โ† Back to Home

Privacy Policy

Last Updated: February 2026

1. Introduction

CukaiMax ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our tax deduction tracking service, in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA).

2. Information We Collect

2.1 Personal Information

  • Name and email address (for account creation)
  • Payment information (processed securely via third-party providers)
  • Tax-related data (deduction categories, receipt amounts)
  • Receipt images and documents (stored encrypted)
  • Forwarded emails containing receipts (parsed for attachments and receipt data only)

2.2 Camera Access

The CukaiMax mobile app may access your device camera for receipt scanning purposes. Camera data is only used for capturing receipt images and is not used for any other purpose.

2.3 Email Forwarding

You may forward emails containing receipts to CukaiMax for automatic processing. Forwarded emails are parsed for attachments and receipt data only. We do not read or store any other content from forwarded emails.

2.4 Automatically Collected Information

  • Device information (IP address, browser type)
  • Usage data (pages visited, features used)
  • Cookies and tracking technologies

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the CukaiMax service
  • Process your tax deduction tracking requests
  • Send service-related communications
  • Improve our service and develop new features
  • Comply with legal obligations (LHDN retention requirements)

3.1 AI Processing of Receipts

Receipt images and forwarded email attachments may be processed by third-party AI services (OpenAI and Anthropic) for text extraction and automatic tax categorization. This AI processing is used solely for providing the receipt scanning and tax categorization features of our service. Receipt data sent to AI providers is processed in real-time and is not used for training their models.

4. Data Security

We implement industry-standard security measures:

  • AES-256 encryption for data at rest
  • SSL/TLS encryption for data in transit
  • Regular security audits and monitoring
  • Access controls and authentication

5. Data Retention

In compliance with LHDN requirements, we retain your receipts and tax data for 7 years from the date of upload. You may request earlier deletion, subject to legal obligations.

6. Your Rights (PDPA)

Under Malaysia's PDPA, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Withdraw consent (subject to legal obligations)
  • Request data deletion
  • Lodge a complaint with the Personal Data Protection Commissioner

To exercise these rights, contact us at privacy@cukaimax.com

7. Third-Party Services

We use trusted third-party services:

  • Supabase (data storage and authentication)
  • PostHog (analytics and usage tracking)
  • OpenAI/Anthropic (AI-powered receipt text extraction and categorization)

These providers have their own privacy policies and are GDPR/PDPA compliant.

8. Cookies

We use essential cookies for authentication and analytics cookies to understand usage patterns. You can control cookie preferences in your browser.

9. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the service constitutes acceptance of changes.

10. Contact Us

For privacy-related inquiries:
Email: privacy@cukaimax.com
General: hello@cukaimax.com