9. Contact
Questions or data requests: support@scanledge.com