Privacy Policy

E-Stream Pte Ltd (the "Company") recognizes the protection of the personal information (information that can identify a specific individual; the same applies below) of Users of "Easy Expense Entry" (the "Service") provided by the Company as an important responsibility, and handles it appropriately in accordance with this Privacy Policy (this "Policy") and in compliance with applicable laws and regulations.

In providing the Service, the Company collects the following information.

• Account information: email address, username, password (stored in encrypted form)
• Google authentication information: if a User registers or logs in with a Google account, the Google ID, email address, name, and profile image
• Project and master information: project names created by the User, master settings such as account categories and tax classifications, and configuration information such as AI custom prompts
• Document information: receipt, invoice, and other supporting image or PDF files that the User uploads to the Service, and the transaction data extracted from such files by AI (date, counterparty, amount, line items, account categories, tax classifications, etc.) and confirmed ledger data. Uploaded original files are stored in the cloud storage used by the Company (Amazon S3 of Amazon Web Services, Inc.).
• Service usage information: date and time of use of each feature of the Service, number of AI identifications used, and LLM token usage
• Payment information: if a Paid Plan is used, the customer ID and subscription status at the payment provider (such as Stripe Payments). The Company does not retain payment information such as credit card numbers.
• Technical information: IP address, browser type, OS, referrer, access logs, Cookie information, and device information

The Company uses the information it collects for the following purposes.

1. To provide and operate the Service and to authenticate and verify Users
2. To provide AI analysis of receipts and invoices, data extraction and classification, and ledger posting and management features
3. To charge for Paid Plans, bill fees, process payments, and manage usage limits
4. To analyze usage, improve the Service, and develop new features
5. To prevent, investigate, and respond to violations of the terms of service, unauthorized use, and security breaches
6. To communicate notices about the Service, maintenance information, notifications of amendments to terms, and the like
7. To respond to inquiries and provide support
8. For other purposes based on the individual consent of the User

Except where the Company has obtained the User's consent or where permitted by law, the Company does not provide personal information to third parties.

For analysis of receipts, invoices, and the like, the Service transmits the content uploaded or input by the User (supporting images, PDFs, text, etc.) to the following LLM providers (each an "LLM Provider") to the extent necessary to provide the Service.

• Google LLC (USA) — Gemini
• Anthropic, PBC (USA) — Claude
• OpenAI, L.L.C. (USA) — ChatGPT/GPT

These LLM Providers shall use the transmitted content only to the extent necessary for processing to provide the Service, and it shall be handled in accordance with each provider's privacy policy and API terms of use. The Company endeavors to configure its API usage so that Users' input is not used by these LLM Providers for model training. However, this may not be the case due to operational changes by the LLM Providers.

In addition, in providing the Service, the Company may entrust the handling of personal information to the following providers as outsourcing.

• Cloud infrastructure and storage providers (provision of servers, databases, and file storage; e.g., Amazon Web Services, Inc.)
• Payment providers (such as Stripe Payments)
• Email delivery providers (sending OTP, notification emails, etc.)

The Company requires its outsourcing contractors to handle personal information in a manner consistent with this Policy, and supervises them appropriately.

The Company is a corporation located in Singapore, and in operating the Service it may store or transmit Users' personal information to servers or providers (including the LLM Providers and outsourcing contractors described in the preceding article) located in Singapore, the United States, and other countries.

The personal information protection systems in the destination countries may differ from those in the User's country. The Company takes contractual and other reasonable measures to ensure appropriate handling of personal information at the destination.

The Company retains personal information obtained through the Service for the period necessary to achieve the purposes of use. If a User withdraws from the Service, the Account and related data (uploaded Documents, extracted data, ledger data, etc.) will, in principle, be deleted within a reasonable period after withdrawal. However, where there is a legal requirement or other legitimate reason, retention may continue only for the necessary period.

The Company takes reasonable and appropriate security control measures against risks such as leakage, loss, or damage of personal information, including the following.

• Limiting and training employees who handle personal information
• Use of encryption technologies such as password hashing
• Encryption of communication paths (HTTPS)
• Access control for stored uploaded files, such as signed URLs
• Recording of access logs
• Measures against unauthorized access (authentication tokens, rate limiting, etc.)
• System measures to prevent unauthorized access by third parties

Users may make the following requests to the Company regarding their own personal information.

• Notification of the purpose of use
• Disclosure of retained personal data
• Correction, addition, or deletion of content
• Suspension of use or erasure
• Suspension of provision to third parties

To make such a request, please contact the inquiry desk listed at the end of this Policy. The Company will respond within a reasonable period in accordance with applicable laws.

Some account information, project information, Documents, and the like can be checked, corrected, or deleted by Users themselves from within the Service.

The Service and the website operated by the Company may use Cookies and similar technologies (such as local storage) to improve User convenience, analyze usage, and improve the Service. To maintain login state and the like, the Service stores authentication tokens and similar data in the browser's local storage.

To analyze the usage of the Service and the website operated by the Company, the Company may use Google Analytics provided by Google LLC and other analytics tools provided by third parties. These tools use Cookies to anonymously collect Users' access information. The handling of the collected information follows the privacy policy established by each tool's provider.

Users can restrict the acceptance of Cookies through their browser settings, and can also refuse information collection by these tools by using the opt-out functions provided by each analytics tool provider. However, if Cookies and the like are disabled, some features of the Service may become unavailable.

The Service is intended for persons aged 18 or older. The Company does not intentionally accept registration from, or collect personal information of, persons under 18. If it becomes apparent that personal information of a person under 18 has been collected, the Company will promptly delete such information.

The Company may amend this Policy as necessary in response to changes in laws, changes in the content of the Service, or otherwise. The amended Policy shall be made known by methods prescribed by the Company, and if a User continues to use the Service after such notice, the User shall be deemed to have agreed to the amended Policy.

For inquiries regarding the handling of personal information, and requests for disclosure, correction, deletion, and the like, please contact us via the contact form on the Company's website.