Legal

Privacy Policy

Effective Date: 9 June 2026 Operated by Mikaiyo PLT, Kuala Lumpur, Malaysia Applies to all users worldwide

1. Introduction

Welcome to Kira. Kira is a mobile application that helps you scan receipts and split bills with others. It is operated by Mikaiyo PLT, a limited liability partnership registered in Malaysia.

This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights as a user. By using Kira, you agree to this policy.

We do not run ads. We do not sell your data. Revenue comes entirely from Premium subscriptions.

2. Who This Policy Applies To

This policy applies to all users of the Kira mobile app worldwide, including users in Malaysia, Singapore, the United States, the European Union, the United Kingdom, and all other regions.

Kira is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has used Kira, contact us at kira@mikaiyo.com and we will delete their data.

Kira also lets people join a live bill-split through a shared link or QR code without creating an account ("guests"). This policy explains how we handle the limited data those guests provide. If you are a guest and want your data removed from a session, ask the person who hosted the split, or contact us at kira@mikaiyo.com.

3. Data We Collect

3.1 Account Information

When you sign up, we collect:

  • Your email address (if you sign up with email)
  • Your name and email address (if you sign up with Google)
  • Your name and email address (if you sign up with Apple). If you choose to hide your email, Apple provides a private relay address instead — we receive and store that relay address in place of your real email
  • An authentication token to keep you signed in

This data is processed and stored by our authentication provider.

3.2 Receipt Images

When you scan a receipt, the image is sent to our image-processing provider for text recognition and item extraction. The provider does not retain the image — it is used in the moment to extract the bill data, then the extracted data is stored on our own servers. The original receipt image is stored separately on our servers and kept according to our receipt-image retention policy (on the free plan, removed about 1 month after upload; on Premium, kept until you delete it, up to a 1 GB per-user limit) — see Data Retention below.

We do not use your receipt images or bill data to train any AI model.

3.3 Bill Split Data

We store the data generated during a bill split session, including:

  • Bill amounts and line items extracted from the receipt
  • The names or display names of people in the split
  • The initials, colour, and (for Kira users) profile photo shown next to each participant
  • Which items each person claimed and each person's calculated share
  • Group names and membership

This data is stored on our servers and linked to the account that hosted the split.

3.4 Contacts and Friend Invites

Kira lets you keep a private list of contacts — the people you split bills with most often. You can save a contact by name, and you can connect with another Kira user so you can add each other to future splits more easily.

To support this, we store:

  • The contact names you enter
  • Any link between a contact and a registered Kira account, where you have connected with that user
  • Your own shareable "add me" contact-invite code / QR, used to let others add you

You can connect with another Kira user by scanning their "add me" QR code or opening their invite link, or by accepting a contact request they send you (for example, after you split a bill together) — you can also decline it. When you sign up, we may also link you to people who had already saved you by the email address on your account. Connecting adds each person to the other's contact list (a mutual add).

Your contacts list is private to your account — other people cannot see it. Adding someone as a contact does not, by itself, share any of your expenses with them; shared balances exist only inside groups and split sessions you both take part in. You can remove a contact at any time.

3.5 Live Split Sessions and Guests

Kira's core feature is a live, collaborative split. The person hosting a split can share a link or QR code so others can join and pick their own items in real time. People can join in two ways:

  • As a Kira user — their account name and profile photo are shown to others in that session
  • As a guest, without an account, through a web page at kiramyapp.com/split — guests provide only a display name (and optional initials/colour) used to label their share

Anyone who has the session link or QR code can view that session's items, participant names, and amounts until the session expires. A host may also add placeholder names for people who are not present, and a participant may add a "companion" they are paying for. If you enter another person's name into a split, you are responsible for doing so appropriately. We do not require or verify guests' email addresses, and guest participation is not linked to any account.

Split sessions are temporary: a session and its participant/claim data automatically expire 14 days after creation. Guests are not assigned a persistent profile and are not tracked across sessions.

3.6 Payment QR Code (optional)

You can optionally upload an image of your own e-wallet payment QR code (for example TouchNGo or DuitNow) so that people who owe you in a split can scan it and pay you directly in their own banking or e-wallet app. This is entirely optional and you can remove it at any time in Edit Profile.

