Privacy Policy

Last updated: 4 June 2026

Notaku is a receipt-logging service operated by PT SEVA MITRA ABADI, an Indonesian limited liability company. This policy explains what information we collect and how we use it. By using Notaku you agree to this policy.

What we collect

• Account information: your name and email address (and password hash) when you sign up.
• Receipt metadata: we read and write data about your receipts to a Google Sheet associated with your account.
• Usage metadata: the count of receipts processed per month, used to enforce plan limits.
• Audit log: significant actions you take (login, upload, delete) with timestamps.

Where your data lives

Receipt images and the Google Sheet that holds your data are stored inside Google Drive. Where exactly depends on how you signed up:

• Signed up with Google: your receipts and Sheet live in your own Google Drive. Notaku only accesses files it created on your behalf (via the drive.file scope). You can revoke access at any time from your Google Account.
• Signed up with email and password: your receipts and Sheet live in Notaku's operator Google Drive on your behalf. We isolate each user's files in a per-user folder. When you later connect a Google account, your data is migrated to your own Drive automatically.

Third-party services

To deliver Notaku we work with a small set of trusted service providers under contracts that prohibit using your data to train AI models or for any purpose beyond providing the service to you. All transfers use TLS encryption, and we do not retain image or PDF content beyond what is needed to process and log your receipts.

• AI extraction: receipt images, bank-statement PDFs, and text-typed transactions are processed by third-party AI vision and language APIs to extract structured fields (date, merchant, amount, etc.).
• Google Sheets & Drive: we use Google's Sheets and Drive APIs to store the rows and original images of your receipts. When you sign in with Google, files live in your own Google Drive.
• WhatsApp messaging: if you connect WhatsApp, a regulated messaging provider delivers messages between your phone and Notaku.
• Xendit: processes payments for paid plans. Notaku does not store full card numbers — Xendit handles all card data.
• Hosting: our application servers and database run on a managed cloud platform.

Your choices

• Delete your account: contact us to delete your account during the private beta. A self-serve delete button is on the way.
• Export your data: your data is already in a Google Sheet — export from Google whenever you like.

Security

Passwords are hashed with bcrypt. All connections use TLS.

Contact

Questions? Email us at support@notaku.today.