[ Privacy ]

Privacy Policy

Taukira is the AI back-office OS for F&B. This policy explains what personal data we collect, why, who we share it with, and the rights you have under Malaysia's Personal Data Protection Act 2010 (PDPA).

Last updated · 5 July 2026

Draft template — before going live, replace the bracketed details with your registered entity: [Registered business name], [SSM no.], [business address], and confirm your DPO contact. Have it reviewed by a Malaysian legal advisor.

Who we are

Taukira ("we", "us") is operated by [Registered business name] ([SSM registration no.]), [business address], Malaysia. For any privacy matter, contact us at privacy@taukira.com.

What we collect

  • Account details — your name, business name, email and password (hashed, never stored in plain text).
  • Operational data you enter — stock counts, recipes, menu items, sales figures, supplier invoices and payments.
  • Staff records you add — name, phone, IC number, EPF/SOCSO numbers and bank account, used only to run payroll and statutory submissions.
  • Usage and device data — log data, IP address and basic analytics needed to keep the service secure and working.

Why we use it

We process your data to provide the service you signed up for: running your stock, costing, invoice audit, cashflow and payroll; sending you summaries and reminders; processing subscription payments; and keeping your account secure. We do not sell your data.

Sensitive personal data

Staff IC numbers, bank details and statutory numbers are sensitive. They are encrypted at rest (AES-256) and are never sent to our AI provider in raw, identifiable form — invoice and document processing uses only the data needed for the task, with personal identifiers stripped or tokenised.

Who we share it with

We share data only with the service providers that make Taukira work, under contract and only as needed:

  • Anthropic (Claude) — AI reading of invoices and documents you submit.
  • Amazon Web Services — document text extraction (OCR) and encrypted file storage.
  • Supabase / Railway — database and application hosting.
  • Billplz — processing your subscription payments (we never store your card details).

Some of these providers may process data outside Malaysia. Where they do, we rely on their contractual and technical safeguards to protect your data to a standard consistent with the PDPA.

How long we keep it

We keep your data for as long as your account is active. If you cancel, we retain it for 30 days so you can change your mind or export it, after which it is deleted — except where we are required by Malaysian law (for example, tax or employment records) to keep certain records longer.

How we protect it

Passwords are hashed, sensitive personal data is encrypted, access is restricted by role, and all traffic is encrypted in transit (HTTPS). No system is perfectly secure, but we take reasonable steps aligned with the PDPA's Security Principle.

Your rights

Under the PDPA you may request access to the personal data we hold about you, ask us to correct anything inaccurate, or limit how we process it. You can export your operational records from your dashboard at any time. To make a request, email privacy@taukira.com.

Changes

We'll update this policy as the service evolves. Material changes will be notified in-app or by email, and the "last updated" date above will always reflect the current version.