  • If you upload one, the image is stored on our servers and the link is saved on your account.
  • Because it is meant to be scanned by people paying you, the image is stored in a publicly-readable bucket and is displayed to other participants in a split you take part in — including guests on the kiramyapp.com web page. Do not upload a QR code you do not want shown to the people you split bills with.
  • Kira does not read, decode, store, or process the bank or e-wallet account details inside the QR code, and does not move any money. See Section 10.

3.7 Push Notifications

If you allow notifications, we store a push notification token for your device (via Expo's push service) so we can alert you to relevant activity — for example, when someone adds you to a group, marks a shared debt as settled, sends you a payment reminder about a balance you owe in a group, or sends you a contact request, as well as a reminder shortly before your Premium subscription is due to expire, or other service-related notices. A payment reminder may include a short note written by the person sending it. You can turn notifications off at any time in your device settings.

3.8 Subscription Data

If you upgrade to Premium, our subscription-management provider processes your subscription. We receive:

  • Your subscription status (free or Premium)
  • Your subscription start, current period-end date, and whether it is set to auto-renew (used to remind you before it lapses)
  • Platform (iOS or Android)

We do not receive or store your payment card details. All payment processing is handled directly by the App Store or Google Play. Kira does not offer a free trial. Deleting your Kira account does not cancel an active subscription. Subscription cancellation must be done separately through your App Store or Google Play account settings.

3.9 Usage Data

We collect basic usage data to keep the app running correctly, including:

  • Number of scans used and remaining in the current billing period
  • Number of groups created
  • Device type and operating system version
  • Session logs and error events

Scans are tracked on a cycle that differs by tier. Free tier usage resets at 12:00 AM UTC every Monday (08:00 MYT). Premium tier usage resets at the same time (UTC) on the same day of the month as your original purchase date. In months shorter than your purchase date, the reset occurs on the last day of that month, then snaps back to your original purchase date the following month where possible. Usage data is stored on our servers and used solely for app functionality and debugging. In-app usage events are also sent to our product-analytics provider for product analytics purposes.

4. How We Use Your Data

We use your data only to provide and improve Kira. Specifically:

  • To authenticate you and keep your account secure
  • To process receipt images and extract bill items
  • To calculate and display each person's share
  • To run live, collaborative split sessions, including showing participant names and shares to others in the same session
  • To maintain your private contacts list and let you connect with other Kira users you split with
  • To display your optional payment QR code to people who owe you, so they can pay you directly
  • To send push notifications about relevant activity, such as a shared debt being settled, a payment reminder, or a contact request
  • To track your scan usage and enforce tier limits
  • To manage your Premium subscription
  • To debug errors and improve app reliability
  • To send you service-related notices (e.g. subscription renewals, policy updates)

We do not use your data to serve ads. We do not profile you for marketing purposes. We do not sell your data to any third party. We do not use your data to train AI models.

5. Our Data Processors

Kira works with the following categories of third-party service providers to operate. Each is bound by a data processing agreement and its own privacy commitments. A current list of the specific providers we use is available on request at kira@mikaiyo.com.

Cloud database & storage provider

Purpose: Database storage, file storage (receipt images), and usage tracking.

Location: Servers may be located in the United States or other regions depending on deployment.

Authentication provider

Purpose: User authentication — email sign-up, Google sign-in, Apple sign-in, and session management.

Location: United States.

Image processing / OCR provider

Purpose: Receipt image processing and text extraction (OCR). Images are sent only for the processing request, are not retained beyond it, and are not used to train any AI model.

Location: United States.

Subscription management provider

Purpose: Subscription lifecycle management and in-app purchase validation.

Location: United States.

Product analytics provider

Purpose: Product analytics — tracking in-app events, screen views, feature usage, and user behaviour to understand how the app is used and to improve it. This provider receives your email address, full name, account identifiers, subscription plan, device information (OS, device model, app version), and in-app usage events.

Location: United States.

6. Cross-Border Data Transfers

Mikaiyo PLT is based in Malaysia. Some of our data processors operate servers in the United States. By using Kira, you acknowledge that your data may be transferred to and processed in the United States or other countries outside your home jurisdiction.

