Privacy Policy

Scope Of This Notice

This notice applies to information processed through SensIn, including information entered directly by users in guest mode, authenticated account mode, and paid subscription flows.

SensIn is currently operated by Fadli Khalid as an independent founder and may later transition to a registered business entity.

Depending on your location, some privacy laws may give you specific rights regarding your personal data. This notice is intended to describe SensIn's data handling at a product level, but it does not replace legal advice tailored to your business or regulatory obligations.

Categories Of Data We Process

SensIn processes information you enter into the product, such as company details, customer details, invoice content, settings, account identifiers, and other operational metadata required to provide the service.

For product analytics, SensIn records only a minimal allowlisted set of operational events (for example app opened, invoice created, quotation created or converted, and PDF exported). Analytics payloads are designed to exclude invoice line-item content and other free-text business document content.

When billing is enabled for a paid account, payment and subscription events are processed through Stripe. SensIn does not store full card numbers or full payment credentials on its own servers.

In guest mode, invoice-related data may remain only in your browser until you delete it or explicitly import it into an authenticated workspace.

Anonymous Usage Analytics

Guest usage analytics uses a random first-party guest identifier generated in the browser. The raw guest identifier stays client-side and is not stored server-side.

When analytics events are received by the server, SensIn stores a keyed hash of the guest identifier instead of the raw value. This supports directional active-usage metrics while reducing direct identifiability.

Authenticated usage events are associated with the signed-in account context needed for workspace-level operations. Internal test traffic can be marked and excluded from headline adoption metrics.

Sensitive Data Encryption

Sensitive company and customer profile fields in account-backed storage are encrypted at the application layer before database persistence using authenticated encryption (AES-256-GCM) with per-field payloads and key-version metadata.

Sensitive invoice and quotation fields are also encrypted before persistence, including company/customer snapshots, notes, payment instructions, and line-item descriptions.

Decryption is performed only in trusted server-side code after workspace authorization checks. SensIn does not expose encryption keys to browser code.

Operational error logging for sensitive encryption/decryption is redacted and does not intentionally log decrypted plaintext values.

How We Use Personal Data

We use information to operate the invoice product, maintain your workspace, support subscription billing, enforce plan limits, prevent abuse, and improve product reliability.

We may also use operational logs, error information, and service metadata to troubleshoot failures, secure the product, detect misuse, and maintain service integrity.

Legal Bases For Processing

Where GDPR or similar laws apply, SensIn generally relies on one or more of the following bases: performance of a contract or pre-contractual steps to provide the service you request, legitimate interests in operating and securing the service, compliance with legal obligations, and your consent where consent is specifically required.

Where Malaysia's PDPA or similar laws apply, SensIn processes personal data for the purposes described in this notice in connection with providing the requested product and related operational, billing, and security functions.

Storage, Hosting, And Service Providers

Authenticated account data may be stored in infrastructure used by SensIn to provide the service. Billing information is handled through Stripe as the payment processor.

SensIn may rely on service providers necessary for hosting, authentication, storage, analytics, security, and billing operations. Those providers may process data on SensIn's behalf or receive limited data as part of delivering their services.

Billing And Subscription Data

Subscription status, billing cadence, renewal timing, and cancellation timing are derived from trusted backend billing records and Stripe webhook events.

When you use Stripe-hosted billing management, you are interacting with Stripe's hosted interface subject to Stripe's own security and privacy practices.

International Transfers

Because hosted software infrastructure and payment processors may operate in multiple countries, your data may be processed outside your home jurisdiction.

Where required by applicable law, SensIn expects such transfers to be supported by appropriate safeguards used by the relevant service providers or by other lawful transfer mechanisms.

Data Retention

We retain information for as long as needed to operate the service, comply with legal obligations, resolve disputes, and enforce agreements.

You can clear browser-stored guest data locally from within the app. Account-backed data and billing records may remain in service systems for legitimate operational, billing, fraud-prevention, backup, audit, and compliance purposes.

Your Privacy Rights

Depending on applicable law, you may have rights to request access to your personal data, correction of inaccurate data, deletion, restriction, objection, withdrawal of consent where processing is based on consent, portability, or information about how your data is processed.

If you are using guest mode, many of these controls remain directly in your own browser because guest data may never be uploaded unless you explicitly import it into an account-backed workspace.

You can manage subscription billing details, plan changes, and cancellation through the Stripe-hosted billing management flow when available for your account.

Contact And Requests

To make a privacy-related request, contact Fadli Khalid at fadlikhalid91@gmail.com.

SensIn may need to verify your identity before acting on a request and may retain limited records needed to document and manage that request.

Security

SensIn uses reasonable technical and organizational measures appropriate to the product's size and risk profile to reduce unauthorized access, disclosure, alteration, or loss of data.

No system can guarantee absolute security, and you remain responsible for protecting your own account credentials, local devices, exported documents, and browser-stored guest data.

Children

SensIn is intended for business and professional invoicing use and is not designed for children. Do not use the service to knowingly submit personal data of children where you do not have a lawful basis to do so.

If you believe inappropriate data has been submitted, contact the operator through the product's published support channel.

Policy Updates

SensIn may update this Privacy Policy from time to time to reflect product, operational, legal, or regulatory changes.

The latest version will be posted on this page with an updated effective date.