Privacy Policy

1. Introduction

Welcome to Kira. Kira is a mobile application that helps you scan receipts and split bills with others. It is operated by Mikaiyo PLT (LLP0042733-LGN), a limited liability partnership registered in Malaysia.

This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights as a user. By using Kira, you agree to this policy.

2. Who This Policy Applies To

This policy applies to all users of the Kira mobile app worldwide, including users in Malaysia, Singapore, the United States, the European Union, the United Kingdom, and all other regions.

Kira is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has used Kira, contact us at kira@mikaiyo.com and we will delete their data.

3. Data We Collect

3.1 Account Information

When you sign up, we collect:

• Your email address (if you sign up with email)
• Your name and email address (if you sign up with Google)
• Your name and email address (if you sign up with Apple). If you choose to hide your email, Apple provides a private relay address instead — we receive and store that relay address in place of your real email.
• An authentication token to keep you signed in

This data is processed and stored by Clerk, our authentication provider.

3.2 Receipt Images

When you scan a receipt, the image is sent to Google Gemini 2.5 Flash for text recognition and item extraction. Kira does not store the image permanently on Google's servers — the image is used in the moment to extract the bill data, then the extracted data is stored on our own servers (Supabase). The original receipt image is stored separately in Supabase for session reference and deleted within 30 days of the session ending.

We do not use your receipt images or bill data to train any AI model.

3.3 Bill Split Data

We store the data generated during a bill split session, including:

• Bill amounts and line items extracted from the receipt
• The names or display names of people in the split
• Each person's calculated share
• Group names and membership

This data is stored in Supabase and linked to your account.

3.4 Subscription Data

If you upgrade to Premium, RevenueCat processes your subscription. We receive:

• Your subscription status (free or Premium)
• Your subscription start and renewal dates
• Platform (iOS or Android)

We do not receive or store your payment card details. All payment processing is handled directly by the App Store or Google Play. Kira does not offer a free trial.

Deleting your Kira account does not cancel an active subscription. Subscription cancellation must be done separately through your App Store or Google Play account settings.

3.5 Usage Data

We collect basic usage data to keep the app running correctly, including:

• Number of scans used and remaining in the current billing period
• Number of groups created
• Device type and operating system version
• Session logs and error events

Usage data is stored in Supabase and used solely for app functionality and debugging. In-app usage events are also sent to PostHog for product analytics purposes.

4. How We Use Your Data

We use your data only to provide and improve Kira. Specifically:

• To authenticate you and keep your account secure
• To process receipt images and extract bill items
• To calculate and display each person's share
• To track your scan usage and enforce tier limits
• To manage your Premium subscription
• To debug errors and improve app reliability
• To send you service-related notices (e.g. subscription renewals, policy updates)

We do not use your data to serve ads. We do not profile you for marketing purposes. We do not sell your data to any third party. We do not use your data to train AI models.

5. Our Data Processors

Kira works with the following third-party services to operate. Each is bound by a data processing agreement and their own privacy commitments.

6. Cross-Border Data Transfers

Mikaiyo PLT is based in Malaysia. Some of our data processors — Clerk, Google Gemini, RevenueCat, and PostHog — operate servers in the United States. By using Kira, you acknowledge that your data may be transferred to and processed in the United States or other countries outside your home jurisdiction.

We take reasonable steps to ensure that any cross-border transfer is handled securely and that our processors maintain appropriate data protection standards. Where applicable, we rely on standard contractual clauses or equivalent mechanisms to safeguard these transfers.

7. Data Retention

We keep your data only for as long as it is needed:

• Account data: retained while your account is active
• Receipt images: deleted within 30 days of session completion
• Bill split data: retained until you delete the group or your account
• Subscription data: retained for the duration required by App Store / Google Play reconciliation (typically 7 years for financial records)
• Usage logs: retained for up to 90 days for debugging purposes

You can delete your account and request deletion of all associated data from within the app at any time. You can also email kira@mikaiyo.com to request deletion. We will process deletion requests within 14 days. This includes deletion of your identified data from PostHog via their deletion API. Certain data — such as subscription transaction records — may be retained where required by law.

8. Data Security

We use reasonable technical and organisational measures to protect your data, including:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Access controls limiting which team members can access production data
• Supabase row-level security to ensure users can only access their own data

No system is 100% secure. If you suspect unauthorised access to your account, contact us immediately at kira@mikaiyo.com.

9. Your Rights

Your rights depend on where you are located. We honour all of the following:

Our lawful basis for processing is contract performance (to provide the Kira service you signed up for) and legitimate interests (to operate, debug, and improve the app, including usage analytics).

To exercise any of these rights, email us at kira@mikaiyo.com. We will respond within 14 days.

10. Payments and Financial Data

Kira does not process payments directly. All purchases are handled by Apple App Store or Google Play. We do not receive, store, or have access to your payment card number, bank account, or any financial credentials.

Kira is not an e-money issuer, payment processor, or financial institution. Bill split amounts calculated in the app are for reference only. All actual payments between users are made independently through their own banking apps.

11. Cookies and Tracking

The Kira mobile app does not use advertising cookies or cross-app tracking. We do not participate in any ad network or tracking ecosystem.

Our authentication provider (Clerk) uses session tokens stored locally on your device to keep you signed in. These are necessary for the app to function and are not used for advertising.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this document and notify you through the app or by email if the changes are material.

Your continued use of Kira after the effective date of any update means you accept the revised policy.