We take reasonable steps to ensure that any cross-border transfer is handled securely and that our processors maintain appropriate data protection standards. Where applicable, we rely on standard contractual clauses or equivalent mechanisms to safeguard these transfers.

7. Data Retention

We keep your data only for as long as it is needed:

  • Account data: retained while your account is active
  • Expense records: kept indefinitely (on all plans) until you delete them or your account
  • Receipt images (free plan): automatically removed about 1 month after upload — the expense itself, including people, items and totals, is kept
  • Receipt images (Premium): kept until you delete them, subject to a 1 GB per-user storage limit
  • Bill split data: retained until you delete the group or your account
  • Name on an unsettled shared balance: if you delete your account while you still owe (or are owed by) others in a group, the name you used is kept on those specific group records — shown to the people involved as a past participant — so they can still identify and settle the balance. The rest of your account is deleted as normal
  • Contacts: retained until you remove the contact or delete your account
  • Live split sessions (and guest participant data): automatically expire 14 days after the session is created
  • Payment QR image: retained until you remove it or delete your account
  • Push notification token: retained while your account is active and notifications are enabled
  • Subscription data: retained for the duration required by App Store / Google Play reconciliation (typically 7 years for financial records)
  • Usage logs: retained for up to 90 days for debugging purposes

You can delete your account and request deletion of all associated data from within the app at any time. You can also email kira@mikaiyo.com to request deletion. We will process deletion requests within 14 days. This includes deletion of your identified data from our product-analytics provider via its deletion API. Certain data may be retained where there is a legal or legitimate-interest basis — for example, subscription transaction records required by law, and, if you have unsettled shared balances in a group when you delete, the name on those specific group records (so the other members can still identify and settle the balance). Everything else is deleted.

8. Data Security

We use reasonable technical and organisational measures to protect your data, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Access controls limiting which team members can access production data
  • Row-level security to ensure users can only access their own data

No system is 100% secure. If you suspect unauthorised access to your account, contact us immediately at kira@mikaiyo.com.

9. Your Rights

Your rights depend on where you are located. We honour all of the following:

Malaysia — Personal Data Protection Act 2010 (PDPA)

  • Right to access the personal data we hold about you
  • Right to correct inaccurate or incomplete data
  • Right to withdraw consent to processing
  • Right to request deletion of your data, subject to legal obligations

Singapore — Personal Data Protection Act 2012 (PDPA SG)

  • Right to access and correct your personal data
  • Right to withdraw consent to the collection, use, or disclosure of your data
  • Right to data portability (where applicable)

European Union and United Kingdom — GDPR / UK GDPR

  • Right to access, rectify, or erase your personal data
  • Right to restrict or object to processing
  • Right to data portability
  • Right to lodge a complaint with your local supervisory authority

Our lawful basis for processing is contract performance (to provide the Kira service you signed up for) and legitimate interests (to operate, debug, and improve the app, including usage analytics).

United States — California (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of your personal information. Kira does not sell personal information.

To exercise any of these rights, email us at kira@mikaiyo.com. We will respond within 14 days.

10. Payments and Financial Data

Kira does not process payments directly. All purchases are handled by Apple App Store or Google Play. We do not receive, store, or have access to your payment card number, bank account, or any financial credentials.

Kira is not an e-money issuer, payment processor, or financial institution. Bill split amounts calculated in the app are for reference only. All actual payments between users are made independently through their own banking apps.

The optional payment QR code feature simply displays an image you chose to upload so others can pay you in their own app. Kira does not initiate, route, hold, or confirm any payment, and does not access the financial account behind the QR code.

11. Cookies and Tracking

The Kira mobile app does not use advertising cookies or cross-app tracking. We do not participate in any ad network or tracking ecosystem.

Our authentication provider uses session tokens stored locally on your device to keep you signed in. These are necessary for the app to function and are not used for advertising.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this document and notify you through the app or by email if the changes are material.

Your continued use of Kira after the effective date of any update means you accept the revised policy.

13. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or your data, contact us at:

Mikaiyo PLT

Email: kira@mikaiyo.com

Website: kiramyapp.com

Kuala Lumpur, Malaysia