Data Protection

Your data is encrypted, isolated, and deletable. By design.

Your personal information is encrypted separately from your business data. AI models never see it. You can delete everything in one operation.

Designed for PDPA compliance across Southeast Asia.

Scroll to read architecture

AES-256

Encryption standard

Per-user

Encryption keys

Tokenized

PII storage

1 click

Full deletion

Architecture

Separated by design.

Your personal details and your business data never live in the same place. Names, emails, phone numbers, and IDs are encrypted in a separate location from everything else. The rest of the platform only sees reference tokens — meaningless strings that can't be used on their own.

Each user's data is encrypted with their own unique key. If one account were ever compromised, it gives zero access to anyone else's data.

Tokenization

Your name becomes a reference code.

Ahmad Ibrahim

Real name

Encrypted vault

ref_a8f3c2d1

Reference token

When you create a contact, upload a document, or save an invoice, personal information is replaced with a reference token before storage. The token is meaningless on its own — it only resolves back to real data through an encrypted lookup that requires your account's key.

AI processing

What the AI never sees.

john@acme.com

Your message

[REDACTED]

Scrubbed

Processes clean text

Before any message reaches an AI model, a scrubbing layer strips out personal data and replaces it with placeholders. The AI processes only the cleaned version. Your original information is restored in the response sent back to you — the model itself never handles it.

Deletion

One operation. Everything gone.

When you delete your account, we destroy your encryption keys. Every reference token across the platform becomes permanently unresolvable — your data can't be read, reconstructed, or recovered. One operation, everything gone.

operation to delete everything.

Your data, your keys, your files — all of it.

What if

Even if something goes wrong.

Breach scenario modeling
Scenario	What happens
Servers are breached	Your personal data is encrypted separately. An attacker would find only meaningless reference tokens.
Device is lost	No passwords to steal — we use passwordless login. Sessions expire automatically. Sign in on any device.
Simpler shuts down	Export invoices, expenses, contacts as PDF, CSV, JSON. Your data is never held hostage.

Compliance

Regional frameworks.

Compliance framework status
Framework	Status
Malaysia PDPA (2010)	Compliant
Singapore PDPA (2012)	Compliant
Thailand PDPA (2019)	Compliant
Indonesia PDP (2022)	Compliant
GDPR (EU)	Architecture-ready
CCPA (California)	Architecture-ready

Ready to try? Still skeptical? Keep scrolling.

Get started

Limitations

What we state clearly.

Not zero-knowledge. We can process your data server-side — that's a deliberate tradeoff that enables search and AI features. True zero-knowledge would mean no AI, no search, no collaboration.

Uploaded files are stored encrypted, not redacted. We protect the data we extract from your documents, but the original files remain intact in encrypted storage.

No third-party audit yet. We've designed for SOC 2 and ISO 27001 compliance from day one. Independent certification is planned as we scale.

AI scrubbing has limits. Our scrubbing layer catches structured personal data before it reaches AI models. Unstructured mentions (like a name in a sentence) may pass through. We're actively improving coverage.

Get started